generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Handle SSL_shutdown while in init more appropriately

Browse Source 
Calling SSL_shutdown while in init previously gave a "1" response, meaning
everything was successfully closed down (even though it wasn't). Better is
to send our close_notify, but fail when trying to receive one.

The problem with doing a shutdown while in the middle of a handshake is
that once our close_notify is sent we shouldn't really do anything else
(including process handshake/CCS messages) until we've received a
close_notify back from the peer. However the peer might send a CCS before
acting on our close_notify - so we won't be able to read it because we're
not acting on CCS messages!

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
This commit is contained in:
Matt Caswell
2015-12-07 16:50:38 +00:00
parent 3aeb934865
commit 7bb196a71a
4 changed files with 20 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
ssl/ssl_lib.c
View File

@@ -1564,10 +1564,7 @@ int SSL_shutdown(SSL *s)
return -1;
}
if (!SSL_in_init(s))
return (s->method->ssl_shutdown(s));
else
return (1);
return s->method->ssl_shutdown(s);
}
int SSL_renegotiate(SSL *s)