changed gnutls_bye() behaviour

5 files changed, 32 insertions, 26 deletions

diff --git a/lib/gnutls.h.in b/lib/gnutls.h.in
index 820ac27354..7eca6b9bef 100644
--- a/lib/gnutls.h.in
+++ b/lib/gnutls.h.in
@@ -43,7 +43,7 @@ typedef enum AlertDescription { GNUTLS_CLOSE_NOTIFY, GNUTLS_UNEXPECTED_MESSAGE=1
 
 typedef enum CertificateStatus { GNUTLS_CERT_TRUSTED=1, GNUTLS_CERT_NOT_TRUSTED, GNUTLS_CERT_EXPIRED, GNUTLS_CERT_INVALID } CertificateStatus;
 typedef enum CertificateRequest { GNUTLS_CERT_REQUEST=1, GNUTLS_CERT_REQUIRE } CertificateRequest;
-typedef enum CloseRequest { GNUTLS_BYE_RW=0, GNUTLS_BYE_W=1, GNUTLS_BYE_R=2 } CloseRequest;
+typedef enum CloseRequest { GNUTLS_SHUT_WR=0, GNUTLS_SHUT_W=1 } CloseRequest;
 
 typedef enum GNUTLS_Version { GNUTLS_SSL3=1, GNUTLS_TLS1 } GNUTLS_Version;
 
diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h
index 3b690b3b96..7966766aff 100644
--- a/lib/gnutls_int.h
+++ b/lib/gnutls_int.h
@@ -92,7 +92,7 @@ typedef enum AlertDescription { GNUTLS_CLOSE_NOTIFY, GNUTLS_UNEXPECTED_MESSAGE=1
 			} AlertDescription;
 typedef enum CertificateStatus { GNUTLS_CERT_TRUSTED=1, GNUTLS_CERT_NOT_TRUSTED, GNUTLS_CERT_EXPIRED, GNUTLS_CERT_INVALID } CertificateStatus;
 typedef enum CertificateRequest { GNUTLS_CERT_REQUEST=1, GNUTLS_CERT_REQUIRE } CertificateRequest;
-typedef enum CloseRequest { GNUTLS_BYE_RW=0, GNUTLS_BYE_W=1, GNUTLS_BYE_R=2 } CloseRequest;
+typedef enum CloseRequest { GNUTLS_SHUT_WR=0, GNUTLS_SHUT_W=1 } CloseRequest;
 
 typedef enum HandshakeType { GNUTLS_HELLO_REQUEST, GNUTLS_CLIENT_HELLO, GNUTLS_SERVER_HELLO,
 		     GNUTLS_CERTIFICATE=11, GNUTLS_SERVER_KEY_EXCHANGE,
diff --git a/lib/gnutls_record.c b/lib/gnutls_record.c
index afb37ade93..626189767f 100644
--- a/lib/gnutls_record.c
+++ b/lib/gnutls_record.c
@@ -334,12 +334,14 @@ svoid *gnutls_PRF( opaque * secret, int secret_size, uint8 * label, int label_si
   * him of something important (eg. his Certificate could not be verified).
   * If the alert level is Fatal then the peer is expected to close the
   * connection, otherwise he may ignore the alert and continue.
+  * Returns 0 on success.
   *
   **/
 int gnutls_send_alert(SOCKET cd, GNUTLS_STATE state, AlertLevel level, AlertDescription desc)
 {
 	uint8 data[2];
-
+	int ret;
+	
 	memcpy(&data[0], &level, 1);
 	memcpy(&data[1], &desc, 1);
 
@@ -347,7 +349,10 @@ int gnutls_send_alert(SOCKET cd, GNUTLS_STATE state, AlertLevel level, AlertDesc
 	_gnutls_log( "Record: Sending Alert[%d|%d] - %s\n", data[0], data[1], _gnutls_alert2str((int)data[1]));
 #endif
 
-	return gnutls_send_int(cd, state, GNUTLS_ALERT, -1, data, 2, 0);
+	if ( (ret = gnutls_send_int(cd, state, GNUTLS_ALERT, -1, data, 2, 0)) >= 0)
+		return 0;
+	else
+		return ret;
 }
 
 /**
@@ -357,30 +362,31 @@ int gnutls_send_alert(SOCKET cd, GNUTLS_STATE state, AlertLevel level, AlertDesc
   * @how: is an integer
   *
   * Terminates the current TLS/SSL connection. The connection should
-  * have been initiated using gnutls_handshake() or similar function.
-  * 'how' is one of GNUTLS_BYE_R, GNUTLS_BYE_RW, GNUTLS_BYE_W.
+  * have been initiated using gnutls_handshake().
+  * 'how' should be one of GNUTLS_SHUT_WR, GNUTLS_SHUT_W.
+  *
+  * in case of GNUTLS_SHUT_WR then the connection gets terminated and
+  * further receives and sends will be disallowed. If the return
+  * value is zero you may continue using the TCP connection.
   *
-  * Note that if the return value is zero and 'how' was GNUTLS_BYE_RW, you
-  * may continue using the TCP connection.
+  * in case of GNUTLS_SHUT_W then the connection gets terminated and
+  * further sends will be disallowed. In order to reuse the TCP connection
+  * you should wait for an EOF from the peer.
   *
   **/
 int gnutls_bye(SOCKET cd, GNUTLS_STATE state, CloseRequest how)
 {
-	int ret = 0;
+	int ret = 0, ret2 = 0;
 
+	ret = gnutls_send_alert(cd, state, GNUTLS_WARNING, GNUTLS_CLOSE_NOTIFY);
 
-	if (how == GNUTLS_BYE_R || how == GNUTLS_BYE_RW) {
-		ret = gnutls_send_alert(cd, state, GNUTLS_WARNING, GNUTLS_CLOSE_NOTIFY);
-
+	if ( how == GNUTLS_SHUT_WR && ret == 0) {
+		ret2 = gnutls_recv_int(cd, state, GNUTLS_ALERT, -1, NULL, 0, 0); 
 		state->gnutls_internals.may_read = 1;
-		gnutls_recv_int(cd, state, GNUTLS_ALERT, -1, NULL, 0, 0); 
-	}
-	
-	if (how == GNUTLS_BYE_W || how == GNUTLS_BYE_RW) {
-		state->gnutls_internals.may_write = 1;
 	}
+	state->gnutls_internals.may_write = 1;
 	
-	return ret;
+	return GMIN(ret, ret2);
 }
 
 /* This function behave exactly like write(). The only difference is 
@@ -738,13 +744,12 @@ ssize_t gnutls_recv_int(SOCKET cd, GNUTLS_STATE state, ContentType type, Handsha
 			 * the alert is not fatal
 			 */
 			if (tmpdata[1] == GNUTLS_CLOSE_NOTIFY && tmpdata[0] != GNUTLS_FATAL) {
-
 				/* If we have been expecting for an alert do 
 				 * not call close().
 				 */
 				if (type != GNUTLS_ALERT)
-					gnutls_bye(cd, state, 1);
-				
+					gnutls_bye( cd, state, GNUTLS_SHUT_W);
+
 				gnutls_free(tmpdata);
 
 				return 0; /* EOF */
diff --git a/src/cli.c b/src/cli.c
index 5c219d8362..4ec0cd998c 100644
--- a/src/cli.c
+++ b/src/cli.c
@@ -211,9 +211,9 @@ int main(int argc, char** argv)
 	print_info( state);
 
 	printf("- Disconnecting\n");
-	gnutls_bye(sd, state, 0);
+	gnutls_bye(sd, state, GNUTLS_SHUT_WR);
 	shutdown( sd, SHUT_WR);
-	close(sd);	
+	close(sd);
 	gnutls_deinit( state);	
 	
 
@@ -320,15 +320,16 @@ int main(int argc, char** argv)
 		if (FD_ISSET(fileno(stdin), &rset)) {
 	
 			if( fgets(buffer, MAX_BUF, stdin) == NULL) {
-				gnutls_bye(sd, state, 0);
+				gnutls_bye(sd, state, GNUTLS_SHUT_W);
 				user_term = 1;
 				continue;
 			}
 			gnutls_write( sd, state, buffer, strlen(buffer));
 			printf("- Sent: %d bytes\n", strlen(buffer));
+
 		}
 	}
-	if (user_term!=0) gnutls_bye(sd, state, 0);
+	if (user_term!=0) gnutls_bye(sd, state, GNUTLS_SHUT_WR);
 	
 	shutdown( sd, SHUT_RDWR); /* no more receptions */
 	close(sd);
diff --git a/src/serv.c b/src/serv.c
index 721cc7c7b9..7fb20e81e2 100644
--- a/src/serv.c
+++ b/src/serv.c
@@ -310,7 +310,7 @@ int read_request(int cd, GNUTLS_STATE state, char *data, int data_size, int rnl)
 			return rc;
 		}
 	}
-fprintf(stderr, "\n");
+
 	*ptr = 0;
 	return n;
 }