Handle SSL_shutdown while in init more appropriately
authorMatt Caswell <matt@openssl.org>
Mon, 7 Dec 2015 16:50:38 +0000 (16:50 +0000)
committerMatt Caswell <matt@openssl.org>
Wed, 20 Jan 2016 13:55:36 +0000 (13:55 +0000)
commitf73c737c7ac908c5d6407c419769123392a3b0a9
treed2992d489cb89e07fd1b1a7468e97911dd20a06e
parent930d87c1e1a34569620471b2627612d0df6270d0
Handle SSL_shutdown while in init more appropriately

Calling SSL_shutdown while in init previously gave a "1" response, meaning
everything was successfully closed down (even though it wasn't). Better is
to send our close_notify, but fail when trying to receive one.

The problem with doing a shutdown while in the middle of a handshake is
that once our close_notify is sent we shouldn't really do anything else
(including process handshake/CCS messages) until we've received a
close_notify back from the peer. However the peer might send a CCS before
acting on our close_notify - so we won't be able to read it because we're
not acting on CCS messages!

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
ssl/s3_lib.c
ssl/ssl.h
ssl/ssl_err.c
ssl/ssl_lib.c