some minor changes:

- added comment that using "SSLv23" methods will automatically negotiate the highest possible TLS protocol version - cleaned up error handling in ACE_SSL_SOCK_Stream::close()
DOCGroup · Feb 9, 2025 · 31f201e · 31f201e
1 parent 2431f5e
commit 31f201e
Show file tree

Hide file tree

Showing 4 changed files with 11 additions and 9 deletions.
diff --git a/ACE/ace/SSL/SSL_Context.cpp b/ACE/ace/SSL/SSL_Context.cpp
@@ -261,6 +261,7 @@ ACE_SSL_Context::set_mode (int mode)
   SSL_METHOD *method = 0;
 #endif
 
+  /* these openssl macros negotiate highest available SSL/TLS version */
   switch (mode)
     {
     case ACE_SSL_Context::SSLv23_client:

diff --git a/ACE/ace/SSL/SSL_Context.h b/ACE/ace/SSL/SSL_Context.h
@@ -104,6 +104,7 @@ class ACE_SSL_Export ACE_SSL_Context
 
   enum {
     INVALID_METHOD = -1,
+    /* these negotiate highest available SSL/TLS version */
     SSLv23_client,
     SSLv23_server,
     SSLv23

diff --git a/ACE/ace/SSL/SSL_SOCK_Stream.cpp b/ACE/ace/SSL/SSL_SOCK_Stream.cpp
@@ -158,8 +158,7 @@ ACE_SSL_SOCK_Stream::recvv (iovec *io_vec,
       ACE_NEW_RETURN (io_vec->iov_base,
                       char[inlen],
                       -1);
-      io_vec->iov_len = this->recv (io_vec->iov_base,
-                                    inlen);
+      io_vec->iov_len = static_cast<u_long> (this->recv (io_vec->iov_base, inlen));
       return io_vec->iov_len;
     }
   else

diff --git a/ACE/ace/SSL/SSL_SOCK_Stream.inl b/ACE/ace/SSL/SSL_SOCK_Stream.inl
@@ -317,16 +317,15 @@ ACE_SSL_SOCK_Stream::close ()
   // connection, not 0.
   int const status = ::SSL_shutdown (this->ssl_);
 
-  switch (::SSL_get_error (this->ssl_, status))
+  int status_2 = ::SSL_get_error (this->ssl_, status);
+  switch (status_2)
     {
     case SSL_ERROR_NONE:
-    case SSL_ERROR_SYSCALL:  // Ignore this error condition.
-
       // Reset the SSL object to allow another connection to be made
       // using this ACE_SSL_SOCK_Stream instance.  This prevents the
       // previous SSL session state from being associated with the new
       // SSL session/connection.
-      (void) ::SSL_clear (this->ssl_);
+      ::SSL_clear (this->ssl_);
       this->set_handle (ACE_INVALID_HANDLE);
       return this->stream_.close ();
 
@@ -335,13 +334,15 @@ ACE_SSL_SOCK_Stream::close ()
       errno = EWOULDBLOCK;
       break;
 
+    case SSL_ERROR_SSL:
+    case SSL_ERROR_SYSCALL:
     default:
       ACE_SSL_Context::report_error ();
 
+      this->set_handle (ACE_INVALID_HANDLE);
       ACE_Errno_Guard error (errno);   // Save/restore errno
-      (void) this->stream_.close ();
-
-      return -1;
+      this->stream_.close ();
+      break;
     }
 
   return -1;