diff --git a/lib/libwebsockets.c b/lib/libwebsockets.c index cc4d9e1f..560219f9 100755 --- a/lib/libwebsockets.c +++ b/lib/libwebsockets.c @@ -480,14 +480,28 @@ just_kill_connection: !wsi->socket_is_permanently_unusable) { #ifdef LWS_OPENSSL_SUPPORT if (lws_is_ssl(wsi) && wsi->ssl) - { - lwsl_info("%s: shutting down SSL connection: %p (ssl %p, sock %d, state %d)\n", __func__, wsi, wsi->ssl, (int)(long)wsi->desc.sockfd, wsi->state); + { + lwsl_info("%s: shutting down SSL connection: %p (ssl %p, sock %d, state %d)\n", __func__, wsi, wsi->ssl, (int)(long)wsi->desc.sockfd, wsi->state); n = SSL_shutdown(wsi->ssl); - if (n == 1) /* If finished the SSL shutdown, then do socket shutdown, else need to retry SSL shutdown */ - n = shutdown(wsi->desc.sockfd, SHUT_WR); - else - lws_change_pollfd(wsi, LWS_POLLOUT, LWS_POLLIN); - } + if (n == 1) /* If finished the SSL shutdown, then do socket shutdown, else need to retry SSL shutdown */ + n = shutdown(wsi->desc.sockfd, SHUT_WR); + else if (n == 0) + lws_change_pollfd(wsi, LWS_POLLOUT, LWS_POLLIN); + else /* n < 0 */ + { + int shutdown_error = SSL_get_error(wsi->ssl, n); + lwsl_debug("SSL_shutdown returned %d, SSL_get_error: %d\n", n, shutdown_error); + if (shutdown_error == SSL_ERROR_WANT_READ) { + lws_change_pollfd(wsi, LWS_POLLOUT, LWS_POLLIN); + n = 0; + } else if (shutdown_error == SSL_ERROR_WANT_WRITE) { + lws_change_pollfd(wsi, LWS_POLLOUT, LWS_POLLOUT); + n = 0; + } else { // actual error occurred, just close the connection + n = shutdown(wsi->desc.sockfd, SHUT_WR); + } + } + } else #endif { diff --git a/lib/service.c b/lib/service.c index 54f0aae9..8305cb8e 100644 --- a/lib/service.c +++ b/lib/service.c @@ -901,22 +901,40 @@ lws_service_fd_tsi(struct lws_context *context, struct lws_pollfd *pollfd, int t #ifdef LWS_OPENSSL_SUPPORT - if ((wsi->state == LWSS_SHUTDOWN) && lws_is_ssl(wsi) && wsi->ssl) - { - n = SSL_shutdown(wsi->ssl); - lwsl_debug("SSH_shutdown=%d for fd %d\n", n, wsi->desc.sockfd); - if (n == 1) - { - n = shutdown(wsi->desc.sockfd, SHUT_WR); - goto close_and_handled; - } - else - { - lws_change_pollfd(wsi, LWS_POLLOUT, LWS_POLLIN); - n = 0; - goto handled; - } - } + if ((wsi->state == LWSS_SHUTDOWN) && lws_is_ssl(wsi) && wsi->ssl) + { + n = SSL_shutdown(wsi->ssl); + lwsl_debug("SSL_shutdown=%d for fd %d\n", n, wsi->desc.sockfd); + if (n == 1) + { + n = shutdown(wsi->desc.sockfd, SHUT_WR); + goto close_and_handled; + } + else if (n == 0) + { + lws_change_pollfd(wsi, LWS_POLLOUT, LWS_POLLIN); + n = 0; + goto handled; + } + else /* n < 0 */ + { + int shutdown_error = SSL_get_error(wsi->ssl, n); + lwsl_debug("SSL_shutdown returned %d, SSL_get_error: %d\n", n, shutdown_error); + if (shutdown_error == SSL_ERROR_WANT_READ) { + lws_change_pollfd(wsi, LWS_POLLOUT, LWS_POLLIN); + n = 0; + goto handled; + } else if (shutdown_error == SSL_ERROR_WANT_WRITE) { + lws_change_pollfd(wsi, LWS_POLLOUT, LWS_POLLOUT); + n = 0; + goto handled; + } + + // actual error occurred, just close the connection + n = shutdown(wsi->desc.sockfd, SHUT_WR); + goto close_and_handled; + } + } #endif /* okay, what we came here to do... */