Unbreak bidirectional SSL_shutdown for TLSv1.3libressl-v3.1.4

The previous errata patch 019_libssl broke bidirectional SSL_shutdown.
This can cause a hang in some software that calls SSL_shutdown in a loop.
Problem reported and fix tested by Predrag Punosevac.  Thanks to Steffen
Nurpmeso who independently found that this was due to an SSL_shutdown loop.

ok jsing

This is errata/6.7/020_libssl.patch.sig

1 files changed, 2 insertions, 1 deletions

diff --git a/src/lib/libssl/tls13_legacy.c b/src/lib/libssl/tls13_legacy.c
index 95e9032634..5d32c66726 100644
--- a/src/lib/libssl/tls13_legacy.c
+++ b/src/lib/libssl/tls13_legacy.c
@@ -1,4 +1,4 @@
-/*      $OpenBSD: tls13_legacy.c,v 1.3.4.2 2020/08/10 18:59:47 tb Exp $ */
+/*      $OpenBSD: tls13_legacy.c,v 1.3.4.3 2020/08/17 11:04:20 tb Exp $ */
 /*
  * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
  *
@@ -497,6 +497,7 @@ tls13_legacy_shutdown(SSL *ssl)
                 if ((ret = tls13_record_layer_send_pending(ctx->rl)) !=
                     TLS13_IO_SUCCESS)
                         return tls13_legacy_return_code(ssl, ret);
+                ctx->close_notify_sent = 1;
         } else if (!ctx->close_notify_recv) {
                 /*
                  * If there is no application data pending, attempt to read more