Clarify that SSL_shutdown() must not be called after a fatal error
Follow on from CVE-2019-1559
Reviewed-by: Richard Levitte <levitte@openssl.org>
Matt Caswell
5 years ago
| 89 | 89 |
|
| 90 | 90 |
=item SSL_ERROR_SYSCALL
|
| 91 | 91 |
|
| 92 | |
Some non-recoverable I/O error occurred.
|
| 93 | |
The OpenSSL error queue may contain more information on the error.
|
| 94 | |
For socket I/O on Unix systems, consult B<errno> for details.
|
|
92 |
Some non-recoverable, fatal I/O error occurred. The OpenSSL error queue may
|
|
93 |
contain more information on the error. For socket I/O on Unix systems, consult
|
|
94 |
B<errno> for details. If this error occurs then no further I/O operations should
|
|
95 |
be performed on the connection and SSL_shutdown() must not be called.
|
| 95 | 96 |
|
| 96 | 97 |
=item SSL_ERROR_SSL
|
| 97 | 98 |
|
| 98 | |
A failure in the SSL library occurred, usually a protocol error. The
|
| 99 | |
OpenSSL error queue contains more information on the error.
|
|
99 |
A non-recoverable, fatal error in the SSL library occurred, usually a protocol
|
|
100 |
error. The OpenSSL error queue contains more information on the error. If this
|
|
101 |
error occurs then no further I/O operations should be performed on the
|
|
102 |
connection and SSL_shutdown() must not be called.
|
| 100 | 103 |
|
| 101 | 104 |
=back
|
| 102 | 105 |
|
| 20 | 20 |
Whether the operation succeeds or not, the SSL_SENT_SHUTDOWN flag is set and
|
| 21 | 21 |
a currently open session is considered closed and good and will be kept in the
|
| 22 | 22 |
session cache for further reuse.
|
|
23 |
|
|
24 |
Note that SSL_shutdown() must not be called if a previous fatal error has
|
|
25 |
occurred on a connection i.e. if SSL_get_error() has returned SSL_ERROR_SYSCALL
|
|
26 |
or SSL_ERROR_SSL.
|
| 23 | 27 |
|
| 24 | 28 |
The shutdown procedure consists of 2 steps: the sending of the "close notify"
|
| 25 | 29 |
shutdown alert and the reception of the peer's "close notify" shutdown
|