Return a fatal error if application data is encountered during shutdown

Currently if you encounter application data while waiting for a close_notify from the peer, and you have called SSL_shutdown() then you will get a -1 return (fatal error) and SSL_ERROR_SYSCALL from SSL_get_error(). This isn't accurate (it should be SSL_ERROR_SSL) and isn't persistent (you can call SSL_shutdown() again and it might then work). We change this into a proper fatal error that is persistent. Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> Reviewed-by: Kurt Roeckx <kurt@roeckx.be> (Merged from https://github.com/openssl/openssl/pull/6340)
author: Matt Caswell <matt@openssl.org> 2018-06-25 14:51:11 +0100
committer: Matt Caswell <matt@openssl.org> 2018-06-27 10:03:37 +0100
commit: 358ffa05cd3a088822c7d06256bc87516d918798 (patch)
tree: 59682167c740c52c35fa4b55b859cee2499bc16b /include
parent: ba70904949d2f9eec160043bf9a97182b33a2b82 (diff)
1 files changed, 1 insertions, 0 deletions
diff --git a/include/openssl/sslerr.h b/include/openssl/sslerr.h
index b2c6c1ee37..9eba6d8fd5 100644
--- a/include/openssl/sslerr.h
+++ b/include/openssl/sslerr.h
@@ -449,6 +449,7 @@ int ERR_load_SSL_strings(void);
 /*
  * SSL reason codes.
  */
+# define SSL_R_APPLICATION_DATA_AFTER_CLOSE_NOTIFY        291
 # define SSL_R_APP_DATA_IN_HANDSHAKE                      100
 # define SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT 272
 # define SSL_R_AT_LEAST_TLS_1_0_NEEDED_IN_FIPS_MODE       143
author	Matt Caswell <matt@openssl.org>	2018-06-25 14:51:11 +0100
committer	Matt Caswell <matt@openssl.org>	2018-06-27 10:03:37 +0100
commit	358ffa05cd3a088822c7d06256bc87516d918798 (patch)
tree	59682167c740c52c35fa4b55b859cee2499bc16b /include
parent	ba70904949d2f9eec160043bf9a97182b33a2b82 (diff)