ngx_ssl_shutdown() using SSL_shutdown() incorrectly?

Judson Wilson wilson.judson at
Thu Dec 3 07:28:43 UTC 2015

On inspecting some code for academic reasons, I noticed that
ngx_ssl_shutdown() looks like it might be using SSL_shutdown() incorrectly?

I haven't actually "used" the code, and have not tested it or seen any

The first hint of a problem is the following comment:

 /* SSL_shutdown() never returns -1, on error it returns 0 */

which does not match the OpenSSL man page very well, or the OpenSSL
function ssl3_shutdown() definition.

Second, it appears that with the way SSL_set_shutdown() is being used to
stuff flags into the SSL state, SSL_shutdown() should be called until it
returns 1, which may take multiple calls, even if there isn't a WANT_READ
or WANT_WRITE condition upon returning -1 (or 0?).  Generally one call is
used to send a close_notify, which returns 0 (assuming SSL_set_shutdown
hasn't stuffed in SSL_RECEIVED_SHUTDOWN), and further calls wont return 1
until it receives close_notify.

Quite possibly I am missing some assumptions, which would make good
comments in the code.

I hope this is useful.

- Judson
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the nginx-devel mailing list