From ce48c877443dcaa13790620823a3a8c20a6e27b8 Mon Sep 17 00:00:00 2001 From: Florin Coras Date: Fri, 28 May 2021 18:28:05 -0700 Subject: tls: fix handling of failed accepts Type: fix Signed-off-by: Florin Coras Change-Id: I34b53dcaf4f049157b538ea40a39033d43e525a5 (cherry picked from commit b6fe52f3da79d4c4ea8095b9d36988b0825a9891) --- src/plugins/tlsopenssl/tls_openssl.c | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/src/plugins/tlsopenssl/tls_openssl.c b/src/plugins/tlsopenssl/tls_openssl.c index 496d777d3b3..05cd13c9970 100644 --- a/src/plugins/tlsopenssl/tls_openssl.c +++ b/src/plugins/tlsopenssl/tls_openssl.c @@ -341,9 +341,18 @@ openssl_ctx_handshake_rx (tls_ctx_t * ctx, session_t * tls_session) { /* Need to check transport status */ if (ctx->is_passive_close) - openssl_handle_handshake_failure (ctx); - else - tls_notify_app_accept (ctx); + { + openssl_handle_handshake_failure (ctx); + return -1; + } + + /* Accept failed, cleanup */ + if (tls_notify_app_accept (ctx)) + { + ctx->c_s_index = SESSION_INVALID_INDEX; + tls_disconnect_transport (ctx); + return -1; + } } TLS_DBG (1, "Handshake for %u complete. TLS cipher is %s", -- cgit 1.2.3-korg