aboutsummaryrefslogtreecommitdiffstats
path: root/src/stls/stls_server_init_and_handshake.c
diff options
context:
space:
mode:
authorLaurent Bercot <ska-skaware@skarnet.org>2023-11-16 05:13:06 +0000
committerLaurent Bercot <ska@appnovation.com>2023-11-16 05:13:06 +0000
commit26597a785ec2dd4e9ec9fb7d9765d2ee8779ee16 (patch)
treec2c5602397e9381b1cb04472ed057edd4a00e520 /src/stls/stls_server_init_and_handshake.c
parentd8ca717da164c3e76ebb56c954d0a08544955601 (diff)
downloads6-networking-26597a785ec2dd4e9ec9fb7d9765d2ee8779ee16.tar.gz
Add -J and -j to the TLS tools to check for peer close_notify.
Also, and more importantly, significantly rewrite stls_run() for better full-duplex support. This implementation isn't fully tested yet. Signed-off-by: Laurent Bercot <ska@appnovation.com>
Diffstat (limited to 'src/stls/stls_server_init_and_handshake.c')
-rw-r--r--src/stls/stls_server_init_and_handshake.c3
1 files changed, 2 insertions, 1 deletions
diff --git a/src/stls/stls_server_init_and_handshake.c b/src/stls/stls_server_init_and_handshake.c
index 2304598..2a58885 100644
--- a/src/stls/stls_server_init_and_handshake.c
+++ b/src/stls/stls_server_init_and_handshake.c
@@ -86,6 +86,7 @@ struct tls *stls_server_init_and_handshake (int const *fds, tain const *tto, uin
{
if (tls_config_set_ca_path(cfg, x) < 0)
diecfg(cfg, "tls_config_set_ca_path") ;
+ strerr_warnw1x("some versions of libtls do not work with CADIR, if you experience problems with client certificate verification then try using CAFILE instead") ;
}
else
{
@@ -109,7 +110,7 @@ struct tls *stls_server_init_and_handshake (int const *fds, tain const *tto, uin
if (!sctx) strerr_diefu1sys(111, "tls_server") ;
if (tls_configure(sctx, cfg) < 0) diectx(97, sctx, "tls_configure") ;
tls_config_free(cfg) ;
- if (tls_accept_fds(sctx, &ctx, fds[0], fds[1]) < 0)
+ if (tls_accept_fds(sctx, &ctx, fds[0], fds[1]) == -1)
diectx(97, sctx, "tls_accept_fds") ;
/* We can't free sctx, ctx has pointers into it! Stupid API. We let sctx leak. */
/* tls_free(sctx) ; */