nginx: src/event/ngx_event_openssl.c comparison

comparison src/event/ngx_event_openssl.c @ 4160:88369902edb1 stable-1.0

Merging r4010, r4065: SSL related fixes: *) Fixing proxy_set_body and proxy_pass_request_body with SSL. Flush flag wasn't set in constructed buffer and this prevented any data from being actually sent to upstream due to SSL buffering. Make sure we always set flush in the last buffer we are going to sent. See here for report: http://nginx.org/pipermail/nginx-ru/2011-June/041552.html *) Proper SSL shutdown handling. If connection has unsent alerts, SSL_shutdown() tries to send them even if SSL_set_shutdown(SSL_RECEIVED_SHUTDOWN|SSL_SENT_SHUTDOWN) was used. This can be prevented by SSL_set_quiet_shutdown(). SSL_set_shutdown() is required nevertheless to preserve session.

author	Igor Sysoev <igor@sysoev.ru>
date	Fri, 30 Sep 2011 13:42:59 +0000
parents	718f2154b813
children	8d39230df833

comparison

equal deleted inserted replaced

-:718f2154b813
+:88369902edb1
 int        n, sslerr, mode;
 ngx_err_t  err;
 if (c->timedout) {
 mode = SSL_RECEIVED_SHUTDOWN|SSL_SENT_SHUTDOWN;
+SSL_set_quiet_shutdown(c->ssl->connection, 1);
 } else {
 mode = SSL_get_shutdown(c->ssl->connection);
 if (c->ssl->no_wait_shutdown) {
 mode |= SSL_RECEIVED_SHUTDOWN;
 }
 if (c->ssl->no_send_shutdown) {
 mode |= SSL_SENT_SHUTDOWN;
+}
+if (c->ssl->no_wait_shutdown && c->ssl->no_send_shutdown) {
+SSL_set_quiet_shutdown(c->ssl->connection, 1);
 }
 }
 SSL_set_shutdown(c->ssl->connection, mode);

Mercurial > hg > nginx

comparison src/event/ngx_event_openssl.c @ 4160:88369902edb1 stable-1.0