Send the 'Close Alert' message to the peer upon closing a SSL session. This

required creating a new EOC (End-Of-Connection) bucket type to notify mod_ssl
that the connection is about to be closed.

Reviewed by: Joe Orton, Justin Erenkrantz

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@102793 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/ssl_engine_io.c b/ssl_engine_io.c
index 5787c86c3117ac743dbc4af651af06131aac406e..19f763fb3b4dcd520d7a36a7c4ee16aadbc6ce74 100644 (file)
--- a/ssl_engine_io.c
+++ b/ssl_engine_io.c
@@ -100,6 +100,7 @@ typedef struct {
     BIO                *pbioWrite;
     ap_filter_t        *pInputFilter;
     ap_filter_t        *pOutputFilter;
+    int                nobuffer; /* non-zero to prevent buffering */
 } ssl_filter_ctx_t;
 
 typedef struct {
@@ -193,7 +194,8 @@ static int bio_filter_out_write(BIO *bio, const char *in, int inl)
      */
     BIO_clear_retry_flags(bio);
 
-    if (!outctx->length && (inl + outctx->blen < sizeof(outctx->buffer))) {
+    if (!outctx->length && (inl + outctx->blen < sizeof(outctx->buffer)) &&
+        !outctx->filter_ctx->nobuffer) {
         /* the first two SSL_writes (of 1024 and 261 bytes)
          * need to be in the same packet (vec[0].iov_base)
          */
@@ -1396,6 +1398,22 @@ static apr_status_t ssl_io_filter_output(ap_filter_t *f,
                 apr_bucket_delete(bucket);
             }
         }
+        else if (AP_BUCKET_IS_EOC(bucket)) {
+            /* The special "EOC" bucket means a shutdown is needed;
+             * - turn off buffering in bio_filter_out_write
+             * - issue the SSL_shutdown
+             */
+            filter_ctx->nobuffer = 1;
+            status = ssl_filter_io_shutdown(filter_ctx, f->c, 0);
+            if (status != APR_SUCCESS) {
+                ap_log_error(APLOG_MARK, APLOG_INFO, status, NULL,
+                             "SSL filter error shutting down I/O");
+            }
+            if ((status = ap_pass_brigade(f->next, bb)) != APR_SUCCESS) {
+                return status;
+            }
+            break;
+        }
         else {
             /* filter output */
             const char *data;