[gnutls-help] Clean TLS shutdown

Nikos Mavrogiannopoulos nmav at gnutls.org
Tue Mar 5 01:04:49 CET 2013

On 03/01/2013 12:03 PM, Yoran Heling wrote:

> I'm trying to figure out how to perform a clean shutdown of a TLS
> session, and how the API communicates that back to the application.
>>From what I understand so far, if either end of the connection wishes to
> close the session, it would call gnutls_bye() with GNUTLS_SHUT_RDWR.
> Assuming the other end of the session is waiting for input with
> gnutls_record_recv(), it will detect this shutdown request with _recv()
> returning 0 (EOF).

Hello Yoran,
 Indeed what you say is correct.

> What should the receiving end do in such a case? If it calls close() on
> the underlying socket, will the gnutls_bye() fail with an error on the
> other end?  Should it call gnutls_bye() itself for that to succeed?

It doesn't really matter in general, but indeed if you want to be polite
and prevent an error the peer's bye call you should also terminate the
connection using gnutls_bye().

That would matter, however, in a case where the streams close in a not
symmetric way, i.e., one calls bye with _WR, and then continues to read
the remaining data until EOF.


More information about the Gnutls-help mailing list