Hi, If I understand it correctly the close_notify alert is only there to prevent a truncation attack. If your higher level protocol can check that all expected data is present then it is OK just to close the socket.
To be safe it would be better to call SSL_shutdown() in the client when it is complete. In the server you can call SSL_get_shutdown() when you expect the client may disconnect. In the server it should be fine to call SSL_shutdown() anyway. I don't think the SSL specification defines whether the server must send a close_notify. I hope this helps, Mark. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
