diff options
| author | unknown <dkatz@damien-katzs-computer.local> | 2007-07-12 22:22:40 -0400 |
|---|---|---|
| committer | unknown <dkatz@damien-katzs-computer.local> | 2007-07-12 22:22:40 -0400 |
| commit | f6895c6dfd930f676ced5fcc5139ce381a9ba4c2 (patch) | |
| tree | 02068207d3d39a5f16249d52cfc3a7ac4e3122e7 /vio | |
| parent | e62bb5d5a8d7a986ea420bc6e8142e30da8935e7 (diff) | |
| parent | 91112d124e0daf124a838c636ec93eed470aeb3d (diff) | |
| download | mariadb-git-f6895c6dfd930f676ced5fcc5139ce381a9ba4c2.tar.gz | |
Merge damien-katzs-computer.local:/Users/dkatz/mysql50
into damien-katzs-computer.local:/Users/dkatz/mysql51
client/mysqltest.c:
Auto merged
extra/yassl/include/openssl/ssl.h:
Auto merged
extra/yassl/include/yassl_int.hpp:
Auto merged
extra/yassl/src/ssl.cpp:
Auto merged
extra/yassl/src/yassl_int.cpp:
Auto merged
sql/slave.cc:
Auto merged
vio/viossl.c:
SCCS merged
Diffstat (limited to 'vio')
| -rw-r--r-- | vio/viossl.c | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/vio/viossl.c b/vio/viossl.c index 32cfecdb9c8..2c74efb1bef 100644 --- a/vio/viossl.c +++ b/vio/viossl.c @@ -124,6 +124,16 @@ int vio_ssl_close(Vio *vio) if (ssl) { + /* + THE SSL standard says that SSL sockets must send and receive a close_notify + alert on socket shutdown to avoid truncation attacks. However, this can + cause problems since we often hold a lock during shutdown and this IO can + take an unbounded amount of time to complete. Since our packets are self + describing with length, we aren't vunerable to these attacks. Therefore, + we just shutdown by closing the socket (quiet shutdown). + */ + SSL_set_quiet_shutdown(ssl, 1); + switch ((r= SSL_shutdown(ssl))) { case 1: /* Shutdown successful */ |