vulpineawoo/solanum
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

newconf: TLS listener ports should always be defer_accept

Browse source 
TLS clients are required to send ClientHello upon connection, the server may not reply with ServerHello until this has happened
This commit is contained in:
William Pitcock 2015-12-04 22:53:04 -06:00
parent 493897d67c
commit bbccb09a90
1 changed files with 3 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
src/newconf.c
View file

@ -865,9 +865,9 @@ conf_set_listen_port_both(void *data, int ssl)
} }
if(listener_address == NULL) if(listener_address == NULL)
{ {
add_listener(args->v.number, listener_address, AF_INET, ssl, yy_defer_accept); add_listener(args->v.number, listener_address, AF_INET, ssl, ssl || yy_defer_accept);
#ifdef RB_IPV6 #ifdef RB_IPV6
add_listener(args->v.number, listener_address, AF_INET6, ssl, yy_defer_accept); add_listener(args->v.number, listener_address, AF_INET6, ssl, ssl || yy_defer_accept);
#endif #endif
} }
else else
@ -880,7 +880,7 @@ conf_set_listen_port_both(void *data, int ssl)
#endif #endif
family = AF_INET; family = AF_INET;
add_listener(args->v.number, listener_address, family, ssl, yy_defer_accept); add_listener(args->v.number, listener_address, family, ssl, ssl || yy_defer_accept);
} }