ligang/vpp
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

tls: handle attepts to renegotiate hs

Browse Source 
Type: fix

Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: I549d0c8715e5c06bfc22be26ca1dc78ec3c29a61
This commit is contained in:
Florin Coras
2024-03-13 22:03:33 -07:00
committed by Dave Barach
parent dc4d21e9ce
commit ac60efd523
3 changed files with 16 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
src/plugins/tlsopenssl/tls_openssl.c
View File

@@ -265,6 +265,14 @@ openssl_handle_handshake_failure (tls_ctx_t * ctx)
{
session_t *app_session;
/* Failed to renegotiate handshake */
if (ctx->flags & TLS_CONN_F_HS_DONE)
{
tls_notify_app_io_error (ctx);
tls_disconnect_transport (ctx);
return;
}
if (SSL_is_server (((openssl_ctx_t *) ctx)->ssl))
{
/*
@@ -334,6 +342,10 @@ openssl_ctx_handshake_rx (tls_ctx_t * ctx, session_t * tls_session)
if (SSL_in_init (oc->ssl))
return -1;
/* Renegotiated handshake, app must not be notified */
if (PREDICT_FALSE (ctx->flags & TLS_CONN_F_HS_DONE))
return 0;
/*
* Handshake complete
*/
@@ -379,7 +391,7 @@ openssl_ctx_handshake_rx (tls_ctx_t * ctx, session_t * tls_session)
return -1;
}
}
ctx->flags |= TLS_CONN_F_HS_DONE;
TLS_DBG (1, "Handshake for %u complete. TLS cipher is %s",
oc->openssl_ctx_index, SSL_get_cipher (oc->ssl));
return rv;