OpenSSL: handle SSL_shutdown's errors properly

Do not call SSL_shutdown on a session that is in handshake state (SSL_in_init(s) returns 1). Also, do not call SSL_shutdown if a session encountered a fatal error (SSL_ERROR_SYSCALL or SSL_ERROR_SSL was found before). If SSL_shutdown was unsuccessful (returned code != 1), we have to clear the error(s) it queued. Unfortunately, SSL_in_init was a macro in OpenSSL 1.0.x. We have to resolve SSL_state to implement SSL_in_init. Fixes: QTBUG-83450 Change-Id: I6326119f4e79605429263045ac20605c30dccca3 Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io> (cherry picked from commit 8907635da59c2ae0e8db01f27b24a841b830e655)
author: Timur Pocheptsov <timur.pocheptsov@qt.io> 2020-04-13 20:31:34 +0200
committer: Timur Pocheptsov <timur.pocheptsov@qt.io> 2020-04-16 11:26:04 +0200
commit: 8ddffc6ba4f38bb8dbeb0cf61b6b10ee73505bbb (patch)
tree: d370a49ed40eec55f680b35e8b493e0ab1c56fac /src/network/ssl/qsslsocket_openssl_symbols.cpp
parent: c034089fa697e6dc22f04b3209768a9dc1abcb9c (diff)
1 files changed, 8 insertions, 0 deletions
diff --git a/src/network/ssl/qsslsocket_openssl_symbols.cpp b/src/network/ssl/qsslsocket_openssl_symbols.cpp
index 85029a6ff3..d1bd84cf25 100644
--- a/src/network/ssl/qsslsocket_openssl_symbols.cpp
+++ b/src/network/ssl/qsslsocket_openssl_symbols.cpp
@@ -160,6 +160,11 @@ DEFINEFUNC(void, OPENSSL_sk_free, OPENSSL_STACK *a, a, return, DUMMYARG)
 DEFINEFUNC2(void *, OPENSSL_sk_value, OPENSSL_STACK *a, a, int b, b, return nullptr, return)
 DEFINEFUNC(int, SSL_session_reused, SSL *a, a, return 0, return)
 DEFINEFUNC2(unsigned long, SSL_CTX_set_options, SSL_CTX *ctx, ctx, unsigned long op, op, return 0, return)
+#if OPENSSL_VERSION_NUMBER < 0x10101000L
+DEFINEFUNC(int, SSL_in_init, SSL *a, a, return 0, return)
+#else
+DEFINEFUNC(int, SSL_in_init, const SSL *a, a, return 0, return)
+#endif
 #ifdef TLS1_3_VERSION
 DEFINEFUNC2(int, SSL_CTX_set_ciphersuites, SSL_CTX *ctx, ctx, const char *str, str, return 0, return)
 DEFINEFUNC2(void, SSL_set_psk_use_session_callback, SSL *ssl, ssl, q_SSL_psk_use_session_cb_func_t callback, callback, return, DUMMYARG)
@@ -242,6 +247,7 @@ DEFINEFUNC2(void, BIO_set_shutdown, BIO *a, a, int shut, shut, return, DUMMYARG)
 // Functions below are either deprecated or removed in OpenSSL >= 1.1:
 
 DEFINEFUNC(unsigned char *, ASN1_STRING_data, ASN1_STRING *a, a, return nullptr, return)
+DEFINEFUNC(int, SSL_state, const SSL *a, a, return 0, return)
 
 #ifdef SSLEAY_MACROS
 DEFINEFUNC3(void *, ASN1_dup, i2d_of_void *a, a, d2i_of_void *b, b, char *c, c, return nullptr, return)
@@ -971,6 +977,7 @@ bool q_resolveOpenSslSymbols()
 #if QT_CONFIG(opensslv11)
 
     RESOLVEFUNC(OPENSSL_init_ssl)
+    RESOLVEFUNC(SSL_in_init)
     RESOLVEFUNC(OPENSSL_init_crypto)
     RESOLVEFUNC(ASN1_STRING_get0_data)
     RESOLVEFUNC(EVP_CIPHER_CTX_reset)
@@ -1066,6 +1073,7 @@ bool q_resolveOpenSslSymbols()
 #else // !opensslv11
 
     RESOLVEFUNC(ASN1_STRING_data)
+    RESOLVEFUNC(SSL_state)
 
 #ifdef SSLEAY_MACROS
     RESOLVEFUNC(ASN1_dup)
author	Timur Pocheptsov <timur.pocheptsov@qt.io>	2020-04-13 20:31:34 +0200
committer	Timur Pocheptsov <timur.pocheptsov@qt.io>	2020-04-16 11:26:04 +0200
commit	8ddffc6ba4f38bb8dbeb0cf61b6b10ee73505bbb (patch)
tree	d370a49ed40eec55f680b35e8b493e0ab1c56fac /src/network/ssl/qsslsocket_openssl_symbols.cpp
parent	c034089fa697e6dc22f04b3209768a9dc1abcb9c (diff)