From 3cbaf1e379900e97c21f5c640496f5971087ed70 Mon Sep 17 00:00:00 2001
From: Paul Bakker <p.j.bakker@polarssl.org>
Date: Tue, 8 Jul 2014 12:26:02 +0200
Subject: [PATCH] Add ssl_close_notify() to servers that missed it

---
 ChangeLog                  |  1 +
 programs/ssl/ssl_client2.c |  5 +++--
 programs/ssl/ssl_server.c  | 16 +++++++++++++++-
 programs/ssl/ssl_server2.c | 14 ++++++++++++++
 4 files changed, 33 insertions(+), 3 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index a288c06aa..4f681c1dc 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -42,6 +42,7 @@ Bugfix
    * ssl_handshake_init() was leaving dirty pointers in subcontexts if malloc
      of one of them failed
    * x509_get_current_time() uses localtime_r() to prevent thread issues
+   * Some example server programs were not sending the close_notify alert.
 
 = Version 1.2.10 released 2013-10-07
 Changes
diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c
index d977db527..1f53e532e 100644
--- a/programs/ssl/ssl_client2.c
+++ b/programs/ssl/ssl_client2.c
@@ -616,6 +616,7 @@ int main( int argc, char *argv[] )
         if( ret == 0 )
         {
             printf("\n\nEOF\n\n");
+            ssl_close_notify( &ssl );
             break;
         }
 
@@ -624,9 +625,9 @@ int main( int argc, char *argv[] )
     }
     while( 1 );
 
-    ssl_close_notify( &ssl );
-
 exit:
+    if( ret == POLARSSL_ERR_SSL_PEER_CLOSE_NOTIFY )
+        ret = 0;
 
 #ifdef POLARSSL_ERROR_C
     if( ret != 0 )
diff --git a/programs/ssl/ssl_server.c b/programs/ssl/ssl_server.c
index 48e56770d..a4247dad2 100644
--- a/programs/ssl/ssl_server.c
+++ b/programs/ssl/ssl_server.c
@@ -324,7 +324,21 @@ reset:
 
     len = ret;
     printf( " %d bytes written\n\n%s\n", len, (char *) buf );
-    
+
+    printf( "  . Closing the connection..." );
+
+    while( ( ret = ssl_close_notify( &ssl ) ) < 0 )
+    {
+        if( ret != POLARSSL_ERR_NET_WANT_READ &&
+            ret != POLARSSL_ERR_NET_WANT_WRITE )
+        {
+            printf( " failed\n  ! ssl_close_notify returned %d\n\n", ret );
+            goto reset;
+        }
+    }
+
+    printf( " ok\n" );
+
     ret = 0;
     goto reset;
 
diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c
index b8cc16c7e..573408858 100644
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@@ -684,6 +684,20 @@ reset:
     len = ret;
     printf( " %d bytes written\n\n%s\n", len, (char *) buf );
 
+    printf( "  . Closing the connection..." );
+
+    while( ( ret = ssl_close_notify( &ssl ) ) < 0 )
+    {
+        if( ret != POLARSSL_ERR_NET_WANT_READ &&
+            ret != POLARSSL_ERR_NET_WANT_WRITE )
+        {
+            printf( " failed\n  ! ssl_close_notify returned %d\n\n", ret );
+            goto reset;
+        }
+    }
+
+    printf( " ok\n" );
+
     ret = 0;
     goto reset;