From: Wouter Wijngaards Date: Tue, 25 Sep 2018 09:01:13 +0000 (+0000) Subject: - Add SSL cleanup for tcp timeout. X-Git-Tag: release-1.8.1rc1~3 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=377d5b426a30fc915cf7905786f93c0ec89845b7;p=thirdparty%2Funbound.git - Add SSL cleanup for tcp timeout. git-svn-id: file:///svn/unbound/trunk@4915 be551aaa-1e26-0410-a405-d3ace91eadb9 --- diff --git a/doc/Changelog b/doc/Changelog index 63fecca8b..717cd3384 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -3,6 +3,7 @@ for DNS over TLS service. It sets the configured tls auth name. This is useful for hosts that apart from the DNS over TLS services also provide other (web) services. + - Add SSL cleanup for tcp timeout. 17 September 2018: Wouter - Fix compile on Mac for unbound, provide explicit_bzero when libc diff --git a/services/outside_network.c b/services/outside_network.c index 54bbf6f56..e2c59c461 100644 --- a/services/outside_network.c +++ b/services/outside_network.c @@ -366,7 +366,9 @@ outnet_tcp_take_into_use(struct waiting_tcp* w, uint8_t* pkt, size_t pkt_len) #endif pend->c->ssl_shake_state = comm_ssl_shake_write; if(w->tls_auth_name) { +#ifdef HAVE_SSL (void)SSL_set_tlsext_host_name(pend->c->ssl, w->tls_auth_name); +#endif } #ifdef HAVE_SSL_SET1_HOST if(w->tls_auth_name) { @@ -377,6 +379,8 @@ outnet_tcp_take_into_use(struct waiting_tcp* w, uint8_t* pkt, size_t pkt_len) if(!SSL_set1_host(pend->c->ssl, w->tls_auth_name)) { log_err("SSL_set1_host failed"); pend->c->fd = s; + SSL_free(pend->c->ssl); + pend->c->ssl = NULL; comm_point_close(pend->c); return 0; } @@ -1264,6 +1268,13 @@ outnet_tcptimer(void* arg) } else { /* it was in use */ struct pending_tcp* pend=(struct pending_tcp*)w->next_waiting; + if(pend->c->ssl) { +#ifdef HAVE_SSL + SSL_shutdown(pend->c->ssl); + SSL_free(pend->c->ssl); + pend->c->ssl = NULL; +#endif + } comm_point_close(pend->c); pend->query = NULL; pend->next_free = outnet->tcp_free;