- Add SSL cleanup for tcp timeout.

author Wouter Wijngaards <wouter@nlnetlabs.nl>

Tue, 25 Sep 2018 09:01:13 +0000 (09:01 +0000)

committer Wouter Wijngaards <wouter@nlnetlabs.nl>

Tue, 25 Sep 2018 09:01:13 +0000 (09:01 +0000)
author Wouter Wijngaards <wouter@nlnetlabs.nl>
Tue, 25 Sep 2018 09:01:13 +0000 (09:01 +0000)
committer Wouter Wijngaards <wouter@nlnetlabs.nl>
Tue, 25 Sep 2018 09:01:13 +0000 (09:01 +0000)
diff --git a/doc/Changelog b/doc/Changelog

index 63fecca8b86d3a1a242b7036c396cb29a3d07c8c..717cd33849898a23c56451bcb35db2cd0caa874d 100644 (file)
--- a/doc/Changelog
+++ b/doc/Changelog
@@ -3,6 +3,7 @@
           for DNS over TLS service.  It sets the configured tls auth name.
           This is useful for hosts that apart from the DNS over TLS services
           also provide other (web) services.
+       - Add SSL cleanup for tcp timeout.
  
  17 September 2018: Wouter
         - Fix compile on Mac for unbound, provide explicit_bzero when libc
diff --git a/services/outside_network.c b/services/outside_network.c

index 54bbf6f56b2500673e505d795359c0b65194860c..e2c59c4616ddc482687713ce859beeb974410fea 100644 (file)
--- a/services/outside_network.c
+++ b/services/outside_network.c
@@ -366,7 +366,9 @@ outnet_tcp_take_into_use(struct waiting_tcp* w, uint8_t* pkt, size_t pkt_len)
  #endif
                 pend->c->ssl_shake_state = comm_ssl_shake_write;
                 if(w->tls_auth_name) {
+#ifdef HAVE_SSL
                         (void)SSL_set_tlsext_host_name(pend->c->ssl, w->tls_auth_name);
+#endif
                 }
  #ifdef HAVE_SSL_SET1_HOST
                 if(w->tls_auth_name) {
@@ -377,6 +379,8 @@ outnet_tcp_take_into_use(struct waiting_tcp* w, uint8_t* pkt, size_t pkt_len)
                          if(!SSL_set1_host(pend->c->ssl, w->tls_auth_name)) {
                                  log_err("SSL_set1_host failed");
                                 pend->c->fd = s;
+                               SSL_free(pend->c->ssl);
+                               pend->c->ssl = NULL;
                                 comm_point_close(pend->c);
                                 return 0;
                         }
@@ -1264,6 +1268,13 @@ outnet_tcptimer(void* arg)
         } else {
                 /* it was in use */
                 struct pending_tcp* pend=(struct pending_tcp*)w->next_waiting;
+               if(pend->c->ssl) {
+#ifdef HAVE_SSL
+                       SSL_shutdown(pend->c->ssl);
+                       SSL_free(pend->c->ssl);
+                       pend->c->ssl = NULL;
+#endif
+               }
                 comm_point_close(pend->c);
                 pend->query = NULL;
                 pend->next_free = outnet->tcp_free;
author	Wouter Wijngaards <wouter@nlnetlabs.nl>
	Tue, 25 Sep 2018 09:01:13 +0000 (09:01 +0000)
committer	Wouter Wijngaards <wouter@nlnetlabs.nl>
	Tue, 25 Sep 2018 09:01:13 +0000 (09:01 +0000)
doc/Changelog		patch \| blob \| blame \| history
services/outside_network.c		patch \| blob \| blame \| history