From: Olivier Houchard Date: Thu, 16 Nov 2017 16:49:25 +0000 (+0100) Subject: MINOR: ssl: Make sure we don't shutw the connection before the handshake. X-Git-Tag: v1.8-rc4~2 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e9bed53486888062f7f3c277c901aefab62959be;p=thirdparty%2Fhaproxy.git MINOR: ssl: Make sure we don't shutw the connection before the handshake. Instead of trying to finish the handshake in ssl_sock_shutw, which may fail, try not to shutdown until the handshake is finished. --- diff --git a/src/ssl_sock.c b/src/ssl_sock.c index c652d0adbb..d1977960cc 100644 --- a/src/ssl_sock.c +++ b/src/ssl_sock.c @@ -5655,13 +5655,6 @@ static void ssl_sock_close(struct connection *conn) { */ static void ssl_sock_shutw(struct connection *conn, int clean) { - /* If we're done with the connection before we did the handshake - * force the handshake anyway, so that the session is in a consistent - * state - */ - if (conn->flags & CO_FL_EARLY_SSL_HS) - SSL_do_handshake(conn->xprt_ctx); - if (conn->flags & CO_FL_HANDSHAKE) return; if (!clean) diff --git a/src/stream_interface.c b/src/stream_interface.c index 4ac2320bfc..02c3be1b52 100644 --- a/src/stream_interface.c +++ b/src/stream_interface.c @@ -458,8 +458,10 @@ void stream_int_notify(struct stream_interface *si) /* process consumer side */ if (channel_is_empty(oc)) { + struct connection *conn = objt_cs(si->end) ? objt_cs(si->end)->conn : NULL; + if (((oc->flags & (CF_SHUTW|CF_SHUTW_NOW)) == CF_SHUTW_NOW) && - (si->state == SI_ST_EST)) + (si->state == SI_ST_EST) && (!conn || !(conn->flags & (CO_FL_HANDSHAKE | CO_FL_EARLY_SSL_HS)))) si_shutw(si); oc->wex = TICK_ETERNITY; }