CVSROOT: /cvs
Module name: src
Changes by: [email protected] 2021/01/02 11:31:06
Modified files:
usr.sbin/httpd : server.c
Log message:
Call tls_close() before closing the underlying socket
In order to end a TLS connection regularly, an implementation MUST send a
close_notify alert. libtls does this in tls_close() via SSL_shutdown(),
so the socket had better still be open.
The incorrect order in server_close() caused a leak on each tls connection
due to a bug in libssl (fixed in tls_record_layer.c r1.56).
As pointed out by claudio, tls_close() should really be handled from the
main event loop. This will be addressed in a later commit.
ok claudio florian jsing
