Fixed SSL logging with lingering close.

Recent fixes to SSL shutdown with lingering close (554c6ae25ffc, 1.19.5)
broke logging of SSL variables.  To make sure logging of SSL variables
works properly, avoid freeing c->ssl when doing an SSL shutdown before
lingering close.

Reported by Reinis Rozitis
(http://mailman.nginx.org/pipermail/nginx/2021-May/060670.html).

diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c
index 06357834c0dd2b3efdabe4c8bd77eb19fec2b006..396cc22b37746b10a5b0b52851ed0416d7da9635 100644 (file)
--- a/src/event/ngx_event_openssl.c
+++ b/src/event/ngx_event_openssl.c
@@ -3008,6 +3008,12 @@ failed:
 
 done:
 
+    if (c->ssl->shutdown_without_free) {
+        c->ssl->shutdown_without_free = 0;
+        c->recv = ngx_recv;
+        return rc;
+    }
+
     SSL_free(c->ssl->connection);
     c->ssl = NULL;
     c->recv = ngx_recv;

diff --git a/src/event/ngx_event_openssl.h b/src/event/ngx_event_openssl.h
index 329760d0937350b92075499c2fb16d86772c0f39..a415b4bdac8871ecf77691a2247bd9fcb6168f33 100644 (file)
--- a/src/event/ngx_event_openssl.h
+++ b/src/event/ngx_event_openssl.h
@@ -100,6 +100,7 @@ struct ngx_ssl_connection_s {
     unsigned                    buffer:1;
     unsigned                    no_wait_shutdown:1;
     unsigned                    no_send_shutdown:1;
+    unsigned                    shutdown_without_free:1;
     unsigned                    handshake_buffer_set:1;
     unsigned                    try_early_data:1;
     unsigned                    in_early:1;

diff --git a/src/http/ngx_http_request.c b/src/http/ngx_http_request.c
index 684fabdd61a87ddcf56cd5199662b6f6c31767c1..136c4615b87ce1d8fbf83da61f78bd9cdedb00ab 100644 (file)
--- a/src/http/ngx_http_request.c
+++ b/src/http/ngx_http_request.c
@@ -3398,6 +3398,8 @@ ngx_http_set_lingering_close(ngx_connection_t *c)
     if (c->ssl) {
         ngx_int_t  rc;
 
+        c->ssl->shutdown_without_free = 1;
+
         rc = ngx_ssl_shutdown(c);
 
         if (rc == NGX_ERROR) {