Re: How do I correctly handle SSL_shutdown?

Mon, 19 Dec 2005 11:28:58 -0800 

I am confused.............
If SSL_shutdown returns 0 then I need to call SSL_shutdown again? So would I do something like this on the client side? 

/* Client code to close SSL connection */
 if( (SSL *)NULL != *sslSocket )
{
  if( SSL_ST_OK == SSL_state( *sslSocket ) )
    {
      status = SSL_shutdown( *sslSocket );
      if( status == 0 )
      {
         status = SSL_shutdown( *sslSocket );
      }
    }
    SSL_free( *sslSocket );
    *sslSocket = (SSL *)NULL;
}

----------------------------------


If this is the case what do I do on the server side do I need to uses 
SSL_state to check for some shutdown state?


Thanks,
Perry

Victor Duchovni wrote:


On Mon, Dec 19, 2005 at 11:22:11AM -0500, Perry L. Jones wrote:


 


I have some questions about shutting down an SSL connection.


   



The correct use of SSL_shutdown() is described in the SSL_shutdown
manpage. Read the whole thing, and pay specific attention to:

      When the application is the first party to send the "close notify"
      alert, SSL_shutdown() will only send the alert and the set the
      SSL_SENT_SHUTDOWN flag (so that the session is considered good and will
      be kept in cache). SSL_shutdown() will then return with 0. If a unidi-
      rectional shutdown is enough (the underlying connection shall be closed
      anyway), this first call to SSL_shutdown() is sufficient. In order to
      complete the bidirectional shutdown handshake, SSL_shutdown() must be
      called again. The second call will make SSL_shutdown() wait for the
      peer's "close notify" shutdown alert. On success, the second call to
      SSL_shutdown() will return with 1.
      If the peer already sent the "close notify" alert and it was already
      processed implicitly inside another function (SSL_read(3)), the
      SSL_RECEIVED_SHUTDOWN flag is set. SSL_shutdown() will send the "close
      notify" alert, set the SSL_SENT_SHUTDOWN flag and will immediately
      return with 1. Whether SSL_RECEIVED_SHUTDOWN is already set can be
      checked using the SSL_get_shutdown() (see also SSL_set_shutdown(3)
      call.


 


______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           [EMAIL PROTECTED]






















					Reply via email to