On Mon, Dec 19, 2005 at 11:22:11AM -0500, Perry L. Jones wrote:
> I have some questions about shutting down an SSL connection.
>
The correct use of SSL_shutdown() is described in the SSL_shutdown
manpage. Read the whole thing, and pay specific attention to:
When the application is the first party to send the "close notify"
alert, SSL_shutdown() will only send the alert and the set the
SSL_SENT_SHUTDOWN flag (so that the session is considered good and will
be kept in cache). SSL_shutdown() will then return with 0. If a unidi-
rectional shutdown is enough (the underlying connection shall be closed
anyway), this first call to SSL_shutdown() is sufficient. In order to
complete the bidirectional shutdown handshake, SSL_shutdown() must be
called again. The second call will make SSL_shutdown() wait for the
peer's "close notify" shutdown alert. On success, the second call to
SSL_shutdown() will return with 1.
If the peer already sent the "close notify" alert and it was already
processed implicitly inside another function (SSL_read(3)), the
SSL_RECEIVED_SHUTDOWN flag is set. SSL_shutdown() will send the "close
notify" alert, set the SSL_SENT_SHUTDOWN flag and will immediately
return with 1. Whether SSL_RECEIVED_SHUTDOWN is already set can be
checked using the SSL_get_shutdown() (see also SSL_set_shutdown(3)
call.
--
Viktor.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
