From: Christos Tsantilas <chtsanti@users.sourceforge.net>
Date: Fri, 5 Jun 2015 23:41:22 +0000 (-0700)
Subject: Fix assertion comm.cc:759: "Comm::IsConnOpen(conn)" in ConnStateData::getSslContextDone
X-Git-Tag: SQUID_3_5_6~13
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=3e62416fbeefa026333658950f44d75bf890059b;p=thirdparty%2Fsquid.git

Fix assertion comm.cc:759: "Comm::IsConnOpen(conn)" in ConnStateData::getSslContextDone

This is an ssertion inside ConnStateData::getSslContextDone while
setting timeout. The reason is that the ConnStateData::clientConnection
may closed while waiting response from ssl_crtd helper.

This is a Measurement Factory project
---

diff --git a/src/client_side.cc b/src/client_side.cc
index c06e085934..27a3f0d82d 100644
--- a/src/client_side.cc
+++ b/src/client_side.cc
@@ -3947,6 +3947,11 @@ ConnStateData::sslCrtdHandleReplyWrapper(void *data, const Helper::Reply &reply)
 void
 ConnStateData::sslCrtdHandleReply(const Helper::Reply &reply)
 {
+    if (!isOpen()) {
+        debugs(33, 3, "Connection gone while waiting for ssl_crtd helper reply; helper reply:" << reply);
+        return;
+    }
+
     if (reply.result == Helper::BrokenHelper) {
         debugs(33, 5, HERE << "Certificate for " << sslConnectHostOrIp << " cannot be generated. ssl_crtd response: " << reply);
     } else if (!reply.other().hasContent()) {
diff --git a/src/ssl/support.cc b/src/ssl/support.cc
index 5e857c5c9f..0de6ce1c8d 100644
--- a/src/ssl/support.cc
+++ b/src/ssl/support.cc
@@ -1804,6 +1804,11 @@ bool Ssl::generateUntrustedCert(X509_Pointer &untrustedCert, EVP_PKEY_Pointer &u
 SSL *
 SslCreate(SSL_CTX *sslContext, const int fd, Ssl::Bio::Type type, const char *squidCtx)
 {
+    if (fd < 0) {
+        debugs(83, DBG_IMPORTANT, "Gone connection");
+        return NULL;
+    }
+
     const char *errAction = NULL;
     int errCode = 0;
     if (SSL *ssl = SSL_new(sslContext)) {