Closes #261. Fix by Thijs Alkemade.
- use conf_global_log_file instead of stderr - when a SSL handshake error occurs, close socket
This commit is contained in:
parent
f1bec50a9c
commit
df45c4c2d6
|
@ -21,6 +21,7 @@ extern int errno;
|
||||||
static int ssl_initialized = 0;
|
static int ssl_initialized = 0;
|
||||||
static SSL_CTX *sslctx = NULL;
|
static SSL_CTX *sslctx = NULL;
|
||||||
static int ssl_cx_idx;
|
static int ssl_cx_idx;
|
||||||
|
extern FILE *conf_global_log_file;
|
||||||
static BIO *errbio = NULL;
|
static BIO *errbio = NULL;
|
||||||
extern char *conf_ssl_certfile;
|
extern char *conf_ssl_certfile;
|
||||||
static int SSLize(connection_t *cn, int *nc);
|
static int SSLize(connection_t *cn, int *nc);
|
||||||
|
@ -1232,7 +1233,7 @@ static SSL_CTX *SSL_init_context(void)
|
||||||
if (!ssl_initialized) {
|
if (!ssl_initialized) {
|
||||||
SSL_library_init();
|
SSL_library_init();
|
||||||
SSL_load_error_strings();
|
SSL_load_error_strings();
|
||||||
errbio = BIO_new_fp(stderr,BIO_NOCLOSE);
|
errbio = BIO_new_fp(conf_global_log_file, BIO_NOCLOSE);
|
||||||
|
|
||||||
ssl_cx_idx = SSL_get_ex_new_index(0, "bip connection_t",
|
ssl_cx_idx = SSL_get_ex_new_index(0, "bip connection_t",
|
||||||
NULL, NULL,NULL);
|
NULL, NULL,NULL);
|
||||||
|
@ -1427,6 +1428,7 @@ static int SSLize(connection_t *cn, int *nc)
|
||||||
/* From now on, we are on error, thus we return 1 to check timeout */
|
/* From now on, we are on error, thus we return 1 to check timeout */
|
||||||
if (err2 == SSL_ERROR_ZERO_RETURN || err2 == SSL_ERROR_SSL) {
|
if (err2 == SSL_ERROR_ZERO_RETURN || err2 == SSL_ERROR_SSL) {
|
||||||
mylog(LOG_ERROR, "Error in SSL handshake.");
|
mylog(LOG_ERROR, "Error in SSL handshake.");
|
||||||
|
connection_close(cn);
|
||||||
cn->connected = CONN_ERROR;
|
cn->connected = CONN_ERROR;
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue