From 6b0d268bc919e14e0617169052e0ad874f2fca5c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 25 Mar 2014 11:24:43 +0100 Subject: [PATCH] Add ssl_close_notify() to servers that missed it --- ChangeLog | 1 + programs/ssl/ssl_client2.c | 10 +++++----- programs/ssl/ssl_pthread_server.c | 15 +++++++++++++++ programs/ssl/ssl_server.c | 16 +++++++++++++++- programs/ssl/ssl_server2.c | 14 ++++++++++++++ 5 files changed, 50 insertions(+), 6 deletions(-) diff --git a/ChangeLog b/ChangeLog index 57400a80f..417b37f6a 100644 --- a/ChangeLog +++ b/ChangeLog @@ -4,6 +4,7 @@ PolarSSL ChangeLog (Sorted per branch, date) Bugfix * The length of various ClientKeyExchange messages was not properly checked. + * Some example server programs were not sending the close_notify alert. = PolarSSL 1.3.5 released on 2014-03-26 Features diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index eb48eb126..b5bfaedd1 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -1002,6 +1002,7 @@ send_request: if( ret == 0 ) { printf("\n\nEOF\n\n"); + ssl_close_notify( &ssl ); break; } @@ -1010,12 +1011,12 @@ send_request: } while( 1 ); - ssl_close_notify( &ssl ); - if( opt.reconnect != 0 ) { --opt.reconnect; + net_close( server_fd ); + #if defined(POLARSSL_TIMING_C) if( opt.reco_delay > 0 ) m_sleep( 1000 * opt.reco_delay ); @@ -1055,6 +1056,8 @@ send_request: } exit: + if( ret == POLARSSL_ERR_SSL_PEER_CLOSE_NOTIFY ) + ret = 0; #ifdef POLARSSL_ERROR_C if( ret != 0 ) @@ -1062,9 +1065,6 @@ exit: char error_buf[100]; polarssl_strerror( ret, error_buf, 100 ); printf("Last error was: -0x%X - %s\n\n", -ret, error_buf ); - - if( ret == POLARSSL_ERR_SSL_PEER_CLOSE_NOTIFY ) - ret = 0; } #endif diff --git a/programs/ssl/ssl_pthread_server.c b/programs/ssl/ssl_pthread_server.c index 7e1b52eb5..efb360c21 100644 --- a/programs/ssl/ssl_pthread_server.c +++ b/programs/ssl/ssl_pthread_server.c @@ -270,6 +270,21 @@ static void *handle_ssl_connection( void *data ) printf( " [ #%d ] %d bytes written\n=====\n%s\n=====\n", thread_id, len, (char *) buf ); + printf( " [ #%d ] . Closing the connection...", thread_id ); + + while( ( ret = ssl_close_notify( &ssl ) ) < 0 ) + { + if( ret != POLARSSL_ERR_NET_WANT_READ && + ret != POLARSSL_ERR_NET_WANT_WRITE ) + { + printf( " [ #%d ] failed: ssl_close_notify returned -0x%04x\n", + thread_id, ret ); + goto thread_exit; + } + } + + printf( " ok\n" ); + ret = 0; thread_exit: diff --git a/programs/ssl/ssl_server.c b/programs/ssl/ssl_server.c index 7b8ae35c5..7d46aac0c 100644 --- a/programs/ssl/ssl_server.c +++ b/programs/ssl/ssl_server.c @@ -323,7 +323,21 @@ reset: len = ret; printf( " %d bytes written\n\n%s\n", len, (char *) buf ); - + + printf( " . Closing the connection..." ); + + while( ( ret = ssl_close_notify( &ssl ) ) < 0 ) + { + if( ret != POLARSSL_ERR_NET_WANT_READ && + ret != POLARSSL_ERR_NET_WANT_WRITE ) + { + printf( " failed\n ! ssl_close_notify returned %d\n\n", ret ); + goto reset; + } + } + + printf( " ok\n" ); + ret = 0; goto reset; diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index 4bb457ca1..4e199c38a 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -1261,6 +1261,20 @@ reset: printf( " ok\n" ); } + printf( " . Closing the connection..." ); + + while( ( ret = ssl_close_notify( &ssl ) ) < 0 ) + { + if( ret != POLARSSL_ERR_NET_WANT_READ && + ret != POLARSSL_ERR_NET_WANT_WRITE ) + { + printf( " failed\n ! ssl_close_notify returned %d\n\n", ret ); + goto reset; + } + } + + printf( " ok\n" ); + ret = 0; goto reset;