Handle GnuTLS shutdown on dead session

The session might have died, or failed to initialise properly, so be
prepared for gnutls_bye() to be unable to do its job.

1 files changed, 10 insertions, 6 deletions

diff --git a/common/rfb/CSecurityTLS.cxx b/common/rfb/CSecurityTLS.cxx
index b32725f0..d33a76e2 100644
--- a/common/rfb/CSecurityTLS.cxx
+++ b/common/rfb/CSecurityTLS.cxx
@@ -3,6 +3,7 @@
  * Copyright (C) 2005 Martin Koegler
  * Copyright (C) 2010 TigerVNC Team
  * Copyright (C) 2010 m-privacy GmbH
+ * Copyright (C) 2012-2021 Pierre Ossman for Cendio AB
  *    
  * This is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -99,11 +100,14 @@ void CSecurityTLS::setDefaults()
    X509CRL.setDefaultStr(crlDefault.buf);
 }
 
-void CSecurityTLS::shutdown(bool needbye)
+void CSecurityTLS::shutdown()
 {
-  if (session && needbye)
-    if (gnutls_bye(session, GNUTLS_SHUT_RDWR) != GNUTLS_E_SUCCESS)
-      vlog.error("gnutls_bye failed");
+  if (session) {
+    int ret;
+    ret = gnutls_bye(session, GNUTLS_SHUT_RDWR);
+    if ((ret != GNUTLS_E_SUCCESS) && (ret != GNUTLS_E_INVALID_SESSION))
+      vlog.error("TLS shutdown failed: %s", gnutls_strerror(ret));
+  }
 
   if (anon_cred) {
     gnutls_anon_free_client_credentials(anon_cred);
@@ -139,7 +143,7 @@ void CSecurityTLS::shutdown(bool needbye)
 
 CSecurityTLS::~CSecurityTLS()
 {
-  shutdown(true);
+  shutdown();
 
   delete[] cafile;
   delete[] crlfile;
@@ -186,7 +190,7 @@ bool CSecurityTLS::processMsg()
     }
 
     vlog.error("TLS Handshake failed: %s\n", gnutls_strerror (err));
-    shutdown(false);
+    shutdown();
     throw AuthFailureException("TLS Handshake failed");
   }