tls: fix handling of failed accepts

author Florin Coras <fcoras@cisco.com>

Sat, 29 May 2021 01:28:05 +0000 (18:28 -0700)

committer Florin Coras <fcoras@cisco.com>

Sat, 29 May 2021 01:48:22 +0000 (18:48 -0700)
author Florin Coras <fcoras@cisco.com>
Sat, 29 May 2021 01:28:05 +0000 (18:28 -0700)
committer Florin Coras <fcoras@cisco.com>
Sat, 29 May 2021 01:48:22 +0000 (18:48 -0700)
diff --git a/src/plugins/tlsopenssl/tls_openssl.c b/src/plugins/tlsopenssl/tls_openssl.c

index 496d777..05cd13c 100644 (file)
--- a/src/plugins/tlsopenssl/tls_openssl.c
+++ b/src/plugins/tlsopenssl/tls_openssl.c
@@ -341,9 +341,18 @@ openssl_ctx_handshake_rx (tls_ctx_t * ctx, session_t * tls_session)
      {
        /* Need to check transport status */
        if (ctx->is_passive_close)
-       openssl_handle_handshake_failure (ctx);
-      else
-       tls_notify_app_accept (ctx);
+       {
+         openssl_handle_handshake_failure (ctx);
+         return -1;
+       }
+
+      /* Accept failed, cleanup */
+      if (tls_notify_app_accept (ctx))
+       {
+         ctx->c_s_index = SESSION_INVALID_INDEX;
+         tls_disconnect_transport (ctx);
+         return -1;
+       }
      }
  
    TLS_DBG (1, "Handshake for %u complete. TLS cipher is %s",
author	Florin Coras <fcoras@cisco.com>
	Sat, 29 May 2021 01:28:05 +0000 (18:28 -0700)
committer	Florin Coras <fcoras@cisco.com>
	Sat, 29 May 2021 01:48:22 +0000 (18:48 -0700)