Unbreak bidirectional SSL_shutdown for TLSv1.3libressl-v3.1.4

The previous errata patch 019_libssl broke bidirectional SSL_shutdown. This can cause a hang in some software that calls SSL_shutdown in a loop. Problem reported and fix tested by Predrag Punosevac. Thanks to Steffen Nurpmeso who independently found that this was due to an SSL_shutdown loop. ok jsing This is errata/6.7/020_libssl.patch.sig
author: tb <> 2020-08-17 11:04:20 +0000
committer: tb <> 2020-08-17 11:04:20 +0000
commit: 4a37c4d3fd4d65240a83ff1723ec253c796045f8 (patch)
tree: da87998cce511059ab0f7f6b0a919f61f5531fd7 /src
parent: 529117a25958fa6a044d9cf79057817756c9e16a (diff)
download: openbsd-libressl-v3.1.4.tar.gz
openbsd-libressl-v3.1.4.tar.bz2
openbsd-libressl-v3.1.4.zip
1 files changed, 2 insertions, 1 deletions
diff --git a/src/lib/libssl/tls13_legacy.c b/src/lib/libssl/tls13_legacy.c
index 95e9032634..5d32c66726 100644
--- a/src/lib/libssl/tls13_legacy.c
+++ b/src/lib/libssl/tls13_legacy.c
@@ -1,4 +1,4 @@
-/*      $OpenBSD: tls13_legacy.c,v 1.3.4.2 2020/08/10 18:59:47 tb Exp $ */
+/*      $OpenBSD: tls13_legacy.c,v 1.3.4.3 2020/08/17 11:04:20 tb Exp $ */
 /*
 * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
 *
@@ -497,6 +497,7 @@ tls13_legacy_shutdown(SSL *ssl)
                if ((ret = tls13_record_layer_send_pending(ctx->rl)) !=
                    TLS13_IO_SUCCESS)
                        return tls13_legacy_return_code(ssl, ret);
+                ctx->close_notify_sent = 1;
        } else if (!ctx->close_notify_recv) {
                /*
                 * If there is no application data pending, attempt to read more
author	tb <>	2020-08-17 11:04:20 +0000
committer	tb <>	2020-08-17 11:04:20 +0000
commit	4a37c4d3fd4d65240a83ff1723ec253c796045f8 (patch)
tree	da87998cce511059ab0f7f6b0a919f61f5531fd7 /src
parent	529117a25958fa6a044d9cf79057817756c9e16a (diff)
download	openbsd-libressl-v3.1.4.tar.gz openbsd-libressl-v3.1.4.tar.bz2 openbsd-libressl-v3.1.4.zip