[openssl-users] SSL_shutdown:shutdown while in init

Jakob Bohm jb-openssl at wisemo.com
Thu Oct 19 17:14:11 UTC 2017

On 18/10/2017 11:14, Matt Caswell wrote:
> On 17/10/17 21:27, Chris Bare wrote:
>> I have the following code:
>> setup_ssl (char *server_name, char *port, SSL_CTX *ctx)
>> {
>>      BIO *output = BIO_new_ssl_connect (ctx);
>>      if (!output)
>>      {
>>          return (NULL);
>>      }
>>      BIO_get_ssl (output, &ssl);
>>      SSL_set_mode (ssl, SSL_MODE_AUTO_RETRY);
>>      SSL_set_verify (ssl, true, NULL);
>>      BIO_set_conn_hostname (output, server_name);
>>      BIO_set_conn_port(output, port);
>>      if (BIO_do_connect (output) <= 0)
>>      {
>>          BIO_free (output);
>>          return (NULL);
>>      }
>> }
>> If the server I'm trying to connect to does not have ssl enabled, I get
>> the error:
>> SSL23_GET_SERVER_HELLO:unknown protocol
>> and BIO_do_connect fails as expected, but BIO_free gives this error:
>> SSL_shutdown:shutdown while in init
> Hmmm...that looks like an OpenSSL bug to me. It should not call
> SSL_shutdown() if we are still in init. I raised this issue:
> https://github.com/openssl/openssl/issues/4545
 From a more general usability perspective, it would be better if
SSL_shutdown() (starting from some version number) would always do
the right thing to properly and graciously end the SSL/TLS
connection, in any state where the connection object pointer is
valid at all.  That would probably imply taking completely
different actions during init and/or after shutdown has been
initiated by either end.

Then any complicated rules about when to call/not call SSL_shutdown()
could be relegated to a section about historical bugs in older

>> If I don't free it, I have a memory leak.
>> Is there something else I need to do to clean up the BIO?
> As a workaround for this I think you can just ignore the error. From
> code inspection it looks to me like it should go ahead and free
> everything anyway.
> Matt


Jakob Bohm, CIO, Partner, WiseMo A/S.  https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark.  Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded

More information about the openssl-users mailing list