untrusted comment: verify with openbsd-67-base.pub
RWRmkIA877Io3t3C9zPg6TJv4WdWT7Fcn1ZJOpVtHz1rozkORegnJLSrpeqeJM2xzSvOUXEEbBGGLbRKocaXRLrybs/fRsZkTQA=

OpenBSD 6.7 errata 020, August 18, 2020:

The previous errata patch 019 broke bidirectional SSL_shutdown.

Apply by doing:
   signify -Vep /etc/signify/openbsd-67-base.pub -x 020_libssl.patch.sig \
       -m - | (cd /usr/src && patch -p0)

And then rebuild and install libssl and unwind:
   cd /usr/src/lib/libssl
   make obj
   make
   make install
   cd /usr/src/sbin/unwind
   make obj
   make
   make install

Index: lib/libssl/tls13_legacy.c
===================================================================
RCS file: /cvs/src/lib/libssl/tls13_legacy.c,v
retrieving revision 1.3.4.2
diff -u -p -r1.3.4.2 tls13_legacy.c
--- lib/libssl/tls13_legacy.c   10 Aug 2020 18:59:47 -0000      1.3.4.2
+++ lib/libssl/tls13_legacy.c   12 Aug 2020 18:46:12 -0000
@@ -497,6 +497,7 @@ tls13_legacy_shutdown(SSL *ssl)
               if ((ret = tls13_record_layer_send_pending(ctx->rl)) !=
                   TLS13_IO_SUCCESS)
                       return tls13_legacy_return_code(ssl, ret);
+               ctx->close_notify_sent = 1;
       } else if (!ctx->close_notify_recv) {
               /*
                * If there is no application data pending, attempt to read more

You are viewing proxied material from ftp.icm.edu.pl. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.