From 7bb196a71adef8440b6152b6174651a9c25588f1 Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Mon, 7 Dec 2015 16:50:38 +0000 Subject: Handle SSL_shutdown while in init more appropriately Calling SSL_shutdown while in init previously gave a "1" response, meaning everything was successfully closed down (even though it wasn't). Better is to send our close_notify, but fail when trying to receive one. The problem with doing a shutdown while in the middle of a handshake is that once our close_notify is sent we shouldn't really do anything else (including process handshake/CCS messages) until we've received a close_notify back from the peer. However the peer might send a CCS before acting on our close_notify - so we won't be able to read it because we're not acting on CCS messages! Reviewed-by: Viktor Dukhovni --- include/openssl/ssl.h | 2 ++ 1 file changed, 2 insertions(+) (limited to 'include') diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h index 3152348dcd..d26b4af1a7 100644 --- a/include/openssl/ssl.h +++ b/include/openssl/ssl.h @@ -1992,6 +1992,7 @@ void ERR_load_SSL_strings(void); # define SSL_F_SSL3_SETUP_KEY_BLOCK 157 # define SSL_F_SSL3_SETUP_READ_BUFFER 156 # define SSL_F_SSL3_SETUP_WRITE_BUFFER 291 +# define SSL_F_SSL3_SHUTDOWN 396 # define SSL_F_SSL3_WRITE_BYTES 158 # define SSL_F_SSL3_WRITE_PENDING 159 # define SSL_F_SSL_ACCEPT 390 @@ -2344,6 +2345,7 @@ void ERR_load_SSL_strings(void); # define SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING 345 # define SSL_R_SERVERHELLO_TLSEXT 275 # define SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED 277 +# define SSL_R_SHUTDOWN_WHILE_IN_INIT 407 # define SSL_R_SIGNATURE_ALGORITHMS_ERROR 360 # define SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE 220 # define SSL_R_SRP_A_CALC 361 -- cgit v1.2.3