How to clean up a bad OpenSSL connection

If a call to SSL_accept fails, I want to just bail out.

Currently I'm calling SSL_shutdown and then SSL_free, but since implementing this, two customers have had crashes deep down in OpenSSL (when calling SSL_accept at a later time), so I'm guessing maybe this isn't the best way to clean up.

The docs say SSL_shutdown is used to correctly cleanup, and it might need to be called twice (although if SSL_accept failed, I wouldn't think that would be the case). SSL_clear is another option, but it seems like more of a connection reset.

SSL_free decre开发者_运维百科ments a reference count and deletes the connection if the reference count hits 0. I know my code doesn't have any references, but the 'session' might?

Is there a definitive way for completely closing/shutting down/freeing an SSL object with OpenSSL?

Once you've called SSL_free() on the SSL object, you shouldn't use it again. You need to ensure that a new SSL is created with SSL_new() for the subsequent SSL_accept().