From: Amos Jeffries <squid3@treenet.co.nz>
Date: Sun, 15 Jan 2017 11:33:10 +0000 (+1300)
Subject: Reset TLS session unconditionally on PeerConnector errors
X-Git-Tag: M-staged-PR71~284^2~10
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=6c22b9ec06b01ccd29a8a72e5860bb26d6fe34b0;p=thirdparty%2Fsquid.git

Reset TLS session unconditionally on PeerConnector errors

The session state cleanup should be done regardless of library.

GnuTLS crash was the result of a bug elsewhere which is now fixed. So
remove mention of that.
---

diff --git a/src/security/PeerConnector.cc b/src/security/PeerConnector.cc
index 5b199ab55b..194a1bb032 100644
--- a/src/security/PeerConnector.cc
+++ b/src/security/PeerConnector.cc
@@ -552,12 +552,9 @@ Security::PeerConnector::bail(ErrorState *error)
     // minimize the number of fd-closure notifications and let the recepient
     // manage the TCP state of the connection.
 
-#if USE_GNUTLS
-    // but we do need to release the bad TLS related details in fd_table
-    // ... or GnuTLS will SEGFAULT.
+    // but we should release the TLS session (if any)
     const int fd = serverConnection()->fd;
     Security::SessionClose(fd_table[fd].ssl, fd);
-#endif
 }
 
 void