The branch OpenSSL_1_1_0-stable has been updated via 70fdff68ce9be51cf59c23e1d1a43dcaf8264bbb (commit) from 8e3f60de0c7d7f34a4d9126e27dd3416d64f2011 (commit)
- Log ----------------------------------------------------------------- commit 70fdff68ce9be51cf59c23e1d1a43dcaf8264bbb Author: Bernd Edlinger <bernd.edlin...@hotmail.de> Date: Sat Jan 13 18:41:08 2018 +0100 Explicitly shut the socket down in s_client Reviewed-by: Richard Levitte <levi...@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5072) (cherry picked from commit 26ec943e020c0db6a25e6d155ba318270eff0fd7) ----------------------------------------------------------------------- Summary of changes: apps/s_client.c | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/apps/s_client.c b/apps/s_client.c index fab007a..d160545 100644 --- a/apps/s_client.c +++ b/apps/s_client.c @@ -2471,6 +2471,17 @@ int s_client_main(int argc, char **argv) */ Sleep(50); #endif + /* + * If we ended with an alert being sent, but still with data in the + * network buffer to be read, then calling BIO_closesocket() will + * result in a TCP-RST being sent. On some platforms (notably + * Windows) then this will result in the peer immediately abandoning + * the connection including any buffered alert data before it has + * had a chance to be read. Shutting down the sending side first, + * and then closing the socket sends TCP-FIN first followed by + * TCP-RST. This seems to allow the peer to read the alert data. + */ + shutdown(SSL_get_fd(con), 1); /* SHUT_WR */ BIO_closesocket(SSL_get_fd(con)); end: if (con != NULL) { _____ openssl-commits mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits