Add ssl_close_notify() to servers that missed it
diff --git a/ChangeLog b/ChangeLog
index 57400a8..417b37f 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -4,6 +4,7 @@
Bugfix
* The length of various ClientKeyExchange messages was not properly checked.
+ * Some example server programs were not sending the close_notify alert.
= PolarSSL 1.3.5 released on 2014-03-26
Features
diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c
index eb48eb1..b5bfaed 100644
--- a/programs/ssl/ssl_client2.c
+++ b/programs/ssl/ssl_client2.c
@@ -1002,6 +1002,7 @@
if( ret == 0 )
{
printf("\n\nEOF\n\n");
+ ssl_close_notify( &ssl );
break;
}
@@ -1010,12 +1011,12 @@
}
while( 1 );
- ssl_close_notify( &ssl );
-
if( opt.reconnect != 0 )
{
--opt.reconnect;
+ net_close( server_fd );
+
#if defined(POLARSSL_TIMING_C)
if( opt.reco_delay > 0 )
m_sleep( 1000 * opt.reco_delay );
@@ -1055,6 +1056,8 @@
}
exit:
+ if( ret == POLARSSL_ERR_SSL_PEER_CLOSE_NOTIFY )
+ ret = 0;
#ifdef POLARSSL_ERROR_C
if( ret != 0 )
@@ -1062,9 +1065,6 @@
char error_buf[100];
polarssl_strerror( ret, error_buf, 100 );
printf("Last error was: -0x%X - %s\n\n", -ret, error_buf );
-
- if( ret == POLARSSL_ERR_SSL_PEER_CLOSE_NOTIFY )
- ret = 0;
}
#endif
diff --git a/programs/ssl/ssl_pthread_server.c b/programs/ssl/ssl_pthread_server.c
index 7e1b52e..efb360c 100644
--- a/programs/ssl/ssl_pthread_server.c
+++ b/programs/ssl/ssl_pthread_server.c
@@ -270,6 +270,21 @@
printf( " [ #%d ] %d bytes written\n=====\n%s\n=====\n",
thread_id, len, (char *) buf );
+ printf( " [ #%d ] . Closing the connection...", thread_id );
+
+ while( ( ret = ssl_close_notify( &ssl ) ) < 0 )
+ {
+ if( ret != POLARSSL_ERR_NET_WANT_READ &&
+ ret != POLARSSL_ERR_NET_WANT_WRITE )
+ {
+ printf( " [ #%d ] failed: ssl_close_notify returned -0x%04x\n",
+ thread_id, ret );
+ goto thread_exit;
+ }
+ }
+
+ printf( " ok\n" );
+
ret = 0;
thread_exit:
diff --git a/programs/ssl/ssl_server.c b/programs/ssl/ssl_server.c
index 7b8ae35..7d46aac 100644
--- a/programs/ssl/ssl_server.c
+++ b/programs/ssl/ssl_server.c
@@ -323,7 +323,21 @@
len = ret;
printf( " %d bytes written\n\n%s\n", len, (char *) buf );
-
+
+ printf( " . Closing the connection..." );
+
+ while( ( ret = ssl_close_notify( &ssl ) ) < 0 )
+ {
+ if( ret != POLARSSL_ERR_NET_WANT_READ &&
+ ret != POLARSSL_ERR_NET_WANT_WRITE )
+ {
+ printf( " failed\n ! ssl_close_notify returned %d\n\n", ret );
+ goto reset;
+ }
+ }
+
+ printf( " ok\n" );
+
ret = 0;
goto reset;
diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c
index 4bb457c..4e199c3 100644
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@@ -1261,6 +1261,20 @@
printf( " ok\n" );
}
+ printf( " . Closing the connection..." );
+
+ while( ( ret = ssl_close_notify( &ssl ) ) < 0 )
+ {
+ if( ret != POLARSSL_ERR_NET_WANT_READ &&
+ ret != POLARSSL_ERR_NET_WANT_WRITE )
+ {
+ printf( " failed\n ! ssl_close_notify returned %d\n\n", ret );
+ goto reset;
+ }
+ }
+
+ printf( " ok\n" );
+
ret = 0;
goto reset;
