X-Git-Url: https://ruderich.org/simon/gitweb/?a=blobdiff_plain;f=src%2Fconnection.c;h=3602842b596486daef1ef8cbb07c030b3f28575b;hb=5c495b3f7f1e4553c7f8212675b212f2b2a6fdb2;hp=170302c9fdaf9894267c91da2ebd4934a27a6843;hpb=f3ca90e517a9ae54e831e5a5b91fcc2afb9df5bf;p=tlsproxy%2Ftlsproxy.git

diff --git a/src/connection.c b/src/connection.c
index 170302c..3602842 100644
--- a/src/connection.c
+++ b/src/connection.c
@@ -313,7 +313,16 @@ out:
     /* Close TLS sessions if necessary. Use GNUTLS_SHUT_RDWR so the data is
      * reliable transmitted. */
     if (server_session_started) {
-        gnutls_bye(server_session, GNUTLS_SHUT_RDWR);
+        /* Recent gnutls-serv (used in the test-suite) won't terminate the
+         * connection when gnutls_bye(session, GNUTLS_SHUT_RDWR) is used
+         * before any other data was received. If the validation failed just
+         * close the connection without waiting for data, we won't read it
+         * anyway.
+         *
+         * For verified connections GNUTLS_SHUT_RDWR is important or we might
+         * lose data. */
+        gnutls_bye(server_session, validation_failed ? GNUTLS_SHUT_WR
+                                                     : GNUTLS_SHUT_RDWR);
     }
     if (client_session_started) {
         gnutls_bye(client_session, GNUTLS_SHUT_RDWR);