From 270d65fa34caa974fb27c9b161b0c9b6cd806c76 Mon Sep 17 00:00:00 2001 From: Todd Short Date: Fri, 12 May 2017 09:05:11 -0400 Subject: [PATCH] Always flush the BIO when we send any alert At the moment we flush the write BIO if we send a fatal alert, but not a warning one. This can mean the warning is never sent if we never do another write and subsequently flush the BIO. Instead we should just always flush after writing an alert. Reviewed-by: Tim Hudson Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/3432) --- ssl/s3_msg.c | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/ssl/s3_msg.c b/ssl/s3_msg.c index 7af2f99e05..1cd3941a27 100644 --- a/ssl/s3_msg.c +++ b/ssl/s3_msg.c @@ -105,12 +105,10 @@ int ssl3_dispatch_alert(SSL *s) s->s3->alert_dispatch = 1; } else { /* - * Alert sent to BIO. If it is important, flush it now. If the - * message does not get sent due to non-blocking IO, we will not - * worry too much. + * Alert sent to BIO - now flush. If the message does not get sent due + * to non-blocking IO, we will not worry too much. */ - if (s->s3->send_alert[0] == SSL3_AL_FATAL) - (void)BIO_flush(s->wbio); + (void)BIO_flush(s->wbio); if (s->msg_callback) s->msg_callback(1, s->version, SSL3_RT_ALERT, s->s3->send_alert, -- 2.25.1