[openssl-users] What is the best practise for shutdown SSL connections?
Viktor Dukhovni
openssl-users at dukhovni.org
Sun Feb 1 20:48:13 UTC 2015
On Sun, Feb 01, 2015 at 11:36:20PM +0300, Serj wrote:
> 1. Return values for SSL_shutdown()
0 initially if shutdown alert sent, but not yet received from
the peer.
> I never get 2 as a return value!
Why do you expect "2"? [ Note, something is screwing up itemized
lists in the on-line documentation. Instead of showing item labels,
item numbers are showing up instead. ] The nroff manpage says:
RETURN VALUES
The following return values can occur:
0 The shutdown is not yet finished. Call SSL_shutdown() for a second time, if a bidirectional
shutdown shall be performed. The output of SSL_get_error(3) may be misleading, as an erroneous
SSL_ERROR_SYSCALL may be flagged even though no error occurred.
1 The shutdown was successfully completed. The "close notify" alert was sent and the peer's "close
notify" alert was received.
-1 The shutdown was not successful because a fatal error occurred either at the protocol level or a
connection failure occurred. It can also occur if action is need to continue the operation for
non-blocking BIOs. Call SSL_get_error(3) with the return value ret to find out the reason.
> 2. What is the best practise for shutdown SSL connections for CLIENT?
Call ssl_shutdown() and if it returns 0, call it again processing
WANT_READ/WANT_WRITE as required.
--
Viktor.
More information about the openssl-users
mailing list