Proper SSL shutdown handling.

If connection has unsent alerts, SSL_shutdown() tries to send them even if SSL_set_shutdown(SSL_RECEIVED_SHUTDOWN|SSL_SENT_SHUTDOWN) was used. This can be prevented by SSL_set_quiet_shutdown(). SSL_set_shutdown() is required nevertheless to preserve session.
author: Maxim Dounin <mdounin@mdounin.ru> 2011-09-01 13:49:36 +0000
committer: Maxim Dounin <mdounin@mdounin.ru> 2011-09-01 13:49:36 +0000
commit: a9e3c65d22ad68b994ad7046b243ae459b242ffa (patch)
tree: 2f85abde47a6c502afa67a0e8dfe96fc59dbf8f7 /src
parent: 09be2f18c55ac403cbc9103f47ea5e5c9e8604fa (diff)
download: nginx-a9e3c65d22ad68b994ad7046b243ae459b242ffa.tar.gz
nginx-a9e3c65d22ad68b994ad7046b243ae459b242ffa.zip
1 files changed, 5 insertions, 0 deletions
diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c
index bb689488a..259b1d8f2 100644
--- a/src/event/ngx_event_openssl.c
+++ b/src/event/ngx_event_openssl.c
@@ -1205,6 +1205,7 @@ ngx_ssl_shutdown(ngx_connection_t *c)
 
     if (c->timedout) {
         mode = SSL_RECEIVED_SHUTDOWN|SSL_SENT_SHUTDOWN;
+        SSL_set_quiet_shutdown(c->ssl->connection, 1);
 
     } else {
         mode = SSL_get_shutdown(c->ssl->connection);
@@ -1216,6 +1217,10 @@ ngx_ssl_shutdown(ngx_connection_t *c)
         if (c->ssl->no_send_shutdown) {
             mode |= SSL_SENT_SHUTDOWN;
         }
+
+        if (c->ssl->no_wait_shutdown && c->ssl->no_send_shutdown) {
+            SSL_set_quiet_shutdown(c->ssl->connection, 1);
+        }
     }
 
     SSL_set_shutdown(c->ssl->connection, mode);
author	Maxim Dounin <mdounin@mdounin.ru>	2011-09-01 13:49:36 +0000
committer	Maxim Dounin <mdounin@mdounin.ru>	2011-09-01 13:49:36 +0000
commit	a9e3c65d22ad68b994ad7046b243ae459b242ffa (patch)
tree	2f85abde47a6c502afa67a0e8dfe96fc59dbf8f7 /src
parent	09be2f18c55ac403cbc9103f47ea5e5c9e8604fa (diff)
download	nginx-a9e3c65d22ad68b994ad7046b243ae459b242ffa.tar.gz nginx-a9e3c65d22ad68b994ad7046b243ae459b242ffa.zip