Fix TLS shutdown and error output

2026-06-19 19:33:38 +08:00 · 2026-06-13 07:03:35 +08:00
parent 1ed2cfdcc4
commit b3bc3bb803
7 changed files with 35 additions and 31 deletions
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -768,7 +768,7 @@ endif()
 #
 set(CPACK_PACKAGE_NAME "GmSSL")
 set(CPACK_PACKAGE_VENDOR "GmSSL develop team")
-set(CPACK_PACKAGE_VERSION "3.2.0-dev.1014")
+set(CPACK_PACKAGE_VERSION "3.2.0-dev.1015")
 set(CPACK_PACKAGE_DESCRIPTION_FILE ${PROJECT_SOURCE_DIR}/README.md)
 set(CPACK_NSIS_MODIFY_PATH ON)
 include(CPack)
--- a/README.md
+++ b/README.md
@@ -73,13 +73,14 @@ nmake

 ### 多语言接口

-GmSSL通过子项目提供多种多种编程语言绑定
+GmSSL通过子项目提供多种编程语言绑定

 * [GmSSL-Java](https://github.com/GmSSL/GmSSL-Java) 以JNI方式实现的Java语言绑定
 * [GmSSL-PHP](https://github.com/GmSSL/GmSSL-PHP) 以PHP扩展方式实现的PHP语言绑定
 * [GmSSL-Go](https://github.com/GmSSL/GmSSL-Go) 以CGO方式实现的Go语言绑定
 * [GmSSL-Python](https://github.com/GmSSL/GmSSL-Python) 以ctypes方式实现的Python语言绑定
- * [GmSSL-JS](https://github.com/guanzhi/GmSSL-JS) 纯JavaScript实现的国密算法库
+ * [gmssl-rs](https://github.com/GmSSL/gmssl-rs) GmSSL密码库的Rust语言封装
+ * [GmSSL-Nodejs](https://github.com/GmSSL/GmSSL-Nodejs) GmSSL密码库的Node.js语言绑定

 ### 支持国密硬件

@@ -172,4 +173,3 @@ test_sm9_z256_pairing_speed: 141 pairings per seconds
 ## Stargazers over time

 [![Stargazers over time](https://starchart.cc/guanzhi/GmSSL.svg)](https://starchart.cc/guanzhi/GmSSL)
-
--- a/include/gmssl/version.h
+++ b/include/gmssl/version.h
@@ -19,7 +19,7 @@ extern "C" {

 // Also update CPACK_PACKAGE_VERSION in CMakeLists.txt
 #define GMSSL_VERSION_NUM	30200
-#define GMSSL_VERSION_STR	"GmSSL 3.2.0-dev.1014"
+#define GMSSL_VERSION_STR	"GmSSL 3.2.0-dev.1015"

 int gmssl_version_num(void);
 const char *gmssl_version_str(void);
--- a/src/tls.c
+++ b/src/tls.c
@@ -2166,6 +2166,11 @@ int tls_shutdown(TLS_CONNECT *conn)
 		return -1;
 	}

+	if (conn->handshake_state != TLS_state_handshake_over) {
+		conn->shutdown_state = TLS_state_shutdown_over;
+		return 1;
+	}
+
 	if (conn->shutdown_state == TLS_state_shutdown_over) {
 		return 1;
 	}
@@ -2175,6 +2180,10 @@ int tls_shutdown(TLS_CONNECT *conn)

 	if (conn->shutdown_state == TLS_state_shutdown_send_close_notify) {
 		if ((ret = tls_send_close_notify(conn)) != 1) {
+			if (ret == TLS_ERROR_TCP_CLOSED) {
+				conn->shutdown_state = TLS_state_shutdown_over;
+				return 1;
+			}
 			return ret;
 		}
 		if (conn->close_notify_received) {
@@ -2186,20 +2195,21 @@ int tls_shutdown(TLS_CONNECT *conn)

 	if (conn->shutdown_state == TLS_state_shutdown_recv_close_notify) {
 		if(conn->verbose) tls_trace("recv Alert.close_notify\n");
-		ret = tls_recv(conn, buf, sizeof(buf), &len);
-		if (ret == 0 && conn->close_notify_received) {
-			conn->shutdown_state = TLS_state_shutdown_over;
-			return 1;
+		for (;;) {
+			ret = tls_recv(conn, buf, sizeof(buf), &len);
+			if (ret == 1 && len > 0) {
+				continue;
+			}
+			if (ret == 0 || ret == TLS_ERROR_TCP_CLOSED) {
+				conn->shutdown_state = TLS_state_shutdown_over;
+				return 1;
+			}
+			if (ret == TLS_ERROR_RECV_AGAIN || ret == TLS_ERROR_SEND_AGAIN) {
+				return ret;
+			}
+			error_print();
+			return -1;
 		}
-		if (ret == TLS_ERROR_RECV_AGAIN || ret == TLS_ERROR_SEND_AGAIN) {
-			return ret;
-		}
-		if (ret == TLS_ERROR_TCP_CLOSED) {
-			if(conn->verbose) tls_trace("Connection closed by remote without close_notify\n");
-			return ret;
-		}
-		error_print();
-		return -1;
 	}

 	error_print();
--- a/src/tls12.c
+++ b/src/tls12.c
@@ -304,7 +304,6 @@ int tls_send_record(TLS_CONNECT *conn)
 				return -1;
 			}
 		} else if (n == 0) {
-			error_print();
 			return TLS_ERROR_TCP_CLOSED;
 		}
 		conn->record_offset += n;
@@ -338,7 +337,6 @@ int tls_recv_record(TLS_CONNECT *conn)
 					return TLS_ERROR_SYSCALL;
 				}
 			} else if (n == 0) {
-				error_print();
 				return TLS_ERROR_TCP_CLOSED;
 			}
 			conn->record_offset += n;
@@ -378,7 +376,6 @@ int tls_recv_record(TLS_CONNECT *conn)
 				return TLS_ERROR_SYSCALL;
 			}
 		} else if (n == 0) {
-			error_print();
 			return TLS_ERROR_TCP_CLOSED;
 		}
 		conn->record_offset += n;
--- a/src/tls13.c
+++ b/src/tls13.c
@@ -1108,16 +1108,15 @@ int tls13_send(TLS_CONNECT *conn, const uint8_t *data, size_t datalen, size_t *s
 	while (conn->recordlen) {
 		tls_ret_t n;

-		if ((n = tls_socket_send(conn->sock, conn->record + conn->record_offset, conn->recordlen, 0)) <= 0) {
+		n = tls_socket_send(conn->sock, conn->record + conn->record_offset, conn->recordlen, 0);
+		if (n < 0) {
 			if (errno == EAGAIN || errno == EWOULDBLOCK) {
 				return TLS_ERROR_SEND_AGAIN;
-			} else {
-				if (n == 0) {
-					error_puts("TCP connection closed");
-				}
-				error_print();
-				return -1;
 			}
+			error_print();
+			return -1;
+		} else if (n == 0) {
+			return TLS_ERROR_TCP_CLOSED;
 		}
 		conn->recordlen -= n;
 		conn->record_offset += n;
@@ -1158,7 +1157,6 @@ int tls13_do_recv(TLS_CONNECT *conn)
 					return -1;
 				}
 			} else if (n == 0) {
-				error_print();
 				return TLS_ERROR_TCP_CLOSED;
 			}
 			conn->recordlen -= n;
@@ -1186,7 +1184,6 @@ int tls13_do_recv(TLS_CONNECT *conn)
 					return -1;
 				}
 			} else if (n == 0) {
-				error_print();
 				return TLS_ERROR_TCP_CLOSED;
 			}
 			conn->recordlen -= n;
--- a/tools/tls13_client.c
+++ b/tools/tls13_client.c
@@ -790,7 +790,7 @@ bad:
 					continue;
 				}
 			}
-			sent_len = strlen(send_buf) + 1;
+			sent_len = strlen(send_buf);
 			sent_offset = 0;

 		}