diff options
| author | Matt Caswell <matt@openssl.org> | 2018-06-25 15:51:11 +0200 |
|---|---|---|
| committer | Matt Caswell <matt@openssl.org> | 2018-06-27 11:03:37 +0200 |
| commit | 358ffa05cd3a088822c7d06256bc87516d918798 (patch) | |
| tree | 59682167c740c52c35fa4b55b859cee2499bc16b /test | |
| parent | Return SSL_ERROR_WANT_READ if SSL_shutdown() encounters handshake data (diff) | |
| download | openssl-358ffa05cd3a088822c7d06256bc87516d918798.tar.xz openssl-358ffa05cd3a088822c7d06256bc87516d918798.zip | |
Return a fatal error if application data is encountered during shutdown
Currently if you encounter application data while waiting for a
close_notify from the peer, and you have called SSL_shutdown() then
you will get a -1 return (fatal error) and SSL_ERROR_SYSCALL from
SSL_get_error(). This isn't accurate (it should be SSL_ERROR_SSL) and
isn't persistent (you can call SSL_shutdown() again and it might then work).
We change this into a proper fatal error that is persistent.
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/6340)
Diffstat (limited to 'test')
| -rw-r--r-- | test/sslapitest.c | 19 |
1 files changed, 13 insertions, 6 deletions
diff --git a/test/sslapitest.c b/test/sslapitest.c index ec449560f4..baf0881cd0 100644 --- a/test/sslapitest.c +++ b/test/sslapitest.c @@ -5069,18 +5069,25 @@ static int test_shutdown(int tst) || !TEST_int_eq(SSL_shutdown(clientssl), 1) || !TEST_int_eq(SSL_shutdown(serverssl), 1)) goto end; - } else { + } else if (tst == 4) { /* * In this test the client has sent close_notify and it has been * received by the server which has responded with a close_notify. The - * client needs to read the close_notify sent by the server. When - * tst == 5, there is application data to be read first but this is - * discarded with a -1 return value. + * client needs to read the close_notify sent by the server. */ - if (tst == 5 && !TEST_int_eq(SSL_shutdown(clientssl), -1)) - goto end; if (!TEST_int_eq(SSL_shutdown(clientssl), 1)) goto end; + } else { + /* + * tst == 5 + * + * The client has sent close_notify and is expecting a close_notify + * back, but instead there is application data first. The shutdown + * should fail with a fatal error. + */ + if (!TEST_int_eq(SSL_shutdown(clientssl), -1) + || !TEST_int_eq(SSL_get_error(clientssl, -1), SSL_ERROR_SSL)) + goto end; } testresult = 1; |