Apparently, ASN1 failures are not treated as SSL connection errors, but are just general OpenSSL errors. Or something. Anyway, bulletproof tor_tls_handshake.

svn:r4098
author: Nick Mathewson <nickm@torproject.org> 2005-04-23 20:35:38 +0000
committer: Nick Mathewson <nickm@torproject.org> 2005-04-23 20:35:38 +0000
commit: 4fb95f166edfe06b39700ce7a9f06ea4abad0fea (patch)
tree: d719005b3df9fbf8b0354c0627cfbab3276e831d
parent: 6128cdead023343368a8430d90b289b53900176e (diff)
download: tor-4fb95f166edfe06b39700ce7a9f06ea4abad0fea.tar.gz
tor-4fb95f166edfe06b39700ce7a9f06ea4abad0fea.zip
1 files changed, 5 insertions, 0 deletions
diff --git a/src/common/tortls.c b/src/common/tortls.c
index 823fbe7a90..7acc786326 100644
--- a/src/common/tortls.c
+++ b/src/common/tortls.c
@@ -528,12 +528,17 @@ tor_tls_handshake(tor_tls *tls)
   tor_assert(tls);
   tor_assert(tls->ssl);
   tor_assert(tls->state == TOR_TLS_ST_HANDSHAKE);
+  check_no_tls_errors();
   if (tls->isServer) {
     r = SSL_accept(tls->ssl);
   } else {
     r = SSL_connect(tls->ssl);
   }
   r = tor_tls_get_error(tls,r,0, "handshaking", LOG_INFO);
+  if (ERR_peek_error() != 0) {
+    tls_log_errors(LOG_WARN, "handshaking");
+    return TOR_TLS_ERROR;
+  }
   if (r == TOR_TLS_DONE) {
     tls->state = TOR_TLS_ST_OPEN;
   }
author	Nick Mathewson <nickm@torproject.org>	2005-04-23 20:35:38 +0000
committer	Nick Mathewson <nickm@torproject.org>	2005-04-23 20:35:38 +0000
commit	4fb95f166edfe06b39700ce7a9f06ea4abad0fea (patch)
tree	d719005b3df9fbf8b0354c0627cfbab3276e831d
parent	6128cdead023343368a8430d90b289b53900176e (diff)
download	tor-4fb95f166edfe06b39700ce7a9f06ea4abad0fea.tar.gz tor-4fb95f166edfe06b39700ce7a9f06ea4abad0fea.zip