I am confused.............
If SSL_shutdown returns 0 then I need to call SSL_shutdown again? So
would I do something like this on the client side?
/* Client code to close SSL connection */
if( (SSL *)NULL != *sslSocket )
{
if( SSL_ST_OK == SSL_state( *sslSocket ) )
{
status = SSL_shutdown( *sslSocket );
if( status == 0 )
{
status = SSL_shutdown( *sslSocket );
}
}
SSL_free( *sslSocket );
*sslSocket = (SSL *)NULL;
}
----------------------------------
If this is the case what do I do on the server side do I need to uses
SSL_state to check for some shutdown state?
Thanks,
Perry
Victor Duchovni wrote:
On Mon, Dec 19, 2005 at 11:22:11AM -0500, Perry L. Jones wrote:
I have some questions about shutting down an SSL connection.
The correct use of SSL_shutdown() is described in the SSL_shutdown
manpage. Read the whole thing, and pay specific attention to:
When the application is the first party to send the "close notify"
alert, SSL_shutdown() will only send the alert and the set the
SSL_SENT_SHUTDOWN flag (so that the session is considered good and will
be kept in cache). SSL_shutdown() will then return with 0. If a unidi-
rectional shutdown is enough (the underlying connection shall be closed
anyway), this first call to SSL_shutdown() is sufficient. In order to
complete the bidirectional shutdown handshake, SSL_shutdown() must be
called again. The second call will make SSL_shutdown() wait for the
peer's "close notify" shutdown alert. On success, the second call to
SSL_shutdown() will return with 1.
If the peer already sent the "close notify" alert and it was already
processed implicitly inside another function (SSL_read(3)), the
SSL_RECEIVED_SHUTDOWN flag is set. SSL_shutdown() will send the "close
notify" alert, set the SSL_SENT_SHUTDOWN flag and will immediately
return with 1. Whether SSL_RECEIVED_SHUTDOWN is already set can be
checked using the SSL_get_shutdown() (see also SSL_set_shutdown(3)
call.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]