/******************************************************************************
* Icinga 2 *
- * Copyright (C) 2012-2018 Icinga Development Team (https://www.icinga.com/) *
+ * Copyright (C) 2012-2018 Icinga Development Team (https://icinga.com/) *
* *
* This program is free software; you can redistribute it and/or *
* modify it under the terms of the GNU General Public License *
#include "base/utility.hpp"
#include "base/exception.hpp"
#include "base/logger.hpp"
+#include "base/configuration.hpp"
+#include "base/convert.hpp"
#include <iostream>
#ifndef _WIN32
m_CurrentAction = TlsActionHandshake;
ChangeEvents(POLLOUT);
- boost::system_time const timeout = boost::get_system_time() + boost::posix_time::seconds(TLS_TIMEOUT_SECONDS);
+ boost::system_time const timeout = boost::get_system_time() + boost::posix_time::milliseconds(long(Configuration::TlsHandshakeTimeout * 1000));
while (!m_HandshakeOK && !m_ErrorOccurred && !m_Eof && timeout > boost::get_system_time())
m_CV.timed_wait(lock, timeout);
- // We should _NOT_ (underline, bold, itallic and wordart) throw an exception for a timeout.
if (timeout < boost::get_system_time())
- BOOST_THROW_EXCEPTION(std::runtime_error("Timeout during handshake."));
+ BOOST_THROW_EXCEPTION(std::runtime_error("Timeout was reached (" + Convert::ToString(Configuration::TlsHandshakeTimeout) + ") during TLS handshake."));
if (m_Eof)
BOOST_THROW_EXCEPTION(std::runtime_error("Socket was closed during TLS handshake."));
if (!m_SSL)
return;
- (void)SSL_shutdown(m_SSL.get());
+ /* https://www.openssl.org/docs/manmaster/man3/SSL_shutdown.html
+ *
+ * It is recommended to do a bidirectional shutdown by checking
+ * the return value of SSL_shutdown() and call it again until
+ * it returns 1 or a fatal error. A maximum of 2x pending + 2x data
+ * is recommended.
+ */
+ int rc = 0;
+
+ for (int i = 0; i < 4; i++) {
+ if ((rc = SSL_shutdown(m_SSL.get())))
+ break;
+ }
+
m_SSL.reset();
m_Socket->Close();