tech-crypto archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: OpenSSL SSL_shutdown behavior

In article <>,
Thor Lancelot Simon  <> wrote:
>It's been the subject of regular comment on the openssl-dev list that
>SSL_shutdown() doesn't reliably indicate, for a non-blocking connection,
>which way you need to select for I/O ready -- forcing applications to
>apply strange and horrible workarounds to avoid hanging or spinning if
>they try to tidily (bidirectionally) shut down an SSL session.
>A patch to fix this was offered to OpenSSL about two years ago (and
>has been repeatedly re-offered each time the subject has come up)
>but the OpenSSL maintainers for some reason seem to simply ignore it.
>The patch adds -1 as a possible return value for SSL_shutdown and
>causes the library to place WANT_READ or WANT_WRITE on the library's
>error stack instead of SSL_ERROR_SYSCALL which is unuseful for telling
>which way to select!
>I would like to commit that patch to NetBSD.  It is really the only
>sane solution.  But since the OpenSSL developers have been all up in
>arms about others maintaining local patches to their Holy Source Code
>since Debian gave them the opportunity, I thought I should check here
>Rationale for the patch (which doesn't note some of the other really
>problematic use cases for the current "API") is at:
>Patch itself is at:

Go for it!


Home | Main Index | Thread Index | Old Index