diff options
| author |   Florin Coras <fcoras@cisco.com> | 2019-08-08 17:38:26 -0700 |
|---|---|---|
| committer |   Dave Barach <openvpp@barachs.net> | 2019-08-09 11:49:49 +0000 |
| commit | d09236d17d86a5d50166b2017f8f30a560c6e1b8 (patch) | |
| tree | 68d5a288f64ae59d38c1d8758299da891df5891c /src/plugins | |
| parent | f03c49413f270386d46a82dd9a3bce819cf81250 (diff) | |
tls: mark as no lookup transport
Type:fix
Also fix transport close while handshake is ongoing.
Change-Id: I004c56d2297d0847c2cb77202f8fba3edaacad29
Signed-off-by: Florin Coras <fcoras@cisco.com>
Diffstat (limited to 'src/plugins')
| -rw-r--r-- | src/plugins/tlsopenssl/tls_openssl.c | 38 |
1 files changed, 24 insertions, 14 deletions
diff --git a/src/plugins/tlsopenssl/tls_openssl.c b/src/plugins/tlsopenssl/tls_openssl.c index ee6b0e3172e..8d0fd36a04f 100644 --- a/src/plugins/tlsopenssl/tls_openssl.c +++ b/src/plugins/tlsopenssl/tls_openssl.c @@ -205,6 +205,28 @@ vpp_ssl_async_retry_func (tls_ctx_t * ctx, openssl_resume_handler * handler) #endif +static void +openssl_handle_handshake_failure (tls_ctx_t * ctx) +{ + if (SSL_is_server (((openssl_ctx_t *) ctx)->ssl)) + { + /* + * Cleanup pre-allocated app session and close transport + */ + session_free (session_get (ctx->c_s_index, ctx->c_thread_index)); + ctx->no_app_session = 1; + ctx->c_s_index = SESSION_INVALID_INDEX; + tls_disconnect_transport (ctx); + } + else + { + /* + * Also handles cleanup of the pre-allocated session + */ + tls_notify_app_connected (ctx, /* is failed */ 1); + } +} + int openssl_ctx_handshake_rx (tls_ctx_t * ctx, session_t * tls_session) { @@ -240,19 +262,7 @@ openssl_ctx_handshake_rx (tls_ctx_t * ctx, session_t * tls_session) ERR_error_string (ERR_get_error (), buf); clib_warning ("Err: %s", buf); - /* - * Cleanup pre-allocated app session and close transport - */ - if (SSL_is_server (oc->ssl)) - { - session_free (session_get (ctx->c_s_index, - ctx->c_thread_index)); - ctx->no_app_session = 1; - ctx->c_s_index = SESSION_INVALID_INDEX; - tls_disconnect_transport (ctx); - } - else - tls_notify_app_connected (ctx, /* is failed */ 1); + openssl_handle_handshake_failure (ctx); return -1; } @@ -758,7 +768,7 @@ openssl_transport_close (tls_ctx_t * ctx) { if (!openssl_handshake_is_over (ctx)) { - session_close (session_get_from_handle (ctx->tls_session_handle)); + openssl_handle_handshake_failure (ctx); return 0; } session_transport_closing_notify (&ctx->connection); |