SSL_shutdown return error when close in init state(openssl 1.1.0)

Previous Topic Next Topic
classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
Report Content as Inappropriate

SSL_shutdown return error when close in init state(openssl 1.1.0)

 I'm using open1.1.0e in async mode with intel QuickAssist Engine to handle https connections, but there's some problem.
I use  apache benchmark tool to test thehttps connections,  the description is as follow:

 client(ab)-------------------------- server(my program)

<---------TCP handshake---------------->
-------------ssl client hello--------------->
<---------server hello,certicate...---------
-----------client key exchange....-------->
//here, server's SSL_do_handshake reutrns SSL_ERROR_WANT_ASYNC repeatly,


//client want to close the connection, then, server should close ssl connection ,In program, I intend to close SSL connections in quiet mode:

but SSL_shutdown returns SSL_ERROR_SSL, because SSL_in_init(s) return true.
int SSL_shutdown(SSL *s)
     * Note that this function behaves differently from what one might
     * expect.  Return values are 0 for no success (yet), 1 for success; but
     * calling it once is usually not enough, even if blocking I/O is used
     * (see ssl3_shutdown).

    if (s->handshake_func == NULL) {
        return -1;

    if (!SSL_in_init(s)) {
        if ((s->mode & SSL_MODE_ASYNC) && ASYNC_get_current_job() == NULL) {
            struct ssl_async_args args;

            args.s = s;
            args.type = OTHERFUNC;
            args.f.func_other = s->method->ssl_shutdown;

            return ssl_start_async_job(s, &args, ssl_io_intern);
        } else {
            return s->method->ssl_shutdown(s);
    } else {
        return -1;

I'm confused, what should I do here ???
(1) just call SSL_free(ssl) to free SSL connection, then the async engine may callback and using SSL's waitctx, which cause crash.  Also I noticed that SSL's job doesn't free neither, which may cause memory leak;

(2)continue call SSL_shutdown(ssl),  and it will always return SSL_ERROR_SSL

Is anybody know? thanks  



openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users