diff options
| author |   jsing <jsing@openbsd.org> | 2015-09-10 10:15:46 +0000 |
|---|---|---|
| committer | jsing <jsing@openbsd.org> | 2015-09-10 10:15:46 +0000 |
| commit | 98ba4714fc90a858d18deea871bb18029f555c5e (patch) | |
| tree | bdc04be46477c17e7a221d6a5484ffb77b6bb715 | |
| parent | tweak Nd after previous; ok mpi (diff) | |
| download | wireguard-openbsd-98ba4714fc90a858d18deea871bb18029f555c5e.tar.xz wireguard-openbsd-98ba4714fc90a858d18deea871bb18029f555c5e.zip | |
Update httpd to call tls_handshake() after tls_accept_socket().
ok beck@
| -rw-r--r-- | usr.sbin/httpd/server.c | 28 |
1 files changed, 16 insertions, 12 deletions
diff --git a/usr.sbin/httpd/server.c b/usr.sbin/httpd/server.c index 986250ae8ac..2240a968efc 100644 --- a/usr.sbin/httpd/server.c +++ b/usr.sbin/httpd/server.c @@ -1,4 +1,4 @@ -/* $OpenBSD: server.c,v 1.76 2015/09/07 14:46:24 reyk Exp $ */ +/* $OpenBSD: server.c,v 1.77 2015/09/10 10:15:46 jsing Exp $ */ /* * Copyright (c) 2006 - 2015 Reyk Floeter <reyk@openbsd.org> @@ -65,7 +65,7 @@ void server_tls_readcb(int, short, void *); void server_tls_writecb(int, short, void *); void server_accept(int, short, void *); -void server_accept_tls(int, short, void *); +void server_handshake_tls(int, short, void *); void server_input(struct client *); void server_inflight_dec(struct client *, const char *); @@ -915,8 +915,13 @@ server_accept(int fd, short event, void *arg) } if (srv->srv_conf.flags & SRVFLAG_TLS) { + if (tls_accept_socket(srv->srv_tls_ctx, &clt->clt_tls_ctx, + clt->clt_s) != 0) { + server_close(clt, "failed to setup tls context"); + return; + } event_again(&clt->clt_ev, clt->clt_s, EV_TIMEOUT|EV_READ, - server_accept_tls, &clt->clt_tv_start, + server_handshake_tls, &clt->clt_tv_start, &srv->srv_conf.timeout, clt); return; } @@ -937,34 +942,33 @@ server_accept(int fd, short event, void *arg) } void -server_accept_tls(int fd, short event, void *arg) +server_handshake_tls(int fd, short event, void *arg) { struct client *clt = (struct client *)arg; struct server *srv = (struct server *)clt->clt_srv; int ret; if (event == EV_TIMEOUT) { - server_close(clt, "TLS accept timeout"); + server_close(clt, "TLS handshake timeout"); return; } if (srv->srv_tls_ctx == NULL) fatalx("NULL tls context"); - ret = tls_accept_socket(srv->srv_tls_ctx, &clt->clt_tls_ctx, - clt->clt_s); + ret = tls_handshake(clt->clt_tls_ctx); if (ret == TLS_READ_AGAIN) { event_again(&clt->clt_ev, clt->clt_s, EV_TIMEOUT|EV_READ, - server_accept_tls, &clt->clt_tv_start, + server_handshake_tls, &clt->clt_tv_start, &srv->srv_conf.timeout, clt); } else if (ret == TLS_WRITE_AGAIN) { event_again(&clt->clt_ev, clt->clt_s, EV_TIMEOUT|EV_WRITE, - server_accept_tls, &clt->clt_tv_start, + server_handshake_tls, &clt->clt_tv_start, &srv->srv_conf.timeout, clt); } else if (ret != 0) { - log_warnx("%s: TLS accept failed - %s", __func__, - tls_error(srv->srv_tls_ctx)); - server_close(clt, "TLS accept failed"); + log_warnx("%s: TLS handshake failed - %s", __func__, + tls_error(clt->clt_tls_ctx)); + server_close(clt, "TLS handshake failed"); return; } |