From: Michal Rakowski <michal.rakowski@baculasystems.com>
Date: Mon, 28 Jun 2021 09:24:12 +0000 (+0200)
Subject: Slighly change SSL_shutdown() err handling
X-Git-Tag: Release-11.3.2~474
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=9ac50be52971ff2a4cd0b4d2515de50fef803685;p=thirdparty%2Fbacula.git

Slighly change SSL_shutdown() err handling

Description:
Following the docs:
https://www.openssl.org/docs/manmaster/man3/SSL_shutdown.html

(...)
RETURN VALUES
The following return values can occur:

0
The shutdown is not yet finished: the close_notify was sent but the peer
did not send it back yet. Call SSL_read() to do a bidirectional
shutdown.

Unlike most other function, returning 0 does not indicate an error.
SSL_get_error(3) should not get called, it may misleadingly indicate an
error even though no error occurred.
(..)

Which means that SSL_get_error() should not be called straight after
SSL_shutdown() returned 0.
---

diff --git a/bacula/src/lib/tls.c b/bacula/src/lib/tls.c
index a112c1542..84b62fbfe 100644
--- a/bacula/src/lib/tls.c
+++ b/bacula/src/lib/tls.c
@@ -823,20 +823,19 @@ void tls_bsock_shutdown(BSOCKCORE *bsock)
       tid = start_bsock_timer(bsock, 60 * 2);
       err = SSL_shutdown(bsock->tls->openssl);
       stop_bsock_timer(tid);
-   }
-
 
-   switch (SSL_get_error(bsock->tls->openssl, err)) {
-   case SSL_ERROR_NONE:
-      break;
-   case SSL_ERROR_ZERO_RETURN:
-      /* TLS connection was shut down on us via a TLS protocol-level closure */
-      openssl_post_errors(bsock->get_jcr(), M_ERROR, _("TLS shutdown failure."));
-      break;
-   default:
-      /* Socket Error Occurred */
-      openssl_post_errors(bsock->get_jcr(), M_ERROR, _("TLS shutdown failure."));
-      break;
+      switch (SSL_get_error(bsock->tls->openssl, err)) {
+         case SSL_ERROR_NONE:
+            break;
+         case SSL_ERROR_ZERO_RETURN:
+            /* TLS connection was shut down on us via a TLS protocol-level closure */
+            openssl_post_errors(bsock->get_jcr(), M_ERROR, _("TLS shutdown failure."));
+            break;
+         default:
+            /* Socket Error Occurred */
+            openssl_post_errors(bsock->get_jcr(), M_ERROR, _("TLS shutdown failure."));
+            break;
+      }
    }
 }