From 946f5bad7683aa79a9f4fcab760206e2aad8c555 Mon Sep 17 00:00:00 2001
From: Thomas Pornin <pornin@bolet.org>
Date: Thu, 30 Jan 2020 18:02:44 +0100
Subject: [PATCH] Added discard of unread appdata on explicit close.

---
 src/ssl/ssl_engine.c | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/src/ssl/ssl_engine.c b/src/ssl/ssl_engine.c
index f4ffe18..9c7739e 100644
--- a/src/ssl/ssl_engine.c
+++ b/src/ssl/ssl_engine.c
@@ -1232,6 +1232,21 @@ void
 br_ssl_engine_close(br_ssl_engine_context *cc)
 {
 	if (!br_ssl_engine_closed(cc)) {
+		/*
+		 * If we are not already closed, then we need to
+		 * initiate the closure. Once closing, any incoming
+		 * application data is discarded; we should also discard
+		 * application data which is alreayd there but has not
+		 * been acknowledged by the application yet (this mimics
+		 * usual semantics on BSD sockets: you cannot read()
+		 * once you called close(), even if there was some
+		 * unread data already buffered).
+		 */
+		size_t len;
+
+		if (br_ssl_engine_recvapp_buf(cc, &len) != NULL && len != 0) {
+			br_ssl_engine_recvapp_ack(cc, len);
+		}
 		jump_handshake(cc, 1);
 	}
 }
-- 
2.17.1