Mercurial > hg > nginx
changeset 4160:88369902edb1 stable-1.0
Merging r4010, r4065:
SSL related fixes:
*) Fixing proxy_set_body and proxy_pass_request_body with SSL.
Flush flag wasn't set in constructed buffer and this prevented any data
from being actually sent to upstream due to SSL buffering. Make sure
we always set flush in the last buffer we are going to sent.
See here for report:
http://nginx.org/pipermail/nginx-ru/2011-June/041552.html
*) Proper SSL shutdown handling.
If connection has unsent alerts, SSL_shutdown() tries to send them even
if SSL_set_shutdown(SSL_RECEIVED_SHUTDOWN|SSL_SENT_SHUTDOWN) was used.
This can be prevented by SSL_set_quiet_shutdown(). SSL_set_shutdown()
is required nevertheless to preserve session.
| author | Igor Sysoev <igor@sysoev.ru> |
|---|---|
| date | Fri, 30 Sep 2011 13:42:59 +0000 |
| parents | 718f2154b813 |
| children | 010a0907bc95 |
| files | src/event/ngx_event_openssl.c src/http/modules/ngx_http_proxy_module.c |
| diffstat | 2 files changed, 6 insertions(+), 2 deletions(-) [+] |
line wrap: on
line diff
--- a/src/event/ngx_event_openssl.c +++ b/src/event/ngx_event_openssl.c @@ -1205,6 +1205,7 @@ ngx_ssl_shutdown(ngx_connection_t *c) if (c->timedout) { mode = SSL_RECEIVED_SHUTDOWN|SSL_SENT_SHUTDOWN; + SSL_set_quiet_shutdown(c->ssl->connection, 1); } else { mode = SSL_get_shutdown(c->ssl->connection); @@ -1216,6 +1217,10 @@ ngx_ssl_shutdown(ngx_connection_t *c) if (c->ssl->no_send_shutdown) { mode |= SSL_SENT_SHUTDOWN; } + + if (c->ssl->no_wait_shutdown && c->ssl->no_send_shutdown) { + SSL_set_quiet_shutdown(c->ssl->connection, 1); + } } SSL_set_shutdown(c->ssl->connection, mode);