kris/boringssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Handle shutdown during init/handshake earlier

Browse Source 
Sending close_notify during init causes some problems for some
applications so we instead revert to the previous behavior returning an
error instead of silently passing.

(Imported from upstream's 64193c8218540499984cd63cda41f3cd491f3f59)

Change-Id: I5efed1ce152197d291e6c7ece6e5dbb8f3ad867d
Reviewed-on: https://boringssl-review.googlesource.com/7232
Reviewed-by: David Benjamin <davidben@google.com>
This commit is contained in:
Steven Valdez 2016-02-29 10:05:08 -05:00 committed by David Benjamin
parent c4eec0c16b
commit a14934ff2d
1 changed files with 6 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
ssl/ssl_lib.c
View File

@ -646,6 +646,12 @@ int SSL_shutdown(SSL *ssl) {
return -1;
}
/* We can't shutdown properly if we are in the middle of a handshake. */
if (SSL_in_init(ssl)) {
OPENSSL_PUT_ERROR(SSL, SSL_R_SHUTDOWN_WHILE_IN_INIT);
return -1;
}
/* Do nothing if configured not to send a close_notify. */
if (ssl->quiet_shutdown) {
ssl->shutdown = SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN;
@ -671,11 +677,6 @@ int SSL_shutdown(SSL *ssl) {
return ret;
}
} else if (!(ssl->shutdown & SSL_RECEIVED_SHUTDOWN)) {
if (SSL_in_init(ssl)) {
/* We can't shutdown properly if we are in the middle of a handshake. */
OPENSSL_PUT_ERROR(SSL, SSL_R_SHUTDOWN_WHILE_IN_INIT);
return -1;
}
/* If we are waiting for a close from our peer, we are closed */
ssl->method->ssl_read_close_notify(ssl);
if (!(ssl->shutdown & SSL_RECEIVED_SHUTDOWN)) {