Call tls_close() before closing the underlying socket - wireguard-openbsd - WireGuard implementation for the OpenBSD kernel

diff options

author	tb <tb@openbsd.org>	2021-01-02 18:31:06 +0000
committer	tb <tb@openbsd.org>	2021-01-02 18:31:06 +0000
commit	4a4801be5ecb49d87f8d5f84056617d93d2dd5e8 (patch)
tree	f5bf244f5e8f39f476b84d41afc97e30817527ee /gnu/llvm/libcxx/include/algorithm
parent	Free {alert,phh}_data in tls13_record_layer_free() (diff)
download	wireguard-openbsd-4a4801be5ecb49d87f8d5f84056617d93d2dd5e8.tar.xz wireguard-openbsd-4a4801be5ecb49d87f8d5f84056617d93d2dd5e8.zip

Call tls_close() before closing the underlying socket

In order to end a TLS connection regularly, an implementation MUST send a close_notify alert. libtls does this in tls_close() via SSL_shutdown(), so the socket had better still be open. The incorrect order in server_close() caused a leak on each tls connection due to a bug in libssl (fixed in tls_record_layer.c r1.56). As pointed out by claudio, tls_close() should really be handled from the main event loop. This will be addressed in a later commit. ok claudio florian jsing

Diffstat (limited to 'gnu/llvm/libcxx/include/algorithm')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: