diff options
| author | Daniel Stenberg <daniel@haxx.se> | 2019-04-11 17:22:52 +0200 |
|---|---|---|
| committer | Daniel Stenberg <daniel@haxx.se> | 2019-04-12 12:17:52 +0200 |
| commit | 3f5da4e59a556fc68272a9857a38dd75234d0c04 (patch) | |
| tree | bc3a459daeaf8310a730b969fe8ec5586d353113 | |
| parent | 687cdeb9704e372214e28483d87da15c54156bcd (diff) | |
| download | curl-3f5da4e59a556fc68272a9857a38dd75234d0c04.tar.gz | |
openssl: mark connection for close on TLS close_notify
Without this, detecting and avoid reusing a closed TLS connection
(without a previous GOAWAY) when doing HTTP/2 is tricky.
Reported-by: Tom van der Woerdt
Fixes #3750
Closes #3763
| -rw-r--r-- | lib/vtls/openssl.c | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c index eff5c2106..5d2aac7d3 100644 --- a/lib/vtls/openssl.c +++ b/lib/vtls/openssl.c @@ -3756,7 +3756,10 @@ static ssize_t ossl_recv(struct connectdata *conn, /* connection data */ switch(err) { case SSL_ERROR_NONE: /* this is not an error */ + break; case SSL_ERROR_ZERO_RETURN: /* no more data */ + /* close_notify alert */ + connclose(conn, "TLS close_notify"); break; case SSL_ERROR_WANT_READ: case SSL_ERROR_WANT_WRITE: |