MINOR: ssl: Make sure we don't shutw the connection before the handshake.

Instead of trying to finish the handshake in ssl_sock_shutw, which may
fail, try not to shutdown until the handshake is finished.

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index c652d0adbb806c5274ceb4607a4c88eb7b193a9e..d1977960cca6e47326ff3a2276eef497c86a464a 100644 (file)
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -5655,13 +5655,6 @@ static void ssl_sock_close(struct connection *conn) {
  */
 static void ssl_sock_shutw(struct connection *conn, int clean)
 {
-       /* If we're done with the connection before we did the handshake
-        * force the handshake anyway, so that the session is in a consistent
-        * state
-        */
-       if (conn->flags & CO_FL_EARLY_SSL_HS)
-               SSL_do_handshake(conn->xprt_ctx);
-
        if (conn->flags & CO_FL_HANDSHAKE)
                return;
        if (!clean)

diff --git a/src/stream_interface.c b/src/stream_interface.c
index 4ac2320bfc7647b36417c3497a7bfb22f9740f82..02c3be1b52bf0f3d05e26a70cb46027ff1f1eb05 100644 (file)
--- a/src/stream_interface.c
+++ b/src/stream_interface.c
@@ -458,8 +458,10 @@ void stream_int_notify(struct stream_interface *si)
 
        /* process consumer side */
        if (channel_is_empty(oc)) {
+               struct connection *conn = objt_cs(si->end) ? objt_cs(si->end)->conn : NULL;
+
                if (((oc->flags & (CF_SHUTW|CF_SHUTW_NOW)) == CF_SHUTW_NOW) &&
-                   (si->state == SI_ST_EST))
+                   (si->state == SI_ST_EST) && (!conn || !(conn->flags & (CO_FL_HANDSHAKE | CO_FL_EARLY_SSL_HS))))
                        si_shutw(si);
                oc->wex = TICK_ETERNITY;
        }