Mercurial > hg > nginx-quic
comparison src/event/ngx_event_openssl.c @ 6407:062c189fee20
SSL: avoid calling SSL_shutdown() during handshake (ticket #901).
This fixes "called a function you should not call" and
"shutdown while in init" errors as observed with OpenSSL 1.0.2f
due to changes in how OpenSSL handles SSL_shutdown() during
SSL handshakes.
| author | Maxim Dounin <mdounin@mdounin.ru> |
|---|---|
| date | Fri, 19 Feb 2016 17:27:30 +0300 |
| parents | d194cad6dd3a |
| children | 2cd019520210 |
comparison
equal
deleted
inserted
replaced
| 6406:d194cad6dd3a | 6407:062c189fee20 |
|---|---|
| 1764 ngx_int_t | 1764 ngx_int_t |
| 1765 ngx_ssl_shutdown(ngx_connection_t *c) | 1765 ngx_ssl_shutdown(ngx_connection_t *c) |
| 1766 { | 1766 { |
| 1767 int n, sslerr, mode; | 1767 int n, sslerr, mode; |
| 1768 ngx_err_t err; | 1768 ngx_err_t err; |
| 1769 | |
| 1770 if (SSL_in_init(c->ssl->connection)) { | |
| 1771 /* | |
| 1772 * OpenSSL 1.0.2f complains if SSL_shutdown() is called during | |
| 1773 * an SSL handshake, while previous versions always return 0. | |
| 1774 * Avoid calling SSL_shutdown() if handshake wasn't completed. | |
| 1775 */ | |
| 1776 | |
| 1777 SSL_free(c->ssl->connection); | |
| 1778 c->ssl = NULL; | |
| 1779 | |
| 1780 return NGX_OK; | |
| 1781 } | |
| 1769 | 1782 |
| 1770 if (c->timedout) { | 1783 if (c->timedout) { |
| 1771 mode = SSL_RECEIVED_SHUTDOWN|SSL_SENT_SHUTDOWN; | 1784 mode = SSL_RECEIVED_SHUTDOWN|SSL_SENT_SHUTDOWN; |
| 1772 SSL_set_quiet_shutdown(c->ssl->connection, 1); | 1785 SSL_set_quiet_shutdown(c->ssl->connection, 1); |
| 1773 | 1786 |