From 84a3bc6c273977bcd4b709e0d9a3d9fcdd58e36d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <ppisar@redhat.com>
Date: Fri, 17 Aug 2018 14:46:33 +0200
Subject: [PATCH] Do two-way shutdown in t/sni_verify.t
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
OpenSSL 1.1.1-pre7 sigipipes TLSv1.3 server if client does not
shutdown TLS properly.
<https://github.com/openssl/openssl/issues/6904>
Signed-off-by: Petr Písař <ppisar@redhat.com>
---
t/sni_verify.t | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/t/sni_verify.t b/t/sni_verify.t
index b3b299b..b5ac4bd 100644
--- a/t/sni_verify.t
+++ b/t/sni_verify.t
@@ -71,6 +71,13 @@ if ( $pid == 0 ) {
$client->verify_hostname($host,'http') or print "not ";
print "ok # client verify hostname in cert $host\n";
+
+ if ($client) {
+ # Shutdown TLS properly. Otherwise TLSv1.3 server will receive SIGPIPE
+ # in SSL_accept() and dies.
+ # <https://github.com/openssl/openssl/issues/6904>.
+ $client->close('SSL_fast_shutdown' => 0);
+ }
}
exit;
}
@@ -81,5 +88,8 @@ for my $host (@tests) {
my $name = $csock->get_servername;
print "not " if ! $name or $name ne $host;
print "ok # server got SNI name $host\n";
+ if ($csock) {
+ $csock->close('SSL_fast_shutdown' => 0);
+ }
}
wait;
--
2.14.4