From f3b9e58cc5e6878daff9cf127bd00587d1f715d3 Mon Sep 17 00:00:00 2001 From: Julian Andres Klode Date: Mon, 3 Jul 2017 14:33:15 +0200 Subject: Swap file descriptors before the handshake This makes more sense. If the handshake failed midway, we still should run the gnutls bye stuff. The thinking here is to only set the fd after the session setup, as we do not modify it before, so if it fails in session setup, you retain a usable file descriptor. Gbp-Dch: ignore --- methods/connect.cc | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/methods/connect.cc b/methods/connect.cc index d82d3d1a8..ce97fd97c 100644 --- a/methods/connect.cc +++ b/methods/connect.cc @@ -742,6 +742,10 @@ bool UnwrapTLS(std::string Host, std::unique_ptr &Fd, if ((err = gnutls_server_name_set(tlsFd->session, GNUTLS_NAME_DNS, tlsFd->hostname.c_str(), tlsFd->hostname.length())) < 0) return _error->Error("Could not set host name %s to indicate to server: %s", tlsFd->hostname.c_str(), gnutls_strerror(err)); + // Set the FD now, so closing it works reliably. + tlsFd->UnderlyingFd = std::move(Fd); + Fd.reset(tlsFd); + // Do the handshake. Our socket is non-blocking, so we need to call WaitFd() // accordingly. do @@ -770,8 +774,6 @@ bool UnwrapTLS(std::string Host, std::unique_ptr &Fd, return _error->Error("Could not handshake: %s", gnutls_strerror(err)); } - tlsFd->UnderlyingFd = std::move(Fd); - Fd.reset(tlsFd); return true; } /*}}}*/ -- cgit v1.2.3