aboutsummaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorMaxim Dounin <mdounin@mdounin.ru>2021-06-01 17:37:51 +0300
committerMaxim Dounin <mdounin@mdounin.ru>2021-06-01 17:37:51 +0300
commit5eadaf69e394c030056e4190d86dae0262f8617c (patch)
treea04db9e5af7194a87d75cff338fb6d086d05ad64 /src
parent235d2df1de6aba77db3d128c0c637c9d2e9a9d12 (diff)
downloadnginx-5eadaf69e394c030056e4190d86dae0262f8617c.tar.gz
nginx-5eadaf69e394c030056e4190d86dae0262f8617c.zip
Fixed SSL logging with lingering close.
Recent fixes to SSL shutdown with lingering close (554c6ae25ffc, 1.19.5) broke logging of SSL variables. To make sure logging of SSL variables works properly, avoid freeing c->ssl when doing an SSL shutdown before lingering close. Reported by Reinis Rozitis (http://mailman.nginx.org/pipermail/nginx/2021-May/060670.html).
Diffstat (limited to 'src')
-rw-r--r--src/event/ngx_event_openssl.c6
-rw-r--r--src/event/ngx_event_openssl.h1
-rw-r--r--src/http/ngx_http_request.c2
3 files changed, 9 insertions, 0 deletions
diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c
index 06357834c..396cc22b3 100644
--- a/src/event/ngx_event_openssl.c
+++ b/src/event/ngx_event_openssl.c
@@ -3008,6 +3008,12 @@ failed:
done:
+ if (c->ssl->shutdown_without_free) {
+ c->ssl->shutdown_without_free = 0;
+ c->recv = ngx_recv;
+ return rc;
+ }
+
SSL_free(c->ssl->connection);
c->ssl = NULL;
c->recv = ngx_recv;
diff --git a/src/event/ngx_event_openssl.h b/src/event/ngx_event_openssl.h
index 329760d09..a415b4bda 100644
--- a/src/event/ngx_event_openssl.h
+++ b/src/event/ngx_event_openssl.h
@@ -100,6 +100,7 @@ struct ngx_ssl_connection_s {
unsigned buffer:1;
unsigned no_wait_shutdown:1;
unsigned no_send_shutdown:1;
+ unsigned shutdown_without_free:1;
unsigned handshake_buffer_set:1;
unsigned try_early_data:1;
unsigned in_early:1;
diff --git a/src/http/ngx_http_request.c b/src/http/ngx_http_request.c
index 81b27a386..0bb122ce0 100644
--- a/src/http/ngx_http_request.c
+++ b/src/http/ngx_http_request.c
@@ -3400,6 +3400,8 @@ ngx_http_set_lingering_close(ngx_connection_t *c)
if (c->ssl) {
ngx_int_t rc;
+ c->ssl->shutdown_without_free = 1;
+
rc = ngx_ssl_shutdown(c);
if (rc == NGX_ERROR) {