@@ -1,7 +1,7 @@

 Name:          c-rest-engine

 Summary:       minimal http(s) server library

 Version:       1.1

-Release:       5%{?dist}

+Release:       6%{?dist}

 Group:         Applications/System

 Vendor:        VMware, Inc.

 License:       Apache 2.0

@@ -16,6 +16,7 @@ Patch0:        socket_RW.patch

 Patch1:        syslog_noInit.patch

 Patch2:        socket_logging.patch

 Patch3:        errno_init.patch

+Patch4:        ssl_shutdown.patch

 %define sha1   c-rest-engine=a25927fd98ec92df5e210cc4941fa626604636f6

 %description

@@ -38,6 +39,7 @@ development libs and header files for c-rest-engine

 %patch1 -p1

 %patch2 -p1

 %patch3 -p1

+%patch4 -p1

 %build

 cd build

@@ -70,6 +72,8 @@ find %{buildroot} -name '*.la' -delete

 # %doc ChangeLog README COPYING

 %changelog

+*  Wed Nov 29 2017 Kumar Kaushik <kaushikk@vmware.com> 1.1-6

+-  Adding patch for ssl_shutdown order.

 *  Wed Nov 29 2017 Kumar Kaushik <kaushikk@vmware.com> 1.1-5

 -  Adding patch for right use of errno.

 *  Mon Nov 20 2017 Kumar Kaushik <kaushikk@vmware.com> 1.1-4

new file mode 100644

@@ -0,0 +1,123 @@

+From a7aba08f7fd2700c92fd9661eee212755ba8795e Mon Sep 17 00:00:00 2001

+From: Kumar Kaushik <kaushikk@vmware.com>

+Date: Thu, 7 Dec 2017 12:53:17 -0800

+Subject: [PATCH] Fixing tls: unexpected message ERROR

+

+Change-Id: I63dce89d4dcfa445b6594d4b776ef8827f1498ff

+(cherry picked from commit 424f6d0f3435eccad781d39ef0c656a00395dc46)

+---

+ transport/posix/socket.c | 34 +++++++++++++++++++++++-----------

+ 1 file changed, 23 insertions(+), 11 deletions(-)

+

+diff --git a/transport/posix/socket.c b/transport/posix/socket.c

+index d3a3dbc..18cef89 100644

+--- a/transport/posix/socket.c

+@@ -576,7 +576,6 @@ VmSockPosixWaitForEvent(

+                                    FALSE

+                                    );

+                     BAIL_ON_VMREST_ERROR(dwError);

+-                

+                 }

+ 

+                 dwError = VmSockPosixEventQueueAdd_inlock(

+@@ -895,7 +894,7 @@ VmSockPosixRead(

+         }

+         else

+         {

+-            VMREST_LOG_ERROR(pRESTHandle,"%s","Unknown socket read error: errno %u, errorCode %u, nRead %d", errno, errorCode, nRead);

++            VMREST_LOG_ERROR(pRESTHandle,"Unknown socket read error: errno %u, errorCode %u, nRead %d", errno, errorCode, nRead);

+             dwError = REST_ENGINE_FAILURE;

+         }

+     }

+@@ -1007,6 +1006,9 @@ VmSockPosixWrite(

+ 

+     while(nWrittenTotal < nBufLen )

+     {

++         nWritten = 0;

++         errorCode = 0;

++         errno = 0;

+          if (pRESTHandle->pSSLInfo->isSecure && (pSocket->ssl != NULL))

+          {

+              nWritten = SSL_write(pSocket->ssl,(pszBuffer + nWrittenTotal),nRemaining);

+@@ -1030,7 +1032,7 @@ VmSockPosixWrite(

+          }

+          else

+          {

+-             if (errorCode == EAGAIN || errorCode == EWOULDBLOCK || errorCode == SSL_ERROR_WANT_WRITE)

++             if ((nWritten < 0) && (errorCode == EAGAIN || errorCode == EWOULDBLOCK || errorCode == SSL_ERROR_WANT_WRITE))

+              {

+                  if (timeOutSec >= 0)

+                  {

+@@ -1101,6 +1103,8 @@ VmSockPosixCloseSocket(

+     )

+ {

+     DWORD                            dwError = REST_ENGINE_SUCCESS;

++    int                              ret = 0;

++    uint32_t                         errorCode = 0;

+     BOOLEAN                          bLocked = FALSE;

+ 

+     if (!pRESTHandle || !pSocket )

+@@ -1121,18 +1125,24 @@ VmSockPosixCloseSocket(

+         pSocket->pTimerSocket->fd = -1;

+     }

+ 

++    if (pRESTHandle->pSSLInfo->isSecure && pSocket->ssl)

++    {

++        ret = SSL_shutdown(pSocket->ssl);

++        if (ret < 0)

++        {

++            errorCode = SSL_get_error(pSocket->ssl, ret);

++            VMREST_LOG_ERROR(pRESTHandle,"Error on SSL_shutdown on socket %d, return value %d, errorCode %u", pSocket->fd, ret, errorCode);

++        }

++        SSL_free(pSocket->ssl);

++        pSocket->ssl = NULL;

++    }

++

+     if (pSocket->fd >= 0)

+     {

+         close(pSocket->fd);

+         pSocket->fd = -1;

+     }

+ 

+-    if (pRESTHandle->pSSLInfo->isSecure && pSocket->ssl)

+-    {

+-        SSL_shutdown(pSocket->ssl);

+-        SSL_free(pSocket->ssl);

+-        pSocket->ssl = NULL;

+-    }

+ 

+ cleanup:

+ 

+@@ -1742,6 +1752,7 @@ VmSockPosixIsSafeToCloseConnOnTimeOut(

+     BAIL_ON_VMREST_ERROR(dwError);

+ 

+     pSocket = pTimerSocket->pIoSocket;

++    errno = 0;

+ 

+     if ((pRESTHandle->pSSLInfo->isSecure) && (pSocket->ssl))

+     {

+@@ -1771,6 +1782,7 @@ VmSockPosixIsSafeToCloseConnOnTimeOut(

+             do

+             {

+                 errorCode = 0;

++                errno = 0;

+                 nRead = 0;

+                 nRead = read(pTimerSocket->fd, &res, sizeof(res));

+                 errorCode = errno;

+@@ -1918,13 +1930,13 @@ VmRESTAcceptSSLContext(

+     }

+     else if ((ret == -1) && ((errorCode == SSL_ERROR_WANT_READ) || (errorCode == SSL_ERROR_WANT_WRITE)))

+     {

+-       VMREST_LOG_DEBUG(pRESTHandle,"SSL handshake not completed for socket %d", pSocket->fd);

++       VMREST_LOG_DEBUG(pRESTHandle," SSL handshake not completed for socket %d, ret %d, errorCode %u", pSocket->fd, ret, errorCode);

+        pSocket->bSSLHandShakeCompleted = FALSE;

+        bReArm = TRUE;

+     }

+     else

+     {

+-        VMREST_LOG_ERROR(pRESTHandle, "SSL handshake failed...connection will be closed for socket with fd %d", pSocket->fd);

++        VMREST_LOG_ERROR(pRESTHandle, "SSL handshake failed...connection will be closed for socket with fd %d, ret %d, errorCode %u", pSocket->fd, ret, errorCode);

+         dwError = VMREST_TRANSPORT_SSL_ACCEPT_FAILED;

+         BAIL_ON_VMREST_ERROR(dwError);

+     }