Use a flag to track when we need to call SSL_shutdown(). This avoids an

issue where by calling tls_close() on a TLS context that has not attempted a handshake, results in an unexpected failure. Reported by Vinay Sajip. ok beck@
author: jsing <jsing@openbsd.org> 2017-01-26 12:56:37 +0000
committer: jsing <jsing@openbsd.org> 2017-01-26 12:56:37 +0000
commit: 5a7524621d10b846258a07d3c583b8ed75a4f7ea (patch)
tree: fe4364f421c00b231cd5979a9eb62841c4e6dd8f /lib/libtls/tls_internal.h
parent: Bump TLS_API due to new features being added earlier this week. (diff)
download: wireguard-openbsd-5a7524621d10b846258a07d3c583b8ed75a4f7ea.tar.xz
wireguard-openbsd-5a7524621d10b846258a07d3c583b8ed75a4f7ea.zip
1 files changed, 2 insertions, 1 deletions
diff --git a/lib/libtls/tls_internal.h b/lib/libtls/tls_internal.h
index 3650ca94623..37737c3499c 100644
--- a/lib/libtls/tls_internal.h
+++ b/lib/libtls/tls_internal.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls_internal.h,v 1.51 2017/01/24 01:48:05 claudio Exp $ */
+/* $OpenBSD: tls_internal.h,v 1.52 2017/01/26 12:56:37 jsing Exp $ */
 /*
  * Copyright (c) 2014 Jeremie Courreges-Anglas <jca@openbsd.org>
  * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
@@ -118,6 +118,7 @@ struct tls_conninfo {
 
 #define TLS_EOF_NO_CLOSE_NOTIFY	(1 << 0)
 #define TLS_HANDSHAKE_COMPLETE	(1 << 1)
+#define TLS_SSL_NEEDS_SHUTDOWN  (1 << 2)
 
 struct tls_ocsp_result {
 	const char *result_msg;
author	jsing <jsing@openbsd.org>	2017-01-26 12:56:37 +0000
committer	jsing <jsing@openbsd.org>	2017-01-26 12:56:37 +0000
commit	5a7524621d10b846258a07d3c583b8ed75a4f7ea (patch)
tree	fe4364f421c00b231cd5979a9eb62841c4e6dd8f /lib/libtls/tls_internal.h
parent	Bump TLS_API due to new features being added earlier this week. (diff)
download	wireguard-openbsd-5a7524621d10b846258a07d3c583b8ed75a4f7ea.tar.xz wireguard-openbsd-5a7524621d10b846258a07d3c583b8ed75a4f7ea.zip