diff options
author | Frantisek Krenzelok <krenzelok.frantisek@gmail.com> | 2022-10-31 12:17:43 +0100 |
---|---|---|
committer | Frantisek Krenzelok <krenzelok.frantisek@gmail.com> | 2022-12-04 13:09:43 +0100 |
commit | 700a8a75c1ed5b54a19299a5c8e91c5d2398575b (patch) | |
tree | 4571ebdcbb0c8b5ff5807b745a5f30432a5d0362 /lib/handshake.c | |
parent | 443b4b07742eccde7c0dc877142cb8a88b4aaa91 (diff) | |
download | gnutls-700a8a75c1ed5b54a19299a5c8e91c5d2398575b.tar.gz |
KTLS: Invalidate session on ktls error
We invalidate the session if an KTLS related error occurs after it was
initialized i.e. keys were set on the interfaces.
As of now this only affects key_update() which should be fixed via a
kernel patch. Thus future fallback mechanism implementation is not likely
as that would require yet another kernel patch.
Signed-off-by: Frantisek Krenzelok <krenzelok.frantisek@gmail.com>
Diffstat (limited to 'lib/handshake.c')
-rw-r--r-- | lib/handshake.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/lib/handshake.c b/lib/handshake.c index 14bcdea56a..044b70e2a8 100644 --- a/lib/handshake.c +++ b/lib/handshake.c @@ -2926,6 +2926,7 @@ int gnutls_handshake(gnutls_session_t session) if (IS_KTLS_ENABLED(session, GNUTLS_KTLS_DUPLEX)) { ret = _gnutls_ktls_set_keys(session, GNUTLS_KTLS_DUPLEX); if (ret < 0) { + /* no need to invalidate the session as keys were not set */ session->internals.ktls_enabled = 0; _gnutls_audit_log(session, "disabling KTLS: failed to set keys\n"); |