tls: fix handling of client and server init errors

- notify app on failed connect
- avoid cleanup of ctx before transport cleanup to be able to handle
pending rx notifications.

Type: fix

Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I1b70ad45109d4c942afa1990dfce4fc44a50a637

1 files changed, 9 insertions, 11 deletions

diff --git a/src/vnet/tls/tls.c b/src/vnet/tls/tls.c
index 0fe4bb2de3c..c2fe4d7e75b 100644
--- a/src/vnet/tls/tls.c
+++ b/src/vnet/tls/tls.c
@@ -466,7 +466,6 @@ tls_session_accept_callback (session_t * tls_session)
   session_t *tls_listener, *app_session;
   tls_ctx_t *lctx, *ctx;
   u32 ctx_handle;
-  int rv;
 
   tls_listener =
     listen_session_get_from_handle (tls_session->listener_handle);
@@ -496,14 +495,15 @@ tls_session_accept_callback (session_t * tls_session)
   TLS_DBG (1, "Accept on listener %u new connection [%u]%x",
 	   tls_listener->opaque, vlib_get_thread_index (), ctx_handle);
 
-  rv = tls_ctx_init_server (ctx);
-  if (rv)
+  if (tls_ctx_init_server (ctx))
     {
+      /* Do not free ctx yet, in case we have pending rx events */
       session_free (app_session);
-      tls_ctx_free (ctx);
+      ctx->no_app_session = 1;
+      tls_disconnect_transport (ctx);
     }
 
-  return rv;
+  return 0;
 }
 
 int
@@ -548,7 +548,6 @@ tls_session_connected_cb (u32 tls_app_index, u32 ho_ctx_index,
   tls_ctx_t *ho_ctx, *ctx;
   session_type_t st;
   u32 ctx_handle;
-  int rv;
 
   ho_ctx = tls_ctx_half_open_get (ho_ctx_index);
 
@@ -578,14 +577,13 @@ tls_session_connected_cb (u32 tls_app_index, u32 ho_ctx_index,
   app_session->session_type = st;
   app_session->connection_index = ctx->tls_ctx_handle;
 
-  rv = tls_ctx_init_client (ctx);
-  if (rv)
+  if (tls_ctx_init_client (ctx))
     {
-      session_free (app_session);
-      tls_ctx_free (ctx);
+      tls_notify_app_connected (ctx, SESSION_E_TLS_HANDSHAKE);
+      tls_disconnect_transport (ctx);
     }
 
-  return rv;
+  return 0;
 }
 
 int