Fix bug with ssl_close_notify and non-blocking I/O

ChangeLog

@@ -14,6 +14,8 @@ Bugfix
      renegotation was pending, and on client when a HelloRequest was received.
    * Server-initiated renegotiation would fail with non-blocking I/O if the
      write callback returned WANT_WRITE when requesting renegotiation.
+   * ssl_close_notify() could send more than one message in some circumstances
+     with non-blocking I/O.
 
 Changes
    * Ciphersuites using SHA-256 or SHA-384 now require TLS 1.x (there is no

library/ssl_tls.c

@@ -4501,11 +4501,8 @@ int ssl_close_notify( ssl_context *ssl )
 
     SSL_DEBUG_MSG( 2, ( "=> write close notify" ) );
 
-    if( ( ret = ssl_flush_output( ssl ) ) != 0 )
+    if( ssl->out_left != 0 )
-    {
+        return( ssl_flush_output( ssl ) );
-        SSL_DEBUG_RET( 1, "ssl_flush_output", ret );
-        return( ret );
-    }
 
     if( ssl->state == SSL_HANDSHAKE_OVER )
     {
@@ -4513,13 +4510,14 @@ int ssl_close_notify( ssl_context *ssl )
                         SSL_ALERT_LEVEL_WARNING,
                         SSL_ALERT_MSG_CLOSE_NOTIFY ) ) != 0 )
         {
+            SSL_DEBUG_RET( 1, "ssl_send_alert_message", ret );
             return( ret );
         }
     }
 
     SSL_DEBUG_MSG( 2, ( "<= write close notify" ) );
 
-    return( ret );
+    return( 0 );
 }
 
 void ssl_transform_free( ssl_transform *transform )