Clarify that SSL_shutdown() must not be called after a fatal error (ab874dfd) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

doc/man3/SSL_get_error.pod

+8 −5

Original line number	Diff line number	Diff line
		@@ -138,17 +138,20 @@ Details depend on the application.

		=item SSL_ERROR_SYSCALL

		Some non-recoverable I/O error occurred.
		The OpenSSL error queue may contain more information on the error.
		For socket I/O on Unix systems, consult B<errno> for details.
		Some non-recoverable, fatal I/O error occurred. The OpenSSL error queue may
		contain more information on the error. For socket I/O on Unix systems, consult
		B<errno> for details. If this error occurs then no further I/O operations should
		be performed on the connection and SSL_shutdown() must not be called.

		This value can also be returned for other errors, check the error queue for
		details.

		=item SSL_ERROR_SSL

		A failure in the SSL library occurred, usually a protocol error. The
		OpenSSL error queue contains more information on the error.
		A non-recoverable, fatal error in the SSL library occurred, usually a protocol
		error. The OpenSSL error queue contains more information on the error. If this
		error occurs then no further I/O operations should be performed on the
		connection and SSL_shutdown() must not be called.

		=back

+4 −0

Original line number	Diff line number	Diff line
		@@ -22,6 +22,10 @@ Whether the operation succeeds or not, the SSL_SENT_SHUTDOWN flag is set and
		a currently open session is considered closed and good and will be kept in the
		session cache for further reuse.

		Note that SSL_shutdown() must not be called if a previous fatal error has
		occurred on a connection i.e. if SSL_get_error() has returned SSL_ERROR_SYSCALL
		or SSL_ERROR_SSL.

		The shutdown procedure consists of two steps: sending of the close_notify
		shutdown alert, and reception of the peer's close_notify shutdown alert.
		The order of those two steps depends on the application.