Welcome! Log In Create A New Profile


SSL_shutdown() return value <0

Jan Prachař
December 10, 2018 03:48PM
Hello, I would like to ask about this piece of code from function

n = SSL_shutdown(c->ssl->connection);

sslerr = 0;

/* before 0.9.8m SSL_shutdown() returned 0 instead of -1 on errors

if (n != 1 && ERR_peek_error()) {
sslerr = SSL_get_error(c->ssl->connection, n);

Why don't you check SSL_get_error always if n < 0, but only if also
ERR_peer_error() returns non-zero value?

According to a documentation of SSL_shutdown, you should check result
of SSL_get_error() and take appropriate action if it returns
again, if SSL_shutdown would block on writing to SSL connection.

If ERR_peek_error() is not zero, which mean some internal OpenSSL error
occured, SSL_get_error will return SSL_ERROR_SSL, won't it?

I have also tried to change the condition to just n < 0, and came to
antoher issue. If client closes connection prematurely, there is
usually SSL_write, that has failed with error WANT_WRITE. If then the
SSL_shutdown is called repeatedly, it causes OpenSSL error (SSL:
error:1409F07F:SSL routines:ssl3_write_pending:bad write retry),
because pending SSL_write should have been called first.

Best regards,
Jan Prachař

nginx-devel mailing list
Subject Author Views Posted

SSL_shutdown() return value <0

Jan Prachař 256 December 10, 2018 03:48PM

Re: SSL_shutdown() return value <0

Maxim Dounin 230 December 11, 2018 08:34AM

Re: SSL_shutdown() return value <0

Jan Prachař 108 January 02, 2019 02:18PM

Sorry, you do not have permission to post/reply in this forum.

Online Users

Guests: 91
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready