tyler.durden
/
icinga2
mirror of https://github.com/Icinga/icinga2.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #6718 from Icinga/bugfix/ssl-shutdown 

Call SSL_shutdown() at least twice
This commit is contained in:
Michael Friedrich 2018-10-24 11:46:32 +02:00 committed by GitHub
parent bd8e9f55da f297881e23
commit 7e1942e8e7
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 14 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
lib/base/tlsstream.cpp
View File

@ -402,7 +402,20 @@ void TlsStream::CloseInternal(bool inDestructor)
if (!m_SSL)
return;
(void)SSL_shutdown(m_SSL.get());
/* https://www.openssl.org/docs/manmaster/man3/SSL_shutdown.html
*
* It is recommended to do a bidirectional shutdown by checking
* the return value of SSL_shutdown() and call it again until
* it returns 1 or a fatal error. A maximum of 2x pending + 2x data
* is recommended.
*/
int rc = 0;
for (int i = 0; i < 4; i++) {
if ((rc = SSL_shutdown(m_SSL.get())))
break;
}
m_SSL.reset();
m_Socket->Close();