summaryrefslogtreecommitdiffstats
path: root/src/network
diff options
context:
space:
mode:
authorShane Kearns <ext-shane.2.kearns@nokia.com>2012-01-30 15:52:27 +0000
committerQt by Nokia <qt-info@nokia.com>2012-02-01 19:18:12 +0100
commitc5aba0ac17ae6ed8f3847bd30325acdbd1ecaa80 (patch)
treeb06be235f137c62fbfb284b14d21387ada66ad30 /src/network
parent755cd58f9c70eba0c67da8b2b504fd7a07a2c4e2 (diff)
Prevent data loss when an ssl socket is closed by remote
SSL context was destroyed on disconnect. This makes it impossible to decrypt buffered encrypted data. So if there is encrypted data in the receive buffers, then don't destroy the ssl context until the socket is destroyed. Task-Number: QTBUG-23607 Change-Id: I16a7b4fa006647ec73049c90cdbc72686696850f Reviewed-by: Jonas Gastal <jgastal@profusion.mobi> Reviewed-by: Richard J. Moore <rich@kde.org>
Diffstat (limited to 'src/network')
-rw-r--r--src/network/ssl/qsslsocket_openssl.cpp33
-rw-r--r--src/network/ssl/qsslsocket_openssl_p.h1
2 files changed, 22 insertions, 12 deletions
diff --git a/src/network/ssl/qsslsocket_openssl.cpp b/src/network/ssl/qsslsocket_openssl.cpp
index bdd8961d06..f62f3c1229 100644
--- a/src/network/ssl/qsslsocket_openssl.cpp
+++ b/src/network/ssl/qsslsocket_openssl.cpp
@@ -172,6 +172,7 @@ QSslSocketBackendPrivate::QSslSocketBackendPrivate()
QSslSocketBackendPrivate::~QSslSocketBackendPrivate()
{
+ destroySslContext();
}
QSslCipher QSslSocketBackendPrivate::QSslCipher_from_SSL_CIPHER(SSL_CIPHER *cipher)
@@ -508,6 +509,22 @@ init_context:
return true;
}
+void QSslSocketBackendPrivate::destroySslContext()
+{
+ if (ssl) {
+ q_SSL_free(ssl);
+ ssl = 0;
+ }
+ if (ctx) {
+ q_SSL_CTX_free(ctx);
+ ctx = 0;
+ }
+ if (pkey) {
+ q_EVP_PKEY_free(pkey);
+ pkey = 0;
+ }
+}
+
/*!
\internal
*/
@@ -1232,18 +1249,10 @@ void QSslSocketBackendPrivate::disconnectFromHost()
void QSslSocketBackendPrivate::disconnected()
{
- if (ssl) {
- q_SSL_free(ssl);
- ssl = 0;
- }
- if (ctx) {
- q_SSL_CTX_free(ctx);
- ctx = 0;
- }
- if (pkey) {
- q_EVP_PKEY_free(pkey);
- pkey = 0;
- }
+ if (plainSocket->bytesAvailable() <= 0)
+ destroySslContext();
+ //if there is still buffered data in the plain socket, don't destroy the ssl context yet.
+ //it will be destroyed when the socket is deleted.
}
QSslCipher QSslSocketBackendPrivate::sessionCipher() const
diff --git a/src/network/ssl/qsslsocket_openssl_p.h b/src/network/ssl/qsslsocket_openssl_p.h
index 83f485d32f..b31eae9c97 100644
--- a/src/network/ssl/qsslsocket_openssl_p.h
+++ b/src/network/ssl/qsslsocket_openssl_p.h
@@ -99,6 +99,7 @@ public:
// SSL context
bool initSslContext();
+ void destroySslContext();
SSL *ssl;
SSL_CTX *ctx;
EVP_PKEY *pkey;