fix close notify messages

pkg/atls/atlsListener.go

@@ -30,12 +30,13 @@ const (
 )
 
 const (
-	NO_ERROR          = 0
-	ERROR_ZERO_RETURN = 6
-	ERROR_WANT_READ   = 2
-	ERROR_WANT_WRITE  = 3
-	ERROR_SYSCALL     = 5
-	ERROR_SSL         = 1
+	noError         = 0
+	errorZeroReturn = 6
+	errorWantRead   = 2
+	errorWantWrite  = 3
+	errorSyscall    = 5
+	errorSsl        = 1
+	waitTime        = 2
 )
 
 var (
@@ -228,21 +229,21 @@ func (c *ATLSConn) Read(b []byte) (int, error) {
 
 	// handle specific error codes returned by SSL_get_error.
 	switch errCode {
-	case NO_ERROR:
+	case noError:
 		return n, nil // no error.
-	case ERROR_ZERO_RETURN:
-		fmt.Fprintf(os.Stderr, "Connection closed by peer")
+	case errorZeroReturn:
+		fmt.Fprintf(os.Stdout, "Connection closed by peer")
 		return 0, io.EOF // connection closed.
-	case ERROR_WANT_READ:
+	case errorWantRead:
 		fmt.Fprintf(os.Stderr, "Operation read incomplete, retry later")
 		return 0, nil // non-fatal, just retry later.
-	case ERROR_WANT_WRITE:
+	case errorWantWrite:
 		fmt.Fprintf(os.Stderr, "Operation write incomplete, retry later")
 		return 0, nil // non-fatal, just retry later.
-	case ERROR_SYSCALL:
+	case errorSyscall:
 		fmt.Fprintf(os.Stderr, "I/O error")
 		return 0, syscall.ECONNRESET // return connection reset error.
-	case ERROR_SSL:
+	case errorSsl:
 		fmt.Fprintf(os.Stderr, "I/O error")
 		return 0, syscall.ECONNRESET // return connection reset error.
 	default:
@@ -280,13 +281,24 @@ func (c *ATLSConn) Close() error {
 		return nil
 	}
 
-	ret := C.tls_close(c.tlsConn)
+	for {
+		ret := C.tls_close(c.tlsConn)
 
-	if int(ret) < 0 {
-		c.tlsConn = nil
-		return errTLSConn
-	} else if int(ret) == 1 {
-		c.tlsConn = nil
+		if int(ret) == 0 {
+			c.fdDelayMutex.Unlock()
+			c.fdWriteMutex.Unlock()
+			c.fdReadMutex.Unlock()
+			time.Sleep(waitTime * time.Millisecond)
+			c.fdDelayMutex.Lock()
+			c.fdWriteMutex.Lock()
+			c.fdReadMutex.Lock()
+		} else if int(ret) < 0 {
+			c.tlsConn = nil
+			return errTLSConn
+		} else if int(ret) == 1 {
+			c.tlsConn = nil
+			break;
+		}
 	}
 
 	return nil

pkg/atls/listener.c

@@ -353,16 +353,38 @@ int tls_close(tls_connection *conn) {
         if (conn->ssl != NULL) {
             int ret = 0;
 
-            while (ret == 0) {
-                ret = SSL_shutdown(conn->ssl);
+            if (SSL_has_pending(conn->ssl) == 1 || (SSL_get_shutdown(conn->ssl) & SSL_SENT_SHUTDOWN)) {
+                int num = SSL_pending(conn->ssl);
+                char c[num];
+                int res = 0;
+                int end = 0;
 
-                if (ret < 0) {
-                    fprintf(stderr, "SSL did not shutdown correctly\n");
-                    free(conn);
-                    close(conn->socket_fd);
-                    conn = NULL;
-                    return -1;
+                res = SSL_read(conn->ssl, (void*)c, num);
+                res = SSL_get_error(conn->ssl, res);
+
+                if (res == SSL_ERROR_ZERO_RETURN) {
+                    end = 1;
+                } else if (res != SSL_ERROR_NONE) {
+                    fprintf(stderr, "SSL_read failed in TLS close call\n");
+                    end = 1;
                 }
+
+                if ((SSL_get_shutdown(conn->ssl) & SSL_RECEIVED_SHUTDOWN) || end == 1) {
+                    ret = SSL_shutdown(conn->ssl);
+                }
+            } else {
+                ret = SSL_shutdown(conn->ssl);
+            }
+
+            if (ret < 0) {
+                ret = SSL_get_error(conn->ssl, ret);
+                fprintf(stderr, "SSL did not shutdown correctly, error code: %d\n", ret);
+                free(conn);
+                close(conn->socket_fd);
+                conn = NULL;
+                return -1;
+            } else if (ret == 0) {
+                return 0;
             }
             conn->ssl = NULL;
         }
@@ -381,7 +403,7 @@ int tls_close(tls_connection *conn) {
         return 1;
     }
 
-    return 0;
+    return 1;
 }
 
 char* tls_return_addr(struct sockaddr_storage *addr) {