> On 18 Mar 2020, at 14:17, itpp2012 <nginx-forum@forum.nginx.org> wrote:
>
> Logging getting swamped with:
>
> [crit] 1808#2740: *20747 SSL_read() failed (SSL: error:14095126:SSL
> routines:ssl3_read_n:unexpected eof while reading) while keepalive
>
> Related to: https://github.com/openssl/openssl/issues/10880
> and this commit:
> https://github.com/openssl/openssl/commit/db943f43a60d1b5b1277e4b5317e8f288e7a0a3a
>
> Question: does this need to resolved in openssl or nginx ?

So, they deliberately changed existing behaviour, known since
at least OpenSSL 0.9.7, in the stable branch which should not
be targeted (per their words) for introducing behaviour changes.
That is unfortunate and beyond explanation.

To simply shut up the crit, this would require such an ugly hack.

diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c
--- a/src/event/ngx_event_openssl.c
+++ b/src/event/ngx_event_openssl.c
@@ -2301,7 +2301,13 @@ ngx_ssl_handle_recv(ngx_connection_t *c,
c->ssl->no_wait_shutdown = 1;
c->ssl->no_send_shutdown = 1;

- if (sslerr == SSL_ERROR_ZERO_RETURN || ERR_peek_error() == 0) {
+ if (sslerr == SSL_ERROR_ZERO_RETURN || ERR_peek_error() == 0
+#ifdef SSL_R_UNEXPECTED_EOF_WHILE_READING
+ || (sslerr == SSL_ERROR_SSL && ERR_GET_REASON(ERR_peek_error())
+ == SSL_R_UNEXPECTED_EOF_WHILE_READING)
+#endif
+ )
+ {
ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0,
"peer shutdown SSL cleanly");
return NGX_DONE;


--
Sergey Kandaurov

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx