From 3b56f0265346ac27187ab1c0aa41bc27260bea5b Mon Sep 17 00:00:00 2001 From: tb <> Date: Mon, 17 Aug 2020 11:04:20 +0000 Subject: Unbreak bidirectional SSL_shutdown for TLSv1.3 The previous errata patch 019_libssl broke bidirectional SSL_shutdown. This can cause a hang in some software that calls SSL_shutdown in a loop. Problem reported and fix tested by Predrag Punosevac. Thanks to Steffen Nurpmeso who independently found that this was due to an SSL_shutdown loop. ok jsing This is errata/6.7/020_libssl.patch.sig --- src/lib/libssl/tls13_legacy.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'src/lib') diff --git a/src/lib/libssl/tls13_legacy.c b/src/lib/libssl/tls13_legacy.c index 95e9032634..5d32c66726 100644 --- a/src/lib/libssl/tls13_legacy.c +++ b/src/lib/libssl/tls13_legacy.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tls13_legacy.c,v 1.3.4.2 2020/08/10 18:59:47 tb Exp $ */ +/* $OpenBSD: tls13_legacy.c,v 1.3.4.3 2020/08/17 11:04:20 tb Exp $ */ /* * Copyright (c) 2018, 2019 Joel Sing * @@ -497,6 +497,7 @@ tls13_legacy_shutdown(SSL *ssl) if ((ret = tls13_record_layer_send_pending(ctx->rl)) != TLS13_IO_SUCCESS) return tls13_legacy_return_code(ssl, ret); + ctx->close_notify_sent = 1; } else if (!ctx->close_notify_recv) { /* * If there is no application data pending, attempt to read more -- cgit v1.2.3-55-g6feb