Mercurial > hg > nginx
comparison src/event/ngx_event_openssl.c @ 6407:062c189fee20
SSL: avoid calling SSL_shutdown() during handshake (ticket #901).
This fixes "called a function you should not call" and
"shutdown while in init" errors as observed with OpenSSL 1.0.2f
due to changes in how OpenSSL handles SSL_shutdown() during
SSL handshakes.
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Fri, 19 Feb 2016 17:27:30 +0300 |
parents | d194cad6dd3a |
children | 2cd019520210 |
comparison
equal
deleted
inserted
replaced
6406:d194cad6dd3a | 6407:062c189fee20 |
---|---|
1764 ngx_int_t | 1764 ngx_int_t |
1765 ngx_ssl_shutdown(ngx_connection_t *c) | 1765 ngx_ssl_shutdown(ngx_connection_t *c) |
1766 { | 1766 { |
1767 int n, sslerr, mode; | 1767 int n, sslerr, mode; |
1768 ngx_err_t err; | 1768 ngx_err_t err; |
1769 | |
1770 if (SSL_in_init(c->ssl->connection)) { | |
1771 /* | |
1772 * OpenSSL 1.0.2f complains if SSL_shutdown() is called during | |
1773 * an SSL handshake, while previous versions always return 0. | |
1774 * Avoid calling SSL_shutdown() if handshake wasn't completed. | |
1775 */ | |
1776 | |
1777 SSL_free(c->ssl->connection); | |
1778 c->ssl = NULL; | |
1779 | |
1780 return NGX_OK; | |
1781 } | |
1769 | 1782 |
1770 if (c->timedout) { | 1783 if (c->timedout) { |
1771 mode = SSL_RECEIVED_SHUTDOWN|SSL_SENT_SHUTDOWN; | 1784 mode = SSL_RECEIVED_SHUTDOWN|SSL_SENT_SHUTDOWN; |
1772 SSL_set_quiet_shutdown(c->ssl->connection, 1); | 1785 SSL_set_quiet_shutdown(c->ssl->connection, 1); |
1773 | 1786 |