From f2b00cbdf64c794b2ee0862d2b88a783a4a3c0f9 Mon Sep 17 00:00:00 2001 From: Michael Schubert Date: Mon, 17 Dec 2012 19:35:40 +0100 Subject: [PATCH] netops: on SSL teardown only send shutdown alert According to man 3 SSL_shutdown / TLS, "If a unidirectional shutdown is enough (the underlying connection shall be closed anyway), this first call to SSL_shutdown() is sufficient." Currently, an unidirectional shutdown is enough, since gitno_ssl_teardown is called by gitno_close only. Do so to avoid further errors (by misbehaving peers for example). Fixes #1129. --- src/netops.c | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/src/netops.c b/src/netops.c index e2ec0d323..d3441e0ca 100644 --- a/src/netops.c +++ b/src/netops.c @@ -198,10 +198,7 @@ static int gitno_ssl_teardown(gitno_ssl *ssl) { int ret; - do { - ret = SSL_shutdown(ssl->ssl); - } while (ret == 0); - + ret = SSL_shutdown(ssl->ssl); if (ret < 0) ret = ssl_set_error(ssl, ret); else