1 files changed, 48 insertions, 48 deletions
diff --git a/src/lib/libressl/ressl.c b/src/lib/libtls/tls.c
index 06c7d54cc2..a7f612e40b 100644
--- a/src/lib/libressl/ressl.c
+++ b/src/lib/libtls/tls.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ressl.c,v 1.18 2014/10/15 21:02:39 tedu Exp $ */
+/* $OpenBSD: tls.c,v 1.1 2014/10/31 13:46:17 jsing Exp $ */
 /*
 * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
 *
@@ -26,38 +26,38 @@
 #include <openssl/pem.h>
 #include <openssl/x509.h>
-#include <ressl.h>
+#include <tls.h>
-#include "ressl_internal.h"
+#include "tls_internal.h"
-static struct ressl_config *ressl_config_default;
+static struct tls_config *tls_config_default;
 int
-ressl_init(void)
+tls_init(void)
 {
-        static int ressl_initialised = 0;
+        static int tls_initialised = 0;
-        if (ressl_initialised)
+        if (tls_initialised)
                return (0);
        SSL_load_error_strings();
        SSL_library_init();
-        if ((ressl_config_default = ressl_config_new()) == NULL)
+        if ((tls_config_default = tls_config_new()) == NULL)
                return (-1);
-        ressl_initialised = 1;
+        tls_initialised = 1;
        return (0);
 }
 const char *
-ressl_error(struct ressl *ctx)
+tls_error(struct tls *ctx)
 {
        return ctx->errmsg;
 }
 int
-ressl_set_error(struct ressl *ctx, char *fmt, ...)
+tls_set_error(struct tls *ctx, char *fmt, ...)
 {
        va_list ap;
        int rv;
@@ -73,37 +73,37 @@ ressl_set_error(struct ressl *ctx, char *fmt, ...)
        return (rv);
 }
-struct ressl *
+struct tls *
-ressl_new(void)
+tls_new(void)
 {
-        struct ressl *ctx;
+        struct tls *ctx;
        if ((ctx = calloc(1, sizeof(*ctx))) == NULL)
                return (NULL);
-        ctx->config = ressl_config_default;
+        ctx->config = tls_config_default;
-        ressl_reset(ctx);
+        tls_reset(ctx);
        return (ctx);
 }
 int
-ressl_configure(struct ressl *ctx, struct ressl_config *config)
+tls_configure(struct tls *ctx, struct tls_config *config)
 {
        if (config == NULL)
-                config = ressl_config_default;
+                config = tls_config_default;
        ctx->config = config;
-        if ((ctx->flags & RESSL_SERVER) != 0)
+        if ((ctx->flags & TLS_SERVER) != 0)
-                return (ressl_configure_server(ctx));
+                return (tls_configure_server(ctx));
        return (0);
 }
 int
-ressl_configure_keypair(struct ressl *ctx)
+tls_configure_keypair(struct tls *ctx)
 {
        EVP_PKEY *pkey = NULL;
        X509 *cert = NULL;
@@ -112,7 +112,7 @@ ressl_configure_keypair(struct ressl *ctx)
        if (ctx->config->cert_mem != NULL) {
                if (SSL_CTX_use_certificate_chain(ctx->ssl_ctx,
                    ctx->config->cert_mem, ctx->config->cert_len) != 1) {
-                        ressl_set_error(ctx, "failed to load certificate");
+                        tls_set_error(ctx, "failed to load certificate");
                        goto err;
                }
                cert = NULL;
@@ -120,16 +120,16 @@ ressl_configure_keypair(struct ressl *ctx)
        if (ctx->config->key_mem != NULL) {
                if ((bio = BIO_new_mem_buf(ctx->config->key_mem,
                    ctx->config->key_len)) == NULL) {
-                        ressl_set_error(ctx, "failed to create buffer");
+                        tls_set_error(ctx, "failed to create buffer");
                        goto err;
                }
                if ((pkey = PEM_read_bio_PrivateKey(bio, NULL, NULL,
                    NULL)) == NULL) {
-                        ressl_set_error(ctx, "failed to read private key");
+                        tls_set_error(ctx, "failed to read private key");
                        goto err;
                }
                if (SSL_CTX_use_PrivateKey(ctx->ssl_ctx, pkey) != 1) {
-                        ressl_set_error(ctx, "failed to load private key");
+                        tls_set_error(ctx, "failed to load private key");
                        goto err;
                }
                BIO_free(bio);
@@ -141,20 +141,20 @@ ressl_configure_keypair(struct ressl *ctx)
        if (ctx->config->cert_file != NULL) {
                if (SSL_CTX_use_certificate_chain_file(ctx->ssl_ctx,
                    ctx->config->cert_file) != 1) {
-                        ressl_set_error(ctx, "failed to load certificate file");
+                        tls_set_error(ctx, "failed to load certificate file");
                        goto err;
                }
        }
        if (ctx->config->key_file != NULL) {
                if (SSL_CTX_use_PrivateKey_file(ctx->ssl_ctx,
                    ctx->config->key_file, SSL_FILETYPE_PEM) != 1) {
-                        ressl_set_error(ctx, "failed to load private key file");
+                        tls_set_error(ctx, "failed to load private key file");
                        goto err;
                }
        }
        if (SSL_CTX_check_private_key(ctx->ssl_ctx) != 1) {
-                ressl_set_error(ctx, "private/public key mismatch");
+                tls_set_error(ctx, "private/public key mismatch");
                goto err;
        }
@@ -169,7 +169,7 @@ err:
 }
 int
-ressl_configure_ssl(struct ressl *ctx)
+tls_configure_ssl(struct tls *ctx)
 {
        SSL_CTX_set_options(ctx->ssl_ctx, SSL_OP_NO_SSLv2);
        SSL_CTX_set_options(ctx->ssl_ctx, SSL_OP_NO_SSLv3);
@@ -178,17 +178,17 @@ ressl_configure_ssl(struct ressl *ctx)
        SSL_CTX_clear_options(ctx->ssl_ctx, SSL_OP_NO_TLSv1_1);
        SSL_CTX_clear_options(ctx->ssl_ctx, SSL_OP_NO_TLSv1_2);
-        if ((ctx->config->protocols & RESSL_PROTOCOL_TLSv1_0) == 0)
+        if ((ctx->config->protocols & TLS_PROTOCOL_TLSv1_0) == 0)
                SSL_CTX_set_options(ctx->ssl_ctx, SSL_OP_NO_TLSv1);
-        if ((ctx->config->protocols & RESSL_PROTOCOL_TLSv1_1) == 0)
+        if ((ctx->config->protocols & TLS_PROTOCOL_TLSv1_1) == 0)
                SSL_CTX_set_options(ctx->ssl_ctx, SSL_OP_NO_TLSv1_1);
-        if ((ctx->config->protocols & RESSL_PROTOCOL_TLSv1_2) == 0)
+        if ((ctx->config->protocols & TLS_PROTOCOL_TLSv1_2) == 0)
                SSL_CTX_set_options(ctx->ssl_ctx, SSL_OP_NO_TLSv1_2);
        if (ctx->config->ciphers != NULL) {
                if (SSL_CTX_set_cipher_list(ctx->ssl_ctx,
                    ctx->config->ciphers) != 1) {
-                        ressl_set_error(ctx, "failed to set ciphers");
+                        tls_set_error(ctx, "failed to set ciphers");
                        goto err;
                }
        }
@@ -200,16 +200,16 @@ err:
 }
 void
-ressl_free(struct ressl *ctx)
+tls_free(struct tls *ctx)
 {
        if (ctx == NULL)
                return;
-        ressl_reset(ctx);
+        tls_reset(ctx);
        free(ctx);
 }
 void
-ressl_reset(struct ressl *ctx)
+tls_reset(struct tls *ctx)
 {
        SSL_CTX_free(ctx->ssl_ctx);
        SSL_free(ctx->ssl_conn);
@@ -225,7 +225,7 @@ ressl_reset(struct ressl *ctx)
 }
 int
-ressl_read(struct ressl *ctx, void *buf, size_t buflen, size_t *outlen)
+tls_read(struct tls *ctx, void *buf, size_t buflen, size_t *outlen)
 {
        int ret, ssl_err;
@@ -238,17 +238,17 @@ ressl_read(struct ressl *ctx, void *buf, size_t buflen, size_t *outlen)
        ssl_err = SSL_get_error(ctx->ssl_conn, ret);
        switch (ssl_err) {
        case SSL_ERROR_WANT_READ:
-                return (RESSL_READ_AGAIN);
+                return (TLS_READ_AGAIN);
        case SSL_ERROR_WANT_WRITE:
-                return (RESSL_WRITE_AGAIN);
+                return (TLS_WRITE_AGAIN);
        default:
-                ressl_set_error(ctx, "read failed (%i)", ssl_err);
+                tls_set_error(ctx, "read failed (%i)", ssl_err);
                return (-1);
        }
 }
 int
-ressl_write(struct ressl *ctx, const void *buf, size_t buflen, size_t *outlen)
+tls_write(struct tls *ctx, const void *buf, size_t buflen, size_t *outlen)
 {
        int ret, ssl_err;
@@ -261,33 +261,33 @@ ressl_write(struct ressl *ctx, const void *buf, size_t buflen, size_t *outlen)
        ssl_err = SSL_get_error(ctx->ssl_conn, ret);
        switch (ssl_err) {
        case SSL_ERROR_WANT_READ:
-                return (RESSL_READ_AGAIN);
+                return (TLS_READ_AGAIN);
        case SSL_ERROR_WANT_WRITE:
-                return (RESSL_WRITE_AGAIN);
+                return (TLS_WRITE_AGAIN);
        default:
-                ressl_set_error(ctx, "write failed (%i)", ssl_err);
+                tls_set_error(ctx, "write failed (%i)", ssl_err);
                return (-1);
        }
 }
 int
-ressl_close(struct ressl *ctx)
+tls_close(struct tls *ctx)
 {
        /* XXX - handle case where multiple calls are required. */
        if (ctx->ssl_conn != NULL) {
                if (SSL_shutdown(ctx->ssl_conn) == -1) {
-                        ressl_set_error(ctx, "SSL shutdown failed");
+                        tls_set_error(ctx, "SSL shutdown failed");
                        goto err;
                }
        }
        if (ctx->socket != -1) {
                if (shutdown(ctx->socket, SHUT_RDWR) != 0) {
-                        ressl_set_error(ctx, "shutdown");
+                        tls_set_error(ctx, "shutdown");
                        goto err;
                }
                if (close(ctx->socket) != 0) {
-                        ressl_set_error(ctx, "close");
+                        tls_set_error(ctx, "close");
                        goto err;
                }
                ctx->socket = -1;

diff --git a/src/lib/libressl/ressl.c b/src/lib/libtls/tls.c index 06c7d54cc2..a7f612e40b 100644 --- a/src/lib/libressl/ressl.c +++ b/src/lib/libtls/tls.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ressl.c,v 1.18 2014/10/15 21:02:39 tedu Exp $ */	1	/* $OpenBSD: tls.c,v 1.1 2014/10/31 13:46:17 jsing Exp $ */
2	/*	2	/*
3	* Copyright (c) 2014 Joel Sing <jsing@openbsd.org>	3	* Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
4	*	4	*
@@ -26,38 +26,38 @@
26	#include <openssl/pem.h>	26	#include <openssl/pem.h>
27	#include <openssl/x509.h>	27	#include <openssl/x509.h>
28		28
29	#include <ressl.h>	29	#include <tls.h>
30	#include "ressl_internal.h"	30	#include "tls_internal.h"
31		31
32	static struct ressl_config *ressl_config_default;	32	static struct tls_config *tls_config_default;
33		33
34	int	34	int
35	ressl_init(void)	35	tls_init(void)
36	{	36	{
37	static int ressl_initialised = 0;	37	static int tls_initialised = 0;
38		38
39	if (ressl_initialised)	39	if (tls_initialised)
40	return (0);	40	return (0);
41		41
42	SSL_load_error_strings();	42	SSL_load_error_strings();
43	SSL_library_init();	43	SSL_library_init();
44		44
45	if ((ressl_config_default = ressl_config_new()) == NULL)	45	if ((tls_config_default = tls_config_new()) == NULL)
46	return (-1);	46	return (-1);
47		47
48	ressl_initialised = 1;	48	tls_initialised = 1;
49		49
50	return (0);	50	return (0);
51	}	51	}
52		52
53	const char *	53	const char *
54	ressl_error(struct ressl *ctx)	54	tls_error(struct tls *ctx)
55	{	55	{
56	return ctx->errmsg;	56	return ctx->errmsg;
57	}	57	}
58		58
59	int	59	int
60	ressl_set_error(struct ressl ctx, char fmt, ...)	60	tls_set_error(struct tls ctx, char fmt, ...)
61	{	61	{
62	va_list ap;	62	va_list ap;
63	int rv;	63	int rv;
@@ -73,37 +73,37 @@ ressl_set_error(struct ressl ctx, char fmt, ...)
73	return (rv);	73	return (rv);
74	}	74	}
75		75
76	struct ressl *	76	struct tls *
77	ressl_new(void)	77	tls_new(void)
78	{	78	{
79	struct ressl *ctx;	79	struct tls *ctx;
80		80
81	if ((ctx = calloc(1, sizeof(*ctx))) == NULL)	81	if ((ctx = calloc(1, sizeof(*ctx))) == NULL)
82	return (NULL);	82	return (NULL);
83		83
84	ctx->config = ressl_config_default;	84	ctx->config = tls_config_default;
85		85
86	ressl_reset(ctx);	86	tls_reset(ctx);
87		87
88	return (ctx);	88	return (ctx);
89	}	89	}
90		90
91	int	91	int
92	ressl_configure(struct ressl ctx, struct ressl_config config)	92	tls_configure(struct tls ctx, struct tls_config config)
93	{	93	{
94	if (config == NULL)	94	if (config == NULL)
95	config = ressl_config_default;	95	config = tls_config_default;
96		96
97	ctx->config = config;	97	ctx->config = config;
98		98
99	if ((ctx->flags & RESSL_SERVER) != 0)	99	if ((ctx->flags & TLS_SERVER) != 0)
100	return (ressl_configure_server(ctx));	100	return (tls_configure_server(ctx));
101		101
102	return (0);	102	return (0);
103	}	103	}
104		104
105	int	105	int
106	ressl_configure_keypair(struct ressl *ctx)	106	tls_configure_keypair(struct tls *ctx)
107	{	107	{
108	EVP_PKEY *pkey = NULL;	108	EVP_PKEY *pkey = NULL;
109	X509 *cert = NULL;	109	X509 *cert = NULL;
@@ -112,7 +112,7 @@ ressl_configure_keypair(struct ressl *ctx)
112	if (ctx->config->cert_mem != NULL) {	112	if (ctx->config->cert_mem != NULL) {
113	if (SSL_CTX_use_certificate_chain(ctx->ssl_ctx,	113	if (SSL_CTX_use_certificate_chain(ctx->ssl_ctx,
114	ctx->config->cert_mem, ctx->config->cert_len) != 1) {	114	ctx->config->cert_mem, ctx->config->cert_len) != 1) {
115	ressl_set_error(ctx, "failed to load certificate");	115	tls_set_error(ctx, "failed to load certificate");
116	goto err;	116	goto err;
117	}	117	}
118	cert = NULL;	118	cert = NULL;
@@ -120,16 +120,16 @@ ressl_configure_keypair(struct ressl *ctx)
120	if (ctx->config->key_mem != NULL) {	120	if (ctx->config->key_mem != NULL) {
121	if ((bio = BIO_new_mem_buf(ctx->config->key_mem,	121	if ((bio = BIO_new_mem_buf(ctx->config->key_mem,
122	ctx->config->key_len)) == NULL) {	122	ctx->config->key_len)) == NULL) {
123	ressl_set_error(ctx, "failed to create buffer");	123	tls_set_error(ctx, "failed to create buffer");
124	goto err;	124	goto err;
125	}	125	}
126	if ((pkey = PEM_read_bio_PrivateKey(bio, NULL, NULL,	126	if ((pkey = PEM_read_bio_PrivateKey(bio, NULL, NULL,
127	NULL)) == NULL) {	127	NULL)) == NULL) {
128	ressl_set_error(ctx, "failed to read private key");	128	tls_set_error(ctx, "failed to read private key");
129	goto err;	129	goto err;
130	}	130	}
131	if (SSL_CTX_use_PrivateKey(ctx->ssl_ctx, pkey) != 1) {	131	if (SSL_CTX_use_PrivateKey(ctx->ssl_ctx, pkey) != 1) {
132	ressl_set_error(ctx, "failed to load private key");	132	tls_set_error(ctx, "failed to load private key");
133	goto err;	133	goto err;
134	}	134	}
135	BIO_free(bio);	135	BIO_free(bio);
@@ -141,20 +141,20 @@ ressl_configure_keypair(struct ressl *ctx)
141	if (ctx->config->cert_file != NULL) {	141	if (ctx->config->cert_file != NULL) {
142	if (SSL_CTX_use_certificate_chain_file(ctx->ssl_ctx,	142	if (SSL_CTX_use_certificate_chain_file(ctx->ssl_ctx,
143	ctx->config->cert_file) != 1) {	143	ctx->config->cert_file) != 1) {
144	ressl_set_error(ctx, "failed to load certificate file");	144	tls_set_error(ctx, "failed to load certificate file");
145	goto err;	145	goto err;
146	}	146	}
147	}	147	}
148	if (ctx->config->key_file != NULL) {	148	if (ctx->config->key_file != NULL) {
149	if (SSL_CTX_use_PrivateKey_file(ctx->ssl_ctx,	149	if (SSL_CTX_use_PrivateKey_file(ctx->ssl_ctx,
150	ctx->config->key_file, SSL_FILETYPE_PEM) != 1) {	150	ctx->config->key_file, SSL_FILETYPE_PEM) != 1) {
151	ressl_set_error(ctx, "failed to load private key file");	151	tls_set_error(ctx, "failed to load private key file");
152	goto err;	152	goto err;
153	}	153	}
154	}	154	}
155		155
156	if (SSL_CTX_check_private_key(ctx->ssl_ctx) != 1) {	156	if (SSL_CTX_check_private_key(ctx->ssl_ctx) != 1) {
157	ressl_set_error(ctx, "private/public key mismatch");	157	tls_set_error(ctx, "private/public key mismatch");
158	goto err;	158	goto err;
159	}	159	}
160		160
@@ -169,7 +169,7 @@ err:
169	}	169	}
170		170
171	int	171	int
172	ressl_configure_ssl(struct ressl *ctx)	172	tls_configure_ssl(struct tls *ctx)
173	{	173	{
174	SSL_CTX_set_options(ctx->ssl_ctx, SSL_OP_NO_SSLv2);	174	SSL_CTX_set_options(ctx->ssl_ctx, SSL_OP_NO_SSLv2);
175	SSL_CTX_set_options(ctx->ssl_ctx, SSL_OP_NO_SSLv3);	175	SSL_CTX_set_options(ctx->ssl_ctx, SSL_OP_NO_SSLv3);
@@ -178,17 +178,17 @@ ressl_configure_ssl(struct ressl *ctx)
178	SSL_CTX_clear_options(ctx->ssl_ctx, SSL_OP_NO_TLSv1_1);	178	SSL_CTX_clear_options(ctx->ssl_ctx, SSL_OP_NO_TLSv1_1);
179	SSL_CTX_clear_options(ctx->ssl_ctx, SSL_OP_NO_TLSv1_2);	179	SSL_CTX_clear_options(ctx->ssl_ctx, SSL_OP_NO_TLSv1_2);
180		180
181	if ((ctx->config->protocols & RESSL_PROTOCOL_TLSv1_0) == 0)	181	if ((ctx->config->protocols & TLS_PROTOCOL_TLSv1_0) == 0)
182	SSL_CTX_set_options(ctx->ssl_ctx, SSL_OP_NO_TLSv1);	182	SSL_CTX_set_options(ctx->ssl_ctx, SSL_OP_NO_TLSv1);
183	if ((ctx->config->protocols & RESSL_PROTOCOL_TLSv1_1) == 0)	183	if ((ctx->config->protocols & TLS_PROTOCOL_TLSv1_1) == 0)
184	SSL_CTX_set_options(ctx->ssl_ctx, SSL_OP_NO_TLSv1_1);	184	SSL_CTX_set_options(ctx->ssl_ctx, SSL_OP_NO_TLSv1_1);
185	if ((ctx->config->protocols & RESSL_PROTOCOL_TLSv1_2) == 0)	185	if ((ctx->config->protocols & TLS_PROTOCOL_TLSv1_2) == 0)
186	SSL_CTX_set_options(ctx->ssl_ctx, SSL_OP_NO_TLSv1_2);	186	SSL_CTX_set_options(ctx->ssl_ctx, SSL_OP_NO_TLSv1_2);
187		187
188	if (ctx->config->ciphers != NULL) {	188	if (ctx->config->ciphers != NULL) {
189	if (SSL_CTX_set_cipher_list(ctx->ssl_ctx,	189	if (SSL_CTX_set_cipher_list(ctx->ssl_ctx,
190	ctx->config->ciphers) != 1) {	190	ctx->config->ciphers) != 1) {
191	ressl_set_error(ctx, "failed to set ciphers");	191	tls_set_error(ctx, "failed to set ciphers");
192	goto err;	192	goto err;
193	}	193	}
194	}	194	}
@@ -200,16 +200,16 @@ err:
200	}	200	}
201		201
202	void	202	void
203	ressl_free(struct ressl *ctx)	203	tls_free(struct tls *ctx)
204	{	204	{
205	if (ctx == NULL)	205	if (ctx == NULL)
206	return;	206	return;
207	ressl_reset(ctx);	207	tls_reset(ctx);
208	free(ctx);	208	free(ctx);
209	}	209	}
210		210
211	void	211	void
212	ressl_reset(struct ressl *ctx)	212	tls_reset(struct tls *ctx)
213	{	213	{
214	SSL_CTX_free(ctx->ssl_ctx);	214	SSL_CTX_free(ctx->ssl_ctx);
215	SSL_free(ctx->ssl_conn);	215	SSL_free(ctx->ssl_conn);
@@ -225,7 +225,7 @@ ressl_reset(struct ressl *ctx)
225	}	225	}
226		226
227	int	227	int
228	ressl_read(struct ressl ctx, void buf, size_t buflen, size_t *outlen)	228	tls_read(struct tls ctx, void buf, size_t buflen, size_t *outlen)
229	{	229	{
230	int ret, ssl_err;	230	int ret, ssl_err;
231		231
@@ -238,17 +238,17 @@ ressl_read(struct ressl ctx, void buf, size_t buflen, size_t *outlen)
238	ssl_err = SSL_get_error(ctx->ssl_conn, ret);	238	ssl_err = SSL_get_error(ctx->ssl_conn, ret);
239	switch (ssl_err) {	239	switch (ssl_err) {
240	case SSL_ERROR_WANT_READ:	240	case SSL_ERROR_WANT_READ:
241	return (RESSL_READ_AGAIN);	241	return (TLS_READ_AGAIN);
242	case SSL_ERROR_WANT_WRITE:	242	case SSL_ERROR_WANT_WRITE:
243	return (RESSL_WRITE_AGAIN);	243	return (TLS_WRITE_AGAIN);
244	default:	244	default:
245	ressl_set_error(ctx, "read failed (%i)", ssl_err);	245	tls_set_error(ctx, "read failed (%i)", ssl_err);
246	return (-1);	246	return (-1);
247	}	247	}
248	}	248	}
249		249
250	int	250	int
251	ressl_write(struct ressl ctx, const void buf, size_t buflen, size_t *outlen)	251	tls_write(struct tls ctx, const void buf, size_t buflen, size_t *outlen)
252	{	252	{
253	int ret, ssl_err;	253	int ret, ssl_err;
254		254
@@ -261,33 +261,33 @@ ressl_write(struct ressl ctx, const void buf, size_t buflen, size_t *outlen)
261	ssl_err = SSL_get_error(ctx->ssl_conn, ret);	261	ssl_err = SSL_get_error(ctx->ssl_conn, ret);
262	switch (ssl_err) {	262	switch (ssl_err) {
263	case SSL_ERROR_WANT_READ:	263	case SSL_ERROR_WANT_READ:
264	return (RESSL_READ_AGAIN);	264	return (TLS_READ_AGAIN);
265	case SSL_ERROR_WANT_WRITE:	265	case SSL_ERROR_WANT_WRITE:
266	return (RESSL_WRITE_AGAIN);	266	return (TLS_WRITE_AGAIN);
267	default:	267	default:
268	ressl_set_error(ctx, "write failed (%i)", ssl_err);	268	tls_set_error(ctx, "write failed (%i)", ssl_err);
269	return (-1);	269	return (-1);
270	}	270	}
271	}	271	}
272		272
273	int	273	int
274	ressl_close(struct ressl *ctx)	274	tls_close(struct tls *ctx)
275	{	275	{
276	/* XXX - handle case where multiple calls are required. */	276	/* XXX - handle case where multiple calls are required. */
277	if (ctx->ssl_conn != NULL) {	277	if (ctx->ssl_conn != NULL) {
278	if (SSL_shutdown(ctx->ssl_conn) == -1) {	278	if (SSL_shutdown(ctx->ssl_conn) == -1) {
279	ressl_set_error(ctx, "SSL shutdown failed");	279	tls_set_error(ctx, "SSL shutdown failed");
280	goto err;	280	goto err;
281	}	281	}
282	}	282	}
283		283
284	if (ctx->socket != -1) {	284	if (ctx->socket != -1) {
285	if (shutdown(ctx->socket, SHUT_RDWR) != 0) {	285	if (shutdown(ctx->socket, SHUT_RDWR) != 0) {
286	ressl_set_error(ctx, "shutdown");	286	tls_set_error(ctx, "shutdown");
287	goto err;	287	goto err;
288	}	288	}
289	if (close(ctx->socket) != 0) {	289	if (close(ctx->socket) != 0) {
290	ressl_set_error(ctx, "close");	290	tls_set_error(ctx, "close");
291	goto err;	291	goto err;
292	}	292	}
293	ctx->socket = -1;	293	ctx->socket = -1;