fix(Socket): shutdown fixes from pull #3448

2025-10-23 00:07:59 +02:00 · 2022-03-31 19:03:27 +00:00
parent 3bab3548f4
commit 3fb001f397
6 changed files with 85 additions and 1 deletions
--- a/NetSSL_OpenSSL/src/Context.cpp
+++ b/NetSSL_OpenSSL/src/Context.cpp
@@ -36,7 +36,8 @@ Context::Params::Params():
 	loadDefaultCAs(false),
 	ocspStaplingVerification(false),
 	cipherList("ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH"),
-	dhUse2048Bits(false)
+	dhUse2048Bits(false),
+	securityLevel(SECURITY_LEVEL_NONE)
 {
 }

@@ -125,6 +126,9 @@ void Context::init(const Params& params)
 	try
 	{
 		int errCode = 0;
+
+		setSecurityLevel(params.securityLevel);
+
 		if (!params.caLocation.empty())
 		{
 			Poco::File aFile(params.caLocation);
@@ -204,6 +208,14 @@ void Context::init(const Params& params)
 }


+void Context::setSecurityLevel(SecurityLevel level)
+{
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+	SSL_CTX_set_security_level(_pSSLContext, static_cast<int>(level));
+#endif
+}
+
+
 void Context::useCertificate(const Poco::Crypto::X509Certificate& certificate)
 {
 	int errCode = SSL_CTX_use_certificate(_pSSLContext, const_cast<X509*>(certificate.certificate()));
--- a/NetSSL_OpenSSL/src/FTPSClientSession.cpp
+++ b/NetSSL_OpenSSL/src/FTPSClientSession.cpp
@@ -127,6 +127,14 @@ StreamSocket FTPSClientSession::establishDataConnection(const std::string& comma
 		{
 			Poco::Net::SecureStreamSocket sss(Poco::Net::SecureStreamSocket::attach(ss, pSecure->context(), pSecure->currentSession()));
 			ss = sss;
+			if (_forceSessionReuse)
+			{
+				sss.setLazyHandshake(false);
+				if (sss.completeHandshake() != 1)
+					throw Poco::Net::FTPException("SSL Session HANDSHAKE error");
+				if (!sss.sessionWasReused())
+					throw Poco::Net::FTPException("SSL Session for data connection was not reused");
+			}
 		}
 	}
 	return ss;
--- a/NetSSL_OpenSSL/src/SecureSocketImpl.cpp
+++ b/NetSSL_OpenSSL/src/SecureSocketImpl.cpp
@@ -255,7 +255,41 @@ void SecureSocketImpl::shutdown()
 			// most web browsers, so we just set the shutdown
 			// flag by calling SSL_shutdown() once and be
 			// done with it.
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+			int rc = 0;
+			if (!_bidirectShutdown)
+				rc = SSL_shutdown(_pSSL);
+			else
+			{
+				Poco::Timespan recvTimeout = _pSocket->getReceiveTimeout();
+				Poco::Timespan pollTimeout(0, 100000);
+				Poco::Timestamp tsNow;
+				do
+				{
+					rc = SSL_shutdown(_pSSL);
+					if (rc == 1) break;
+					if (rc < 0)
+					{
+						int err = SSL_get_error(_pSSL, rc);
+						if (err == SSL_ERROR_WANT_READ)
+							_pSocket->poll(pollTimeout, Poco::Net::Socket::SELECT_READ);
+						else if (err == SSL_ERROR_WANT_WRITE)
+							_pSocket->poll(pollTimeout, Poco::Net::Socket::SELECT_WRITE);
+						else
+						{
+							int socketError = SocketImpl::lastError();
+							long lastError = ERR_get_error();
+							if ((err == SSL_ERROR_SSL) && (socketError == 0) && (lastError == 0x0A000123))
+								rc = 0;
+							break;
+						}
+					}
+					else _pSocket->poll(pollTimeout, Poco::Net::Socket::SELECT_READ);
+				} while (!tsNow.isElapsed(recvTimeout.totalMicroseconds()));
+			}
+#else
 			int rc = SSL_shutdown(_pSSL);
+#endif
 			if (rc < 0) handleError(rc);
 			if (_pSocket->getBlocking())
 			{
@@ -328,6 +362,7 @@ int SecureSocketImpl::receiveBytes(void* buffer, int length, int flags)
 		rc = SSL_read(_pSSL, buffer, length);
 	}
 	while (mustRetry(rc));
+	_bidirectShutdown = false;
 	if (rc <= 0)
 	{
 		return handleError(rc);