ngx_ssl_shutdown() using SSL_shutdown() incorrectly?
Judson Wilson
wilson.judson at gmail.com
Thu Dec 3 07:28:43 UTC 2015
On inspecting some code for academic reasons, I noticed that
ngx_ssl_shutdown() looks like it might be using SSL_shutdown() incorrectly?
I haven't actually "used" the code, and have not tested it or seen any
symptoms.
The first hint of a problem is the following comment:
/* SSL_shutdown() never returns -1, on error it returns 0 */
which does not match the OpenSSL man page very well, or the OpenSSL
function ssl3_shutdown() definition.
Second, it appears that with the way SSL_set_shutdown() is being used to
stuff flags into the SSL state, SSL_shutdown() should be called until it
returns 1, which may take multiple calls, even if there isn't a WANT_READ
or WANT_WRITE condition upon returning -1 (or 0?). Generally one call is
used to send a close_notify, which returns 0 (assuming SSL_set_shutdown
hasn't stuffed in SSL_RECEIVED_SHUTDOWN), and further calls wont return 1
until it receives close_notify.
Quite possibly I am missing some assumptions, which would make good
comments in the code.
I hope this is useful.
- Judson
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx-devel/attachments/20151202/0e3797e9/attachment.html>
More information about the nginx-devel
mailing list