From 14bfd3d8b81f91caacd572ad426638e5375d2eb3 Mon Sep 17 00:00:00 2001 From: Florin Coras Date: Wed, 8 Nov 2023 19:57:38 -0800 Subject: [PATCH] tls: fix handling of client and server init errors - notify app on failed connect - avoid cleanup of ctx before transport cleanup to be able to handle pending rx notifications. Type: fix Signed-off-by: Florin Coras Change-Id: I1b70ad45109d4c942afa1990dfce4fc44a50a637 --- src/vnet/tls/tls.c | 20 +++++++++----------- 1 file changed, 9 insertions(+), 11 deletions(-) diff --git a/src/vnet/tls/tls.c b/src/vnet/tls/tls.c index 0fe4bb2de3c..c2fe4d7e75b 100644 --- a/src/vnet/tls/tls.c +++ b/src/vnet/tls/tls.c @@ -466,7 +466,6 @@ tls_session_accept_callback (session_t * tls_session) session_t *tls_listener, *app_session; tls_ctx_t *lctx, *ctx; u32 ctx_handle; - int rv; tls_listener = listen_session_get_from_handle (tls_session->listener_handle); @@ -496,14 +495,15 @@ tls_session_accept_callback (session_t * tls_session) TLS_DBG (1, "Accept on listener %u new connection [%u]%x", tls_listener->opaque, vlib_get_thread_index (), ctx_handle); - rv = tls_ctx_init_server (ctx); - if (rv) + if (tls_ctx_init_server (ctx)) { + /* Do not free ctx yet, in case we have pending rx events */ session_free (app_session); - tls_ctx_free (ctx); + ctx->no_app_session = 1; + tls_disconnect_transport (ctx); } - return rv; + return 0; } int @@ -548,7 +548,6 @@ tls_session_connected_cb (u32 tls_app_index, u32 ho_ctx_index, tls_ctx_t *ho_ctx, *ctx; session_type_t st; u32 ctx_handle; - int rv; ho_ctx = tls_ctx_half_open_get (ho_ctx_index); @@ -578,14 +577,13 @@ tls_session_connected_cb (u32 tls_app_index, u32 ho_ctx_index, app_session->session_type = st; app_session->connection_index = ctx->tls_ctx_handle; - rv = tls_ctx_init_client (ctx); - if (rv) + if (tls_ctx_init_client (ctx)) { - session_free (app_session); - tls_ctx_free (ctx); + tls_notify_app_connected (ctx, SESSION_E_TLS_HANDSHAKE); + tls_disconnect_transport (ctx); } - return rv; + return 0; } int -- 2.16.6