netops: on SSL teardown only send shutdown alert

According to man 3 SSL_shutdown / TLS, "If a unidirectional shutdown is enough (the underlying connection shall be closed anyway), this first call to SSL_shutdown() is sufficient." Currently, an unidirectional shutdown is enough, since gitno_ssl_teardown is called by gitno_close only. Do so to avoid further errors (by misbehaving peers for example). Fixes #1129.

netops: on SSL teardown only send shutdown alert
According to man 3 SSL_shutdown / TLS, "If a unidirectional shutdown is enough (the underlying connection shall be closed anyway), this first call to SSL_shutdown() is sufficient." Currently, an unidirectional shutdown is enough, since gitno_ssl_teardown is called by gitno_close only. Do so to avoid further errors (by misbehaving peers for example). Fixes #1129.
f2b00cbd · Michael Schubert · 9c8dbc88 · f2b00cbd
Commit f2b00cbd authored Dec 17, 2012 by Michael Schubert
Hide whitespace changes
Inline Side-by-side

Showing with 1 additions and 4 deletions

src/netops.c
+1 -4

No files found.
--- a/src/netops.c
+++ b/src/netops.c
@@ -198,10 +198,7 @@ static int gitno_ssl_teardown(gitno_ssl *ssl)
 {
 	int ret;

-	do {
-		ret = SSL_shutdown(ssl->ssl);
-	} while (ret == 0);
-
+	ret = SSL_shutdown(ssl->ssl);
 	if (ret < 0)
 		ret = ssl_set_error(ssl, ret);
 	else