[openssl-commits] [openssl] master update

bernd.edlinger at hotmail.de bernd.edlinger at hotmail.de
Sun Jan 14 19:45:28 UTC 2018 

The branch master has been updated
       via  803141f6100ca8d756928328a262e1dc52daef2d (commit)
       via  26ec943e020c0db6a25e6d155ba318270eff0fd7 (commit)
      from  438e57a43f096d37bf316869b98780e24596a5e8 (commit)


- Log -----------------------------------------------------------------
commit 803141f6100ca8d756928328a262e1dc52daef2d
Author: Bernd Edlinger <bernd.edlinger at hotmail.de>
Date:   Sun Jan 14 18:17:59 2018 +0100

    Use constant value 1 instead of SHUT_WR in do_server
    
    Reviewed-by: Richard Levitte <levitte at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/5072)

commit 26ec943e020c0db6a25e6d155ba318270eff0fd7
Author: Bernd Edlinger <bernd.edlinger at hotmail.de>
Date:   Sat Jan 13 18:41:08 2018 +0100

    Explicitly shut the socket down in s_client
    
    Reviewed-by: Richard Levitte <levitte at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/5072)

-----------------------------------------------------------------------

Summary of changes:
 apps/s_client.c | 11 +++++++++++
 apps/s_socket.c |  8 +-------
 2 files changed, 12 insertions(+), 7 deletions(-)

diff --git a/apps/s_client.c b/apps/s_client.c
index fcab44c..a549304 100644
--- a/apps/s_client.c
+++ b/apps/s_client.c
@@ -3035,6 +3035,17 @@ int s_client_main(int argc, char **argv)
      */
     Sleep(50);
 #endif
+    /*
+     * If we ended with an alert being sent, but still with data in the
+     * network buffer to be read, then calling BIO_closesocket() will
+     * result in a TCP-RST being sent. On some platforms (notably
+     * Windows) then this will result in the peer immediately abandoning
+     * the connection including any buffered alert data before it has
+     * had a chance to be read. Shutting down the sending side first,
+     * and then closing the socket sends TCP-FIN first followed by
+     * TCP-RST. This seems to allow the peer to read the alert data.
+     */
+    shutdown(SSL_get_fd(con), 1); /* SHUT_WR */
     BIO_closesocket(SSL_get_fd(con));
  end:
     if (con != NULL) {
diff --git a/apps/s_socket.c b/apps/s_socket.c
index 2f3e90b..246153a 100644
--- a/apps/s_socket.c
+++ b/apps/s_socket.c
@@ -231,13 +231,7 @@ int do_server(int *accept_sock, const char *host, const char *port,
              * and then closing the socket sends TCP-FIN first followed by
              * TCP-RST. This seems to allow the peer to read the alert data.
              */
-#ifdef _WIN32
-# ifdef SD_SEND
-            shutdown(sock, SD_SEND);
-# endif
-#elif defined(SHUT_WR)
-            shutdown(sock, SHUT_WR);
-#endif
+            shutdown(sock, 1); /* SHUT_WR */
             BIO_closesocket(sock);
         } else {
             i = (*cb)(asock, type, protocol, context);

More information about the openssl-commits mailing list