Fixed #2221: When using Openssl as TLS backend, close notify alert is…

… not sent before closing the connection. git-svn-id: https://svn.pjsip.org/repos/pjproject/trunk@6054 74dad513-b988-da41-8d7b-12977e46ad98
pjsip · Aug 28, 2019 · ed08f5b · ed08f5b
1 parent 8a15cf5
commit ed08f5b
Show file tree

Hide file tree

Showing 3 changed files with 17 additions and 8 deletions.
diff --git a/pjlib/src/pj/ssl_sock_imp_common.c b/pjlib/src/pj/ssl_sock_imp_common.c
@@ -1281,6 +1281,8 @@ PJ_DEF(pj_status_t) pj_ssl_sock_create (pj_pool_t *pool,
     pj_timer_entry_init(&ssock->timer, 0, ssock, &on_timer);
     pj_ioqueue_op_key_init(&ssock->handshake_op_key,
 			   sizeof(pj_ioqueue_op_key_t));
+    pj_ioqueue_op_key_init(&ssock->shutdown_op_key,
+			   sizeof(pj_ioqueue_op_key_t));
 
     /* Create secure socket mutex */
     status = pj_lock_create_recursive_mutex(pool, pool->obj_name,

diff --git a/pjlib/src/pj/ssl_sock_imp_common.h b/pjlib/src/pj/ssl_sock_imp_common.h
@@ -107,6 +107,7 @@ struct pj_ssl_sock_t
     pj_bool_t		  is_server;
     enum ssl_state	  ssl_state;
     pj_ioqueue_op_key_t	  handshake_op_key;
+    pj_ioqueue_op_key_t	  shutdown_op_key;
     pj_timer_entry	  timer;
     pj_status_t		  verify_status;
 

diff --git a/pjlib/src/pj/ssl_sock_ossl.c b/pjlib/src/pj/ssl_sock_ossl.c
@@ -1168,14 +1168,6 @@ static void ssl_destroy(pj_ssl_sock_t *ssock)
 
     /* Destroy SSL instance */
     if (ossock->ossl_ssl) {
-	/**
-	 * Avoid calling SSL_shutdown() if handshake wasn't completed.
-	 * OpenSSL 1.0.2f complains if SSL_shutdown() is called during an
-	 * SSL handshake, while previous versions always return 0.	 
-	 */
-	if (SSL_in_init(ossock->ossl_ssl) == 0) {
-	    SSL_shutdown(ossock->ossl_ssl);
-	}   	
 	SSL_free(ossock->ossl_ssl); /* this will also close BIOs */
 	ossock->ossl_ssl = NULL;
     }
@@ -1196,6 +1188,20 @@ static void ssl_destroy(pj_ssl_sock_t *ssock)
 /* Reset SSL socket state */
 static void ssl_reset_sock_state(pj_ssl_sock_t *ssock)
 {
+    ossl_sock_t *ossock = (ossl_sock_t *)ssock;
+    /**
+     * Avoid calling SSL_shutdown() if handshake wasn't completed.
+     * OpenSSL 1.0.2f complains if SSL_shutdown() is called during an
+     * SSL handshake, while previous versions always return 0.
+     */
+    if (ossock->ossl_ssl && SSL_in_init(ossock->ossl_ssl) == 0) {
+	int ret = SSL_shutdown(ossock->ossl_ssl);
+	if (ret == 0) {
+	    /* Flush data to send close notify. */
+	    flush_circ_buf_output(ssock, &ssock->shutdown_op_key, 0, 0);
+	}
+    }
+
     pj_lock_acquire(ssock->write_mutex);
     ssock->ssl_state = SSL_STATE_NULL;
     pj_lock_release(ssock->write_mutex);