Hello All, I have a question concerning SSL shutdown procedure. I build a SSL server which accepts sslv2, sslv3 and tlsv1 method. I work in asynchronous mode. Whenever I want to end a SSL session, I use SSL_shutdown API, then SSL_free of my SSL object, then the close of the socket, which is I think the right way.
Nevertheless, I have noticed that the SSl_shutdown does not always return the value 1 which means my server has sent close notify to client and received the close notify from the client: Indeed , I sometimes receive 0 return code to SSL_shutdown (the shutdown state has changed to SSL_SENT_SHUTDOWN). I try to call again this API but I have the same result. My question is : Is it the good way to close SSL session properly ? ( Should I perform a SSL_clear after the SSL_shutdown) ; should I wait for a different behaviour of this API if it is the client who sends a SSL_shutdown first ? Thanks in advance, jf ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
