Re: OpenSSL SSL_shutdown behavior

[christos%astron.com@localhost (Christos Zoulas)]

In article <20080602234414.GA630%coyotepoint.com@localhost>,
Thor Lancelot Simon  <tls%netbsd.org@localhost> wrote:
>It's been the subject of regular comment on the openssl-dev list that
>SSL_shutdown() doesn't reliably indicate, for a non-blocking connection,
>which way you need to select for I/O ready -- forcing applications to
>apply strange and horrible workarounds to avoid hanging or spinning if
>they try to tidily (bidirectionally) shut down an SSL session.
>
>A patch to fix this was offered to OpenSSL about two years ago (and
>has been repeatedly re-offered each time the subject has come up)
>but the OpenSSL maintainers for some reason seem to simply ignore it.
>The patch adds -1 as a possible return value for SSL_shutdown and
>causes the library to place WANT_READ or WANT_WRITE on the library's
>error stack instead of SSL_ERROR_SYSCALL which is unuseful for telling
>which way to select!
>
>I would like to commit that patch to NetBSD.  It is really the only
>sane solution.  But since the OpenSSL developers have been all up in
>arms about others maintaining local patches to their Holy Source Code
>since Debian gave them the opportunity, I thought I should check here
>first...
>
>Rationale for the patch (which doesn't note some of the other really
>problematic use cases for the current "API") is at:
>       http://marc.info/?l=openssl-dev&m=115153998821797&w=2
>Patch itself is at:
>       http://marc.info/?l=openssl-dev&m=115154030723033&q=p3

Go for it!

christos