if (key_len == EVP_MD_size(EVP_sha256()))
cipher = SSL_CIPHER_find(s, tls13_aes128gcmsha256_id);
- else if(key_len == EVP_MD_size(EVP_sha384()))
+ else if (key_len == EVP_MD_size(EVP_sha384()))
cipher = SSL_CIPHER_find(s, tls13_aes256gcmsha384_id);
if (cipher == NULL) {
unsigned char ext_buf[4 + 65536];
/* Reconstruct the type/len fields prior to extension data */
- ext_buf[0] = ext_type >> 8;
- ext_buf[1] = ext_type & 0xFF;
- ext_buf[2] = inlen >> 8;
- ext_buf[3] = inlen & 0xFF;
+ inlen &= 0xffff; /* for formal memcmpy correctness */
+ ext_buf[0] = (unsigned char)(ext_type >> 8);
+ ext_buf[1] = (unsigned char)(ext_type);
+ ext_buf[2] = (unsigned char)(inlen >> 8);
+ ext_buf[3] = (unsigned char)(inlen);
memcpy(ext_buf + 4, in, inlen);
BIO_snprintf(pem_name, sizeof(pem_name), "SERVERINFO FOR EXTENSION %d",
#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS)
struct timeval tv;
#endif
- char *servername = NULL;
+ const char *servername = NULL;
int noservername = 0;
const char *alpn_in = NULL;
tlsextctx tlsextcbp = { NULL, 0 };
ERR_print_errors(bio_err);
goto end;
}
- /* By default the SNI should be the same as was set in the session */
- if (!noservername && servername == NULL) {
- const char *sni = SSL_SESSION_get0_hostname(sess);
- if (sni != NULL) {
- servername = OPENSSL_strdup(sni);
- if (servername == NULL) {
- BIO_printf(bio_err, "Can't set server name\n");
- ERR_print_errors(bio_err);
- goto end;
- }
- } else {
- /*
- * Force no SNI to be sent so we are consistent with the
- * session.
- */
- noservername = 1;
- }
- }
SSL_SESSION_free(sess);
}
if (in_init)
print_stuff(bio_c_out, con, full_log);
do_ssl_shutdown(con);
-#if defined(OPENSSL_SYS_WINDOWS)
+
/*
* Give the socket time to send its last data before we close it.
* No amount of setting SO_LINGER etc on the socket seems to persuade
* for a short time seems to do it (units in ms)
* TODO: Find a better way to do this
*/
+#if defined(OPENSSL_SYS_WINDOWS)
Sleep(50);
+#elif defined(OPENSSL_SYS_CYGWIN)
+ usleep(50000);
#endif
+
+ /*
+ * If we ended with an alert being sent, but still with data in the
+ * network buffer to be read, then calling BIO_closesocket() will
+ * result in a TCP-RST being sent. On some platforms (notably
+ * Windows) then this will result in the peer immediately abandoning
+ * the connection including any buffered alert data before it has
+ * had a chance to be read. Shutting down the sending side first,
+ * and then closing the socket sends TCP-FIN first followed by
+ * TCP-RST. This seems to allow the peer to read the alert data.
+ */
+ shutdown(SSL_get_fd(con), 1); /* SHUT_WR */
BIO_closesocket(SSL_get_fd(con));
end:
if (con != NULL) {