BUG/MAJOR: ssl: fix a regression in ssl_sock_shutw()

Commit 405ff31 ("BUG/MINOR: ssl: assert on SSL_set_shutdown with BoringSSL")
introduced a regression causing some random crashes apparently due to
memory corruption. The issue is the use of SSL_CTX_set_quiet_shutdown()
instead of SSL_set_quiet_shutdown(), making it use a different structure
and causing the flag to be put who-knows-where.

Many thanks to Jarno Huuskonen who reported this bug early and who
bisected the issue to spot this patch. No backport is needed, this
is 1.8-specific.

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index 232a4970f654588440fcdb3cbcc2536dcf8406c5..e7eb5df3a6a72a94b46174175206f1ea2e6b8ed0 100644 (file)
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -4177,7 +4177,7 @@ static void ssl_sock_shutw(struct connection *conn, int clean)
                return;
        if (!clean)
                /* don't sent notify on SSL_shutdown */
-               SSL_CTX_set_quiet_shutdown(conn->xprt_ctx, 1);
+               SSL_set_quiet_shutdown(conn->xprt_ctx, 1);
        /* no handshake was in progress, try a clean ssl shutdown */
        if (SSL_shutdown(conn->xprt_ctx) <= 0) {
                /* Clear openssl global errors stack */