]> ruderich.org/simon Gitweb - tlsproxy/tlsproxy.git/commitdiff
ruderich.org/simon / tlsproxy / tlsproxy.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: d232e10)
src/connection.c: Finish the TLS connection instead of closing it.
authorSimon Ruderich <simon@ruderich.org>
Thu, 10 Mar 2011 23:20:06 +0000 (00:20 +0100)
committerSimon Ruderich <simon@ruderich.org>
Thu, 10 Mar 2011 23:20:06 +0000 (00:20 +0100)
This ensures the transmission was complete.

src/connection.c patch | blob | history

diff --git a/src/connection.c b/src/connection.c
index 26947ffdbfd60968e3c0b229b188161a2767ba8f..520ce40e031a0052581a7c2dc27e93c649fbf74f 100644 (file)
--- a/src/connection.c
+++ b/src/connection.c
@@ -237,12 +237,13 @@ void handle_connection(int client_socket) {
     LOG(LOG_DEBUG, "finished transferring data");
 
 out:
-    /* Close TLS sessions if necessary. */
+    /* Close TLS sessions if necessary. Use GNUTLS_SHUT_RDWR so the data is
+     * reliable transmitted. */
     if (0 != server_session_started) {
-        gnutls_bye(server_session, GNUTLS_SHUT_WR);
+        gnutls_bye(server_session, GNUTLS_SHUT_RDWR);
     }
     if (0 != client_session_started) {
-        gnutls_bye(client_session, GNUTLS_SHUT_WR);
+        gnutls_bye(client_session, GNUTLS_SHUT_RDWR);
     }
     if (0 != server_session_init) {
         gnutls_deinit(server_session);
Certificate verifying tlsproxy, prevents MITMs by (manipulated) CAs by verifying the server certificate.