diff --git a/boring-sys/build.rs b/boring-sys/build.rs index 5a9e1d5f4..c6e1de7ef 100644 --- a/boring-sys/build.rs +++ b/boring-sys/build.rs @@ -332,7 +332,7 @@ fn main() { println!("cargo:warning=fetching boringssl git submodule"); // fetch the boringssl submodule let status = Command::new("git") - .args(&[ + .args([ "submodule", "update", "--init", diff --git a/boring/src/ssl/mod.rs b/boring/src/ssl/mod.rs index c382375d8..1f838b8a3 100644 --- a/boring/src/ssl/mod.rs +++ b/boring/src/ssl/mod.rs @@ -3054,7 +3054,24 @@ impl SslStream { match unsafe { ffi::SSL_shutdown(self.ssl.as_ptr()) } { 0 => Ok(ShutdownResult::Sent), 1 => Ok(ShutdownResult::Received), - n => Err(self.make_error(n)), + n => { + let e = self.make_error(n); + + // If boring returns PROTOCOL_IS_SHUTDOWN then the connection + // has already been shutdown and we can just return Ok(()), as + // this was exactly what we wanted to do anyway. + if e.code() == ErrorCode::SSL { + if let Some(stack) = e.ssl_error() { + if let Some(first) = stack.errors().first() { + if first.code() as i32 == boring_sys::SSL_R_PROTOCOL_IS_SHUTDOWN { + return Ok(ShutdownResult::Received); + } + } + } + } + + Err(e) + } } } diff --git a/boring/src/ssl/test/mod.rs b/boring/src/ssl/test/mod.rs index 5066a2e6e..200ced24b 100644 --- a/boring/src/ssl/test/mod.rs +++ b/boring/src/ssl/test/mod.rs @@ -199,7 +199,7 @@ fn verify_callback() { CALLED_BACK.store(true, Ordering::SeqCst); let cert = x509.current_cert().unwrap(); let digest = cert.digest(MessageDigest::sha1()).unwrap(); - assert_eq!(hex::encode(&digest), expected); + assert_eq!(hex::encode(digest), expected); true }); @@ -221,7 +221,7 @@ fn ssl_verify_callback() { CALLED_BACK.store(true, Ordering::SeqCst); let cert = x509.current_cert().unwrap(); let digest = cert.digest(MessageDigest::sha1()).unwrap(); - assert_eq!(hex::encode(&digest), expected); + assert_eq!(hex::encode(digest), expected); true }); @@ -311,9 +311,9 @@ fn test_connect_with_srtp_ctx() { let mut ctx = SslContext::builder(SslMethod::dtls()).unwrap(); ctx.set_tlsext_use_srtp("SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32") .unwrap(); - ctx.set_certificate_file(&Path::new("test/cert.pem"), SslFiletype::PEM) + ctx.set_certificate_file(Path::new("test/cert.pem"), SslFiletype::PEM) .unwrap(); - ctx.set_private_key_file(&Path::new("test/key.pem"), SslFiletype::PEM) + ctx.set_private_key_file(Path::new("test/key.pem"), SslFiletype::PEM) .unwrap(); let mut ssl = Ssl::new(&ctx.build()).unwrap(); ssl.set_mtu(1500).unwrap(); @@ -367,9 +367,9 @@ fn test_connect_with_srtp_ssl() { let guard = thread::spawn(move || { let stream = listener.accept().unwrap().0; let mut ctx = SslContext::builder(SslMethod::dtls()).unwrap(); - ctx.set_certificate_file(&Path::new("test/cert.pem"), SslFiletype::PEM) + ctx.set_certificate_file(Path::new("test/cert.pem"), SslFiletype::PEM) .unwrap(); - ctx.set_private_key_file(&Path::new("test/key.pem"), SslFiletype::PEM) + ctx.set_private_key_file(Path::new("test/key.pem"), SslFiletype::PEM) .unwrap(); let mut ssl = Ssl::new(&ctx.build()).unwrap(); ssl.set_tlsext_use_srtp("SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32") @@ -988,9 +988,9 @@ fn keying_export() { let guard = thread::spawn(move || { let stream = listener.accept().unwrap().0; let mut ctx = SslContext::builder(SslMethod::tls()).unwrap(); - ctx.set_certificate_file(&Path::new("test/cert.pem"), SslFiletype::PEM) + ctx.set_certificate_file(Path::new("test/cert.pem"), SslFiletype::PEM) .unwrap(); - ctx.set_private_key_file(&Path::new("test/key.pem"), SslFiletype::PEM) + ctx.set_private_key_file(Path::new("test/key.pem"), SslFiletype::PEM) .unwrap(); let ssl = Ssl::new(&ctx.build()).unwrap(); let mut stream = ssl.accept(stream).unwrap();