Fijxu/nginx-quic
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Fixed SSL logging with lingering close.

Browse source 
Recent fixes to SSL shutdown with lingering close (554c6ae25ffc, 1.19.5)
broke logging of SSL variables.  To make sure logging of SSL variables
works properly, avoid freeing c->ssl when doing an SSL shutdown before
lingering close.

Reported by Reinis Rozitis
(http://mailman.nginx.org/pipermail/nginx/2021-May/060670.html).
This commit is contained in:
Maxim Dounin 2021-06-01 17:37:51 +03:00
parent 82ef446f7e
commit b1d9e940d1
3 changed files with 9 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
src/event/ngx_event_openssl.c
View file

@ -3008,6 +3008,12 @@ failed:
done: done:
if (c->ssl->shutdown_without_free) {
c->ssl->shutdown_without_free = 0;
c->recv = ngx_recv;
return rc;
}
SSL_free(c->ssl->connection); SSL_free(c->ssl->connection);
c->ssl = NULL; c->ssl = NULL;
c->recv = ngx_recv; c->recv = ngx_recv;

1
src/event/ngx_event_openssl.h
View file

@ -100,6 +100,7 @@ struct ngx_ssl_connection_s {
unsigned buffer:1; unsigned buffer:1;
unsigned no_wait_shutdown:1; unsigned no_wait_shutdown:1;
unsigned no_send_shutdown:1; unsigned no_send_shutdown:1;
unsigned shutdown_without_free:1;
unsigned handshake_buffer_set:1; unsigned handshake_buffer_set:1;
unsigned try_early_data:1; unsigned try_early_data:1;
unsigned in_early:1; unsigned in_early:1;

2
src/http/ngx_http_request.c
View file

@ -3400,6 +3400,8 @@ ngx_http_set_lingering_close(ngx_connection_t *c)
if (c->ssl) { if (c->ssl) {
ngx_int_t rc; ngx_int_t rc;
c->ssl->shutdown_without_free = 1;
rc = ngx_ssl_shutdown(c); rc = ngx_ssl_shutdown(c);
if (rc == NGX_ERROR) { if (rc == NGX_ERROR) {