jcs.org
jcs's openbsd hax
openbsd
Restore SSL_shutdown() two step sequence.
Change SSL_shutdown() such that it will return 0 after sending a
close-notify, before potentially returning 1 (indicating that a
close-notify has been sent and received) on a subsequent call. Some
software depends on this behaviour, even though there are cases where
the first call could immediately return 1 (for example, when the peer
has already sent a close-notify prior to SSL_shutdown() being called).
ok tb@
+3
-1
+3
-1
lib/libssl/tls13_legacy.c
+3
-1
lib/libssl/tls13_legacy.c
···
1
-
/* $OpenBSD: tls13_legacy.c,v 1.43 2024/01/27 14:34:28 jsing Exp $ */
1
+
/* $OpenBSD: tls13_legacy.c,v 1.44 2024/01/30 14:50:50 jsing Exp $ */
2
2
/*
3
3
* Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
4
4
*
···
501
501
return -1;
502
502
if (ret != TLS13_IO_SUCCESS)
503
503
return tls13_legacy_return_code(ssl, ret);
504
+
goto done;
504
505
}
505
506
506
507
ret = tls13_record_layer_send_pending(ctx->rl);
···
524
525
}
525
526
}
526
527
528
+
done:
527
529
if (ssl->shutdown == (SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN))
528
530
return 1;
529
531