From c184b140df83ef5e91abf3e1d405059f898269d6 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Tue, 7 Apr 2009 16:30:32 +0000 Subject: [PATCH] Update from 0.9.8-stable. --- CHANGES | 3 +++ ssl/s3_lib.c | 17 ++++++++++++++++- ssl/s3_pkt.c | 7 ++++--- ssl/ssl_locl.h | 2 +- 4 files changed, 24 insertions(+), 5 deletions(-) diff --git a/CHANGES b/CHANGES index f17154b8e3..e8f1748ac7 100644 --- a/CHANGES +++ b/CHANGES @@ -772,6 +772,9 @@ Changes between 0.9.8k and 0.9.8l [xx XXX xxxx] + *) Handle non-blocking I/O properly in SSL_shutdown() call. + [Darryl Miles ] + *) Add 2.5.4.* OIDs [Ilya O. ] diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index 727827f91d..73a573ee29 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -3138,6 +3138,7 @@ int ssl3_get_req_cert_type(SSL *s, unsigned char *p) int ssl3_shutdown(SSL *s) { + int ret; /* Don't do anything much if we have not done the handshake or * we don't want to send messages :-) */ @@ -3155,18 +3156,32 @@ int ssl3_shutdown(SSL *s) #endif /* our shutdown alert has been sent now, and if it still needs * to be written, s->s3->alert_dispatch will be true */ + if (s->s3->alert_dispatch) + return(-1); /* return WANT_WRITE */ } else if (s->s3->alert_dispatch) { /* resend it if not sent */ #if 1 - s->method->ssl_dispatch_alert(s); + ret=s->method->ssl_dispatch_alert(s); + if(ret == -1) + { + /* we only get to return -1 here the 2nd/Nth + * invocation, we must have already signalled + * return 0 upon a previous invoation, + * return WANT_WRITE */ + return(ret); + } #endif } else if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) { /* If we are waiting for a close from our peer, we are closed */ s->method->ssl_read_bytes(s,0,NULL,0,0); + if(!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) + { + return(-1); /* return WANT_READ */ + } } if ((s->shutdown == (SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN)) && diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c index ce7dc366fb..c04401a88d 100644 --- a/ssl/s3_pkt.c +++ b/ssl/s3_pkt.c @@ -1350,13 +1350,13 @@ int ssl3_do_change_cipher_spec(SSL *s) return(1); } -void ssl3_send_alert(SSL *s, int level, int desc) +int ssl3_send_alert(SSL *s, int level, int desc) { /* Map tls/ssl alert value to correct one */ desc=s->method->ssl3_enc->alert_value(desc); if (s->version == SSL3_VERSION && desc == SSL_AD_PROTOCOL_VERSION) desc = SSL_AD_HANDSHAKE_FAILURE; /* SSL 3.0 does not have protocol_version alerts */ - if (desc < 0) return; + if (desc < 0) return -1; /* If a fatal one, remove from cache */ if ((level == 2) && (s->session != NULL)) SSL_CTX_remove_session(s->ctx,s->session); @@ -1365,9 +1365,10 @@ void ssl3_send_alert(SSL *s, int level, int desc) s->s3->send_alert[0]=level; s->s3->send_alert[1]=desc; if (s->s3->wbuf.left == 0) /* data still being written out? */ - s->method->ssl_dispatch_alert(s); + return s->method->ssl_dispatch_alert(s); /* else data is still being written out, we will get written * some time in the future */ + return -1; } int ssl3_dispatch_alert(SSL *s) diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index 039ee6b28e..9b6aadd950 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -857,7 +857,7 @@ int ssl3_send_change_cipher_spec(SSL *s,int state_a,int state_b); int ssl3_change_cipher_state(SSL *s,int which); void ssl3_cleanup_key_block(SSL *s); int ssl3_do_write(SSL *s,int type); -void ssl3_send_alert(SSL *s,int level, int desc); +int ssl3_send_alert(SSL *s,int level, int desc); int ssl3_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p, int len); int ssl3_get_req_cert_type(SSL *s,unsigned char *p); -- 2.25.1