From 38c90daa52759ff3b98f4e46027b9ff1383459c0 Mon Sep 17 00:00:00 2001 From: jsing Date: Wed, 6 Jul 2016 02:32:57 +0000 Subject: [PATCH] Correctly handle an EOF that occurs prior to the TLS handshake completing. Reported by Vasily Kolobkov, based on a diff from Marko Kreen. ok beck@ --- lib/libtls/tls.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/lib/libtls/tls.c b/lib/libtls/tls.c index 76d00e53f36..783d320a9d4 100644 --- a/lib/libtls/tls.c +++ b/lib/libtls/tls.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tls.c,v 1.38 2016/05/27 14:38:40 jsing Exp $ */ +/* $OpenBSD: tls.c,v 1.39 2016/07/06 02:32:57 jsing Exp $ */ /* * Copyright (c) 2014 Joel Sing * @@ -418,8 +418,11 @@ tls_ssl_error(struct tls *ctx, SSL *ssl_conn, int ssl_ret, const char *prefix) if ((err = ERR_peek_error()) != 0) { errstr = ERR_error_string(err, NULL); } else if (ssl_ret == 0) { - ctx->state |= TLS_EOF_NO_CLOSE_NOTIFY; - return (0); + if ((ctx->state & TLS_HANDSHAKE_COMPLETE) != 0) { + ctx->state |= TLS_EOF_NO_CLOSE_NOTIFY; + return (0); + } + errstr = "unexpected EOF"; } else if (ssl_ret == -1) { errstr = strerror(errno); } -- 2.20.1