diff options
author | Dr. David von Oheimb <David.von.Oheimb@siemens.com> | 2021-11-21 20:55:35 +0100 |
---|---|---|
committer | Dr. David von Oheimb <dev@ddvo.net> | 2021-12-22 12:24:24 +0100 |
commit | cdaf072f90399efb9e8e19ee4f387d1425f12274 (patch) | |
tree | 69fc775e486dae33d36500faa426124a72111283 /doc/man3 | |
parent | c2d1ad0e048dd3bfa60e6aa0b5ee343cc6d97a15 (diff) |
HTTP client: Fix cleanup of TLS BIO via 'bio_update_fn' callback function
Make app_http_tls_cb() tidy up on disconnect the SSL BIO it pushes on connect.
Make OSSL_HTTP_close() respect this.
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17318)
Diffstat (limited to 'doc/man3')
-rw-r--r-- | doc/man3/OSSL_HTTP_transfer.pod | 18 |
1 files changed, 13 insertions, 5 deletions
diff --git a/doc/man3/OSSL_HTTP_transfer.pod b/doc/man3/OSSL_HTTP_transfer.pod index 7fcd71dbe0..7e823db3ea 100644 --- a/doc/man3/OSSL_HTTP_transfer.pod +++ b/doc/man3/OSSL_HTTP_transfer.pod @@ -113,17 +113,25 @@ or NULL to indicate failure, in which case it should not modify the BIO. Here is a simple example that supports TLS connections (but not via a proxy): - BIO *http_tls_cb(BIO *hbio, void *arg, int connect, int detail) + BIO *http_tls_cb(BIO *bio, void *arg, int connect, int detail) { if (connect && detail) { /* connecting with TLS */ SSL_CTX *ctx = (SSL_CTX *)arg; BIO *sbio = BIO_new_ssl(ctx, 1); - hbio = sbio != NULL ? BIO_push(sbio, hbio) : NULL; - } else if (!connect && !detail) { /* disconnecting after error */ - /* optionally add diagnostics here */ + bio = sbio != NULL ? BIO_push(sbio, bio) : NULL; + } else if (!connect) { /* disconnecting */ + BIO *hbio; + + if (!detail) { /* an error has occurred */ + /* optionally add diagnostics here */ + } + BIO_ssl_shutdown(bio); + hbio = BIO_pop(bio); + BIO_free(bio); /* SSL BIO */ + bio = hbio; } - return hbio; + return bio; } After disconnect the modified BIO will be deallocated using BIO_free_all(). |