Mercurial > hg > nginx

changeset 7956:ae70fcb8ac93 stable-1.20

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Fixed SSL logging with lingering close. Recent fixes to SSL shutdown with lingering close (554c6ae25ffc, 1.19.5) broke logging of SSL variables. To make sure logging of SSL variables works properly, avoid freeing c->ssl when doing an SSL shutdown before lingering close. Reported by Reinis Rozitis (http://mailman.nginx.org/pipermail/nginx/2021-May/060670.html).
author Maxim Dounin <mdounin@mdounin.ru>
date Tue, 01 Jun 2021 17:37:51 +0300
parents 0601a4e793bf
children f5732fa038ad
files src/event/ngx_event_openssl.c src/event/ngx_event_openssl.h src/http/ngx_http_request.c
diffstat 3 files changed, 9 insertions(+), 0 deletions(-) [+]
line wrap: on
line diff
--- a/src/event/ngx_event_openssl.c
+++ b/src/event/ngx_event_openssl.c
@@ -3008,6 +3008,12 @@ failed:
 
 done:
 
+    if (c->ssl->shutdown_without_free) {
+        c->ssl->shutdown_without_free = 0;
+        c->recv = ngx_recv;
+        return rc;
+    }
+
     SSL_free(c->ssl->connection);
     c->ssl = NULL;
     c->recv = ngx_recv;
--- a/src/event/ngx_event_openssl.h
+++ b/src/event/ngx_event_openssl.h
@@ -100,6 +100,7 @@ struct ngx_ssl_connection_s {
     unsigned                    buffer:1;
     unsigned                    no_wait_shutdown:1;
     unsigned                    no_send_shutdown:1;
+    unsigned                    shutdown_without_free:1;
     unsigned                    handshake_buffer_set:1;
     unsigned                    try_early_data:1;
     unsigned                    in_early:1;
--- a/src/http/ngx_http_request.c
+++ b/src/http/ngx_http_request.c
@@ -3398,6 +3398,8 @@ ngx_http_set_lingering_close(ngx_connect
     if (c->ssl) {
         ngx_int_t  rc;
 
+        c->ssl->shutdown_without_free = 1;
+
         rc = ngx_ssl_shutdown(c);
 
         if (rc == NGX_ERROR) {