From: Alan T. DeKok <aland@freeradius.org>
Date: Wed, 7 Apr 2021 17:11:33 +0000 (-0400)
Subject: close connection on "no TLS data, but connection isn't set up"
X-Git-Tag: release_3_0_24~124
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=75620b2fb9e7eb4f7853373fe3ffc2f67e97bb22;p=thirdparty%2Ffreeradius-server.git

close connection on "no TLS data, but connection isn't set up"
---

diff --git a/src/main/tls_listen.c b/src/main/tls_listen.c
index 8d05342ea81..0c3a4cfcb3c 100644
--- a/src/main/tls_listen.c
+++ b/src/main/tls_listen.c
@@ -275,9 +275,21 @@ check_for_setup:
 	 *	presented by the client.
 	 */
 	if (sock->state == LISTEN_TLS_INIT) {
+		/*
+		 *	If INIT isn't finished, but there's no data,
+		 *	just close the connection.  The other end is
+		 *	being unfriendly.
+		 */
 		if (!SSL_is_init_finished(sock->ssn->ssl)) {
-			RDEBUG("FAILED in TLS handshake receive");
-			goto do_close;
+			listener->status = RAD_LISTEN_STATUS_REMOVE_NOW;
+			listener->tls = NULL; /* parent owns this! */
+			PTHREAD_MUTEX_UNLOCK(&sock->mutex);
+
+			/*
+			 *	Tell the event handler that an FD has disappeared.
+			 */
+			radius_update_listener(listener);
+			return 0;
 		}
 
 		sock->ssn->is_init_finished = true;