# HG changeset patch
# User Maxim Dounin <mdounin@mdounin.ru>
# Date 1314581235 -14400
# Node ID 804454a04e22d32c064a3af8e7b24326c7fc2d63
# Parent  4b58ea791d9f09b0e2d019fcdea340c0a390af6c
Handle quiet ssl shutdown.

OpenSSL's SSL_shutdown() may still try to talk to network even if
SSL_set_shutdown(SSL_RECEIVED_SHUTDOWN|SSL_SENT_SHUTDOWN) was used.
This happens if there are some unsent alerts.

Use SSL_set_quiet_shutdown() to actually shutdown quitely if we were asked
to.  Note that SSL_set_shutdown() is still required as not setting it will
invalidate session.

diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c
--- a/src/event/ngx_event_openssl.c
+++ b/src/event/ngx_event_openssl.c
@@ -1205,6 +1205,7 @@ ngx_ssl_shutdown(ngx_connection_t *c)
 
     if (c->timedout) {
         mode = SSL_RECEIVED_SHUTDOWN|SSL_SENT_SHUTDOWN;
+        SSL_set_quiet_shutdown(c->ssl->connection, 1);
 
     } else {
         mode = SSL_get_shutdown(c->ssl->connection);
@@ -1216,6 +1217,10 @@ ngx_ssl_shutdown(ngx_connection_t *c)
         if (c->ssl->no_send_shutdown) {
             mode |= SSL_SENT_SHUTDOWN;
         }
+
+        if (c->ssl->no_wait_shutdown && c->ssl->no_send_shutdown) {
+            SSL_set_quiet_shutdown(c->ssl->connection, 1);
+        }
     }
 
     SSL_set_shutdown(c->ssl->connection, mode);