X-Git-Url: https://gerrit.fd.io/r/gitweb?a=blobdiff_plain;f=src%2Fplugins%2Ftlsopenssl%2Ftls_openssl.c;h=a21e3bb54c18336acdfd654f1900379ceeff1aca;hb=4f30bc74577959efddfe4bc544cea4ec5c7019da;hp=5e58913342b69c5eba68f775ed0c137f01628bfd;hpb=ea158d64a0aa0673807c74ce00fc854519ba589c;p=vpp.git diff --git a/src/plugins/tlsopenssl/tls_openssl.c b/src/plugins/tlsopenssl/tls_openssl.c index 5e58913342b..a21e3bb54c1 100644 --- a/src/plugins/tlsopenssl/tls_openssl.c +++ b/src/plugins/tlsopenssl/tls_openssl.c @@ -263,22 +263,18 @@ openssl_check_async_status (tls_ctx_t * ctx, openssl_resume_handler * handler, static void openssl_handle_handshake_failure (tls_ctx_t * ctx) { - session_t *app_session; + /* Failed to renegotiate handshake */ + if (ctx->flags & TLS_CONN_F_HS_DONE) + { + tls_notify_app_io_error (ctx); + tls_disconnect_transport (ctx); + return; + } if (SSL_is_server (((openssl_ctx_t *) ctx)->ssl)) { - /* - * Cleanup pre-allocated app session and close transport - */ - app_session = - session_get_if_valid (ctx->c_s_index, ctx->c_thread_index); - if (app_session) - { - session_free (app_session); - ctx->c_s_index = SESSION_INVALID_INDEX; - tls_disconnect_transport (ctx); - } ctx->flags |= TLS_CONN_F_NO_APP_SESSION; + tls_disconnect_transport (ctx); } else { @@ -334,6 +330,10 @@ openssl_ctx_handshake_rx (tls_ctx_t * ctx, session_t * tls_session) if (SSL_in_init (oc->ssl)) return -1; + /* Renegotiated handshake, app must not be notified */ + if (PREDICT_FALSE (ctx->flags & TLS_CONN_F_HS_DONE)) + return 0; + /* * Handshake complete */ @@ -379,7 +379,7 @@ openssl_ctx_handshake_rx (tls_ctx_t * ctx, session_t * tls_session) return -1; } } - + ctx->flags |= TLS_CONN_F_HS_DONE; TLS_DBG (1, "Handshake for %u complete. TLS cipher is %s", oc->openssl_ctx_index, SSL_get_cipher (oc->ssl)); return rv; @@ -1231,12 +1231,10 @@ tls_openssl_init (vlib_main_t * vm) return error; } -/* *INDENT-OFF* */ VLIB_INIT_FUNCTION (tls_openssl_init) = { .runs_after = VLIB_INITS("tls_init"), }; -/* *INDENT-ON* */ #ifdef HAVE_OPENSSL_ASYNC static clib_error_t * @@ -1307,22 +1305,18 @@ tls_openssl_set_command_fn (vlib_main_t * vm, unformat_input_t * input, return 0; } -/* *INDENT-OFF* */ VLIB_CLI_COMMAND (tls_openssl_set_command, static) = { .path = "tls openssl set", .short_help = "tls openssl set [engine ] [alg [algorithm] [async]", .function = tls_openssl_set_command_fn, }; -/* *INDENT-ON* */ #endif -/* *INDENT-OFF* */ VLIB_PLUGIN_REGISTER () = { .version = VPP_BUILD_VER, .description = "Transport Layer Security (TLS) Engine, OpenSSL Based", }; -/* *INDENT-ON* */ /* * fd.io coding-style-patch-verification: ON