diff options
| author | jsing <> | 2024-01-30 14:50:50 +0000 |
|---|---|---|
| committer | jsing <> | 2024-01-30 14:50:50 +0000 |
| commit | 805729baee1dff3368eb79d9c05cb48c481c63b8 (patch) | |
| tree | cefc460f6939c03890e25b57a70c21caf02a8f1d /src | |
| parent | 58b71efb8cd73a807ec46c267e6e92a1f728420c (diff) | |
| download | openbsd-805729baee1dff3368eb79d9c05cb48c481c63b8.tar.gz openbsd-805729baee1dff3368eb79d9c05cb48c481c63b8.tar.bz2 openbsd-805729baee1dff3368eb79d9c05cb48c481c63b8.zip | |
Restore SSL_shutdown() two step sequence.
Change SSL_shutdown() such that it will return 0 after sending a
close-notify, before potentially returning 1 (indicating that a
close-notify has been sent and received) on a subsequent call. Some
software depends on this behaviour, even though there are cases where
the first call could immediately return 1 (for example, when the peer
has already sent a close-notify prior to SSL_shutdown() being called).
ok tb@
Diffstat (limited to 'src')
| -rw-r--r-- | src/lib/libssl/tls13_legacy.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/src/lib/libssl/tls13_legacy.c b/src/lib/libssl/tls13_legacy.c index e5b451cb68..6c33eccc61 100644 --- a/src/lib/libssl/tls13_legacy.c +++ b/src/lib/libssl/tls13_legacy.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: tls13_legacy.c,v 1.43 2024/01/27 14:34:28 jsing Exp $ */ | 1 | /* $OpenBSD: tls13_legacy.c,v 1.44 2024/01/30 14:50:50 jsing Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org> | 3 | * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org> |
| 4 | * | 4 | * |
| @@ -501,6 +501,7 @@ tls13_legacy_shutdown(SSL *ssl) | |||
| 501 | return -1; | 501 | return -1; |
| 502 | if (ret != TLS13_IO_SUCCESS) | 502 | if (ret != TLS13_IO_SUCCESS) |
| 503 | return tls13_legacy_return_code(ssl, ret); | 503 | return tls13_legacy_return_code(ssl, ret); |
| 504 | goto done; | ||
| 504 | } | 505 | } |
| 505 | 506 | ||
| 506 | ret = tls13_record_layer_send_pending(ctx->rl); | 507 | ret = tls13_record_layer_send_pending(ctx->rl); |
| @@ -524,6 +525,7 @@ tls13_legacy_shutdown(SSL *ssl) | |||
| 524 | } | 525 | } |
| 525 | } | 526 | } |
| 526 | 527 | ||
| 528 | done: | ||
| 527 | if (ssl->shutdown == (SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN)) | 529 | if (ssl->shutdown == (SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN)) |
| 528 | return 1; | 530 | return 1; |
| 529 | 531 | ||