From: Todd Short <tshort@akamai.com>
Date: Fri, 12 May 2017 13:05:11 +0000 (-0400)
Subject: Always flush the BIO when we send any alert
X-Git-Tag: OpenSSL_1_1_1-pre1~1374
X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff_plain;h=270d65fa34caa974fb27c9b161b0c9b6cd806c76

Always flush the BIO when we send any alert

At the moment we flush the write BIO if we send a fatal alert, but not a
warning one. This can mean the warning is never sent if we never do another
write and subsequently flush the BIO. Instead we should just always flush
after writing an alert.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3432)
---

diff --git a/ssl/s3_msg.c b/ssl/s3_msg.c
index 7af2f99e05..1cd3941a27 100644
--- a/ssl/s3_msg.c
+++ b/ssl/s3_msg.c
@@ -105,12 +105,10 @@ int ssl3_dispatch_alert(SSL *s)
         s->s3->alert_dispatch = 1;
     } else {
         /*
-         * Alert sent to BIO.  If it is important, flush it now. If the
-         * message does not get sent due to non-blocking IO, we will not
-         * worry too much.
+         * Alert sent to BIO - now flush. If the message does not get sent due
+         * to non-blocking IO, we will not worry too much.
          */
-        if (s->s3->send_alert[0] == SSL3_AL_FATAL)
-            (void)BIO_flush(s->wbio);
+        (void)BIO_flush(s->wbio);
 
         if (s->msg_callback)
             s->msg_callback(1, s->version, SSL3_RT_ALERT, s->s3->send_alert,