diff --git a/handler/src/main/java/io/netty/handler/ssl/ReferenceCountedOpenSslEngine.java b/handler/src/main/java/io/netty/handler/ssl/ReferenceCountedOpenSslEngine.java index 49dec43109..670208cfcb 100644 --- a/handler/src/main/java/io/netty/handler/ssl/ReferenceCountedOpenSslEngine.java +++ b/handler/src/main/java/io/netty/handler/ssl/ReferenceCountedOpenSslEngine.java @@ -34,7 +34,6 @@ import io.netty.util.internal.logging.InternalLoggerFactory; import java.nio.ByteBuffer; import java.nio.ReadOnlyBufferException; -import java.security.AlgorithmConstraints; import java.security.Principal; import java.security.cert.Certificate; import java.util.ArrayList; @@ -458,9 +457,11 @@ public class ReferenceCountedOpenSslEngine extends SSLEngine implements Referenc // It is possible when the outbound was closed there was not enough room in the non-application // buffers to hold the close_notify. We should keep trying to close until we consume all the data // OpenSSL can give us. - boolean didShutdown = doSSLShutdown(); + if (!doSSLShutdown()) { + return newResultMayFinishHandshake(NOT_HANDSHAKING, 0, bytesProduced); + } bytesProduced = bioLengthBefore - SSL.bioLengthByteBuffer(networkBIO); - return newResultMayFinishHandshake(didShutdown ? NEED_WRAP : NOT_HANDSHAKING, 0, bytesProduced); + return newResultMayFinishHandshake(NEED_WRAP, 0, bytesProduced); } // Flush any data that may be implicitly generated by OpenSSL (handshake, close, etc..). @@ -1023,6 +1024,10 @@ public class ReferenceCountedOpenSslEngine extends SSLEngine implements Referenc } } + /** + * Attempt to call {@link SSL#shutdownSSL(long)}. + * @return {@code false} if the call to {@link SSL#shutdownSSL(long)} was not attempted or returned an error. + */ private boolean doSSLShutdown() { if (SSL.isInInit(ssl) != 0) { // Only try to call SSL_shutdown if we are not in the init state anymore.