]> ruderich.org/simon Gitweb - tlsproxy/tlsproxy.git/blobdiff - src/connection.c
ruderich.org/simon / tlsproxy / tlsproxy.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
src/connection.c: Finish the TLS connection instead of closing it.
[tlsproxy/tlsproxy.git] / src / connection.c
diff --git a/src/connection.c b/src/connection.c
index 26947ffdbfd60968e3c0b229b188161a2767ba8f..520ce40e031a0052581a7c2dc27e93c649fbf74f 100644 (file)
--- a/src/connection.c
+++ b/src/connection.c
@@ -237,12 +237,13 @@ void handle_connection(int client_socket) {
     LOG(LOG_DEBUG, "finished transferring data");
 
 out:
-    /* Close TLS sessions if necessary. */
+    /* Close TLS sessions if necessary. Use GNUTLS_SHUT_RDWR so the data is
+     * reliable transmitted. */
     if (0 != server_session_started) {
-        gnutls_bye(server_session, GNUTLS_SHUT_WR);
+        gnutls_bye(server_session, GNUTLS_SHUT_RDWR);
     }
     if (0 != client_session_started) {
-        gnutls_bye(client_session, GNUTLS_SHUT_WR);
+        gnutls_bye(client_session, GNUTLS_SHUT_RDWR);
     }
     if (0 != server_session_init) {
         gnutls_deinit(server_session);
Certificate verifying tlsproxy, prevents MITMs by (manipulated) CAs by verifying the server certificate.