Hi Scott! > When it is time to cleanly close the connection, it calls SSL_shutdown(), > then returns to its select loop to wait for a response indicating that the > server has completed its end of the shutdown. When the server has > completed the shutdown, it expects select to return with a readable > socket, then calls SSL_read expecting it to return with > SSL_ERROR_ZERO_RETURN. Next it calls SSL_shutdown() again to get the > final status, then considers the connection closed and exits. > > That works nearly all the time. However, with this one particular server, > after calling SSL_shutdown() the call to select(2) never returns.
NOTES from man of SSL_shutdown(): The shutdown procedure consists of 2 steps: the sending of the ``close notify'' shutdown alert and the reception of the peer's ``close notify'' shutdown alert. According to the TLS standard, it is acceptable for an application to only send its shutdown alert and then close the underlying connection *without waiting for the peer's response* ... > When I > watch the program under strace(1), I can see the client sending some > encrypted traffic to the server, and the server never sends a response. It. is problem of client, I think. And perhaps it to solve as less two ways: 1) to correct sources of client (there where are calling SSL_read/recv) 2) to write a client your own intensions (perhaps with multithreading) -- Regards. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [email protected] Automated List Manager [email protected]
