Fix ssl_close_notify() with non-blocking I/O
diff --git a/ChangeLog b/ChangeLog
index dd1a3c5..b951c9a 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -10,6 +10,8 @@
Bugfix
* Fix potential bad read in parsing ServerHello (found by Adrien
Vialletelle).
+ * ssl_close_notify() could send more than one message in some circumstances
+ with non-blocking I/O.
Changes
* X.509 certificates with more than one AttributeTypeAndValue per
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 103dc1f..d8eddd9 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -4018,11 +4018,8 @@
SSL_DEBUG_MSG( 2, ( "=> write close notify" ) );
- if( ( ret = ssl_flush_output( ssl ) ) != 0 )
- {
- SSL_DEBUG_RET( 1, "ssl_flush_output", ret );
- return( ret );
- }
+ if( ssl->out_left != 0 )
+ return( ssl_flush_output( ssl ) );
if( ssl->state == SSL_HANDSHAKE_OVER )
{
@@ -4036,7 +4033,7 @@
SSL_DEBUG_MSG( 2, ( "<= write close notify" ) );
- return( ret );
+ return( 0 );
}
void ssl_transform_free( ssl_transform *transform )