From: Artem Boldariev <artem@boldariev.com>
Date: Tue, 26 Jul 2022 14:07:19 +0000 (+0300)
Subject: TLS: isc_nm_bad_request() and isc__nmsocket_reset() support
X-Git-Tag: v9.19.9~68^2~32
X-Git-Url: http://git.ipfire.org/gitweb/index.cgi?a=commitdiff_plain;h=c0808532e18bcd68b4a71c982468355ec4e179f6;p=thirdparty%2Fbind9.git

TLS: isc_nm_bad_request() and isc__nmsocket_reset() support

This commit adds implementations of isc_nm_bad_request() and
isc__nmsocket_reset() to the generic TLS stream code in order to make
it more compatible with TCP code.
---

diff --git a/lib/isc/netmgr/netmgr-int.h b/lib/isc/netmgr/netmgr-int.h
index d467b81d041..4bc5fc22a3e 100644
--- a/lib/isc/netmgr/netmgr-int.h
+++ b/lib/isc/netmgr/netmgr-int.h
@@ -1563,6 +1563,9 @@ isc__nm_tls_cleartimeout(isc_nmhandle_t *handle);
  * around.
  */
 
+void
+isc__nmsocket_tls_reset(isc_nmsocket_t *sock);
+
 const char *
 isc__nm_tls_verify_tls_peer_result_string(const isc_nmhandle_t *handle);
 
diff --git a/lib/isc/netmgr/netmgr.c b/lib/isc/netmgr/netmgr.c
index 9563f27ef7c..d3ba6f2382b 100644
--- a/lib/isc/netmgr/netmgr.c
+++ b/lib/isc/netmgr/netmgr.c
@@ -2330,6 +2330,11 @@ isc__nmsocket_reset(isc_nmsocket_t *sock) {
 		 */
 		REQUIRE(sock->parent == NULL);
 		break;
+#ifdef HAVE_LIBNGHTTP2
+	case isc_nm_tlssocket:
+		isc__nmsocket_tls_reset(sock);
+		return;
+#endif /* HAVE_LIBNGHTTP2 */
 	default:
 		UNREACHABLE();
 		break;
@@ -2548,6 +2553,10 @@ isc_nm_bad_request(isc_nmhandle_t *handle) {
 		return;
 	case isc_nm_tcpdnssocket:
 	case isc_nm_tlsdnssocket:
+	case isc_nm_tcpsocket:
+#if HAVE_LIBNGHTTP2
+	case isc_nm_tlssocket:
+#endif /* HAVE_LIBNGHTTP2 */
 		REQUIRE(sock->parent == NULL);
 		isc__nmsocket_reset(sock);
 		return;
@@ -2555,10 +2564,6 @@ isc_nm_bad_request(isc_nmhandle_t *handle) {
 	case isc_nm_httpsocket:
 		isc__nm_http_bad_request(handle);
 		return;
-#endif /* HAVE_LIBNGHTTP2 */
-	case isc_nm_tcpsocket:
-#if HAVE_LIBNGHTTP2
-	case isc_nm_tlssocket:
 #endif /* HAVE_LIBNGHTTP2 */
 	default:
 		UNREACHABLE();
diff --git a/lib/isc/netmgr/tlsstream.c b/lib/isc/netmgr/tlsstream.c
index a1e59b54add..e1602461eee 100644
--- a/lib/isc/netmgr/tlsstream.c
+++ b/lib/isc/netmgr/tlsstream.c
@@ -1203,6 +1203,18 @@ isc__nmhandle_tls_setwritetimeout(isc_nmhandle_t *handle,
 	}
 }
 
+void
+isc__nmsocket_tls_reset(isc_nmsocket_t *sock) {
+	REQUIRE(VALID_NMSOCK(sock));
+	REQUIRE(sock->type == isc_nm_tlssocket);
+
+	if (sock->outerhandle != NULL) {
+		INSIST(VALID_NMHANDLE(sock->outerhandle));
+		REQUIRE(VALID_NMSOCK(sock->outerhandle->sock));
+		isc__nmsocket_reset(sock->outerhandle->sock);
+	}
+}
+
 const char *
 isc__nm_tls_verify_tls_peer_result_string(const isc_nmhandle_t *handle) {
 	isc_nmsocket_t *sock = NULL;