Ncat: Use SSL_shutdown() not shutdown() on SSL connections

2026-01-29 01:29:22 +00:00 · 2023-07-31 17:18:30 +00:00
parent d4e769197a
commit 9836d15314
2 changed files with 17 additions and 3 deletions
--- a/ncat/ncat_connect.c
+++ b/ncat/ncat_connect.c
@@ -1267,8 +1267,16 @@ static void read_stdin_handler(nsock_pool nsp, nsock_event evt, void *data)


    if (status == NSE_STATUS_EOF) {
-        if (!o.noshutdown)
-            shutdown(nsock_iod_get_sd(cs.sock_nsi), SHUT_WR);
+        if (!o.noshutdown) {
+#ifdef HAVE_OPENSSL
+            SSL *ssl = NULL;
+            if (o.ssl && NULL != (ssl = (SSL *)nsock_iod_get_ssl(cs.sock_nsi))) {
+                SSL_shutdown(ssl);
+            }
+            else
+#endif
+                shutdown(nsock_iod_get_sd(cs.sock_nsi), SHUT_WR);
+        }
        /* In --send-only mode or non-TCP mode, exit after EOF on stdin. */
        if (o.proto != IPPROTO_TCP || (o.proto == IPPROTO_TCP && o.sendonly))
            nsock_loop_quit(nsp);
--- a/ncat/ncat_listen.c
+++ b/ncat/ncat_listen.c
@@ -791,7 +791,13 @@ static void shutdown_sockets(int how)

        fdn = get_fdinfo(&broadcast_fdlist, i);
        ncat_assert(fdn != NULL);
-        shutdown(fdn->fd, how);
+#ifdef HAVE_OPENSSL
+        if (o.ssl && fdn->ssl) {
+                SSL_shutdown(fdn->ssl);
+        }
+        else
+#endif
+            shutdown(fdn->fd, how);
    }
 }