diff options
author | venaas <venaas> | 2008-08-14 12:26:44 +0000 |
---|---|---|
committer | venaas <venaas@e88ac4ed-0b26-0410-9574-a7f39faa03bf> | 2008-08-14 12:26:44 +0000 |
commit | 3e3db188f9c4743438153aee34efee38dd2c038d (patch) | |
tree | c9a166518b166fa44b3a96eff629def002c1995e /radsecproxy.c | |
parent | df6763f6e266ce664b339da5abe02c392378bc20 (diff) |
slightly more DTLS code, fixing some minors SSL related issues
git-svn-id: https://svn.testnett.uninett.no/radsecproxy/trunk@337 e88ac4ed-0b26-0410-9574-a7f39faa03bf
Diffstat (limited to 'radsecproxy.c')
-rw-r--r-- | radsecproxy.c | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/radsecproxy.c b/radsecproxy.c index 1202dcf..e8b5f2d 100644 --- a/radsecproxy.c +++ b/radsecproxy.c @@ -151,7 +151,7 @@ static const struct protodefs protodefs[] = { 60, /* retryintervalmax */ udpserverrd, /* listener */ &options.sourceudp, /* srcaddrport */ - NULL, /* connecter */ + tlsconnect, /* connecter */ udpclientrd, /* clientreader */ clientradputudp /* clientradput */ }, @@ -2571,6 +2571,7 @@ void *tlsclientrd(void *arg) { } } } + ERR_remove_state(); server->clientrdgone = 1; return NULL; } @@ -2764,6 +2765,7 @@ void *clientwr(void *arg) { freeclsrvconf(conf); } freeserver(server, 1); + ERR_remove_state(); return NULL; } @@ -2822,6 +2824,7 @@ void *tlsserverwr(void *arg) { /* ssl might have changed while waiting */ pthread_mutex_unlock(&replyq->mutex); debug(DBG_DBG, "tlsserverwr: exiting as requested"); + ERR_remove_state(); pthread_exit(NULL); } } @@ -2930,6 +2933,7 @@ void *tlsservernew(void *arg) { exit: SSL_free(ssl); + ERR_remove_state(); shutdown(s, SHUT_RDWR); close(s); pthread_exit(NULL); @@ -3180,6 +3184,7 @@ SSL_CTX *tlscreatectx(uint8_t type, struct tls *conf) { break; case RAD_DTLS: ctx = SSL_CTX_new(DTLSv1_method()); + SSL_CTX_set_read_ahead(ctx, 1); break; } if (!ctx) { @@ -3220,6 +3225,7 @@ SSL_CTX *tlscreatectx(uint8_t type, struct tls *conf) { SSL_CTX_free(ctx); return NULL; } + ERR_clear_error(); /* add_dir_cert_subj returns errors on success */ SSL_CTX_set_client_CA_list(ctx, calist); SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, verify_cb); |