Welcome! Log In Create A New Profile

Advanced

Re: openssl 1.1.1e 14095126:SSL routines:ssl3_read_n

Sergey Kandaurov
March 20, 2020 03:42AM
> On 18 Mar 2020, at 14:17, itpp2012 <nginx-forum@forum.nginx.org> wrote:
>
> Logging getting swamped with:
>
> [crit] 1808#2740: *20747 SSL_read() failed (SSL: error:14095126:SSL
> routines:ssl3_read_n:unexpected eof while reading) while keepalive
>
> Related to: https://github.com/openssl/openssl/issues/10880
> and this commit:
> https://github.com/openssl/openssl/commit/db943f43a60d1b5b1277e4b5317e8f288e7a0a3a
>
> Question: does this need to resolved in openssl or nginx ?

So, they deliberately changed existing behaviour, known since
at least OpenSSL 0.9.7, in the stable branch which should not
be targeted (per their words) for introducing behaviour changes.
That is unfortunate and beyond explanation.

To simply shut up the crit, this would require such an ugly hack.

diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c
--- a/src/event/ngx_event_openssl.c
+++ b/src/event/ngx_event_openssl.c
@@ -2301,7 +2301,13 @@ ngx_ssl_handle_recv(ngx_connection_t *c,
c->ssl->no_wait_shutdown = 1;
c->ssl->no_send_shutdown = 1;

- if (sslerr == SSL_ERROR_ZERO_RETURN || ERR_peek_error() == 0) {
+ if (sslerr == SSL_ERROR_ZERO_RETURN || ERR_peek_error() == 0
+#ifdef SSL_R_UNEXPECTED_EOF_WHILE_READING
+ || (sslerr == SSL_ERROR_SSL && ERR_GET_REASON(ERR_peek_error())
+ == SSL_R_UNEXPECTED_EOF_WHILE_READING)
+#endif
+ )
+ {
ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0,
"peer shutdown SSL cleanly");
return NGX_DONE;


--
Sergey Kandaurov

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Subject Author Posted

openssl 1.1.1e 14095126:SSL routines:ssl3_read_n

itpp2012 March 18, 2020 07:17AM

Re: openssl 1.1.1e 14095126:SSL routines:ssl3_read_n

J.R. March 18, 2020 09:32AM

Re: openssl 1.1.1e 14095126:SSL routines:ssl3_read_n

itpp2012 March 18, 2020 09:52AM

RE: openssl 1.1.1e 14095126:SSL routines:ssl3_read_n

Reinis Rozitis March 19, 2020 05:54PM

Re: openssl 1.1.1e 14095126:SSL routines:ssl3_read_n

Sergey Kandaurov March 20, 2020 03:42AM

Re: openssl 1.1.1e 14095126:SSL routines:ssl3_read_n

Maxim Dounin March 20, 2020 09:00AM

Re: openssl 1.1.1e 14095126:SSL routines:ssl3_read_n

itpp2012 March 20, 2020 09:54AM

Re: openssl 1.1.1e 14095126:SSL routines:ssl3_read_n

Maxim Dounin March 20, 2020 06:14PM

Re: openssl 1.1.1e 14095126:SSL routines:ssl3_read_n

itpp2012 March 21, 2020 04:49PM

Re: openssl 1.1.1e 14095126:SSL routines:ssl3_read_n

itpp2012 March 22, 2020 02:39PM

Re: openssl 1.1.1e 14095126:SSL routines:ssl3_read_n

Sergey Kandaurov March 23, 2020 07:06AM

Re: openssl 1.1.1e 14095126:SSL routines:ssl3_read_n

itpp2012 March 23, 2020 07:41AM

Re: openssl 1.1.1e 14095126:SSL routines:ssl3_read_n

Maxim Dounin March 23, 2020 08:36AM

Re: openssl 1.1.1e 14095126:SSL routines:ssl3_read_n

Thomas Stephen Lee April 02, 2020 01:46AM

Re: openssl 1.1.1e 14095126:SSL routines:ssl3_read_n

itpp2012 April 02, 2020 03:24AM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 127
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 500 on July 15, 2024
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready