Double SSL_shutdown in neon 0.31.0 causes hang when closing a connection to login.live.com

[martinprikryl]

Since the change b19bb81, neon now calls SSL_shutdown twice. Indeed, this seems to be the right thing to do. Unfortunately it causes a hang when closing a connection to login.live.com. It's very well possible that it's a server-side issue. I'm posting it anyway, in case others face the problem, as this is a major server.

A simple code to reproduce the problem:

ne_session * session = ne_session_create("https", "login.live.com", 443);
ne_ssl_set_verify(session, dummy_verify, 0);
ne_request * request = ne_request_create(session, "GET", "/");
ne_request_dispatch(request);
ne_request_destroy(request);
ne_session_destroy(session);

dummy_verify can be a dummy function like:

int dummy_verify(void *, int, const ne_ssl_certificate *)
{
    return 0;
}

The code hangs in ne_session_destroy, in the second call to SSL_shutdown (it times out eventually).

Built against OpenSSL 1.1.1e.

[notroj]

Thanks for filing the issue, am away from laptop so apologies for slow response. I'm guessing this is the server not doing TLS shutdown properly. Any chance you can supply debug traces? (ne_debug_init w/NE_DBG_SSL|NE_DBG_HTTP at minimum)

[martinprikryl]

It does not look like the TLS shutdown it logged. Anyway, here is a timestamped log.

Note the 2 minutes between "Closing connection." and "Connection closed.".

[10:08:41.599] sess: Closing connection.
[10:10:43.425] sess: Connection closed.

[notroj]

The simplest thing to do here is simply revert the commit. The ne_sock_close() API description actually documents the old behaviour accurately, and the HTTP request/session close ignore the return value anyway.