Welcome! Log In Create A New Profile

Advanced

[nginx] Fixed SSL logging with lingering close.

Maxim Dounin
November 16, 2021 09:52AM
details: https://hg.nginx.org/nginx/rev/ae70fcb8ac93
branches: stable-1.20
changeset: 7956:ae70fcb8ac93
user: Maxim Dounin <mdounin@mdounin.ru>
date: Tue Jun 01 17:37:51 2021 +0300
description:
Fixed SSL logging with lingering close.

Recent fixes to SSL shutdown with lingering close (554c6ae25ffc, 1.19.5)
broke logging of SSL variables. To make sure logging of SSL variables
works properly, avoid freeing c->ssl when doing an SSL shutdown before
lingering close.

Reported by Reinis Rozitis
(http://mailman.nginx.org/pipermail/nginx/2021-May/060670.html).

diffstat:

src/event/ngx_event_openssl.c | 6 ++++++
src/event/ngx_event_openssl.h | 1 +
src/http/ngx_http_request.c | 2 ++
3 files changed, 9 insertions(+), 0 deletions(-)

diffs (39 lines):

diff -r 0601a4e793bf -r ae70fcb8ac93 src/event/ngx_event_openssl.c
--- a/src/event/ngx_event_openssl.c Tue Jun 01 17:37:49 2021 +0300
+++ b/src/event/ngx_event_openssl.c Tue Jun 01 17:37:51 2021 +0300
@@ -3008,6 +3008,12 @@ failed:

done:

+ if (c->ssl->shutdown_without_free) {
+ c->ssl->shutdown_without_free = 0;
+ c->recv = ngx_recv;
+ return rc;
+ }
+
SSL_free(c->ssl->connection);
c->ssl = NULL;
c->recv = ngx_recv;
diff -r 0601a4e793bf -r ae70fcb8ac93 src/event/ngx_event_openssl.h
--- a/src/event/ngx_event_openssl.h Tue Jun 01 17:37:49 2021 +0300
+++ b/src/event/ngx_event_openssl.h Tue Jun 01 17:37:51 2021 +0300
@@ -100,6 +100,7 @@ struct ngx_ssl_connection_s {
unsigned buffer:1;
unsigned no_wait_shutdown:1;
unsigned no_send_shutdown:1;
+ unsigned shutdown_without_free:1;
unsigned handshake_buffer_set:1;
unsigned try_early_data:1;
unsigned in_early:1;
diff -r 0601a4e793bf -r ae70fcb8ac93 src/http/ngx_http_request.c
--- a/src/http/ngx_http_request.c Tue Jun 01 17:37:49 2021 +0300
+++ b/src/http/ngx_http_request.c Tue Jun 01 17:37:51 2021 +0300
@@ -3398,6 +3398,8 @@ ngx_http_set_lingering_close(ngx_connect
if (c->ssl) {
ngx_int_t rc;

+ c->ssl->shutdown_without_free = 1;
+
rc = ngx_ssl_shutdown(c);

if (rc == NGX_ERROR) {
_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel
Subject Author Views Posted

[nginx] Fixed SSL logging with lingering close.

Maxim Dounin 246 November 16, 2021 09:52AM



Sorry, you do not have permission to post/reply in this forum.

Online Users

Guests: 172
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready