Changeset 6054 for pjproject/trunk/pjlib/src/pj/ssl_sock_ossl.c

Timestamp:

Aug 28, 2019 12:02:50 PM (4 years ago)

Author:

riza

Message:

Fixed #2221: When using Openssl as TLS backend, close notify alert is not sent before closing the connection.

File:

• pjproject/trunk/pjlib/src/pj/ssl_sock_ossl.c (modified) (2 diffs)

pjproject/trunk/pjlib/src/pj/ssl_sock_ossl.c

@@ -1169 +1169 @@
     /* Destroy SSL instance */
     if (ossock->ossl_ssl) {
-        /**
-         * Avoid calling SSL_shutdown() if handshake wasn't completed.
-         * OpenSSL 1.0.2f complains if SSL_shutdown() is called during an
-         * SSL handshake, while previous versions always return 0.       
-         */
-        if (SSL_in_init(ossock->ossl_ssl) == 0) {
-            SSL_shutdown(ossock->ossl_ssl);
-        }       
         SSL_free(ossock->ossl_ssl); /* this will also close BIOs */
         ossock->ossl_ssl = NULL;
@@ -1197 +1189 @@
 static void ssl_reset_sock_state(pj_ssl_sock_t *ssock)
 {
+    ossl_sock_t *ossock = (ossl_sock_t *)ssock;
+    /**
+     * Avoid calling SSL_shutdown() if handshake wasn't completed.
+     * OpenSSL 1.0.2f complains if SSL_shutdown() is called during an
+     * SSL handshake, while previous versions always return 0.
+     */
+    if (ossock->ossl_ssl && SSL_in_init(ossock->ossl_ssl) == 0) {
+        int ret = SSL_shutdown(ossock->ossl_ssl);
+        if (ret == 0) {
+            /* Flush data to send close notify. */
+            flush_circ_buf_output(ssock, &ssock->shutdown_op_key, 0, 0);
+        }
+    }
+
     pj_lock_acquire(ssock->write_mutex);
     ssock->ssl_state = SSL_STATE_NULL;