X-Git-Url: http://www.privoxy.org/gitweb/?p=privoxy.git;a=blobdiff_plain;f=openssl.c;h=4a0e23b34c91534664f69e7aa9fe73f644e79143;hp=56dc52a32d46abe092d6f21d83c02b621d08d625;hb=aff9f77a4df808dadc3c871c170712d8bd1584e6;hpb=6ede7269d436ab362cf945a497044a831a092196

diff --git a/openssl.c b/openssl.c
index 56dc52a3..4a0e23b3 100644
--- a/openssl.c
+++ b/openssl.c
@@ -55,7 +55,7 @@
 #define CERTIFICATE_AUTHORITY_KEY                "keyid:always"
 #define CERTIFICATE_ALT_NAME_PREFIX              "DNS:"
 #define CERTIFICATE_VERSION                      2
-#define VALID_DATETIME_FMT                       "%Y%m%d%H%M%SZ"
+#define VALID_DATETIME_FMT                       "%y%m%d%H%M%SZ"
 #define VALID_DATETIME_BUFLEN                    16
 
 static int generate_webpage_certificate(struct client_state *csp);
@@ -721,7 +721,7 @@ extern int create_client_ssl_connection(struct client_state *csp)
    char *ca_file   = NULL;
    char *cert_file = NULL;
    int ret = 0;
-   SSL* ssl;
+   SSL *ssl;
 
    /*
     * Initializing OpenSSL structures for TLS/SSL connection
@@ -870,6 +870,7 @@ exit:
 extern void close_client_ssl_connection(struct client_state *csp)
 {
    struct ssl_attr *ssl_attr = &csp->ssl_client_attr;
+   SSL *ssl;
 
    if (csp->ssl_with_client_is_opened == 0)
    {
@@ -880,6 +881,20 @@ extern void close_client_ssl_connection(struct client_state *csp)
     * Notifying the peer that the connection is being closed.
     */
    BIO_ssl_shutdown(ssl_attr->openssl_attr.bio);
+   if (BIO_get_ssl(ssl_attr->openssl_attr.bio, &ssl) != 1)
+   {
+      log_ssl_errors(LOG_LEVEL_ERROR,
+         "BIO_get_ssl() failed in close_client_ssl_connection()");
+   }
+   else
+   {
+      /*
+       * Pretend we received a shutdown alert so
+       * the BIO_free_all() call later on returns
+       * quickly.
+       */
+      SSL_set_shutdown(ssl, SSL_RECEIVED_SHUTDOWN);
+   }
    free_client_ssl_structures(csp);
    csp->ssl_with_client_is_opened = 0;
 }
@@ -929,6 +944,7 @@ static void free_client_ssl_structures(struct client_state *csp)
 extern void close_server_ssl_connection(struct client_state *csp)
 {
    struct ssl_attr *ssl_attr = &csp->ssl_server_attr;
+   SSL *ssl;
 
    if (csp->ssl_with_server_is_opened == 0)
    {
@@ -939,6 +955,20 @@ extern void close_server_ssl_connection(struct client_state *csp)
    * Notifying the peer that the connection is being closed.
    */
    BIO_ssl_shutdown(ssl_attr->openssl_attr.bio);
+   if (BIO_get_ssl(ssl_attr->openssl_attr.bio, &ssl) != 1)
+   {
+      log_ssl_errors(LOG_LEVEL_ERROR,
+         "BIO_get_ssl() failed in close_server_ssl_connection()");
+   }
+   else
+   {
+      /*
+       * Pretend we received a shutdown alert so
+       * the BIO_free_all() call later on returns
+       * quickly.
+       */
+      SSL_set_shutdown(ssl, SSL_RECEIVED_SHUTDOWN);
+   }
    free_server_ssl_structures(csp);
    csp->ssl_with_server_is_opened = 0;
 }
@@ -1548,6 +1578,7 @@ static int ssl_certificate_is_invalid(const char *cert_file)
    {
       log_ssl_errors(LOG_LEVEL_ERROR,
          "Error checking certificate %s validity", cert_file);
+      ret = -1;
    }
 
    X509_free(cert);
@@ -2148,12 +2179,14 @@ extern void ssl_release(void)
 {
    if (ssl_inited == 1)
    {
+#ifndef OPENSSL_NO_COMP
       SSL_COMP_free_compression_methods();
-
+#endif
       CONF_modules_free();
       CONF_modules_unload(1);
-
+#ifndef OPENSSL_NO_COMP
       COMP_zlib_cleanup();
+#endif
 
       ERR_free_strings();
       EVP_cleanup();