Stop parsing SSL records after a fatal SSL Alert.

The fatal alert sender should close the connection. Waiting for the next
record is pointless and will obscure the problem when we eventually read
the EOF on the socket.

diff --git a/src/security/Handshake.cc b/src/security/Handshake.cc
index 8f3dcd4b279c1d753edae68e5ba583ff206210af..3ebd5cd6ed090c2ad8e39010d210ab9a012c2c30 100644 (file)
--- a/src/security/Handshake.cc
+++ b/src/security/Handshake.cc
@@ -207,7 +207,9 @@ Security::HandshakeParser::parseAlertMessage()
     debugs(83, (alert.fatal() ? 2:3),
            "level " << static_cast<int>(alert.level) <<
            " description " << static_cast<int>(alert.description));
-    // we are currently ignoring Alert Protocol messages
+    if (alert.fatal())
+        done = "fatal Alert";
+    // else ignore the warning (at least for now)
 }
 
 void