From 14f787a9e86295d7c6ccebed33406e54d2a40005 Mon Sep 17 00:00:00 2001
From: "Rob Swindell (on Windows 11)" <rob@synchro.net>
Date: Thu, 4 Jan 2024 19:07:12 -0800
Subject: [PATCH] Don't pass a TLS session ID of 0 js_CreateCommonObjects() for
 non-TLS sessions

The proper sentinel value here for "no TLS session" is -1, not 0.

This, at minimum, was causing a lot of extraneous calls to destroy_session()
(from js_socket.c's do_js_close()) with an invalid (hopefully, not
otherwise used) cryptlib session ID of 0.

Nothing checks or logs the return value of destroy_session(), but I'd expect
it to be failing ... a lot.
---
 src/sbbs3/websrvr.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/sbbs3/websrvr.c b/src/sbbs3/websrvr.c
index 653babeb26..c3b9b5ce16 100644
--- a/src/sbbs3/websrvr.c
+++ b/src/sbbs3/websrvr.c
@@ -5923,7 +5923,7 @@ js_initcx(http_session_t *session)
 									,&startup->js				/* js */
 									,&session->client			/* client */
 									,session->socket			/* client */
-									,session->tls_sess			/* client */
+									,session->is_tls ? session->tls_sess : -1	/* client */
 									,&js_server_props			/* server */
 									,&session->js_glob
 									,&mqtt
-- 
GitLab