On Mon, May 11, 2020 at 03:52:27PM -0400, Wietse Venema wrote:
> Viktor Dukhovni:
>
> > That said, it perhaps possible that Postfix is calling SSL_shutdown() on
> > a connection that never progressed enough to complete the handshake.
> > I'll check what preconditions are needed for OpenSSL to allow the
> > SSL_shutdown() call. We may need some logic to avoid calling it
> > too early.
>
> Like this?
>
> if (!SSL_in_init(tls_context->con)
> && (ssl_stat = SSL_shutdown(tls_context->con)) < 0) {
> log some warning
> }
> // Wrap up.
Yes, that's the idea.
--
Viktor.
