From 9836d1531487ee390cd0707a4d8069a3c0d56580 Mon Sep 17 00:00:00 2001
From: dmiller <dmiller@e0a8ed71-7df4-0310-8962-fdc924857419>
Date: Mon, 31 Jul 2023 17:18:30 +0000
Subject: [PATCH] Ncat: Use SSL_shutdown() not shutdown() on SSL connections

---
 ncat/ncat_connect.c | 12 ++++++++++--
 ncat/ncat_listen.c  |  8 +++++++-
 2 files changed, 17 insertions(+), 3 deletions(-)

diff --git a/ncat/ncat_connect.c b/ncat/ncat_connect.c
index a749b863e..dda518356 100644
--- a/ncat/ncat_connect.c
+++ b/ncat/ncat_connect.c
@@ -1267,8 +1267,16 @@ static void read_stdin_handler(nsock_pool nsp, nsock_event evt, void *data)
 
 
     if (status == NSE_STATUS_EOF) {
-        if (!o.noshutdown)
-            shutdown(nsock_iod_get_sd(cs.sock_nsi), SHUT_WR);
+        if (!o.noshutdown) {
+#ifdef HAVE_OPENSSL
+            SSL *ssl = NULL;
+            if (o.ssl && NULL != (ssl = (SSL *)nsock_iod_get_ssl(cs.sock_nsi))) {
+                SSL_shutdown(ssl);
+            }
+            else
+#endif
+                shutdown(nsock_iod_get_sd(cs.sock_nsi), SHUT_WR);
+        }
         /* In --send-only mode or non-TCP mode, exit after EOF on stdin. */
         if (o.proto != IPPROTO_TCP || (o.proto == IPPROTO_TCP && o.sendonly))
             nsock_loop_quit(nsp);
diff --git a/ncat/ncat_listen.c b/ncat/ncat_listen.c
index c307c68c4..67e4d366d 100644
--- a/ncat/ncat_listen.c
+++ b/ncat/ncat_listen.c
@@ -791,7 +791,13 @@ static void shutdown_sockets(int how)
 
         fdn = get_fdinfo(&broadcast_fdlist, i);
         ncat_assert(fdn != NULL);
-        shutdown(fdn->fd, how);
+#ifdef HAVE_OPENSSL
+        if (o.ssl && fdn->ssl) {
+                SSL_shutdown(fdn->ssl);
+        }
+        else
+#endif
+            shutdown(fdn->fd, how);
     }
 }