5267ef7b4a
Update-Note: This tweaks the SSL_shutdown behavior. OpenSSL's original SSL_shutdown behavior was an incoherent mix of discarding the record and rejecting it (it would return SSL_ERROR_SYSCALL but retrying the operation would discard it). SSLeay appears to have intended to discard it, so we previously "fixed" it actually discard. However, this behavior is somewhat bizarre and means we skip over unbounded data, which we typically try to avoid. If you are trying to cleanly shutdown the TLS portion of your protocol, surely it is at a point where additional data is a syntax error. I suspect I originally did not realize that, because the discarded record did not properly continue the loop, SSL_shutdown would appear as if it rejected the data, and so it's unlikely anyone was relying on that behavior. Discussion in https://github.com/openssl/openssl/pull/6340 suggests (some of) upstream also prefers rejecting. Change-Id: Icde419049306ed17eb06ce1a7e1ff587901166f3 Reviewed-on: https://boringssl-review.googlesource.com/28864 Commit-Queue: David Benjamin <davidben@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org> Reviewed-by: Steven Valdez <svaldez@google.com> |
||
|---|---|---|
| .. | ||
| asn1.errordata | ||
| bio.errordata | ||
| bn.errordata | ||
| cipher.errordata | ||
| CMakeLists.txt | ||
| conf.errordata | ||
| dh.errordata | ||
| digest.errordata | ||
| dsa.errordata | ||
| ec.errordata | ||
| ecdh.errordata | ||
| ecdsa.errordata | ||
| engine.errordata | ||
| err_data_generate.go | ||
| err_test.cc | ||
| err.c | ||
| evp.errordata | ||
| hkdf.errordata | ||
| internal.h | ||
| obj.errordata | ||
| pem.errordata | ||
| pkcs7.errordata | ||
| pkcs8.errordata | ||
| rsa.errordata | ||
| ssl.errordata | ||
| x509.errordata | ||
| x509v3.errordata | ||