aboutsummaryrefslogtreecommitdiffstats
path: root/common
diff options
context:
space:
mode:
authorPierre Ossman <ossman@cendio.se>2021-06-10 16:40:28 +0200
committerPierre Ossman <ossman@cendio.se>2021-06-11 09:42:44 +0200
commit14d21d7b445107873166b528c66881bf736285f8 (patch)
tree7282807699449e11d5910bbd9ef57f46cbdbe179 /common
parentfa2d8cd455a9f1ec632a493edc09e0c661ed9d51 (diff)
downloadtigervnc-14d21d7b445107873166b528c66881bf736285f8.tar.gz
tigervnc-14d21d7b445107873166b528c66881bf736285f8.zip
Handle GnuTLS shutdown on dead session
The session might have died, or failed to initialise properly, so be prepared for gnutls_bye() to be unable to do its job.
Diffstat (limited to 'common')
-rw-r--r--common/rfb/CSecurityTLS.cxx16
-rw-r--r--common/rfb/CSecurityTLS.h2
-rw-r--r--common/rfb/SSecurityTLS.cxx9
3 files changed, 16 insertions, 11 deletions
diff --git a/common/rfb/CSecurityTLS.cxx b/common/rfb/CSecurityTLS.cxx
index b32725f0..d33a76e2 100644
--- a/common/rfb/CSecurityTLS.cxx
+++ b/common/rfb/CSecurityTLS.cxx
@@ -3,6 +3,7 @@
* Copyright (C) 2005 Martin Koegler
* Copyright (C) 2010 TigerVNC Team
* Copyright (C) 2010 m-privacy GmbH
+ * Copyright (C) 2012-2021 Pierre Ossman for Cendio AB
*
* This is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -99,11 +100,14 @@ void CSecurityTLS::setDefaults()
X509CRL.setDefaultStr(crlDefault.buf);
}
-void CSecurityTLS::shutdown(bool needbye)
+void CSecurityTLS::shutdown()
{
- if (session && needbye)
- if (gnutls_bye(session, GNUTLS_SHUT_RDWR) != GNUTLS_E_SUCCESS)
- vlog.error("gnutls_bye failed");
+ if (session) {
+ int ret;
+ ret = gnutls_bye(session, GNUTLS_SHUT_RDWR);
+ if ((ret != GNUTLS_E_SUCCESS) && (ret != GNUTLS_E_INVALID_SESSION))
+ vlog.error("TLS shutdown failed: %s", gnutls_strerror(ret));
+ }
if (anon_cred) {
gnutls_anon_free_client_credentials(anon_cred);
@@ -139,7 +143,7 @@ void CSecurityTLS::shutdown(bool needbye)
CSecurityTLS::~CSecurityTLS()
{
- shutdown(true);
+ shutdown();
delete[] cafile;
delete[] crlfile;
@@ -186,7 +190,7 @@ bool CSecurityTLS::processMsg()
}
vlog.error("TLS Handshake failed: %s\n", gnutls_strerror (err));
- shutdown(false);
+ shutdown();
throw AuthFailureException("TLS Handshake failed");
}
diff --git a/common/rfb/CSecurityTLS.h b/common/rfb/CSecurityTLS.h
index 476d0ef8..0dcf2ad3 100644
--- a/common/rfb/CSecurityTLS.h
+++ b/common/rfb/CSecurityTLS.h
@@ -55,7 +55,7 @@ namespace rfb {
static UserMsgBox *msg;
protected:
- void shutdown(bool needbye);
+ void shutdown();
void freeResources();
void setParam();
void checkSession();
diff --git a/common/rfb/SSecurityTLS.cxx b/common/rfb/SSecurityTLS.cxx
index d5ef47e6..72262b9a 100644
--- a/common/rfb/SSecurityTLS.cxx
+++ b/common/rfb/SSecurityTLS.cxx
@@ -2,6 +2,7 @@
* Copyright (C) 2004 Red Hat Inc.
* Copyright (C) 2005 Martin Koegler
* Copyright (C) 2010 TigerVNC Team
+ * Copyright (C) 2012-2021 Pierre Ossman for Cendio AB
*
* This is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -64,10 +65,10 @@ SSecurityTLS::SSecurityTLS(SConnection* sc, bool _anon)
void SSecurityTLS::shutdown()
{
if (session) {
- if (gnutls_bye(session, GNUTLS_SHUT_RDWR) != GNUTLS_E_SUCCESS) {
- /* FIXME: Treat as non-fatal error */
- vlog.error("TLS session wasn't terminated gracefully");
- }
+ int ret;
+ ret = gnutls_bye(session, GNUTLS_SHUT_RDWR);
+ if ((ret != GNUTLS_E_SUCCESS) && (ret != GNUTLS_E_INVALID_SESSION))
+ vlog.error("TLS shutdown failed: %s", gnutls_strerror(ret));
}
if (dh_params) {