mirror of
https://github.com/nginx/nginx.git
synced 2024-12-19 05:33:52 -06:00
SSL: avoid calling SSL_shutdown() during handshake (ticket #901).
This fixes "called a function you should not call" and "shutdown while in init" errors as observed with OpenSSL 1.0.2f due to changes in how OpenSSL handles SSL_shutdown() during SSL handshakes.
This commit is contained in:
parent
89d3762863
commit
7b232ef5aa
@ -1767,6 +1767,19 @@ ngx_ssl_shutdown(ngx_connection_t *c)
|
||||
int n, sslerr, mode;
|
||||
ngx_err_t err;
|
||||
|
||||
if (SSL_in_init(c->ssl->connection)) {
|
||||
/*
|
||||
* OpenSSL 1.0.2f complains if SSL_shutdown() is called during
|
||||
* an SSL handshake, while previous versions always return 0.
|
||||
* Avoid calling SSL_shutdown() if handshake wasn't completed.
|
||||
*/
|
||||
|
||||
SSL_free(c->ssl->connection);
|
||||
c->ssl = NULL;
|
||||
|
||||
return NGX_OK;
|
||||
}
|
||||
|
||||
if (c->timedout) {
|
||||
mode = SSL_RECEIVED_SHUTDOWN|SSL_SENT_SHUTDOWN;
|
||||
SSL_set_quiet_shutdown(c->ssl->connection, 1);
|
||||
|
Loading…
Reference in New Issue
Block a user