Skip normal SSL shutdown only after an error
This disables the sending of the "close notify" shutdown alert, only after a network failure took place, and not during normal closing of a connection.
This commit is contained in:
parent
5011966115
commit
716ee036dc
23
src/socket.c
23
src/socket.c
|
@ -187,8 +187,6 @@ close_secure_connection(session *ssn)
|
||||||
{
|
{
|
||||||
|
|
||||||
if (ssn->sslsocket) {
|
if (ssn->sslsocket) {
|
||||||
SSL_set_shutdown(ssn->sslsocket, SSL_SENT_SHUTDOWN |
|
|
||||||
SSL_RECEIVED_SHUTDOWN);
|
|
||||||
SSL_shutdown(ssn->sslsocket);
|
SSL_shutdown(ssn->sslsocket);
|
||||||
SSL_free(ssn->sslsocket);
|
SSL_free(ssn->sslsocket);
|
||||||
ssn->sslsocket = NULL;
|
ssn->sslsocket = NULL;
|
||||||
|
@ -283,7 +281,7 @@ socket_secure_read(session *ssn, char *buf, size_t len)
|
||||||
case SSL_ERROR_ZERO_RETURN:
|
case SSL_ERROR_ZERO_RETURN:
|
||||||
error("reading data through SSL; the connection has been "
|
error("reading data through SSL; the connection has been "
|
||||||
"closed cleanly\n");
|
"closed cleanly\n");
|
||||||
return -1;
|
goto fail;
|
||||||
case SSL_ERROR_NONE:
|
case SSL_ERROR_NONE:
|
||||||
case SSL_ERROR_WANT_READ:
|
case SSL_ERROR_WANT_READ:
|
||||||
case SSL_ERROR_WANT_WRITE:
|
case SSL_ERROR_WANT_WRITE:
|
||||||
|
@ -301,17 +299,22 @@ socket_secure_read(session *ssn, char *buf, size_t len)
|
||||||
else
|
else
|
||||||
error("reading data through SSL; %s\n",
|
error("reading data through SSL; %s\n",
|
||||||
ERR_error_string(e, NULL));
|
ERR_error_string(e, NULL));
|
||||||
return -1;
|
goto fail;
|
||||||
case SSL_ERROR_SSL:
|
case SSL_ERROR_SSL:
|
||||||
error("reading data through SSL; %s\n",
|
error("reading data through SSL; %s\n",
|
||||||
ERR_error_string(ERR_get_error(), NULL));
|
ERR_error_string(ERR_get_error(), NULL));
|
||||||
return -1;
|
goto fail;
|
||||||
default:
|
default:
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
return r;
|
return r;
|
||||||
|
fail:
|
||||||
|
SSL_set_shutdown(ssn->sslsocket, SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN);
|
||||||
|
|
||||||
|
return -1;
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
@ -391,7 +394,7 @@ socket_secure_write(session *ssn, const char *buf, size_t len)
|
||||||
case SSL_ERROR_ZERO_RETURN:
|
case SSL_ERROR_ZERO_RETURN:
|
||||||
error("writing data through SSL; the connection has been "
|
error("writing data through SSL; the connection has been "
|
||||||
"closed cleanly\n");
|
"closed cleanly\n");
|
||||||
return -1;
|
goto fail;
|
||||||
case SSL_ERROR_NONE:
|
case SSL_ERROR_NONE:
|
||||||
case SSL_ERROR_WANT_READ:
|
case SSL_ERROR_WANT_READ:
|
||||||
case SSL_ERROR_WANT_WRITE:
|
case SSL_ERROR_WANT_WRITE:
|
||||||
|
@ -409,15 +412,19 @@ socket_secure_write(session *ssn, const char *buf, size_t len)
|
||||||
else
|
else
|
||||||
error("writing data through SSL; %s\n",
|
error("writing data through SSL; %s\n",
|
||||||
ERR_error_string(e, NULL));
|
ERR_error_string(e, NULL));
|
||||||
return -1;
|
goto fail;
|
||||||
case SSL_ERROR_SSL:
|
case SSL_ERROR_SSL:
|
||||||
error("writing data through SSL; %s\n",
|
error("writing data through SSL; %s\n",
|
||||||
ERR_error_string(ERR_get_error(), NULL));
|
ERR_error_string(ERR_get_error(), NULL));
|
||||||
return -1;
|
goto fail;
|
||||||
default:
|
default:
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
return r;
|
return r;
|
||||||
|
fail:
|
||||||
|
SSL_set_shutdown(ssn->sslsocket, SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN);
|
||||||
|
|
||||||
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue