diff options
| author | Matt Caswell <matt@openssl.org> | 2019-02-20 14:21:36 +0000 |
|---|---|---|
| committer | Matt Caswell <matt@openssl.org> | 2019-02-26 14:13:05 +0000 |
| commit | 48c8bcf5bca0ce7751f49599381e143de1b61786 (patch) | |
| tree | 07acd8ac76eb40c58d90339d90eca576cc87bc2e | |
| parent | e9bbefbf0f24c57645e7ad6a5a71ae649d18ac8e (diff) | |
Clarify that SSL_shutdown() must not be called after a fatal error
Follow on from CVE-2019-1559
Reviewed-by: Richard Levitte <levitte@openssl.org>
| -rw-r--r-- | doc/ssl/SSL_get_error.pod | 13 | ||||
| -rw-r--r-- | doc/ssl/SSL_shutdown.pod | 4 |
2 files changed, 12 insertions, 5 deletions
diff --git a/doc/ssl/SSL_get_error.pod b/doc/ssl/SSL_get_error.pod index 2a93894096..7537616d47 100644 --- a/doc/ssl/SSL_get_error.pod +++ b/doc/ssl/SSL_get_error.pod @@ -90,14 +90,17 @@ Details depend on the application. =item SSL_ERROR_SYSCALL -Some non-recoverable I/O error occurred. -The OpenSSL error queue may contain more information on the error. -For socket I/O on Unix systems, consult B<errno> for details. +Some non-recoverable, fatal I/O error occurred. The OpenSSL error queue may +contain more information on the error. For socket I/O on Unix systems, consult +B<errno> for details. If this error occurs then no further I/O operations should +be performed on the connection and SSL_shutdown() must not be called. =item SSL_ERROR_SSL -A failure in the SSL library occurred, usually a protocol error. The -OpenSSL error queue contains more information on the error. +A non-recoverable, fatal error in the SSL library occurred, usually a protocol +error. The OpenSSL error queue contains more information on the error. If this +error occurs then no further I/O operations should be performed on the +connection and SSL_shutdown() must not be called. =back diff --git a/doc/ssl/SSL_shutdown.pod b/doc/ssl/SSL_shutdown.pod index efbff5a0a3..e2a776cf1c 100644 --- a/doc/ssl/SSL_shutdown.pod +++ b/doc/ssl/SSL_shutdown.pod @@ -22,6 +22,10 @@ Whether the operation succeeds or not, the SSL_SENT_SHUTDOWN flag is set and a currently open session is considered closed and good and will be kept in the session cache for further reuse. +Note that SSL_shutdown() must not be called if a previous fatal error has +occurred on a connection i.e. if SSL_get_error() has returned SSL_ERROR_SYSCALL +or SSL_ERROR_SSL. + The shutdown procedure consists of 2 steps: the sending of the "close notify" shutdown alert and the reception of the peer's "close notify" shutdown alert. According to the TLS standard, it is acceptable for an application |