[openssl-commits] [openssl] OpenSSL_1_1_0-stable update
bernd.edlinger at hotmail.de
bernd.edlinger at hotmail.de
Sun Jan 14 19:46:42 UTC 2018
The branch OpenSSL_1_1_0-stable has been updated
via 70fdff68ce9be51cf59c23e1d1a43dcaf8264bbb (commit)
from 8e3f60de0c7d7f34a4d9126e27dd3416d64f2011 (commit)
- Log -----------------------------------------------------------------
commit 70fdff68ce9be51cf59c23e1d1a43dcaf8264bbb
Author: Bernd Edlinger <bernd.edlinger at hotmail.de>
Date: Sat Jan 13 18:41:08 2018 +0100
Explicitly shut the socket down in s_client
Reviewed-by: Richard Levitte <levitte at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5072)
(cherry picked from commit 26ec943e020c0db6a25e6d155ba318270eff0fd7)
-----------------------------------------------------------------------
Summary of changes:
apps/s_client.c | 11 +++++++++++
1 file changed, 11 insertions(+)
diff --git a/apps/s_client.c b/apps/s_client.c
index fab007a..d160545 100644
--- a/apps/s_client.c
+++ b/apps/s_client.c
@@ -2471,6 +2471,17 @@ int s_client_main(int argc, char **argv)
*/
Sleep(50);
#endif
+ /*
+ * If we ended with an alert being sent, but still with data in the
+ * network buffer to be read, then calling BIO_closesocket() will
+ * result in a TCP-RST being sent. On some platforms (notably
+ * Windows) then this will result in the peer immediately abandoning
+ * the connection including any buffered alert data before it has
+ * had a chance to be read. Shutting down the sending side first,
+ * and then closing the socket sends TCP-FIN first followed by
+ * TCP-RST. This seems to allow the peer to read the alert data.
+ */
+ shutdown(SSL_get_fd(con), 1); /* SHUT_WR */
BIO_closesocket(SSL_get_fd(con));
end:
if (con != NULL) {
More information about the openssl-commits
mailing list