vulpineawoo/solanum
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

newconf: TLS listener ports should always be defer_accept

Browse source 
TLS clients are required to send ClientHello upon connection, the server may not reply with ServerHello until this has happened
This commit is contained in:
William Pitcock 2015-12-04 22:53:04 -06:00
parent 493897d67c
commit bbccb09a90
1 changed files with 3 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
src/newconf.c
View file

@ -865,9 +865,9 @@ conf_set_listen_port_both(void *data, int ssl)
}
if(listener_address == NULL)
{
add_listener(args->v.number, listener_address, AF_INET, ssl, yy_defer_accept);
add_listener(args->v.number, listener_address, AF_INET, ssl, ssl || yy_defer_accept);
#ifdef RB_IPV6
add_listener(args->v.number, listener_address, AF_INET6, ssl, yy_defer_accept);
add_listener(args->v.number, listener_address, AF_INET6, ssl, ssl || yy_defer_accept);
#endif
}
else
@ -880,7 +880,7 @@ conf_set_listen_port_both(void *data, int ssl)
#endif
family = AF_INET;
add_listener(args->v.number, listener_address, family, ssl, yy_defer_accept);
add_listener(args->v.number, listener_address, family, ssl, ssl || yy_defer_accept);
}