From: Kurt Roeckx Date: Mon, 13 Apr 2020 11:01:29 +0000 (+0200) Subject: Improve SSL_shutdown documentation. X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=184b0f14173fd69120767d86227d1db3a4e60ec0;p=oweals%2Fopenssl.git Improve SSL_shutdown documentation. Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/11531) (cherry picked from commit e307e616f25a6b7b0f343fc1e62a35b2cba888f3) --- diff --git a/doc/man3/SSL_shutdown.pod b/doc/man3/SSL_shutdown.pod index 732e5ada04..30cf484619 100644 --- a/doc/man3/SSL_shutdown.pod +++ b/doc/man3/SSL_shutdown.pod @@ -116,6 +116,16 @@ state but not actually send the close_notify alert messages, see L. When "quiet shutdown" is enabled, SSL_shutdown() will always succeed and return 1. +Note that this is not standard compliant behaviour. +It should only be done when the peer has a way to make sure all +data has been received and doesn't wait for the close_notify alert +message, otherwise an unexpected EOF will be reported. + +There are implementations that do not send the required close_notify alert. +If there is a need to communicate with such an implementation, and it's clear +that all data has been received, do not wait for the peer's close_notify alert. +Waiting for the close_notify alert when the peer just closes the connection will +result in an error being generated. =head1 RETURN VALUES @@ -128,8 +138,10 @@ The following return values can occur: The shutdown is not yet finished: the close_notify was sent but the peer did not send it back yet. Call SSL_read() to do a bidirectional shutdown. -The output of L may be misleading, as an -erroneous SSL_ERROR_SYSCALL may be flagged even though no error occurred. + +Unlike most other function, returning 0 does not indicate an error. +L should not get called, it may misleadingly +indicate an error even though no error occurred. =item Z<>1