Handle shutdown during init/handshake earlier

Sending close_notify during init causes some problems for some
applications so we instead revert to the previous behavior returning an
error instead of silently passing.

(Imported from upstream's 64193c8218540499984cd63cda41f3cd491f3f59)

Change-Id: I5efed1ce152197d291e6c7ece6e5dbb8f3ad867d
Reviewed-on: https://boringssl-review.googlesource.com/7232
Reviewed-by: David Benjamin <davidben@google.com>
This commit is contained in:
Steven Valdez 2016-02-29 10:05:08 -05:00 committed by David Benjamin
parent c4eec0c16b
commit a14934ff2d

View File

@ -646,6 +646,12 @@ int SSL_shutdown(SSL *ssl) {
return -1; return -1;
} }
/* We can't shutdown properly if we are in the middle of a handshake. */
if (SSL_in_init(ssl)) {
OPENSSL_PUT_ERROR(SSL, SSL_R_SHUTDOWN_WHILE_IN_INIT);
return -1;
}
/* Do nothing if configured not to send a close_notify. */ /* Do nothing if configured not to send a close_notify. */
if (ssl->quiet_shutdown) { if (ssl->quiet_shutdown) {
ssl->shutdown = SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN; ssl->shutdown = SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN;
@ -671,11 +677,6 @@ int SSL_shutdown(SSL *ssl) {
return ret; return ret;
} }
} else if (!(ssl->shutdown & SSL_RECEIVED_SHUTDOWN)) { } else if (!(ssl->shutdown & SSL_RECEIVED_SHUTDOWN)) {
if (SSL_in_init(ssl)) {
/* We can't shutdown properly if we are in the middle of a handshake. */
OPENSSL_PUT_ERROR(SSL, SSL_R_SHUTDOWN_WHILE_IN_INIT);
return -1;
}
/* If we are waiting for a close from our peer, we are closed */ /* If we are waiting for a close from our peer, we are closed */
ssl->method->ssl_read_close_notify(ssl); ssl->method->ssl_read_close_notify(ssl);
if (!(ssl->shutdown & SSL_RECEIVED_SHUTDOWN)) { if (!(ssl->shutdown & SSL_RECEIVED_SHUTDOWN)) {