Corrected bug in gnutls_bye() which made it return an error code

of INVALID_REQUEST instead of success.

5 files changed, 36 insertions, 24 deletions

diff --git a/lib/auth_cert.c b/lib/auth_cert.c
index 08d5c99260..403ac2bb52 100644
--- a/lib/auth_cert.c
+++ b/lib/auth_cert.c
@@ -232,7 +232,7 @@ static int _find_openpgp_cert(const gnutls_certificate_credentials cred,
  */
 static int get_issuers_num( gnutls_session session, opaque * data, ssize_t data_size)
 {
-int issuers_dn_len, result;
+int issuers_dn_len = 0, result;
 uint size;
 
 	/* Count the number of the given issuers;
@@ -472,7 +472,7 @@ static int _select_client_cert(gnutls_session session,
 			gnutls_assert();
 			return issuers_dn_length;
 		}
-		
+
 		if (issuers_dn_length > 0) {
 			issuers_dn = gnutls_malloc( sizeof(gnutls_datum)*issuers_dn_length);
 			if (issuers_dn == NULL) {
diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h
index 888fb17a3f..89d1fa61c7 100644
--- a/lib/gnutls_int.h
+++ b/lib/gnutls_int.h
@@ -131,7 +131,7 @@ typedef enum gnutls_close_request { GNUTLS_SHUT_RDWR=0, GNUTLS_SHUT_WR=1 } gnutl
 
 typedef enum HandshakeState { STATE0=0, STATE1, STATE2, STATE3, STATE4, STATE5,
 	STATE6, STATE7, STATE8, STATE9, STATE20=20, STATE21,
-	STATE30=30, STATE31, STATE50=50, STATE60=60, STATE61 } HandshakeState;
+	STATE30=30, STATE31, STATE50=50, STATE60=60, STATE61, STATE62 } HandshakeState;
 
 typedef enum HandshakeType { GNUTLS_HELLO_REQUEST, GNUTLS_CLIENT_HELLO, GNUTLS_SERVER_HELLO,
 		     GNUTLS_CERTIFICATE_PKT=11, GNUTLS_SERVER_KEY_EXCHANGE,
diff --git a/lib/gnutls_record.c b/lib/gnutls_record.c
index 9cedd37f47..832cffdbda 100644
--- a/lib/gnutls_record.c
+++ b/lib/gnutls_record.c
@@ -169,29 +169,37 @@ void gnutls_transport_get_ptr2(gnutls_session session,
   **/
 int gnutls_bye( gnutls_session session, gnutls_close_request how)
 {
-	int ret = 0, ret2 = 0;
+	int ret = 0;
 
 	switch (STATE) {
 		case STATE0:
 		case STATE60:
-			if (STATE==STATE60) {
-				ret = _gnutls_io_write_flush( session);
-			} else {
-				ret = gnutls_alert_send( session, GNUTLS_AL_WARNING, GNUTLS_A_CLOSE_NOTIFY);
-				STATE = STATE60;
+			ret = _gnutls_io_write_flush( session);
+			STATE = STATE60;
+			if (ret < 0) {
+				gnutls_assert();
+				return ret;
 			}
 
-			if (ret < 0)
-				return ret;
 		case STATE61:
-			if ( how == GNUTLS_SHUT_RDWR && ret >= 0) {
-				ret2 = _gnutls_recv_int( session, GNUTLS_ALERT, -1, NULL, 0); 
-				if (ret2 >= 0) session->internals.may_read = 1;
-			}
+			ret = gnutls_alert_send( session, GNUTLS_AL_WARNING, GNUTLS_A_CLOSE_NOTIFY);
 			STATE = STATE61;
+			if (ret < 0) {
+				gnutls_assert();
+				return ret;
+			}
 
-			if (ret2 < 0)
-				return ret2;
+		case STATE62:
+			if ( how == GNUTLS_SHUT_RDWR) {
+				ret = _gnutls_recv_int( session, GNUTLS_ALERT, -1, NULL, 0); 
+				if (ret >= 0) session->internals.may_read = 1;
+			}
+			STATE = STATE62;
+
+			if (ret < 0) {
+				gnutls_assert();
+				return ret;
+			}
 			break;
 		default:
 			gnutls_assert();
@@ -300,7 +308,8 @@ ssize_t _gnutls_create_empty_record( gnutls_session session, ContentType type,
  * and only if the previous send was interrupted for some reason.
  *
  */
-ssize_t _gnutls_send_int( gnutls_session session, ContentType type, HandshakeType htype, const void *_data, size_t sizeofdata)
+ssize_t _gnutls_send_int( gnutls_session session, ContentType type, 
+	HandshakeType htype, const void *_data, size_t sizeofdata)
 {
 	uint8 *cipher;
 	int cipher_size;
@@ -429,7 +438,6 @@ ssize_t _gnutls_send_int( gnutls_session session, ContentType type, HandshakeTyp
 			gnutls_assert();
 			ret = GNUTLS_E_INTERNAL_ERROR;
 		}
-
 		_gnutls_session_unresumable( session);
 		_gnutls_session_invalidate( session);
 		gnutls_assert();
@@ -610,7 +618,6 @@ static int _gnutls_record_check_type( gnutls_session session, ContentType recv_t
 				if (data[0] == GNUTLS_AL_FATAL) {
 					_gnutls_session_unresumable( session);
 					_gnutls_session_invalidate( session);
-
 					ret = GNUTLS_E_FATAL_ALERT_RECEIVED;
 				}
 
@@ -681,9 +688,11 @@ static int _gnutls_record_check_type( gnutls_session session, ContentType recv_t
  * that it accepts the gnutls_session and the ContentType of data to
  * receive (if called by the user the Content is Userdata only)
  * It is intended to receive data, under the current session.
+ *
+ * The HandshakeType was introduced to support SSL V2.0 client hellos.
  */
-ssize_t _gnutls_recv_int( gnutls_session session, ContentType type, HandshakeType htype, 
-	opaque *data, size_t sizeofdata)
+ssize_t _gnutls_recv_int( gnutls_session session, ContentType type, 
+	HandshakeType htype, opaque *data, size_t sizeofdata)
 {
 	uint8 *tmpdata;
 	int tmplen;
@@ -697,7 +706,7 @@ ssize_t _gnutls_recv_int( gnutls_session session, ContentType type, HandshakeTyp
 	uint16 header_size;
 	int empty_packet = 0;
 
-	if (sizeofdata == 0 || data == NULL) {
+	if (type != GNUTLS_ALERT && (sizeofdata == 0 || data == NULL)) {
 		return GNUTLS_E_INVALID_REQUEST;
 	}
 
diff --git a/src/cli.c b/src/cli.c
index 539251efe9..e9a2137fcb 100644
--- a/src/cli.c
+++ b/src/cli.c
@@ -124,7 +124,7 @@ static int cert_callback(gnutls_session session,
 	/* Print the server's trusted CAs
 	 */
 	if (nreqs > 0)
-		printf("- Server's trusted authorities:\n");
+		printf("- Server's trusted authorities (%d):\n", nreqs);
 	else
 		printf
 		    ("- Server did not send us any trusted authorities names.\n");
@@ -617,6 +617,8 @@ void socket_bye(socket_st * socket)
 			    gnutls_bye(socket->session, GNUTLS_SHUT_RDWR);
 		while (ret == GNUTLS_E_INTERRUPTED
 		       || ret == GNUTLS_E_AGAIN);
+		if (ret < 0)
+			fprintf(stderr, "*** gnutls_bye() error: %s\n", gnutls_strerror(ret));
 		gnutls_deinit(socket->session);
 		socket->session = NULL;
 	}
diff --git a/src/serv.c b/src/serv.c
index 00fa77f75b..2fc08fbded 100644
--- a/src/serv.c
+++ b/src/serv.c
@@ -137,6 +137,7 @@ static const char *safe_strerror(int value)
 
 static void listener_free(listener_item * j)
 {
+
    if (j->http_request)
       free(j->http_request);
    if (j->http_response)