diff options
| author | June McEnroe <june@causal.agency> | 2021-08-20 15:57:50 -0400 |
|---|---|---|
| committer | June McEnroe <june@causal.agency> | 2021-08-20 15:58:48 -0400 |
| commit | 8a798865419f4b416d8c46ae12dd73cb311b61bd (patch) | |
| tree | 1595969b6df0de4be6c012a6115805560359abd3 /server.c | |
| parent | Handle TLS_WANT_POLL{IN,OUT} from tls_handshake(3) with server (diff) | |
| download | pounce-8a798865419f4b416d8c46ae12dd73cb311b61bd.tar.gz pounce-8a798865419f4b416d8c46ae12dd73cb311b61bd.zip | |
Explicitly clear TLS secrets after handshake
Ported from catgirl ae64d277b8204c156a30d2e8b6a958e5a31f2a7f.
Diffstat (limited to 'server.c')
| -rw-r--r-- | server.c | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/server.c b/server.c index c84320a..d970deb 100644 --- a/server.c +++ b/server.c @@ -41,12 +41,13 @@ #include "bounce.h" static struct tls *client; +static struct tls_config *config; void serverConfig( bool insecure, const char *trust, const char *cert, const char *priv ) { int error = 0; - struct tls_config *config = tls_config_new(); + config = tls_config_new(); if (!config) errx(EX_SOFTWARE, "tls_config_new"); if (insecure) { @@ -89,7 +90,6 @@ void serverConfig( error = tls_configure(client, config); if (error) errx(EX_SOFTWARE, "tls_configure: %s", tls_error(client)); - tls_config_free(config); } int serverConnect(const char *bindHost, const char *host, const char *port) { @@ -150,6 +150,7 @@ int serverConnect(const char *bindHost, const char *host, const char *port) { error = tls_handshake(client); } while (error == TLS_WANT_POLLIN || error == TLS_WANT_POLLOUT); if (error) errx(EX_PROTOCOL, "tls_handshake: %s", tls_error(client)); + tls_config_clear_keys(config); return sock; } |