generic-library/poco
1
0
Fork 0
mirror of https://github.com/pocoproject/poco.git synced 2025-01-19 08:46:41 +01:00
Code Issues Projects Releases Wiki Activity

fix(SecureSocketImpl.cpp): Shutdown TLS1.3 connection #2776

Browse Source
This commit is contained in:
Aleksandar Fabijanic 2023-07-11 14:54:44 +02:00
parent 180f9eb9a8
commit 641d29f4ad
1 changed files with 15 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
NetSSL_OpenSSL/src/SecureSocketImpl.cpp
View File

@ -96,6 +96,21 @@ void SecureSocketImpl::acceptSSL()
BIO_free(pBIO); BIO_free(pBIO);
throw SSLException("Cannot create SSL object"); throw SSLException("Cannot create SSL object");
} }
#if OPENSSL_VERSION_NUMBER >= 0x1010100fL
/* TLS 1.3 server sends session tickets after a handhake as part of
* the SSL_accept(). If a client finishes all its job before server
* sends the tickets, SSL_accept() fails with EPIPE errno. Since we
* are not interested in a session resumption, we can not to send the
* tickets. */
if (1 != SSL_set_num_tickets(_pSSL, 0))
{
BIO_free(pBIO);
throw SSLException("Cannot create SSL object");
}
//Otherwise we can perform two-way shutdown. Client must call SSL_read() before the final SSL_shutdown().
#endif
SSL_set_bio(_pSSL, pBIO, pBIO); SSL_set_bio(_pSSL, pBIO, pBIO);
SSL_set_accept_state(_pSSL); SSL_set_accept_state(_pSSL);
SSL_set_ex_data(_pSSL, SSLManager::instance().socketIndex(), this); SSL_set_ex_data(_pSSL, SSLManager::instance().socketIndex(), this);