[openssl-dev] renegotiation failure causes SSL_shutdown to return 1?

Matt Caswell matt at openssl.org
Wed Jan 20 14:04:57 UTC 2016



On 05/12/15 09:42, Judson Wilson wrote:
> I am noticing the following sequence of events:
> 
> 1) SSL_renegotiate(...), followed by SSL_write(..., 0) fails when a web
> server rejects it by sending a TCP FIN
> 2) SSL_get_error returns SSL_ERROR_SSL
> 3) SSL_in_init(...) is true
> 4) SSL_shutdown returns 1 <-- this seems strange.
> 
> I'm not sure that this is the right behavior.  Shutting down in a
> handshake without sending/receiving close_notify shouldn't give the
> "everything shutdown gracefully" signal. Perhaps it would be better to
> return -1 and signal SSL_ERROR_SSL?

This is fixed now (in master and 1.0.2).

Matt



More information about the openssl-dev mailing list