Return a fatal error if application data is encountered during shutdown

Currently if you encounter application data while waiting for a close_notify from the peer, and you have called SSL_shutdown() then you will get a -1 return (fatal error) and SSL_ERROR_SYSCALL from SSL_get_error(). This isn't accurate (it should be SSL_ERROR_SSL) and isn't persistent (you can call SSL_shutdown() again and it might then work). We change this into a proper fatal error that is persistent. Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> Reviewed-by: Kurt Roeckx <kurt@roeckx.be> (Merged from https://github.com/openssl/openssl/pull/6340)
author: Matt Caswell <matt@openssl.org> 2018-06-25 14:51:11 +0100
committer: Matt Caswell <matt@openssl.org> 2018-06-27 10:03:37 +0100
commit: 358ffa05cd3a088822c7d06256bc87516d918798 (patch)
tree: 59682167c740c52c35fa4b55b859cee2499bc16b /ssl/ssl_err.c
parent: ba70904949d2f9eec160043bf9a97182b33a2b82 (diff)
download: openssl-358ffa05cd3a088822c7d06256bc87516d918798.tar.gz
1 files changed, 2 insertions, 0 deletions
diff --git a/ssl/ssl_err.c b/ssl/ssl_err.c
index 03c5bf255e..9ce643ae8e 100644
--- a/ssl/ssl_err.c
+++ b/ssl/ssl_err.c
@@ -726,6 +726,8 @@ static const ERR_STRING_DATA SSL_str_functs[] = {
 };
 
 static const ERR_STRING_DATA SSL_str_reasons[] = {
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_APPLICATION_DATA_AFTER_CLOSE_NOTIFY),
+    "application data after close notify"},
     {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_APP_DATA_IN_HANDSHAKE),
     "app data in handshake"},
     {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT),
author	Matt Caswell <matt@openssl.org>	2018-06-25 14:51:11 +0100
committer	Matt Caswell <matt@openssl.org>	2018-06-27 10:03:37 +0100
commit	358ffa05cd3a088822c7d06256bc87516d918798 (patch)
tree	59682167c740c52c35fa4b55b859cee2499bc16b /ssl/ssl_err.c
parent	ba70904949d2f9eec160043bf9a97182b33a2b82 (diff)
download	openssl-358ffa05cd3a088822c7d06256bc87516d918798.tar.gz