From 26597a785ec2dd4e9ec9fb7d9765d2ee8779ee16 Mon Sep 17 00:00:00 2001 From: Laurent Bercot Date: Thu, 16 Nov 2023 05:13:06 +0000 Subject: Add -J and -j to the TLS tools to check for peer close_notify. Also, and more importantly, significantly rewrite stls_run() for better full-duplex support. This implementation isn't fully tested yet. Signed-off-by: Laurent Bercot --- src/stls/stls_server_init_and_handshake.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'src/stls/stls_server_init_and_handshake.c') diff --git a/src/stls/stls_server_init_and_handshake.c b/src/stls/stls_server_init_and_handshake.c index 2304598..2a58885 100644 --- a/src/stls/stls_server_init_and_handshake.c +++ b/src/stls/stls_server_init_and_handshake.c @@ -86,6 +86,7 @@ struct tls *stls_server_init_and_handshake (int const *fds, tain const *tto, uin { if (tls_config_set_ca_path(cfg, x) < 0) diecfg(cfg, "tls_config_set_ca_path") ; + strerr_warnw1x("some versions of libtls do not work with CADIR, if you experience problems with client certificate verification then try using CAFILE instead") ; } else { @@ -109,7 +110,7 @@ struct tls *stls_server_init_and_handshake (int const *fds, tain const *tto, uin if (!sctx) strerr_diefu1sys(111, "tls_server") ; if (tls_configure(sctx, cfg) < 0) diectx(97, sctx, "tls_configure") ; tls_config_free(cfg) ; - if (tls_accept_fds(sctx, &ctx, fds[0], fds[1]) < 0) + if (tls_accept_fds(sctx, &ctx, fds[0], fds[1]) == -1) diectx(97, sctx, "tls_accept_fds") ; /* We can't free sctx, ctx has pointers into it! Stupid API. We let sctx leak. */ /* tls_free(sctx) ; */ -- cgit v1.3.1