ssl_recv_data(): Properly handle MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY

[privoxy.git] / ssl.c

diff --git a/ssl.c b/ssl.c
index a7f92eb..7faee3a 100644 (file)
--- a/ssl.c
+++ b/ssl.c
@@ -289,6 +289,12 @@ extern int ssl_recv_data(mbedtls_ssl_context *ssl, unsigned char *buf, size_t ma
    {
       char err_buf[ERROR_BUF_SIZE];
 
+      if (ret == MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY)
+      {
+         log_error(LOG_LEVEL_CONNECT,
+            "The peer notified us that the connection is going to be closed");
+         return 0;
+      }
       mbedtls_strerror(ret, err_buf, sizeof(err_buf));
       log_error(LOG_LEVEL_ERROR,
          "Receiving data over TLS/SSL failed: %s", err_buf);
@@ -1085,15 +1091,15 @@ exit:
  *               contain NULL and no private key is generated.
  *
  * Parameters  :
- *          1  :  key_buf = buffer to save new generated key
- *          2  :  csp = Current client state (buffers, headers, etc...)
+ *          1  :  csp = Current client state (buffers, headers, etc...)
+ *          2  :  key_buf = buffer to save new generated key
  *
  * Returns     :  -1 => Error while generating private key
  *                 0 => Key already exists
  *                >0 => Length of generated private key
  *
  *********************************************************************/
-static int generate_key(unsigned char **key_buf, struct client_state *csp)
+static int generate_key(struct client_state *csp, unsigned char **key_buf)
 {
    mbedtls_pk_context key;
    key_options key_opt;
@@ -1227,7 +1233,7 @@ static int generate_webpage_certificate(struct client_state *csp)
    /*
     * Create key for requested host
     */
-   int subject_key_len = generate_key(&key_buf, csp);
+   int subject_key_len = generate_key(csp, &key_buf);
    if (subject_key_len < 0)
    {
       log_error(LOG_LEVEL_ERROR, "Key generating failed");