From 64f9f40696f993406e53c16d7c9d815004afd8ad Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Tue, 2 Feb 2016 10:05:43 +0000 Subject: Handle SSL_shutdown while in init more appropriately #2 Previous commit 7bb196a71 attempted to "fix" a problem with the way SSL_shutdown() behaved whilst in mid-handshake. The original behaviour had SSL_shutdown() return immediately having taken no action if called mid- handshake with a return value of 1 (meaning everything was shutdown successfully). In fact the shutdown has not been successful. Commit 7bb196a71 changed that to send a close_notify anyway and then return. This seems to be causing some problems for some applications so perhaps a better (much simpler) approach is revert to the previous behaviour (no attempt at a shutdown), but return -1 (meaning the shutdown was not successful). This also fixes a bug where SSL_shutdown always returns 0 when shutdown *very* early in the handshake (i.e. we are still using SSLv23_method). Reviewed-by: Viktor Dukhovni --- ssl/ssl_err.c | 1 - 1 file changed, 1 deletion(-) (limited to 'ssl/ssl_err.c') diff --git a/ssl/ssl_err.c b/ssl/ssl_err.c index 67966ab92c..0d8bcd4f53 100644 --- a/ssl/ssl_err.c +++ b/ssl/ssl_err.c @@ -127,7 +127,6 @@ static ERR_STRING_DATA SSL_str_functs[] = { {ERR_FUNC(SSL_F_SSL3_SETUP_KEY_BLOCK), "ssl3_setup_key_block"}, {ERR_FUNC(SSL_F_SSL3_SETUP_READ_BUFFER), "ssl3_setup_read_buffer"}, {ERR_FUNC(SSL_F_SSL3_SETUP_WRITE_BUFFER), "ssl3_setup_write_buffer"}, - {ERR_FUNC(SSL_F_SSL3_SHUTDOWN), "ssl3_shutdown"}, {ERR_FUNC(SSL_F_SSL3_WRITE_BYTES), "ssl3_write_bytes"}, {ERR_FUNC(SSL_F_SSL3_WRITE_PENDING), "ssl3_write_pending"}, {ERR_FUNC(SSL_F_SSL_ACCEPT), "SSL_accept"}, -- cgit v1.2.3