<html>
<head>
<meta http-equiv="Content-Type" content="text/html;
charset=windows-1252">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<p><br>
</p>
<div class="moz-cite-prefix">On 1/10/2019 17:07, Charles Mills
wrote:<br>
</div>
<blockquote type="cite"
cite="mid:01ae01d4a939$466214d0$d3263e70$@mcn.org">
<meta http-equiv="Content-Type" content="text/html;
charset=windows-1252">
<meta name="Generator" content="Microsoft Word 14 (filtered
medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
{mso-style-priority:34;
margin-top:0in;
margin-right:0in;
margin-bottom:0in;
margin-left:.5in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri","sans-serif";
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri","sans-serif";}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
/* List Definitions */
@list l0
{mso-list-id:335230910;
mso-list-type:hybrid;
mso-list-template-ids:1347069704 67698703 67698713 67698715 67698703 67698713 67698715 67698703 67698713 67698715;}
@list l0:level1
{mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level2
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level3
{mso-level-number-format:roman-lower;
mso-level-tab-stop:none;
mso-level-number-position:right;
text-indent:-9.0pt;}
@list l0:level4
{mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level5
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level6
{mso-level-number-format:roman-lower;
mso-level-tab-stop:none;
mso-level-number-position:right;
text-indent:-9.0pt;}
@list l0:level7
{mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level8
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level9
{mso-level-number-format:roman-lower;
mso-level-tab-stop:none;
mso-level-number-position:right;
text-indent:-9.0pt;}
ol
{margin-bottom:0in;}
ul
{margin-bottom:0in;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div class="WordSection1">
<p class="MsoNormal">On Windows, for a new session, I am issuing
a Windows accept() followed by SSL_new(), SSL_set_fd() and so
forth.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">When the session sees some sort of an
abnormal receive condition, I am doing<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal" style="text-autospace:none"><span
style="font-size:9.5pt;font-family:Consolas"> <span
style="color:blue">int</span> <b><span style="color:navy">retCode</span></b>
= <span style="color:#880000">SSL_get_shutdown</span>(<span
style="color:navy">sessionSSL</span>);<o:p></o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><span
style="font-size:9.5pt;font-family:Consolas"> <span
style="color:blue">if</span> ( <b><span
style="color:navy">retCode</span></b> & <span
style="color:#A000A0">SSL_RECEIVED_SHUTDOWN</span> )<o:p></o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><span
style="font-size:9.5pt;font-family:Consolas"> {<o:p></o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><span
style="font-size:9.5pt;font-family:Consolas"> <span
style="color:#880000">SSL_shutdown</span>(<span
style="color:navy">sessionSSL</span>);<o:p></o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><span
style="font-size:9.5pt;font-family:Consolas"> }<o:p></o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><span
style="font-size:9.5pt;font-family:Consolas"> <span
style="color:blue">else</span><o:p></o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><span
style="font-size:9.5pt;font-family:Consolas"> {<o:p></o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><span
style="font-size:9.5pt;font-family:Consolas"> <span
style="color:#880000">SSL_clear</span>(<span
style="color:navy">sessionSSL</span>);<o:p></o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><span
style="font-size:9.5pt;font-family:Consolas"> }<o:p></o:p></span></p>
<p class="MsoNormal" style="text-autospace:none"><span
style="font-size:9.5pt;font-family:Consolas"><o:p> </o:p></span></p>
<p class="MsoNormal">Questions:<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoListParagraph"
style="text-indent:-.25in;mso-list:l0 level1 lfo1"><!--[if !supportLists]--><span
style="mso-list:Ignore">1.<span style="font:7.0pt
"Times New Roman""> </span></span><!--[endif]-->Do
I also need to do a closesocket() (equivalent to UNIX close())
on the Windows socket?<o:p></o:p></p>
<p class="MsoListParagraph"
style="text-indent:-.25in;mso-list:l0 level1 lfo1"><!--[if !supportLists]--><span
style="mso-list:Ignore">2.<span style="font:7.0pt
"Times New Roman""> </span></span><!--[endif]-->Does
anyone want to critique the above logic in any other way?<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">The code basically “works” but I see
evidence that a Windows TCP session is still open following an
SSL error.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Thanks,<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><i>Charles Mills</i><br>
<br>
<o:p></o:p></p>
</div>
<br>
</blockquote>
Are you sure you want to use SSL_clear() in the first place? It
retains the session's settings which is only useful if the *exact*
same peer is going to reconnect on the same SSL object. If a
*different* peer connects there's a decent shot that the connection
will fail.<br>
<p>You also likely want to call SSL_shutdown(connection) again IF
the first call returns zero; the first one sends a notification
and if the other end hasn't closed yet returns zero. The second
waits for a termination, either normal notification or abnormal,
from the other end.</p>
<p> if (!SSL_shutdown(connection)) {<br>
SSL_shutdown(connection)<br>
}<br>
</p>
<p>The underlying handle is still open at the OS level after this,
so on Unix anyway you want to notify the OS that the socket is
invalid for further I/O and then close it.</p>
<p>Code snippet (took_error is a flag that says "this connection is
no longer needed", it's could be either an error in the higher
level code or a "we're all done, let this connection go"
indication):</p>
<p> if (slave_socket[x].took_error) {<br>
slave_socket[x].connected = 0; /* Connection
is void */<br>
if (slave_socket[x].ssl_fd != NULL) { /* If
there's a valid SSL connection */<br>
if (!SSL_shutdown(slave_socket[x].ssl_fd))
{<br>
SSL_shutdown(slave_socket[x].ssl_fd);<br>
}<br>
SSL_free(slave_socket[x].ssl_fd);<br>
slave_socket[x].ssl = 0; /* We are not in
SSL mode */<br>
}<br>
shutdown(slave_socket[x].fd, SHUT_RDWR);<br>
close(slave_socket[x].fd);<br>
</p>
<p> ..... Clean up the rest of the things you
need to do when the connection ends<br>
</p>
<p>Since the next connection may come from a different peer I do not
use SSL_clear but rather SSL_free.</p>
<p>The call to shutdown() tells the OS to send any data queued on
the socket, wait for an ACK and then send FIN.<br>
</p>
<div class="moz-signature">-- <br>
Karl Denninger<br>
<a href="mailto:karl@denninger.net">karl@denninger.net</a><br>
<i>The Market Ticker</i><br>
<font size="-2"><i>[S/MIME encrypted email preferred]</i></font>
</div>
</body>
</html>