From 1d77af830616c0fb6728d528bdf92c3edb1f417e Mon Sep 17 00:00:00 2001 From: bluhm Date: Tue, 22 Mar 2022 22:58:00 +0000 Subject: [PATCH] Call tls_close() in libevent TLS wrapper of syslogd when the other side terminates the TLS connection. It results in a proper shutdown and the TLS peer has a chance to detect errors. This is expecially important for the client side. Due to the reduced TLS 1.3 handshake, errors might be undetected and log messages dropped silently. By doing a matching TLS shutdown on his side, the client can receive the error. Instead of checking socket writability and calling tls_close() repeatedly, syslogd calls it only once. As the other side has closed the connection anyway it is our turn to write the shutdown message. Do not care about errors here and avoid complexity. OK tb@ --- usr.sbin/syslogd/evbuffer_tls.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/usr.sbin/syslogd/evbuffer_tls.c b/usr.sbin/syslogd/evbuffer_tls.c index 3fa75c499a2..56bd2cf4398 100644 --- a/usr.sbin/syslogd/evbuffer_tls.c +++ b/usr.sbin/syslogd/evbuffer_tls.c @@ -1,4 +1,4 @@ -/* $OpenBSD: evbuffer_tls.c,v 1.12 2019/06/28 13:32:51 deraadt Exp $ */ +/* $OpenBSD: evbuffer_tls.c,v 1.13 2022/03/22 22:58:00 bluhm Exp $ */ /* * Copyright (c) 2002-2004 Niels Provos @@ -111,6 +111,7 @@ buffertls_readcb(int fd, short event, void *arg) what |= EVBUFFER_ERROR; break; case 0: + tls_close(ctx); what |= EVBUFFER_EOF; break; } -- 2.20.1