Re: [PATCH] Fix for SSL_shutdown() with non-blocking not returning -1

Thu, 22 Jun 2006 11:00:12 -0700
Thinking through the possibility here is another one (I dont know how to fix), commented below. With other related issues. 



diff -u -r -N -x '*~' openssl-0.9.8b/ssl/s3_lib.c openssl-0.9.8b-me/ssl/s3_lib.c
--- openssl-0.9.8b/ssl/s3_lib.c 2006-01-15 07:14:38.000000000 +0000
+++ openssl-0.9.8b-me/ssl/s3_lib.c      2006-06-22 17:45:46.000000000 +0100
@@ -2071,6 +2071,7 @@

 
 int ssl3_shutdown(SSL *s)

        {
+       int ret;

 
 	/* Don't do anything much if we have not done the handshake or

         * we don't want to send messages :-) */
@@ -2093,13 +2094,21 @@
                {
                /* resend it if not sent */
 #if 1
-               s->method->ssl_dispatch_alert(s);
+               ret=s->method->ssl_dispatch_alert(s);
+               if(ret == -1) {
+                       /* we only get to return -1 here the 2nd/Nth
+                        * invocation, we must  have already signalled
+                        * return 0 upon a previous invoation */
+                       return(ret);
+               }
 #endif
                }
        else if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN))
                {
                /* If we are waiting for a close from our peer, we are closed */
-               s->method->ssl_read_bytes(s,0,NULL,0,0);
+               ret=s->method->ssl_read_bytes(s,0,NULL,0,0);
+               if(ret == -1)



[There is a situation here when (ret >= 0) where we received some data 
but it wasn't the the whole receive shutdown notify message, so we need 
to setup a WANT_READ again.  From the perspective of the SSL_shutdown() 
call we are indeed in WANT_READ state.



I presume an SSL_read() is allowed to pull any application data until we 
get the receive shutdown notify message, do we have to sink that data 
from the application end first before we can see the 
SSL_RECEIVED_SHUTDOWN ?  What happens if the amount of application data 
is too much for the inbound buffering to cope ?



I dont think that application should be expected to need to sink that 
data, but if its necessary to do so, it should be documented in the 
SSL_shutdown() man page.



I dont want the possibility of a huge amount of inbound application data 
from stopping the receive shutdown appearing, the application should be 
able to optionally read it if it wants.  ]



+                       return(ret);
                }

 
 	if ((s->shutdown == (SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN)) &&

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       openssl-dev@openssl.org
Automated List Manager                           [EMAIL PROTECTED]






















					Reply via email to