dzwdz/catboy
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Explicitly clear TLS secrets afer handshake

Browse Source 
No need to keep them at runtime;  do so unconditionally for the sake of
simplicity.

Declare TLS config globally so ircConnect() can clear it and declare
both client and config statically as they are not used outside the irc.c
module.
This commit is contained in:
Klemens Nanni 2021-06-29 12:41:03 +00:00 committed by C. McEnroe
parent 40b3f52aaf
commit ae64d277b8
1 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
irc.c
View File

@ -43,12 +43,13 @@
#include "chat.h"
struct tls *client;
static struct tls *client;
static struct tls_config *config;
void ircConfig(
bool insecure, const char *trust, const char *cert, const char *priv
) {
struct tls_config *config = tls_config_new();
config = tls_config_new();
if (!config) errx(EX_SOFTWARE, "tls_config_new");
int error;
@ -167,6 +168,7 @@ int ircConnect(const char *bindHost, const char *host, const char *port) {
} while (error == TLS_WANT_POLLIN || error == TLS_WANT_POLLOUT);
if (error) errx(EX_PROTOCOL, "tls_handshake: %s", tls_error(client));
tls_config_clear_keys(config);
return sock;
}