tyler.durden
/
icinga2
mirror of https://github.com/Icinga/icinga2.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Call SSL_shutdown() at least twice

This commit is contained in:
Michael Friedrich 2018-09-10 16:10:16 +02:00
parent c48da4c280
commit f297881e23
1 changed files with 14 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
lib/base/tlsstream.cpp
View File

@ -401,7 +401,20 @@ void TlsStream::CloseInternal(bool inDestructor)
if (!m_SSL)
return;
(void)SSL_shutdown(m_SSL.get());
/* https://www.openssl.org/docs/manmaster/man3/SSL_shutdown.html
*
* It is recommended to do a bidirectional shutdown by checking
* the return value of SSL_shutdown() and call it again until
* it returns 1 or a fatal error. A maximum of 2x pending + 2x data
* is recommended.
*/
int rc = 0;
for (int i = 0; i < 4; i++) {
if ((rc = SSL_shutdown(m_SSL.get())))
break;
}
m_SSL.reset();
m_Socket->Close();