Update from 0.9.8-stable.

4 files changed, 24 insertions, 5 deletions

diff --git a/CHANGES b/CHANGES
index f17154b8e3..e8f1748ac7 100644
--- a/CHANGES
+++ b/CHANGES
@@ -772,6 +772,9 @@
 
  Changes between 0.9.8k and 0.9.8l  [xx XXX xxxx]
 
+  *) Handle non-blocking I/O properly in SSL_shutdown() call.
+     [Darryl Miles <darryl-mailinglists@netbauds.net>]
+
   *) Add 2.5.4.* OIDs
      [Ilya O. <vrghost@gmail.com>]
 
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index 727827f91d..73a573ee29 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -3138,6 +3138,7 @@ int ssl3_get_req_cert_type(SSL *s, unsigned char *p)
 
 int ssl3_shutdown(SSL *s)
 	{
+	int ret;
 
 	/* Don't do anything much if we have not done the handshake or
 	 * we don't want to send messages :-) */
@@ -3155,18 +3156,32 @@ int ssl3_shutdown(SSL *s)
 #endif
 		/* our shutdown alert has been sent now, and if it still needs
 	 	 * to be written, s->s3->alert_dispatch will be true */
+	 	if (s->s3->alert_dispatch)
+	 		return(-1);	/* return WANT_WRITE */
 		}
 	else if (s->s3->alert_dispatch)
 		{
 		/* resend it if not sent */
 #if 1
-		s->method->ssl_dispatch_alert(s);
+		ret=s->method->ssl_dispatch_alert(s);
+		if(ret == -1)
+			{
+			/* we only get to return -1 here the 2nd/Nth
+			 * invocation, we must  have already signalled
+			 * return 0 upon a previous invoation,
+			 * return WANT_WRITE */
+			return(ret);
+			}
 #endif
 		}
 	else if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN))
 		{
 		/* If we are waiting for a close from our peer, we are closed */
 		s->method->ssl_read_bytes(s,0,NULL,0,0);
+		if(!(s->shutdown & SSL_RECEIVED_SHUTDOWN))
+			{
+			return(-1);	/* return WANT_READ */
+			}
 		}
 
 	if ((s->shutdown == (SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN)) &&
diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c
index ce7dc366fb..c04401a88d 100644
--- a/ssl/s3_pkt.c
+++ b/ssl/s3_pkt.c
@@ -1350,13 +1350,13 @@ int ssl3_do_change_cipher_spec(SSL *s)
 	return(1);
 	}
 
-void ssl3_send_alert(SSL *s, int level, int desc)
+int ssl3_send_alert(SSL *s, int level, int desc)
 	{
 	/* Map tls/ssl alert value to correct one */
 	desc=s->method->ssl3_enc->alert_value(desc);
 	if (s->version == SSL3_VERSION && desc == SSL_AD_PROTOCOL_VERSION)
 		desc = SSL_AD_HANDSHAKE_FAILURE; /* SSL 3.0 does not have protocol_version alerts */
-	if (desc < 0) return;
+	if (desc < 0) return -1;
 	/* If a fatal one, remove from cache */
 	if ((level == 2) && (s->session != NULL))
 		SSL_CTX_remove_session(s->ctx,s->session);
@@ -1365,9 +1365,10 @@ void ssl3_send_alert(SSL *s, int level, int desc)
 	s->s3->send_alert[0]=level;
 	s->s3->send_alert[1]=desc;
 	if (s->s3->wbuf.left == 0) /* data still being written out? */
-		s->method->ssl_dispatch_alert(s);
+		return s->method->ssl_dispatch_alert(s);
 	/* else data is still being written out, we will get written
 	 * some time in the future */
+	return -1;
 	}
 
 int ssl3_dispatch_alert(SSL *s)
diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
index 039ee6b28e..9b6aadd950 100644
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
@@ -857,7 +857,7 @@ int ssl3_send_change_cipher_spec(SSL *s,int state_a,int state_b);
 int ssl3_change_cipher_state(SSL *s,int which);
 void ssl3_cleanup_key_block(SSL *s);
 int ssl3_do_write(SSL *s,int type);
-void ssl3_send_alert(SSL *s,int level, int desc);
+int ssl3_send_alert(SSL *s,int level, int desc);
 int ssl3_generate_master_secret(SSL *s, unsigned char *out,
 	unsigned char *p, int len);
 int ssl3_get_req_cert_type(SSL *s,unsigned char *p);