Don't return shutdown errors during shutdown

boring-sys/build.rs

@@ -332,7 +332,7 @@ fn main() {
             println!("cargo:warning=fetching boringssl git submodule");
             // fetch the boringssl submodule
             let status = Command::new("git")
-                .args(&[
+                .args([
                     "submodule",
                     "update",
                     "--init",

boring/src/ssl/mod.rs

@@ -3054,7 +3054,24 @@ impl<S: Read + Write> SslStream<S> {
         match unsafe { ffi::SSL_shutdown(self.ssl.as_ptr()) } {
             0 => Ok(ShutdownResult::Sent),
             1 => Ok(ShutdownResult::Received),
-            n => Err(self.make_error(n)),
+            n => {
+                let e = self.make_error(n);
+
+                // If boring returns PROTOCOL_IS_SHUTDOWN then the connection
+                // has already been shutdown and we can just return Ok(()), as
+                // this was exactly what we wanted to do anyway.
+                if e.code() == ErrorCode::SSL {
+                    if let Some(stack) = e.ssl_error() {
+                        if let Some(first) = stack.errors().first() {
+                            if first.code() as i32 == boring_sys::SSL_R_PROTOCOL_IS_SHUTDOWN {
+                                return Ok(ShutdownResult::Received);
+                            }
+                        }
+                    }
+                }
+
+                Err(e)
+            }
         }
     }
 

boring/src/ssl/test/mod.rs

@@ -199,7 +199,7 @@ fn verify_callback() {
             CALLED_BACK.store(true, Ordering::SeqCst);
             let cert = x509.current_cert().unwrap();
             let digest = cert.digest(MessageDigest::sha1()).unwrap();
-            assert_eq!(hex::encode(&digest), expected);
+            assert_eq!(hex::encode(digest), expected);
             true
         });
 
@@ -221,7 +221,7 @@ fn ssl_verify_callback() {
             CALLED_BACK.store(true, Ordering::SeqCst);
             let cert = x509.current_cert().unwrap();
             let digest = cert.digest(MessageDigest::sha1()).unwrap();
-            assert_eq!(hex::encode(&digest), expected);
+            assert_eq!(hex::encode(digest), expected);
             true
         });
 
@@ -311,9 +311,9 @@ fn test_connect_with_srtp_ctx() {
         let mut ctx = SslContext::builder(SslMethod::dtls()).unwrap();
         ctx.set_tlsext_use_srtp("SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32")
             .unwrap();
-        ctx.set_certificate_file(&Path::new("test/cert.pem"), SslFiletype::PEM)
+        ctx.set_certificate_file(Path::new("test/cert.pem"), SslFiletype::PEM)
             .unwrap();
-        ctx.set_private_key_file(&Path::new("test/key.pem"), SslFiletype::PEM)
+        ctx.set_private_key_file(Path::new("test/key.pem"), SslFiletype::PEM)
             .unwrap();
         let mut ssl = Ssl::new(&ctx.build()).unwrap();
         ssl.set_mtu(1500).unwrap();
@@ -367,9 +367,9 @@ fn test_connect_with_srtp_ssl() {
     let guard = thread::spawn(move || {
         let stream = listener.accept().unwrap().0;
         let mut ctx = SslContext::builder(SslMethod::dtls()).unwrap();
-        ctx.set_certificate_file(&Path::new("test/cert.pem"), SslFiletype::PEM)
+        ctx.set_certificate_file(Path::new("test/cert.pem"), SslFiletype::PEM)
             .unwrap();
-        ctx.set_private_key_file(&Path::new("test/key.pem"), SslFiletype::PEM)
+        ctx.set_private_key_file(Path::new("test/key.pem"), SslFiletype::PEM)
             .unwrap();
         let mut ssl = Ssl::new(&ctx.build()).unwrap();
         ssl.set_tlsext_use_srtp("SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32")
@@ -988,9 +988,9 @@ fn keying_export() {
     let guard = thread::spawn(move || {
         let stream = listener.accept().unwrap().0;
         let mut ctx = SslContext::builder(SslMethod::tls()).unwrap();
-        ctx.set_certificate_file(&Path::new("test/cert.pem"), SslFiletype::PEM)
+        ctx.set_certificate_file(Path::new("test/cert.pem"), SslFiletype::PEM)
             .unwrap();
-        ctx.set_private_key_file(&Path::new("test/key.pem"), SslFiletype::PEM)
+        ctx.set_private_key_file(Path::new("test/key.pem"), SslFiletype::PEM)
             .unwrap();
         let ssl = Ssl::new(&ctx.build()).unwrap();
         let mut stream = ssl.accept(stream).unwrap();