diff options
author | Matt Caswell <matt@openssl.org> | 2015-12-07 16:50:38 +0000 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2016-01-20 13:58:12 +0000 |
commit | 7bb196a71adef8440b6152b6174651a9c25588f1 (patch) | |
tree | 01e909a54f822db8de9e26c768441aa33ee763ef /include | |
parent | 3aeb93486588e7dd01379c50b8fd496d55cf8858 (diff) | |
download | openssl-7bb196a71adef8440b6152b6174651a9c25588f1.tar.gz |
Handle SSL_shutdown while in init more appropriately
Calling SSL_shutdown while in init previously gave a "1" response, meaning
everything was successfully closed down (even though it wasn't). Better is
to send our close_notify, but fail when trying to receive one.
The problem with doing a shutdown while in the middle of a handshake is
that once our close_notify is sent we shouldn't really do anything else
(including process handshake/CCS messages) until we've received a
close_notify back from the peer. However the peer might send a CCS before
acting on our close_notify - so we won't be able to read it because we're
not acting on CCS messages!
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Diffstat (limited to 'include')
-rw-r--r-- | include/openssl/ssl.h | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h index 3152348dcd..d26b4af1a7 100644 --- a/include/openssl/ssl.h +++ b/include/openssl/ssl.h @@ -1992,6 +1992,7 @@ void ERR_load_SSL_strings(void); # define SSL_F_SSL3_SETUP_KEY_BLOCK 157 # define SSL_F_SSL3_SETUP_READ_BUFFER 156 # define SSL_F_SSL3_SETUP_WRITE_BUFFER 291 +# define SSL_F_SSL3_SHUTDOWN 396 # define SSL_F_SSL3_WRITE_BYTES 158 # define SSL_F_SSL3_WRITE_PENDING 159 # define SSL_F_SSL_ACCEPT 390 @@ -2344,6 +2345,7 @@ void ERR_load_SSL_strings(void); # define SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING 345 # define SSL_R_SERVERHELLO_TLSEXT 275 # define SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED 277 +# define SSL_R_SHUTDOWN_WHILE_IN_INIT 407 # define SSL_R_SIGNATURE_ALGORITHMS_ERROR 360 # define SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE 220 # define SSL_R_SRP_A_CALC 361 |