Mercurial > hg > nginx
comparison src/event/ngx_event_openssl.c @ 4064:5b776ad53c3c
Proper SSL shutdown handling.
If connection has unsent alerts, SSL_shutdown() tries to send them even
if SSL_set_shutdown(SSL_RECEIVED_SHUTDOWN|SSL_SENT_SHUTDOWN) was used.
This can be prevented by SSL_set_quiet_shutdown(). SSL_set_shutdown()
is required nevertheless to preserve session.
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Thu, 01 Sep 2011 13:49:36 +0000 |
parents | a1dd9dc754ab |
children | 6af5959a2ace |
comparison
equal
deleted
inserted
replaced
4063:8d70904b6c48 | 4064:5b776ad53c3c |
---|---|
1203 int n, sslerr, mode; | 1203 int n, sslerr, mode; |
1204 ngx_err_t err; | 1204 ngx_err_t err; |
1205 | 1205 |
1206 if (c->timedout) { | 1206 if (c->timedout) { |
1207 mode = SSL_RECEIVED_SHUTDOWN|SSL_SENT_SHUTDOWN; | 1207 mode = SSL_RECEIVED_SHUTDOWN|SSL_SENT_SHUTDOWN; |
1208 SSL_set_quiet_shutdown(c->ssl->connection, 1); | |
1208 | 1209 |
1209 } else { | 1210 } else { |
1210 mode = SSL_get_shutdown(c->ssl->connection); | 1211 mode = SSL_get_shutdown(c->ssl->connection); |
1211 | 1212 |
1212 if (c->ssl->no_wait_shutdown) { | 1213 if (c->ssl->no_wait_shutdown) { |
1213 mode |= SSL_RECEIVED_SHUTDOWN; | 1214 mode |= SSL_RECEIVED_SHUTDOWN; |
1214 } | 1215 } |
1215 | 1216 |
1216 if (c->ssl->no_send_shutdown) { | 1217 if (c->ssl->no_send_shutdown) { |
1217 mode |= SSL_SENT_SHUTDOWN; | 1218 mode |= SSL_SENT_SHUTDOWN; |
1219 } | |
1220 | |
1221 if (c->ssl->no_wait_shutdown && c->ssl->no_send_shutdown) { | |
1222 SSL_set_quiet_shutdown(c->ssl->connection, 1); | |
1218 } | 1223 } |
1219 } | 1224 } |
1220 | 1225 |
1221 SSL_set_shutdown(c->ssl->connection, mode); | 1226 SSL_set_shutdown(c->ssl->connection, mode); |
1222 | 1227 |