SSL_shutdown:shutdown while in init

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

SSL_shutdown:shutdown while in init

Chris Bare-2
I have the following code:

setup_ssl (char *server_name, char *port, SSL_CTX *ctx)
{
    BIO *output = BIO_new_ssl_connect (ctx);
    if (!output)
    {
        return (NULL);
    }
    BIO_get_ssl (output, &ssl);
    SSL_set_mode (ssl, SSL_MODE_AUTO_RETRY);
    SSL_set_verify (ssl, true, NULL);
    BIO_set_conn_hostname (output, server_name);
    BIO_set_conn_port(output, port);

    if (BIO_do_connect (output) <= 0)
    {
        BIO_free (output);
        return (NULL);
    }
}

If the server I'm trying to connect to does not have ssl enabled, I get the error:
SSL23_GET_SERVER_HELLO:unknown protocol
and BIO_do_connect fails as expected, but BIO_free gives this error:
SSL_shutdown:shutdown while in init

If I don't free it, I have a memory leak.
Is there something else I need to do to clean up the BIO?
I tried calling BIO_do_handshake, but that crashes (not surprised).

--
Chris Bare

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: SSL_shutdown:shutdown while in init

Matt Caswell-2


On 17/10/17 21:27, Chris Bare wrote:

> I have the following code:
>
> setup_ssl (char *server_name, char *port, SSL_CTX *ctx)
> {
>     BIO *output = BIO_new_ssl_connect (ctx);
>     if (!output)
>     {
>         return (NULL);
>     }
>     BIO_get_ssl (output, &ssl);
>     SSL_set_mode (ssl, SSL_MODE_AUTO_RETRY);
>     SSL_set_verify (ssl, true, NULL);
>     BIO_set_conn_hostname (output, server_name);
>     BIO_set_conn_port(output, port);
>
>     if (BIO_do_connect (output) <= 0)
>     {
>         BIO_free (output);
>         return (NULL);
>     }
> }
>
> If the server I'm trying to connect to does not have ssl enabled, I get
> the error:
> SSL23_GET_SERVER_HELLO:unknown protocol
> and BIO_do_connect fails as expected, but BIO_free gives this error:
> SSL_shutdown:shutdown while in init

Hmmm...that looks like an OpenSSL bug to me. It should not call
SSL_shutdown() if we are still in init. I raised this issue:

https://github.com/openssl/openssl/issues/4545


>
> If I don't free it, I have a memory leak.
> Is there something else I need to do to clean up the BIO?

As a workaround for this I think you can just ignore the error. From
code inspection it looks to me like it should go ahead and free
everything anyway.

Matt


--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: SSL_shutdown:shutdown while in init

Jakob Bohm-7
On 18/10/2017 11:14, Matt Caswell wrote:

>
> On 17/10/17 21:27, Chris Bare wrote:
>> I have the following code:
>>
>> setup_ssl (char *server_name, char *port, SSL_CTX *ctx)
>> {
>>      BIO *output = BIO_new_ssl_connect (ctx);
>>      if (!output)
>>      {
>>          return (NULL);
>>      }
>>      BIO_get_ssl (output, &ssl);
>>      SSL_set_mode (ssl, SSL_MODE_AUTO_RETRY);
>>      SSL_set_verify (ssl, true, NULL);
>>      BIO_set_conn_hostname (output, server_name);
>>      BIO_set_conn_port(output, port);
>>
>>      if (BIO_do_connect (output) <= 0)
>>      {
>>          BIO_free (output);
>>          return (NULL);
>>      }
>> }
>>
>> If the server I'm trying to connect to does not have ssl enabled, I get
>> the error:
>> SSL23_GET_SERVER_HELLO:unknown protocol
>> and BIO_do_connect fails as expected, but BIO_free gives this error:
>> SSL_shutdown:shutdown while in init
> Hmmm...that looks like an OpenSSL bug to me. It should not call
> SSL_shutdown() if we are still in init. I raised this issue:
>
> https://github.com/openssl/openssl/issues/4545
>
 From a more general usability perspective, it would be better if
SSL_shutdown() (starting from some version number) would always do
the right thing to properly and graciously end the SSL/TLS
connection, in any state where the connection object pointer is
valid at all.  That would probably imply taking completely
different actions during init and/or after shutdown has been
initiated by either end.

Then any complicated rules about when to call/not call SSL_shutdown()
could be relegated to a section about historical bugs in older
versions.

>> If I don't free it, I have a memory leak.
>> Is there something else I need to do to clean up the BIO?
> As a workaround for this I think you can just ignore the error. From
> code inspection it looks to me like it should go ahead and free
> everything anyway.
>
> Matt
>
>

Enjoy

Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S.  https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark.  Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users