WolfSSL
/
wolfssl
mirror of https://github.com/wolfSSL/wolfssl.git
1
0
Fork 0
Code Issues Releases Wiki Activity

add option for bidirectional shutdown

pull/1/head
lchristina26 2015-01-30 08:41:34 -07:00
parent fe26b86207
commit db5a95b370
4 changed files with 61 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

35
examples/client/client.c
View File

@ -141,6 +141,7 @@ static void Usage(void)
printf("-m Match domain name in cert\n"); printf("-m Match domain name in cert\n");
printf("-N Use Non-blocking sockets\n"); printf("-N Use Non-blocking sockets\n");
printf("-r Resume session\n"); printf("-r Resume session\n");
printf("-w Wait for bidirectional shutdown\n");
#ifdef HAVE_SECURE_RENEGOTIATION #ifdef HAVE_SECURE_RENEGOTIATION
printf("-R Allow Secure Renegotiation\n"); printf("-R Allow Secure Renegotiation\n");
printf("-i Force client Initiated Secure Renegotiation\n"); printf("-i Force client Initiated Secure Renegotiation\n");
@ -207,6 +208,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
int doPeerCheck = 1; int doPeerCheck = 1;
int nonBlocking = 0; int nonBlocking = 0;
int resumeSession = 0; int resumeSession = 0;
int shutdown = 0;
int scr = 0; /* allow secure renegotiation */ int scr = 0; /* allow secure renegotiation */
int forceScr = 0; /* force client initiaed scr */ int forceScr = 0; /* force client initiaed scr */
int trackMemory = 0; int trackMemory = 0;
@ -258,7 +260,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
StackTrap(); StackTrap();
while ((ch = mygetopt(argc, argv, while ((ch = mygetopt(argc, argv,
"?gdDusmNrRitfxUPh:p:v:l:A:c:k:b:zS:L:ToO:a")) != -1) { "?gdDusmNrwRitfxUPh:p:v:l:A:c:k:b:zS:L:ToO:a")) != -1) {
switch (ch) { switch (ch) {
case '?' : case '?' :
Usage(); Usage();
@ -367,6 +369,10 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
resumeSession = 1; resumeSession = 1;
break; break;
case 'w' :
shutdown = 1;
break;
case 'R' : case 'R' :
#ifdef HAVE_SECURE_RENEGOTIATION #ifdef HAVE_SECURE_RENEGOTIATION
scr = 1; scr = 1;
@ -643,7 +649,13 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
if (wolfSSL_connect(ssl) != SSL_SUCCESS) if (wolfSSL_connect(ssl) != SSL_SUCCESS)
err_sys("SSL_connect failed"); err_sys("SSL_connect failed");
wolfSSL_shutdown(ssl); if (shutdown) { /* bidirectional shutdown if true */
if (!wolfSSL_shutdown(ssl))
wolfSSL_shutdown(ssl);
}
else {
wolfSSL_shutdown(ssl);
}
wolfSSL_free(ssl); wolfSSL_free(ssl);
CloseSocket(sockfd); CloseSocket(sockfd);
} }
@ -802,8 +814,15 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
} }
#endif #endif
if (doDTLS == 0) /* don't send alert after "break" command */ if (doDTLS == 0) { /* don't send alert after "break" command */
wolfSSL_shutdown(ssl); /* echoserver will interpret as new conn */ if (shutdown) { /* bidirectional shutdown if true */
if (!wolfSSL_shutdown(ssl)) /* echoserver interprets as new conn */
wolfSSL_shutdown(ssl);
}
else {
wolfSSL_shutdown(ssl);
}
}
#ifdef ATOMIC_USER #ifdef ATOMIC_USER
if (atomicUser) if (atomicUser)
FreeAtomicUser(ssl); FreeAtomicUser(ssl);
@ -879,7 +898,13 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
/* try to send session break */ /* try to send session break */
wolfSSL_write(sslResume, msg, msgSz); wolfSSL_write(sslResume, msg, msgSz);
wolfSSL_shutdown(sslResume); if (shutdown) { /* bidirectional shutdown if true */
if (!wolfSSL_shutdown(sslResume))
wolfSSL_shutdown(sslResume);
}
else {
wolfSSL_shutdown(sslResume);
}
wolfSSL_free(sslResume); wolfSSL_free(sslResume);
CloseSocket(sockfd); CloseSocket(sockfd);
} }

16
examples/server/server.c
View File

@ -135,6 +135,7 @@ static void Usage(void)
printf("-r Create server ready file, for external monitor\n"); printf("-r Create server ready file, for external monitor\n");
printf("-N Use Non-blocking sockets\n"); printf("-N Use Non-blocking sockets\n");
printf("-S <str> Use Host Name Indication\n"); printf("-S <str> Use Host Name Indication\n");
printf("-w Wait for bidirectional shutdown\n");
#ifdef HAVE_OCSP #ifdef HAVE_OCSP
printf("-o Perform OCSP lookup on peer certificate\n"); printf("-o Perform OCSP lookup on peer certificate\n");
printf("-O <url> Perform OCSP lookup using <url> as responder\n"); printf("-O <url> Perform OCSP lookup using <url> as responder\n");
@ -173,6 +174,7 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
int fewerPackets = 0; int fewerPackets = 0;
int pkCallbacks = 0; int pkCallbacks = 0;
int serverReadyFile = 0; int serverReadyFile = 0;
int shutdown = 0;
char* cipherList = NULL; char* cipherList = NULL;
const char* verifyCert = cliCert; const char* verifyCert = cliCert;
const char* ourCert = svrCert; const char* ourCert = svrCert;
@ -203,7 +205,7 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
fdOpenSession(Task_self()); fdOpenSession(Task_self());
#endif #endif
while ((ch = mygetopt(argc, argv, "?dbstnNufraPp:v:l:A:c:k:S:oO:")) != -1) { while ((ch = mygetopt(argc, argv, "?dbstnNufrawPp:v:l:A:c:k:S:oO:")) != -1) {
switch (ch) { switch (ch) {
case '?' : case '?' :
Usage(); Usage();
@ -257,6 +259,10 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
#endif #endif
break; break;
case 'w' :
shutdown = 1;
break;
case 'v' : case 'v' :
version = atoi(myoptarg); version = atoi(myoptarg);
if (version < 0 || version > 3) { if (version < 0 || version > 3) {
@ -560,7 +566,13 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
Task_yield(); Task_yield();
#endif #endif
SSL_shutdown(ssl); if (shutdown) { /* bidirectional shutdown if true */
if (!SSL_shutdown(ssl))
SSL_shutdown(ssl);
}
else {
SSL_shutdown(ssl);
}
SSL_free(ssl); SSL_free(ssl);
SSL_CTX_free(ctx); SSL_CTX_free(ctx);

9
src/internal.c
View File

@ -6351,8 +6351,9 @@ static int DoAlert(WOLFSSL* ssl, byte* input, word32* inOutIdx, int* type,
WOLFSSL_MSG(" close notify"); WOLFSSL_MSG(" close notify");
ssl->options.closeNotify = 1; ssl->options.closeNotify = 1;
} }
WOLFSSL_ERROR(*type); if (!ssl->options.sentNotify) {
WOLFSSL_ERROR(*type);
}
if (ssl->keys.encryptionOn) { if (ssl->keys.encryptionOn) {
if (*inOutIdx + ssl->keys.padSz > totalSz) if (*inOutIdx + ssl->keys.padSz > totalSz)
return BUFFER_E; return BUFFER_E;
@ -7750,7 +7751,9 @@ startScr:
while (ssl->buffers.clearOutputBuffer.length == 0) { while (ssl->buffers.clearOutputBuffer.length == 0) {
if ( (ssl->error = ProcessReply(ssl)) < 0) { if ( (ssl->error = ProcessReply(ssl)) < 0) {
WOLFSSL_ERROR(ssl->error); if (!ssl->options.sentNotify) {
WOLFSSL_ERROR(ssl->error);
}
if (ssl->error == ZERO_RETURN) { if (ssl->error == ZERO_RETURN) {
WOLFSSL_MSG("Zero return, no more data coming"); WOLFSSL_MSG("Zero return, no more data coming");
return 0; /* no more data coming */ return 0; /* no more data coming */

11
src/ssl.c
View File

@ -936,6 +936,17 @@ int wolfSSL_shutdown(WOLFSSL* ssl)
return SSL_FATAL_ERROR; return SSL_FATAL_ERROR;
} }
ssl->options.sentNotify = 1; /* don't send close_notify twice */ ssl->options.sentNotify = 1; /* don't send close_notify twice */
WOLFSSL_LEAVE("SSL_shutdown()", ssl->error);
return 0;
}
/* call wolfSSL_shutdown again for bidirectional shudown */
if (ssl->options.sentNotify && !ssl->options.closeNotify) {
ssl->error = ReceiveData(ssl, 0, 0, 0);
if (ssl->error < 0) {
WOLFSSL_ERROR(ssl->error);
return SSL_FATAL_ERROR;
}
} }
WOLFSSL_LEAVE("SSL_shutdown()", ssl->error); WOLFSSL_LEAVE("SSL_shutdown()", ssl->error);