summaryrefslogtreecommitdiff
path: root/main/tcptls.c
diff options
context:
space:
mode:
Diffstat (limited to 'main/tcptls.c')
-rw-r--r--main/tcptls.c18
1 files changed, 11 insertions, 7 deletions
diff --git a/main/tcptls.c b/main/tcptls.c
index b52cdc491..dffba1dcd 100644
--- a/main/tcptls.c
+++ b/main/tcptls.c
@@ -198,11 +198,19 @@ static void *handle_tcptls_connection(void *data)
long res;
peer = SSL_get_peer_certificate(tcptls_session->ssl);
if (!peer) {
- ast_log(LOG_WARNING, "No peer SSL certificate\n");
+ ast_log(LOG_ERROR, "No peer SSL certificate to verify\n");
+ ast_tcptls_close_session_file(tcptls_session);
+ ao2_ref(tcptls_session, -1);
+ return NULL;
}
+
res = SSL_get_verify_result(tcptls_session->ssl);
if (res != X509_V_OK) {
ast_log(LOG_ERROR, "Certificate did not verify: %s\n", X509_verify_cert_error_string(res));
+ X509_free(peer);
+ ast_tcptls_close_session_file(tcptls_session);
+ ao2_ref(tcptls_session, -1);
+ return NULL;
}
if (!ast_test_flag(&tcptls_session->parent->tls_cfg->flags, AST_SSL_IGNORE_COMMON_NAME)) {
ASN1_STRING *str;
@@ -233,17 +241,13 @@ static void *handle_tcptls_connection(void *data)
}
if (!found) {
ast_log(LOG_ERROR, "Certificate common name did not match (%s)\n", tcptls_session->parent->hostname);
- if (peer) {
- X509_free(peer);
- }
+ X509_free(peer);
ast_tcptls_close_session_file(tcptls_session);
ao2_ref(tcptls_session, -1);
return NULL;
}
}
- if (peer) {
- X509_free(peer);
- }
+ X509_free(peer);
}
}
if (!tcptls_session->f) { /* no success opening descriptor stacking */
generated by cgit v1.2.3 (git 2.39.1) at 2024-07-02 21:10:40 +0000