From: Dmitry Belyavskiy Date: Tue, 5 May 2020 12:26:32 +0000 (+0300) Subject: s_server normal shutdown X-Git-Tag: openssl-3.0.0-alpha2~70 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=edbb56ee4fafc07eb77747ad25278a04b89adc09;p=oweals%2Fopenssl.git s_server normal shutdown Partially fixes #11209 Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/11734) --- diff --git a/apps/include/s_apps.h b/apps/include/s_apps.h index 1bbe5fe09d..baedbee9d3 100644 --- a/apps/include/s_apps.h +++ b/apps/include/s_apps.h @@ -32,6 +32,7 @@ int init_client(int *sock, const char *host, const char *port, const char *bindhost, const char *bindport, int family, int type, int protocol); int should_retry(int i); +void do_ssl_shutdown(SSL *ssl); long bio_dump_callback(BIO *bio, int cmd, const char *argp, int argi, long argl, long ret); diff --git a/apps/lib/s_socket.c b/apps/lib/s_socket.c index 7dd95e9f0e..52c4a0a764 100644 --- a/apps/lib/s_socket.c +++ b/apps/lib/s_socket.c @@ -392,4 +392,25 @@ int do_server(int *accept_sock, const char *host, const char *port, return ret; } +void do_ssl_shutdown(SSL *ssl) +{ + int ret; + + do { + /* We only do unidirectional shutdown */ + ret = SSL_shutdown(ssl); + if (ret < 0) { + switch (SSL_get_error(ssl, ret)) { + case SSL_ERROR_WANT_READ: + case SSL_ERROR_WANT_WRITE: + case SSL_ERROR_WANT_ASYNC: + case SSL_ERROR_WANT_ASYNC_JOB: + /* We just do busy waiting. Nothing clever */ + continue; + } + ret = 0; + } + } while (ret < 0); +} + #endif /* OPENSSL_NO_SOCK */ diff --git a/apps/s_client.c b/apps/s_client.c index eb4dbdcaa2..875ebf2253 100644 --- a/apps/s_client.c +++ b/apps/s_client.c @@ -98,27 +98,6 @@ static int restore_errno(void) return ret; } -static void do_ssl_shutdown(SSL *ssl) -{ - int ret; - - do { - /* We only do unidirectional shutdown */ - ret = SSL_shutdown(ssl); - if (ret < 0) { - switch (SSL_get_error(ssl, ret)) { - case SSL_ERROR_WANT_READ: - case SSL_ERROR_WANT_WRITE: - case SSL_ERROR_WANT_ASYNC: - case SSL_ERROR_WANT_ASYNC_JOB: - /* We just do busy waiting. Nothing clever */ - continue; - } - ret = 0; - } - } while (ret < 0); -} - /* Default PSK identity and key */ static char *psk_identity = "Client_identity"; diff --git a/apps/s_server.c b/apps/s_server.c index 23c762ba9f..4904a21b7a 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -1884,7 +1884,6 @@ int s_server_main(int argc, char *argv[]) } BIO_printf(bio_err, "id_prefix '%s' set.\n", session_id_prefix); } - SSL_CTX_set_quiet_shutdown(ctx, 1); if (exc != NULL) ssl_ctx_set_excert(ctx, exc); @@ -1982,7 +1981,6 @@ int s_server_main(int argc, char *argv[]) } BIO_printf(bio_err, "id_prefix '%s' set.\n", session_id_prefix); } - SSL_CTX_set_quiet_shutdown(ctx2, 1); if (exc != NULL) ssl_ctx_set_excert(ctx2, exc); @@ -2770,7 +2768,7 @@ static int sv_body(int s, int stype, int prot, unsigned char *context) err: if (con != NULL) { BIO_printf(bio_s_out, "shutting down SSL\n"); - SSL_set_shutdown(con, SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN); + do_ssl_shutdown(con); SSL_free(con); } BIO_printf(bio_s_out, "CONNECTION CLOSED\n"); @@ -3439,7 +3437,7 @@ static int www_body(int s, int stype, int prot, unsigned char *context) } end: /* make sure we re-use sessions */ - SSL_set_shutdown(con, SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN); + do_ssl_shutdown(con); err: OPENSSL_free(buf); @@ -3593,7 +3591,7 @@ static int rev_body(int s, int stype, int prot, unsigned char *context) } end: /* make sure we re-use sessions */ - SSL_set_shutdown(con, SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN); + do_ssl_shutdown(con); err: