diff options
author | Todd C. Miller <Todd.Miller@sudo.ws> | 2021-04-26 19:07:40 -0600 |
---|---|---|
committer | Todd C. Miller <Todd.Miller@sudo.ws> | 2021-04-26 19:07:40 -0600 |
commit | 15027bd9cd0e5250ca914371fd7a05b9a648afb7 (patch) | |
tree | 575b66f4039a3f90e7e673eeea0a8b71dc4f2e22 /logsrvd/logsrvd.c | |
parent | 2a04571252760229b0683f89415f0be0adefe3cf (diff) | |
download | sudo-15027bd9cd0e5250ca914371fd7a05b9a648afb7.tar.gz |
Must call SSL_shutdown() before closing the underlying socket.
This got broken by some code rearrangement when relay mode was added.
Diffstat (limited to 'logsrvd/logsrvd.c')
-rw-r--r-- | logsrvd/logsrvd.c | 15 |
1 files changed, 9 insertions, 6 deletions
diff --git a/logsrvd/logsrvd.c b/logsrvd/logsrvd.c index c4d3c0edf..cea34d7e0 100644 --- a/logsrvd/logsrvd.c +++ b/logsrvd/logsrvd.c @@ -113,6 +113,15 @@ connection_closure_free(struct connection_closure *closure) TAILQ_REMOVE(&connections, closure, entries); if (closure->relay_closure != NULL) relay_closure_free(closure->relay_closure); +#if defined(HAVE_OPENSSL) + if (closure->ssl != NULL) { + /* Must call SSL_shutdown() before closing closure->sock. */ + sudo_debug_printf(SUDO_DEBUG_INFO|SUDO_DEBUG_LINENO, + "closing down TLSÂ connection from %s", closure->ipaddr); + SSL_shutdown(closure->ssl); + SSL_free(closure->ssl); + } +#endif if (closure->sock != -1) close(closure->sock); iolog_close_all(closure); @@ -121,12 +130,6 @@ connection_closure_free(struct connection_closure *closure) sudo_ev_free(closure->write_ev); #if defined(HAVE_OPENSSL) sudo_ev_free(closure->ssl_accept_ev); - if (closure->ssl != NULL) { - sudo_debug_printf(SUDO_DEBUG_INFO|SUDO_DEBUG_LINENO, - "closing down TLSÂ connection from %s", closure->ipaddr); - SSL_shutdown(closure->ssl); - SSL_free(closure->ssl); - } #endif eventlog_free(closure->evlog); free(closure->read_buf.data); |