From ed08f5bbcb7ef51d6798d0fcbea3f65f85c88261 Mon Sep 17 00:00:00 2001 From: Riza Sulistyo Date: Wed, 28 Aug 2019 12:02:50 +0000 Subject: [PATCH] Fixed #2221: When using Openssl as TLS backend, close notify alert is not sent before closing the connection. git-svn-id: https://svn.pjsip.org/repos/pjproject/trunk@6054 74dad513-b988-da41-8d7b-12977e46ad98 --- pjlib/src/pj/ssl_sock_imp_common.c | 2 ++ pjlib/src/pj/ssl_sock_imp_common.h | 1 + pjlib/src/pj/ssl_sock_ossl.c | 22 ++++++++++++++-------- 3 files changed, 17 insertions(+), 8 deletions(-) diff --git a/pjlib/src/pj/ssl_sock_imp_common.c b/pjlib/src/pj/ssl_sock_imp_common.c index e6273d832f..24441f9dab 100644 --- a/pjlib/src/pj/ssl_sock_imp_common.c +++ b/pjlib/src/pj/ssl_sock_imp_common.c @@ -1281,6 +1281,8 @@ PJ_DEF(pj_status_t) pj_ssl_sock_create (pj_pool_t *pool, pj_timer_entry_init(&ssock->timer, 0, ssock, &on_timer); pj_ioqueue_op_key_init(&ssock->handshake_op_key, sizeof(pj_ioqueue_op_key_t)); + pj_ioqueue_op_key_init(&ssock->shutdown_op_key, + sizeof(pj_ioqueue_op_key_t)); /* Create secure socket mutex */ status = pj_lock_create_recursive_mutex(pool, pool->obj_name, diff --git a/pjlib/src/pj/ssl_sock_imp_common.h b/pjlib/src/pj/ssl_sock_imp_common.h index 09f259ef72..b3452fd0aa 100644 --- a/pjlib/src/pj/ssl_sock_imp_common.h +++ b/pjlib/src/pj/ssl_sock_imp_common.h @@ -107,6 +107,7 @@ struct pj_ssl_sock_t pj_bool_t is_server; enum ssl_state ssl_state; pj_ioqueue_op_key_t handshake_op_key; + pj_ioqueue_op_key_t shutdown_op_key; pj_timer_entry timer; pj_status_t verify_status; diff --git a/pjlib/src/pj/ssl_sock_ossl.c b/pjlib/src/pj/ssl_sock_ossl.c index dcd062b705..a77db66481 100644 --- a/pjlib/src/pj/ssl_sock_ossl.c +++ b/pjlib/src/pj/ssl_sock_ossl.c @@ -1168,14 +1168,6 @@ static void ssl_destroy(pj_ssl_sock_t *ssock) /* Destroy SSL instance */ if (ossock->ossl_ssl) { - /** - * Avoid calling SSL_shutdown() if handshake wasn't completed. - * OpenSSL 1.0.2f complains if SSL_shutdown() is called during an - * SSL handshake, while previous versions always return 0. - */ - if (SSL_in_init(ossock->ossl_ssl) == 0) { - SSL_shutdown(ossock->ossl_ssl); - } SSL_free(ossock->ossl_ssl); /* this will also close BIOs */ ossock->ossl_ssl = NULL; } @@ -1196,6 +1188,20 @@ static void ssl_destroy(pj_ssl_sock_t *ssock) /* Reset SSL socket state */ static void ssl_reset_sock_state(pj_ssl_sock_t *ssock) { + ossl_sock_t *ossock = (ossl_sock_t *)ssock; + /** + * Avoid calling SSL_shutdown() if handshake wasn't completed. + * OpenSSL 1.0.2f complains if SSL_shutdown() is called during an + * SSL handshake, while previous versions always return 0. + */ + if (ossock->ossl_ssl && SSL_in_init(ossock->ossl_ssl) == 0) { + int ret = SSL_shutdown(ossock->ossl_ssl); + if (ret == 0) { + /* Flush data to send close notify. */ + flush_circ_buf_output(ssock, &ssock->shutdown_op_key, 0, 0); + } + } + pj_lock_acquire(ssock->write_mutex); ssock->ssl_state = SSL_STATE_NULL; pj_lock_release(ssock->write_mutex);