BUG/MINOR: ssl: assert on SSL_set_shutdown with BoringSSL

author Emmanuel Hocdet <manu@gandi.net>

Sun, 8 Jan 2017 13:07:39 +0000 (14:07 +0100)

committer Willy Tarreau <w@1wt.eu>

Wed, 11 Jan 2017 11:44:40 +0000 (12:44 +0100)
author Emmanuel Hocdet <manu@gandi.net>
Sun, 8 Jan 2017 13:07:39 +0000 (14:07 +0100)
committer Willy Tarreau <w@1wt.eu>
Wed, 11 Jan 2017 11:44:40 +0000 (12:44 +0100)
diff --git a/src/ssl_sock.c b/src/ssl_sock.c

index 32f290b452af9801e3777809ee44787b978d75d2..62b983aa43565a4e3de69642f7602f245f86775d 100644 (file)
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -4022,15 +4022,15 @@ static void ssl_sock_shutw(struct connection *conn, int clean)
  {
         if (conn->flags & CO_FL_HANDSHAKE)
                 return;
+       if (!clean)
+               /* don't sent notify on SSL_shutdown */
+               SSL_CTX_set_quiet_shutdown(conn->xprt_ctx, 1);
         /* no handshake was in progress, try a clean ssl shutdown */
-       if (clean && (SSL_shutdown(conn->xprt_ctx) <= 0)) {
+       if (SSL_shutdown(conn->xprt_ctx) <= 0) {
                 /* Clear openssl global errors stack */
                 ssl_sock_dump_errors(conn);
                 ERR_clear_error();
         }
-
-       /* force flag on ssl to keep session in cache regardless shutdown result */
-       SSL_set_shutdown(conn->xprt_ctx, SSL_SENT_SHUTDOWN);
  }
  
  /* used for logging, may be changed for a sample fetch later */
author	Emmanuel Hocdet <manu@gandi.net>
	Sun, 8 Jan 2017 13:07:39 +0000 (14:07 +0100)
committer	Willy Tarreau <w@1wt.eu>
	Wed, 11 Jan 2017 11:44:40 +0000 (12:44 +0100)