Mercurial > hg > nginx
view auto/threads @ 7706:61011bfcdb49
SSL: workaround for incorrect SSL_write() errors in OpenSSL 1.1.1.
OpenSSL 1.1.1 fails to return SSL_ERROR_SYSCALL if an error happens
during SSL_write() after close_notify alert from the peer, and returns
SSL_ERROR_ZERO_RETURN instead. Broken by this commit, which removes
the "i == 0" check around the SSL_RECEIVED_SHUTDOWN one:
https://git.openssl.org/?p=openssl.git;a=commitdiff;h=8051ab2
In particular, if a client closed the connection without reading
the response but with properly sent close_notify alert, this resulted in
unexpected "SSL_write() failed while ..." critical log message instead
of correct "SSL_write() failed (32: Broken pipe)" at the info level.
Since SSL_ERROR_ZERO_RETURN cannot be legitimately returned after
SSL_write(), the fix is to convert all SSL_ERROR_ZERO_RETURN errors
after SSL_write() to SSL_ERROR_SYSCALL.
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Wed, 16 Sep 2020 18:26:22 +0300 |
parents | 04ebf29eaf5b |
children |
line wrap: on
line source
# Copyright (C) Nginx, Inc. if [ $USE_THREADS = YES ]; then if [ "$NGX_PLATFORM" = win32 ]; then cat << END $0: --with-threads is not supported on Windows END exit 1 fi have=NGX_THREADS . auto/have CORE_DEPS="$CORE_DEPS $THREAD_POOL_DEPS" CORE_SRCS="$CORE_SRCS $THREAD_POOL_SRCS" CORE_LIBS="$CORE_LIBS -lpthread" NGX_LIBPTHREAD="-lpthread" fi