Welcome! Log In Create A New Profile

Advanced

Re: ngx_ssl_shutdown() using SSL_shutdown() incorrectly?

December 03, 2015 02:40AM
On 03 Dec 2015, at 10:28, Judson Wilson <wilson.judson@gmail.com> wrote:

> On inspecting some code for academic reasons, I noticed that ngx_ssl_shutdown() looks like it might be using SSL_shutdown() incorrectly?
>
> I haven't actually "used" the code, and have not tested it or seen any symptoms.
>
>
> The first hint of a problem is the following comment:
>
> /* SSL_shutdown() never returns -1, on error it returns 0 */
>
> which does not match the OpenSSL man page very well, or the OpenSSL function ssl3_shutdown() definition.

SSL_shutdown() never returned -1 prior to 0.9.8m version despite man page.

> Second, it appears that with the way SSL_set_shutdown() is being used to stuff flags into the SSL state, SSL_shutdown() should be called until it returns 1, which may take multiple calls, even if there isn't a WANT_READ or WANT_WRITE condition upon returning -1 (or 0?). Generally one call is used to send a close_notify, which returns 0 (assuming SSL_set_shutdown hasn't stuffed in SSL_RECEIVED_SHUTDOWN), and further calls wont return 1 until it receives close_notify.
>
> Quite possibly I am missing some assumptions, which would make good comments in the code.
>
> I hope this is useful.

Now code and the comment should be changed, thank you.


--
Igor Sysoev
http://nginx.com

_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel
Subject Author Views Posted

ngx_ssl_shutdown() using SSL_shutdown() incorrectly?

Judson Wilson 591 December 03, 2015 02:30AM

Re: ngx_ssl_shutdown() using SSL_shutdown() incorrectly?

Igor Sysoev 585 December 03, 2015 02:40AM

Re: ngx_ssl_shutdown() using SSL_shutdown() incorrectly?

Judson Wilson 351 December 03, 2015 02:56AM



Sorry, you do not have permission to post/reply in this forum.

Online Users

Guests: 111
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 500 on July 15, 2024
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready