# HG changeset patch # User Sebastien Decugis # Date 1270195967 -32400 # Node ID 52c1547dab42f0ecd599124c981aca0455e8ae7f # Parent 07624e65c7e0fc799a0d76c12f3f86771cb7b86c Call gnutls_bye on closing connection diff -r 07624e65c7e0 -r 52c1547dab42 freeDiameter/cnxctx.c --- a/freeDiameter/cnxctx.c Fri Apr 02 16:37:40 2010 +0900 +++ b/freeDiameter/cnxctx.c Fri Apr 02 17:12:47 2010 +0900 @@ -822,6 +822,10 @@ TRACE_DEBUG(INFO, "This GNU TLS error is not handled, assume unrecoverable error"); } } ); + + if (ret == 0) + CHECK_GNUTLS_DO( gnutls_bye(session, GNUTLS_SHUT_RDWR), ); + end: if (ret <= 0) fd_cnx_markerror(conn); @@ -1070,7 +1074,7 @@ if (TRACE_BOOL(INFO)) { fd_log_debug("TLS: Remote certificate invalid on socket %d (Remote: '%s')(Connection: '%s') :\n", conn->cc_socket, conn->cc_remid, conn->cc_id); if (ret & GNUTLS_CERT_INVALID) - fd_log_debug(" - The certificate is not trusted (unknown CA?)\n"); + fd_log_debug(" - The certificate is not trusted (unknown CA? expired?)\n"); if (ret & GNUTLS_CERT_REVOKED) fd_log_debug(" - The certificate has been revoked.\n"); if (ret & GNUTLS_CERT_SIGNER_NOT_FOUND)