RE: SSL Shutdown questions

Matthew Shaylor Mon, 10 Nov 2003 05:06:21 -0800

Hi all,

I've found out what is casuing my shutdown problems.  Basically the server has shut 
down the socket without sending a close_notify before my client shuts down so it 
appears to be half closed.  The scenario looks like this:


<-- Receive FIN, ACK
--> Send ACK
--> Send TLS close_notify alert.
<-- Receive RST

My shutdown code is fairly standard as follows:

                //... close ssl
                ret = SSL_shutdown(m_ssl);
                if (ret == 0)
                {
                        ret = SSL_shutdown(m_ssl);
                }
                //...

The first call to SSL_shutdown returns 0, I would expect this to return some error 
code if the peer has shutdown the socket already.  The second call to SSL_shutdown 
blocks.

The question is how can I tell if the SSL socket has been closed?

Thanks for any help,
Matthew




-----Original Message-----
From: Matthew Shaylor 
Sent: 07 November 2003 15:33
To: [EMAIL PROTECTED]
Subject: SSL Shutdown questions

Hi,

I'm trying to get to grips with the SSL protocol, in particular shutting down 
conenctions gracefully.  I've done some tests where I simply close down the socket.  
If I call SSL_shutdown after the socket has been closed then it allows the session to 
be reused, otherwise it is marked as bad and removed.  

This is sufficient but I'm guessing it is better practice to call SSL_shutdown before 
I close the socket.  I've tried to do this though and the SSL server that I'm 
connected to sends a TCP reset packet after recieving the TLS alert (which I'm 
guessing is a close_notify).  This is what I immagine should happen:

--> Send TLS allert: close notify
<-- Receive an ACK and maybe something else?
--> Send FIN, ACK
<-- Recieve ACK
<-- Recieve FIN, ACK
--> Send ACK

And what I'm getting is:

--> Send TLS alert: close notify (I assume)
<-- Recieve RST

Am I doing the right thing or should I only call SSL_shutdown once the socket has 
shutdown?  If I am doing the right thing then why might the socket be being reset?

Thanks for any advice,
Matthew

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

RE: SSL Shutdown questions

Reply via email to