From 2502dd35218a3fbc2d09b1980c8947fa22335f6e Mon Sep 17 00:00:00 2001
From: tb <>
Date: Mon, 11 Jan 2021 18:31:03 +0000
Subject: Shut down the TLS connections properly.

---
 .../lib/libssl/unit/ssl_get_shared_ciphers.c       | 31 +++++++++++++++++++---
 1 file changed, 28 insertions(+), 3 deletions(-)

diff --git a/src/regress/lib/libssl/unit/ssl_get_shared_ciphers.c b/src/regress/lib/libssl/unit/ssl_get_shared_ciphers.c
index 306cc6ac23..d6d09cffd7 100644
--- a/src/regress/lib/libssl/unit/ssl_get_shared_ciphers.c
+++ b/src/regress/lib/libssl/unit/ssl_get_shared_ciphers.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: ssl_get_shared_ciphers.c,v 1.4 2021/01/11 18:26:25 tb Exp $ */
+/*	$OpenBSD: ssl_get_shared_ciphers.c,v 1.5 2021/01/11 18:31:03 tb Exp $ */
 /*
  * Copyright (c) 2021 Theo Buehler <tb@openbsd.org>
  *
@@ -304,8 +304,8 @@ push_data_to_peer(SSL *ssl, int *ret, int (*func)(SSL *), const char *func_name,
 		return 1;
 
 	/*
-	 * Do SSL_connect/SSL_accept once and loop while hitting WANT_WRITE.
-	 * If done or on WANT_READ hand off to peer.
+	 * Do SSL_connect/SSL_accept/SSL_shutdown once and loop while hitting
+	 * WANT_WRITE.  If done or on WANT_READ hand off to peer.
 	 */
 
 	do {
@@ -313,6 +313,10 @@ push_data_to_peer(SSL *ssl, int *ret, int (*func)(SSL *), const char *func_name,
 			ssl_err = SSL_get_error(ssl, *ret);
 	} while (*ret <= 0 && ssl_err == SSL_ERROR_WANT_WRITE);
 
+	/* Ignore erroneous error - see SSL_shutdown(3)... */
+	if (func == SSL_shutdown && ssl_err == SSL_ERROR_SYSCALL)
+		return 1;
+
 	if (*ret <= 0 && ssl_err != SSL_ERROR_WANT_READ) {
 		fprintf(stderr, "%s: %s failed\n", description, func_name);
 		ERR_print_errors_fp(stderr);
@@ -346,6 +350,24 @@ handshake(SSL *client_ssl, SSL *server_ssl, const char *description)
 	return client_ret == 1 && server_ret == 1;
 }
 
+static int
+shutdown(SSL *client_ssl, SSL *server_ssl, const char *description)
+{
+	int loops = 0, client_ret = 0, server_ret = 0;
+
+	while (loops++ < 10 && (client_ret <= 0 || server_ret <= 0)) {
+		if (!push_data_to_peer(client_ssl, &client_ret, SSL_shutdown,
+		    "client shutdown", description))
+			return 0;
+
+		if (!push_data_to_peer(server_ssl, &server_ret, SSL_shutdown,
+		    "server shutdown", description))
+			return 0;
+	}
+
+	return client_ret == 1 && server_ret == 1;
+}
+
 /* from ssl_ciph.c */
 static inline int
 ssl_aes_is_accelerated(void)
@@ -415,6 +437,9 @@ test_get_shared_ciphers(const struct ssl_shared_ciphers_test_data *test)
 		goto err;
 	}
 
+	if (!shutdown(client_ssl, server_ssl, test->description))
+		goto err;
+
 	failed = check_shared_ciphers(test, buf);
 
  err:
-- 
cgit v1.2.3-55-g6feb