SSL (patch 2)

[Bear Giles]

Second patch.  Call 'SSL_shutdown()' immediately prior to closing the
socket connection.  (Architecture question: does this catch all client
sessions, or only NNRPD exiting?  I'm not sure this patch is in the
right place.)

SSL_shutdown() sends a "end of message" signal to the peer.  If you
just close the connection, the peer will have no way to know that
the FIN wasn't actually a "truncation attack" and some clients may
flag the final block as suspect.  SSL_shutdown() is also a hook used
to flag that resources can be deallocated.

Bear Giles


-- Attached file included as plaintext by Ecartis --
-- Desc: /tmp/inn2

Index: inn/nnrpd/nnrpd.c
diff -c inn/nnrpd/nnrpd.c:1.2 inn/nnrpd/nnrpd.c:1.3
*** inn/nnrpd/nnrpd.c:1.2	Sun May 26 10:25:59 2002
--- inn/nnrpd/nnrpd.c	Sun May 26 10:31:16 2002
***************
*** 1,4 ****
! /*  $Id: nnrpd.c,v 1.2 2002/05/26 16:25:59 bear Exp $
  **
  **  NNTP server for readers (NNRP) for InterNetNews.
  **
--- 1,4 ----
! /*  $Id: nnrpd.c,v 1.3 2002/05/26 16:31:16 bear Exp $
  **
  **  NNTP server for readers (NNRP) for InterNetNews.
  **
***************
*** 203,208 ****
--- 203,214 ----
          syslog(L_NOTICE, "%s overstats count %d hit %d miss %d time %d size %d dbz %d seek %d get %d artcheck %d", ClientHost,
              OVERcount, OVERhit, OVERmiss, OVERtime, OVERsize, OVERdbz, OVERseek, OVERget, OVERartcheck);
  
+ #ifdef HAVE_OPENSSL
+ 	if (tls_conn) {
+ 	  SSL_shutdown(tls_conn);
+ 	  tls_conn = NULL;
+ 	} 
+ #endif
       if (DaemonMode) {
       	shutdown(STDIN_FILENO, 2);
       	shutdown(STDOUT_FILENO, 2);