diff options
| author | Daniel Stenberg <daniel@haxx.se> | 2019-04-11 17:22:52 +0200 |
|---|---|---|
| committer | Daniel Stenberg <daniel@haxx.se> | 2019-04-11 17:25:07 +0200 |
| commit | 5b6f3b653973502e70fc97f78ad239569b8ed2a2 (patch) | |
| tree | 222c625a92de344b2242ce0111b7575f0cc7f6d0 | |
| parent | 20b8df1096c0befe6eb4cab835f103ad04c3e27e (diff) | |
| download | curl-bagder/tls-notify-alert.tar.gz | |
openssl: mark connection for close on TLS close_notifybagder/tls-notify-alert
Without this, detecting and avoid reusing a closed TLS connection
(without a previous GOAWAY) when doing HTTP/2 is tricky.
Reported-by: Tom van der Woerdt
Fixes #3750
| -rw-r--r-- | lib/vtls/openssl.c | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c index eff5c2106..5d2aac7d3 100644 --- a/lib/vtls/openssl.c +++ b/lib/vtls/openssl.c @@ -3756,7 +3756,10 @@ static ssize_t ossl_recv(struct connectdata *conn, /* connection data */ switch(err) { case SSL_ERROR_NONE: /* this is not an error */ + break; case SSL_ERROR_ZERO_RETURN: /* no more data */ + /* close_notify alert */ + connclose(conn, "TLS close_notify"); break; case SSL_ERROR_WANT_READ: case SSL_ERROR_WANT_WRITE: |