ssl_release(): Fix build with LibreSSL

[privoxy.git] / openssl.c

diff --git a/openssl.c b/openssl.c
index 0005ed5..7e4e3d8 100644 (file)
--- a/openssl.c
+++ b/openssl.c
@@ -301,7 +301,7 @@ static int ssl_store_cert(struct client_state *csp, X509* crt)
    if (len > (sizeof(last->file_buf) - 1))
    {
       log_error(LOG_LEVEL_ERROR,
-         "X509 PEM cert len %d is larger than buffer len %d",
+         "X509 PEM cert len %ld is larger than buffer len %lu",
          len, sizeof(last->file_buf) - 1);
       len = sizeof(last->file_buf) - 1;
    }
@@ -721,7 +721,7 @@ extern int create_client_ssl_connection(struct client_state *csp)
    char *ca_file   = NULL;
    char *cert_file = NULL;
    int ret = 0;
-   SSL* ssl;
+   SSL *ssl;
 
    /*
     * Initializing OpenSSL structures for TLS/SSL connection
@@ -870,6 +870,7 @@ exit:
 extern void close_client_ssl_connection(struct client_state *csp)
 {
    struct ssl_attr *ssl_attr = &csp->ssl_client_attr;
+   SSL *ssl;
 
    if (csp->ssl_with_client_is_opened == 0)
    {
@@ -880,6 +881,20 @@ extern void close_client_ssl_connection(struct client_state *csp)
     * Notifying the peer that the connection is being closed.
     */
    BIO_ssl_shutdown(ssl_attr->openssl_attr.bio);
+   if (BIO_get_ssl(ssl_attr->openssl_attr.bio, &ssl) != 1)
+   {
+      log_ssl_errors(LOG_LEVEL_ERROR,
+         "BIO_get_ssl() failed in close_client_ssl_connection()");
+   }
+   else
+   {
+      /*
+       * Pretend we received a shutdown alert so
+       * the BIO_free_all() call later on returns
+       * quickly.
+       */
+      SSL_set_shutdown(ssl, SSL_RECEIVED_SHUTDOWN);
+   }
    free_client_ssl_structures(csp);
    csp->ssl_with_client_is_opened = 0;
 }
@@ -929,6 +944,7 @@ static void free_client_ssl_structures(struct client_state *csp)
 extern void close_server_ssl_connection(struct client_state *csp)
 {
    struct ssl_attr *ssl_attr = &csp->ssl_server_attr;
+   SSL *ssl;
 
    if (csp->ssl_with_server_is_opened == 0)
    {
@@ -939,6 +955,20 @@ extern void close_server_ssl_connection(struct client_state *csp)
    * Notifying the peer that the connection is being closed.
    */
    BIO_ssl_shutdown(ssl_attr->openssl_attr.bio);
+   if (BIO_get_ssl(ssl_attr->openssl_attr.bio, &ssl) != 1)
+   {
+      log_ssl_errors(LOG_LEVEL_ERROR,
+         "BIO_get_ssl() failed in close_server_ssl_connection()");
+   }
+   else
+   {
+      /*
+       * Pretend we received a shutdown alert so
+       * the BIO_free_all() call later on returns
+       * quickly.
+       */
+      SSL_set_shutdown(ssl, SSL_RECEIVED_SHUTDOWN);
+   }
    free_server_ssl_structures(csp);
    csp->ssl_with_server_is_opened = 0;
 }
@@ -1093,8 +1123,9 @@ extern int create_server_ssl_connection(struct client_state *csp)
       else
       {
          csp->server_cert_verification_result = verify_result;
-         log_error(LOG_LEVEL_ERROR, "SSL_get_verify_result failed: %s",
-            X509_verify_cert_error_string(verify_result));
+         log_error(LOG_LEVEL_ERROR,
+            "X509 certificate verification for %s failed: %s",
+            csp->http->hostport, X509_verify_cert_error_string(verify_result));
          ret = -1;
          goto exit;
       }
@@ -2147,12 +2178,14 @@ extern void ssl_release(void)
 {
    if (ssl_inited == 1)
    {
+#ifndef OPENSSL_NO_COMP
       SSL_COMP_free_compression_methods();
-
+#endif
       CONF_modules_free();
       CONF_modules_unload(1);
-
+#ifndef OPENSSL_NO_COMP
       COMP_zlib_cleanup();
+#endif
 
       ERR_free_strings();
       EVP_cleanup();