details: https://hg.nginx.org/nginx/rev/f3c87533f92c
branches:
changeset: 7708:f3c87533f92c
user: Maxim Dounin <mdounin@mdounin.ru>
date: Wed Sep 16 18:26:24 2020 +0300
description:
SSL: disabled shutdown after connection errors.

This fixes "SSL_shutdown() failed (SSL: ... bad write retry)" errors
as observed on the second SSL_shutdown() call after SSL shutdown fixes in
09fb2135a589 (1.19.2), notably when sending fails in ngx_http_test_expect(),
similarly to ticket #1194.

Note that there are some places where c->error is misused to prevent
further output, such as ngx_http_v2_finalize_connection() if there
are pending streams, or in filter finalization. These places seem
to be extreme enough to don't care about missing shutdown though.
For example, filter finalization currently prevents keepalive from
being used.

diffstat:

src/event/ngx_event_openssl.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)

diffs (12 lines):

diff -r adaec579a967 -r f3c87533f92c src/event/ngx_event_openssl.c
--- a/src/event/ngx_event_openssl.c Wed Sep 16 18:26:23 2020 +0300
+++ b/src/event/ngx_event_openssl.c Wed Sep 16 18:26:24 2020 +0300
@@ -2805,7 +2805,7 @@ ngx_ssl_shutdown(ngx_connection_t *c)
return NGX_OK;
}

- if (c->timedout) {
+ if (c->timedout || c->error) {
mode = SSL_RECEIVED_SHUTDOWN|SSL_SENT_SHUTDOWN;
SSL_set_quiet_shutdown(c->ssl->connection, 1);

_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel