Mercurial > hg > nginx

changeset 7871:5f765427c17a

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Fixed SSL logging with lingering close. Recent fixes to SSL shutdown with lingering close (554c6ae25ffc, 1.19.5) broke logging of SSL variables. To make sure logging of SSL variables works properly, avoid freeing c->ssl when doing an SSL shutdown before lingering close. Reported by Reinis Rozitis (http://mailman.nginx.org/pipermail/nginx/2021-May/060670.html).
author Maxim Dounin <mdounin@mdounin.ru>
date Tue, 01 Jun 2021 17:37:51 +0300
parents fecf645ff2f8
children 021416fca094
files src/event/ngx_event_openssl.c src/event/ngx_event_openssl.h src/http/ngx_http_request.c
diffstat 3 files changed, 9 insertions(+), 0 deletions(-) [+]
line wrap: on
line diff
--- a/src/event/ngx_event_openssl.c
+++ b/src/event/ngx_event_openssl.c
@@ -3008,6 +3008,12 @@ failed:
 
 done:
 
+    if (c->ssl->shutdown_without_free) {
+        c->ssl->shutdown_without_free = 0;
+        c->recv = ngx_recv;
+        return rc;
+    }
+
     SSL_free(c->ssl->connection);
     c->ssl = NULL;
     c->recv = ngx_recv;
--- a/src/event/ngx_event_openssl.h
+++ b/src/event/ngx_event_openssl.h
@@ -100,6 +100,7 @@ struct ngx_ssl_connection_s {
     unsigned                    buffer:1;
     unsigned                    no_wait_shutdown:1;
     unsigned                    no_send_shutdown:1;
+    unsigned                    shutdown_without_free:1;
     unsigned                    handshake_buffer_set:1;
     unsigned                    try_early_data:1;
     unsigned                    in_early:1;
--- a/src/http/ngx_http_request.c
+++ b/src/http/ngx_http_request.c
@@ -3400,6 +3400,8 @@ ngx_http_set_lingering_close(ngx_connect
     if (c->ssl) {
         ngx_int_t  rc;
 
+        c->ssl->shutdown_without_free = 1;
+
         rc = ngx_ssl_shutdown(c);
 
         if (rc == NGX_ERROR) {