Clarify that SSL_shutdown() must not be called after a fatal error (c62896c2) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

doc/ssl/SSL_get_error.pod

+8 −5

Original line number	Diff line number	Diff line
		@@ -112,14 +112,17 @@ thread has completed.

		=item SSL_ERROR_SYSCALL

		Some non-recoverable I/O error occurred.
		The OpenSSL error queue may contain more information on the error.
		For socket I/O on Unix systems, consult B<errno> for details.
		Some non-recoverable, fatal I/O error occurred. The OpenSSL error queue may
		contain more information on the error. For socket I/O on Unix systems, consult
		B<errno> for details. If this error occurs then no further I/O operations should
		be performed on the connection and SSL_shutdown() must not be called.

		=item SSL_ERROR_SSL

		A failure in the SSL library occurred, usually a protocol error. The
		OpenSSL error queue contains more information on the error.
		A non-recoverable, fatal error in the SSL library occurred, usually a protocol
		error. The OpenSSL error queue contains more information on the error. If this
		error occurs then no further I/O operations should be performed on the
		connection and SSL_shutdown() must not be called.

		=back

+4 −0

Original line number	Diff line number	Diff line
		@@ -22,6 +22,10 @@ Whether the operation succeeds or not, the SSL_SENT_SHUTDOWN flag is set and
		a currently open session is considered closed and good and will be kept in the
		session cache for further reuse.

		Note that SSL_shutdown() must not be called if a previous fatal error has
		occurred on a connection i.e. if SSL_get_error() has returned SSL_ERROR_SYSCALL
		or SSL_ERROR_SSL.

		The shutdown procedure consists of 2 steps: the sending of the "close notify"
		shutdown alert and the reception of the peer's "close notify" shutdown
		alert. According to the TLS standard, it is acceptable for an application