From: Maxim Dounin <mdounin@mdounin.ru>
Date: Fri, 19 Feb 2016 14:27:30 +0000 (+0300)
Subject: SSL: avoid calling SSL_shutdown() during handshake (ticket #901).
X-Git-Tag: release-1.9.12~6
X-Git-Url: http://www.kaiwu.me/postgresql/commit/?a=commitdiff_plain;h=7b232ef5aa31e228da64ae6dce3873ccedbfb2c0;p=nginx.git

SSL: avoid calling SSL_shutdown() during handshake (ticket #901).

This fixes "called a function you should not call" and
"shutdown while in init" errors as observed with OpenSSL 1.0.2f
due to changes in how OpenSSL handles SSL_shutdown() during
SSL handshakes.
---

diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c
index 1ca1945e5..de10d48a5 100644
--- a/src/event/ngx_event_openssl.c
+++ b/src/event/ngx_event_openssl.c
@@ -1767,6 +1767,19 @@ ngx_ssl_shutdown(ngx_connection_t *c)
     int        n, sslerr, mode;
     ngx_err_t  err;
 
+    if (SSL_in_init(c->ssl->connection)) {
+        /*
+         * OpenSSL 1.0.2f complains if SSL_shutdown() is called during
+         * an SSL handshake, while previous versions always return 0.
+         * Avoid calling SSL_shutdown() if handshake wasn't completed.
+         */
+
+        SSL_free(c->ssl->connection);
+        c->ssl = NULL;
+
+        return NGX_OK;
+    }
+
     if (c->timedout) {
         mode = SSL_RECEIVED_SHUTDOWN|SSL_SENT_SHUTDOWN;
         SSL_set_quiet_shutdown(c->ssl->connection, 1);