Reputation: 4607
How to clean up a bad OpenSSL connection
If a call to SSL_accept fails, I want to just bail out.
Currently I'm calling SSL_shutdown and then SSL_free, but since implementing this, two customers have had crashes deep down in OpenSSL (when calling SSL_accept at a later time), so I'm guessing maybe this isn't the best way to clean up.
The docs say SSL_shutdown is used to correctly cleanup, and it might need to be called twice (although if SSL_accept failed, I wouldn't think that would be the case). SSL_clear is another option, but it seems like more of a connection reset.
SSL_free decrements a reference count and deletes the connection if the reference count hits 0. I know my code doesn't have any references, but the 'session' might?
Is there a definitive way for completely closing/shutting down/freeing an SSL object with OpenSSL?
Upvotes: 3
Views: 4820
Answers (1)
Reputation: 239041
Once you've called SSL_free() on the SSL object, you shouldn't use it again. You need to ensure that a new SSL is created with SSL_new() for the subsequent SSL_accept().
Upvotes: 3
Related Questions
- Why is OpenSSL crashing?
- OpenSSL error handling
- How to handle OpenSSL errors properly (BIO)
- Wrong cipher suite or no connection with OpenSSL server
- SSL_connect and SSL_ERROR_SYSCALL
- How to fix OpenSSL incorrect data transferring?
- SSL_connect() produces certificate verify failure
- openssl error SSL_ERROR_SSL in c++ application
- Some OpenSSL source that mysteriously doesn't work
- Simple C++ OpenSSL code crashing