From: Vsevolod Stakhov <vsevolod@highsecure.ru>
Date: Wed, 8 Aug 2018 11:21:12 +0000 (+0100)
Subject: [Minor] Improve SSL shutdown to keep connections in SSL cache
X-Git-Tag: 1.8.0~297
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=54cc6c482fa36e7fd291c88e0875800935e647ad;p=thirdparty%2Frspamd.git

[Minor] Improve SSL shutdown to keep connections in SSL cache
---

diff --git a/src/libutil/ssl_util.c b/src/libutil/ssl_util.c
index a90bd5e361..1eab5821f1 100644
--- a/src/libutil/ssl_util.c
+++ b/src/libutil/ssl_util.c
@@ -746,6 +746,18 @@ void
 rspamd_ssl_connection_free (struct rspamd_ssl_connection *conn)
 {
 	if (conn) {
+		/*
+		 * SSL_RECEIVED_SHUTDOWN tells SSL_shutdown to act as if we had already
+		 * received a close notify from the other end.  SSL_shutdown will then
+		 * send the final close notify in reply.  The other end will receive the
+		 * close notify and send theirs.  By this time, we will have already
+		 * closed the socket and the other end's real close notify will never be
+		 * received.  In effect, both sides will think that they have completed a
+		 * clean shutdown and keep their sessions valid.  This strategy will fail
+		 * if the socket is not ready for writing, in which case this hack will
+		 * lead to an unclean shutdown and lost session on the other end.
+		 */
+		SSL_set_shutdown (conn->ssl, SSL_RECEIVED_SHUTDOWN);
 		SSL_shutdown (conn->ssl);
 		SSL_free (conn->ssl);