SSL (patch 2)

[Russ Allbery]

Bear Giles <bear at coyotesong.com> writes:

> Second patch.  Call 'SSL_shutdown()' immediately prior to closing the
> socket connection.  (Architecture question: does this catch all client
> sessions, or only NNRPD exiting?  I'm not sure this patch is in the
> right place.)

> SSL_shutdown() sends a "end of message" signal to the peer.  If you
> just close the connection, the peer will have no way to know that
> the FIN wasn't actually a "truncation attack" and some clients may
> flag the final block as suspect.  SSL_shutdown() is also a hook used
> to flag that resources can be deallocated.

Thanks, this has been ported to CURRENT and committed.  Yes, I thikn this
is the right place to put this code.

-- 
Russ Allbery (rra at stanford.edu)             <http://www.eyrie.org/~eagle/>