BUG/MINOR: checks: attempt clean shutw for SSL check

Strict interpretation of TLS can cause SSL sessions to be thrown away
when the socket is shutdown without sending a "close notify", resulting
in each check to go through the complete handshake, eating more CPU on
the servers.

[wt: strictly speaking there's no guarantee that the close notify will
 be delivered, it's only best effort, but that may be enough to ensure
 that once at least one is received, next checks will be cheaper. This
 should be backported to 1.7 and possibly 1.6]

diff --git a/src/checks.c b/src/checks.c
index 0668a76457b7569accbcd01e54d55d2220e69e1f..dba45f0c8047436b4ba5f4577b1676da44a3eea8 100644 (file)
--- a/src/checks.c
+++ b/src/checks.c
@@ -1349,14 +1349,15 @@ static void event_srv_chk_r(struct connection *conn)
        *check->bi->data = '\0';
        check->bi->i = 0;
 
-       /* Close the connection... We absolutely want to perform a hard close
-        * and reset the connection if some data are pending, otherwise we end
-        * up with many TIME_WAITs and eat all the source port range quickly.
-        * To avoid sending RSTs all the time, we first try to drain pending
-        * data.
+       /* Close the connection... We still attempt to nicely close if,
+        * for instance, SSL needs to send a "close notify." Later, we perform
+        * a hard close and reset the connection if some data are pending,
+        * otherwise we end up with many TIME_WAITs and eat all the source port
+        * range quickly.  To avoid sending RSTs all the time, we first try to
+        * drain pending data.
         */
        __conn_data_stop_both(conn);
-       conn_data_shutw_hard(conn);
+       conn_data_shutw(conn);
 
        /* OK, let's not stay here forever */
        if (check->result == CHK_RES_FAILED)