Mercurial > hg > nginx
changeset 6407:062c189fee20
SSL: avoid calling SSL_shutdown() during handshake (ticket #901).
This fixes "called a function you should not call" and
"shutdown while in init" errors as observed with OpenSSL 1.0.2f
due to changes in how OpenSSL handles SSL_shutdown() during
SSL handshakes.
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Fri, 19 Feb 2016 17:27:30 +0300 |
parents | d194cad6dd3a |
children | cfc3cfa434ec |
files | src/event/ngx_event_openssl.c |
diffstat | 1 files changed, 13 insertions(+), 0 deletions(-) [+] |
line wrap: on
line diff
--- a/src/event/ngx_event_openssl.c Fri Feb 19 17:27:23 2016 +0300 +++ b/src/event/ngx_event_openssl.c Fri Feb 19 17:27:30 2016 +0300 @@ -1767,6 +1767,19 @@ int n, sslerr, mode; ngx_err_t err; + if (SSL_in_init(c->ssl->connection)) { + /* + * OpenSSL 1.0.2f complains if SSL_shutdown() is called during + * an SSL handshake, while previous versions always return 0. + * Avoid calling SSL_shutdown() if handshake wasn't completed. + */ + + SSL_free(c->ssl->connection); + c->ssl = NULL; + + return NGX_OK; + } + if (c->timedout) { mode = SSL_RECEIVED_SHUTDOWN|SSL_SENT_SHUTDOWN; SSL_set_quiet_shutdown(c->ssl->connection, 1);