s_server normal shutdown

Partially fixes #11209

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11734)

diff --git a/apps/include/s_apps.h b/apps/include/s_apps.h
index 1bbe5fe09db04be6777f8284519ffca6210b4546..baedbee9d3214129edd99c6da3d18843596e5ed2 100644 (file)
--- a/apps/include/s_apps.h
+++ b/apps/include/s_apps.h
@@ -32,6 +32,7 @@ int init_client(int *sock, const char *host, const char *port,
                 const char *bindhost, const char *bindport,
                 int family, int type, int protocol);
 int should_retry(int i);
+void do_ssl_shutdown(SSL *ssl);
 
 long bio_dump_callback(BIO *bio, int cmd, const char *argp,
                        int argi, long argl, long ret);

diff --git a/apps/lib/s_socket.c b/apps/lib/s_socket.c
index 7dd95e9f0ec2cf1a3c9f7fc87d614fda8a406fab..52c4a0a764de2c4ef5c9361b4105143b5c73a24c 100644 (file)
--- a/apps/lib/s_socket.c
+++ b/apps/lib/s_socket.c
@@ -392,4 +392,25 @@ int do_server(int *accept_sock, const char *host, const char *port,
     return ret;
 }
 
+void do_ssl_shutdown(SSL *ssl)
+{
+    int ret;
+
+    do {
+        /* We only do unidirectional shutdown */
+        ret = SSL_shutdown(ssl);
+        if (ret < 0) {
+            switch (SSL_get_error(ssl, ret)) {
+            case SSL_ERROR_WANT_READ:
+            case SSL_ERROR_WANT_WRITE:
+            case SSL_ERROR_WANT_ASYNC:
+            case SSL_ERROR_WANT_ASYNC_JOB:
+                /* We just do busy waiting. Nothing clever */
+                continue;
+            }
+            ret = 0;
+        }
+    } while (ret < 0);
+}
+
 #endif  /* OPENSSL_NO_SOCK */

diff --git a/apps/s_client.c b/apps/s_client.c
index eb4dbdcaa26df518ee98397190a16cb1ae695af4..875ebf2253cfac3d4e10a35f0c7fe304eac022e6 100644 (file)
--- a/apps/s_client.c
+++ b/apps/s_client.c
@@ -98,27 +98,6 @@ static int restore_errno(void)
     return ret;
 }
 
-static void do_ssl_shutdown(SSL *ssl)
-{
-    int ret;
-
-    do {
-        /* We only do unidirectional shutdown */
-        ret = SSL_shutdown(ssl);
-        if (ret < 0) {
-            switch (SSL_get_error(ssl, ret)) {
-            case SSL_ERROR_WANT_READ:
-            case SSL_ERROR_WANT_WRITE:
-            case SSL_ERROR_WANT_ASYNC:
-            case SSL_ERROR_WANT_ASYNC_JOB:
-                /* We just do busy waiting. Nothing clever */
-                continue;
-            }
-            ret = 0;
-        }
-    } while (ret < 0);
-}
-
 /* Default PSK identity and key */
 static char *psk_identity = "Client_identity";
 

diff --git a/apps/s_server.c b/apps/s_server.c
index 23c762ba9f3b16af8e2183e11f25b5f8378d56ba..4904a21b7a360105163d71126f2207b97cff6023 100644 (file)
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -1884,7 +1884,6 @@ int s_server_main(int argc, char *argv[])
         }
         BIO_printf(bio_err, "id_prefix '%s' set.\n", session_id_prefix);
     }
-    SSL_CTX_set_quiet_shutdown(ctx, 1);
     if (exc != NULL)
         ssl_ctx_set_excert(ctx, exc);
 
@@ -1982,7 +1981,6 @@ int s_server_main(int argc, char *argv[])
             }
             BIO_printf(bio_err, "id_prefix '%s' set.\n", session_id_prefix);
         }
-        SSL_CTX_set_quiet_shutdown(ctx2, 1);
         if (exc != NULL)
             ssl_ctx_set_excert(ctx2, exc);
 
@@ -2770,7 +2768,7 @@ static int sv_body(int s, int stype, int prot, unsigned char *context)
  err:
     if (con != NULL) {
         BIO_printf(bio_s_out, "shutting down SSL\n");
-        SSL_set_shutdown(con, SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN);
+        do_ssl_shutdown(con);
         SSL_free(con);
     }
     BIO_printf(bio_s_out, "CONNECTION CLOSED\n");
@@ -3439,7 +3437,7 @@ static int www_body(int s, int stype, int prot, unsigned char *context)
     }
  end:
     /* make sure we re-use sessions */
-    SSL_set_shutdown(con, SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN);
+    do_ssl_shutdown(con);
 
  err:
     OPENSSL_free(buf);
@@ -3593,7 +3591,7 @@ static int rev_body(int s, int stype, int prot, unsigned char *context)
     }
  end:
     /* make sure we re-use sessions */
-    SSL_set_shutdown(con, SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN);
+    do_ssl_shutdown(con);
 
  err: