curl-users
Possible bug in ssluse.c?
Date: Fri, 3 May 2013 13:50:50 -0400
Hi,
When chasing a bug in our product, I was reading through the ssluse.c code.
Inside the ossl_recv api, we only check if SSL_read returns < 0. Is this
correct, or should it be <= 0?
...
nread = (ssize_t)SSL_read(conn->[num]...
if (nread < 0) {
..
should be:
if (nread <= 0)?
According to the open SSL documentation
http://www.openssl.org/docs/ssl/SSL_read.html
SSL_Read can return 0 -
*0*
The read operation was not successful. The reason may either be a clean
shutdown due to a ``close notify'' alert sent by the peer (in which case
the SSL_RECEIVED_SHUTDOWN flag in the ssl shutdown state is set (see*
SSL_shutdown(3)*, *SSL_set_shutdown(3)*). It is also possible, that the
peer simply shut down the underlying transport and the shutdown is
incomplete. Call SSL_get_error() with the return value *ret* to find out,
whether an error occurred or the connection was shut down cleanly
(SSL_ERROR_ZERO_RETURN).
Thanks for the help!
Mike
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-users
FAQ: http://curl.haxx.se/docs/faq.html
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2013-05-03