From 793b1bfb48e5bd84205414497c7680c22ce0087b Mon Sep 17 00:00:00 2001
From: Alex Rousskov <rousskov@measurement-factory.com>
Date: Fri, 29 Apr 2016 21:38:26 -0600
Subject: [PATCH] Stop parsing SSL records after a fatal SSL Alert.

The fatal alert sender should close the connection. Waiting for the next
record is pointless and will obscure the problem when we eventually read
the EOF on the socket.
---
 src/security/Handshake.cc | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/security/Handshake.cc b/src/security/Handshake.cc
index 8f3dcd4b27..3ebd5cd6ed 100644
--- a/src/security/Handshake.cc
+++ b/src/security/Handshake.cc
@@ -207,7 +207,9 @@ Security::HandshakeParser::parseAlertMessage()
     debugs(83, (alert.fatal() ? 2:3),
            "level " << static_cast<int>(alert.level) <<
            " description " << static_cast<int>(alert.description));
-    // we are currently ignoring Alert Protocol messages
+    if (alert.fatal())
+        done = "fatal Alert";
+    // else ignore the warning (at least for now)
 }
 
 void
-- 
2.47.3