On 18/10/2017 11:14, Matt Caswell wrote:
On 17/10/17 21:27, Chris Bare wrote:
I have the following code:
setup_ssl (char *server_name, char *port, SSL_CTX *ctx)
{
BIO *output = BIO_new_ssl_connect (ctx);
if (!output)
{
return (NULL);
}
BIO_get_ssl (output, &ssl);
SSL_set_mode (ssl, SSL_MODE_AUTO_RETRY);
SSL_set_verify (ssl, true, NULL);
BIO_set_conn_hostname (output, server_name);
BIO_set_conn_port(output, port);
if (BIO_do_connect (output) <= 0)
{
BIO_free (output);
return (NULL);
}
}
If the server I'm trying to connect to does not have ssl enabled, I get
the error:
SSL23_GET_SERVER_HELLO:unknown protocol
and BIO_do_connect fails as expected, but BIO_free gives this error:
SSL_shutdown:shutdown while in init
Hmmm...that looks like an OpenSSL bug to me. It should not call
SSL_shutdown() if we are still in init. I raised this issue:
https://github.com/openssl/openssl/issues/4545
From a more general usability perspective, it would be better if
SSL_shutdown() (starting from some version number) would always do
the right thing to properly and graciously end the SSL/TLS
connection, in any state where the connection object pointer is
valid at all. That would probably imply taking completely
different actions during init and/or after shutdown has been
initiated by either end.
Then any complicated rules about when to call/not call SSL_shutdown()
could be relegated to a section about historical bugs in older
versions.
If I don't free it, I have a memory leak.
Is there something else I need to do to clean up the BIO?
As a workaround for this I think you can just ignore the error. From
code inspection it looks to me like it should go ahead and free
everything anyway.
Matt
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
