Allow an endpoint to read the alert data before closing the socket

[openssl.git] / apps / s_socket.c

diff --git a/apps/s_socket.c b/apps/s_socket.c
index 3bdb587395019ecca00e4560ea21853c60ebf448..2f3e90bbf97a2eb07bb6d9ea6ac3ac2131243481 100644 (file)
--- a/apps/s_socket.c
+++ b/apps/s_socket.c
@@ -221,6 +221,23 @@ int do_server(int *accept_sock, const char *host, const char *port,
                 break;
             }
             i = (*cb)(sock, type, protocol, context);
                 break;
             }
             i = (*cb)(sock, type, protocol, context);

+            /*
+             * If we ended with an alert being sent, but still with data in the
+             * network buffer to be read, then calling BIO_closesocket() will
+             * result in a TCP-RST being sent. On some platforms (notably
+             * Windows) then this will result in the peer immediately abandoning
+             * the connection including any buffered alert data before it has
+             * had a chance to be read. Shutting down the sending side first,
+             * and then closing the socket sends TCP-FIN first followed by
+             * TCP-RST. This seems to allow the peer to read the alert data.
+             */
+#ifdef _WIN32
+# ifdef SD_SEND
+            shutdown(sock, SD_SEND);
+# endif
+#elif defined(SHUT_WR)
+            shutdown(sock, SHUT_WR);
+#endif

             BIO_closesocket(sock);
         } else {
             i = (*cb)(asock, type, protocol, context);
             BIO_closesocket(sock);
         } else {
             i = (*cb)(asock, type, protocol, context);