Fix test-suite for recent gnutls-serv.

[tlsproxy/tlsproxy.git] / src / connection.c

diff --git a/src/connection.c b/src/connection.c
index 170302c9fdaf9894267c91da2ebd4934a27a6843..3602842b596486daef1ef8cbb07c030b3f28575b 100644 (file)
--- a/src/connection.c
+++ b/src/connection.c
@@ -313,7 +313,16 @@ out:
     /* Close TLS sessions if necessary. Use GNUTLS_SHUT_RDWR so the data is
      * reliable transmitted. */
     if (server_session_started) {
-        gnutls_bye(server_session, GNUTLS_SHUT_RDWR);
+        /* Recent gnutls-serv (used in the test-suite) won't terminate the
+         * connection when gnutls_bye(session, GNUTLS_SHUT_RDWR) is used
+         * before any other data was received. If the validation failed just
+         * close the connection without waiting for data, we won't read it
+         * anyway.
+         *
+         * For verified connections GNUTLS_SHUT_RDWR is important or we might
+         * lose data. */
+        gnutls_bye(server_session, validation_failed ? GNUTLS_SHUT_WR
+                                                     : GNUTLS_SHUT_RDWR);
     }
     if (client_session_started) {
         gnutls_bye(client_session, GNUTLS_SHUT_RDWR);