Properly shut down the SSL connection

By sending close_notify PUBLISHED_FROM=028a001cb9470a16cc7a6544805bfb042a435779

Properly shut down the SSL connection
By sending close_notify PUBLISHED_FROM=028a001cb9470a16cc7a6544805bfb042a435779
a83e7d8c · Deomid Ryabkov · Cesanta Bot · bf7dd7ac · a83e7d8c · a83e7d8c
Commit a83e7d8c authored Mar 15, 2017 by Deomid Ryabkov Committed by Cesanta Bot Mar 15, 2017
Hide whitespace changes
Inline Side-by-side

Showing with 23 additions and 0 deletions

mongoose.c mongoose.c +22 -0

mongoose.h mongoose.h +1 -0

No files found.
--- a/mongoose.c
+++ b/mongoose.c
@@ -2111,6 +2111,11 @@ static void mg_destroy_conn(struct mg_connection *conn, int destroy_if) {

 void mg_close_conn(struct mg_connection *conn) {
  DBG(("%p %lu %d", conn, conn->flags, conn->sock));
+#if MG_ENABLE_SSL
+  if (conn->flags & MG_F_SSL_HANDSHAKE_DONE) {
+    mg_ssl_if_conn_close_notify(conn);
+  }
+#endif
  mg_remove_conn(conn);
  conn->iface->vtable->destroy_conn(conn);
  mg_call(conn, NULL, conn->user_data, MG_EV_CLOSE, NULL);
@@ -4150,6 +4155,12 @@ int mg_ssl_if_write(struct mg_connection *nc, const void *data, size_t len) {
  return n;
 }

+void mg_ssl_if_conn_close_notify(struct mg_connection *nc) {
+  struct mg_ssl_if_ctx *ctx = (struct mg_ssl_if_ctx *) nc->ssl_if_data;
+  if (ctx == NULL) return;
+  SSL_shutdown(ctx->ssl);
+}
+
 void mg_ssl_if_conn_free(struct mg_connection *nc) {
  struct mg_ssl_if_ctx *ctx = (struct mg_ssl_if_ctx *) nc->ssl_if_data;
  if (ctx == NULL) return;
@@ -4637,6 +4648,12 @@ int mg_ssl_if_write(struct mg_connection *nc, const void *data, size_t len) {
  return n;
 }

+void mg_ssl_if_conn_close_notify(struct mg_connection *nc) {
+  struct mg_ssl_if_ctx *ctx = (struct mg_ssl_if_ctx *) nc->ssl_if_data;
+  if (ctx == NULL) return;
+  mbedtls_ssl_close_notify(ctx->ssl);
+}
+
 void mg_ssl_if_conn_free(struct mg_connection *nc) {
  struct mg_ssl_if_ctx *ctx = (struct mg_ssl_if_ctx *) nc->ssl_if_data;
  if (ctx == NULL) return;
@@ -13638,6 +13655,11 @@ enum mg_ssl_if_result mg_ssl_if_conn_init(
  return MG_SSL_OK;
 }

+void mg_ssl_if_conn_close_notify(struct mg_connection *nc) {
+  /* Nothing to do */
+  (void) nc;
+}
+
 void mg_ssl_if_conn_free(struct mg_connection *nc) {
  struct mg_ssl_if_ctx *ctx = (struct mg_ssl_if_ctx *) nc->ssl_if_data;
  if (ctx == NULL) return;

--- a/mongoose.h
+++ b/mongoose.h
@@ -3153,6 +3153,7 @@ enum mg_ssl_if_result mg_ssl_if_conn_init(
    const char **err_msg);
 enum mg_ssl_if_result mg_ssl_if_conn_accept(struct mg_connection *nc,
                                            struct mg_connection *lc);
+void mg_ssl_if_conn_close_notify(struct mg_connection *nc);
 void mg_ssl_if_conn_free(struct mg_connection *nc);

 enum mg_ssl_if_result mg_ssl_if_handshake(struct mg_connection *nc);