close connection on "no TLS data, but connection isn't set up"

author Alan T. DeKok <aland@freeradius.org>

Wed, 7 Apr 2021 17:11:33 +0000 (13:11 -0400)

committer Alan T. DeKok <aland@freeradius.org>

Thu, 22 Jul 2021 13:55:25 +0000 (09:55 -0400)
author Alan T. DeKok <aland@freeradius.org>
Wed, 7 Apr 2021 17:11:33 +0000 (13:11 -0400)
committer Alan T. DeKok <aland@freeradius.org>
Thu, 22 Jul 2021 13:55:25 +0000 (09:55 -0400)
diff --git a/src/main/tls_listen.c b/src/main/tls_listen.c

index 8d05342ea81260ca3cb0c20f96a18f9eca887561..0c3a4cfcb3c346a6d670096802ac6697610b23cd 100644 (file)
--- a/src/main/tls_listen.c
+++ b/src/main/tls_listen.c
@@ -275,9 +275,21 @@ check_for_setup:
          *      presented by the client.
          */
         if (sock->state == LISTEN_TLS_INIT) {
+               /*
+                *      If INIT isn't finished, but there's no data,
+                *      just close the connection.  The other end is
+                *      being unfriendly.
+                */
                 if (!SSL_is_init_finished(sock->ssn->ssl)) {
-                       RDEBUG("FAILED in TLS handshake receive");
-                       goto do_close;
+                       listener->status = RAD_LISTEN_STATUS_REMOVE_NOW;
+                       listener->tls = NULL; /* parent owns this! */
+                       PTHREAD_MUTEX_UNLOCK(&sock->mutex);
+
+                       /*
+                        *      Tell the event handler that an FD has disappeared.
+                        */
+                       radius_update_listener(listener);
+                       return 0;
                 }
  
                 sock->ssn->is_init_finished = true;
author	Alan T. DeKok <aland@freeradius.org>
	Wed, 7 Apr 2021 17:11:33 +0000 (13:11 -0400)
committer	Alan T. DeKok <aland@freeradius.org>
	Thu, 22 Jul 2021 13:55:25 +0000 (09:55 -0400)