On 2005-01-18, at 02:43, Stanley wrote:

1.In our case, the web server sent TCP fin,ack to stunnel but the stunnel just sent TCP ack, so it is TCP half close. 2.The stunnel use read() function that try to read more data from sock_fd but return 0(EOF) because TCP half close. 3.At this moment, the stunnel call SSL_shutdown() function that sent close_notify alert but a broswer(IE6 or firefox1.0) return no message.

I just modify stunnel 4.07 client.c to set sock_wr=0 that will close TCP connection from stunnel to web server when read() EOF.

I'm NOT going to break SSL protocol in stunnel to support broken SSL clients.

Use: TIMEOUTclose = 0 configuration option instead.

Best regards, Mike