SSL: avoid calling SSL_shutdown() during handshake (ticket #901).

This fixes "called a function you should not call" and "shutdown while in init" errors as observed with OpenSSL 1.0.2f due to changes in how OpenSSL handles SSL_shutdown() during SSL handshakes.
2016-02-19 17:27:30 +03:00 · 2016-02-19 17:27:30 +03:00 · 3ae8bf4e65
parent 44ed32516f
commit 3ae8bf4e65
1 changed files with 13 additions and 0 deletions
--- a/src/event/ngx_event_openssl.c
+++ b/src/event/ngx_event_openssl.c
@ -1767,6 +1767,19 @@ ngx_ssl_shutdown(ngx_connection_t *c)
    int        n, sslerr, mode;
    ngx_err_t  err;

+    if (SSL_in_init(c->ssl->connection)) {
+        /*
+         * OpenSSL 1.0.2f complains if SSL_shutdown() is called during
+         * an SSL handshake, while previous versions always return 0.
+         * Avoid calling SSL_shutdown() if handshake wasn't completed.
+         */
+
+        SSL_free(c->ssl->connection);
+        c->ssl = NULL;
+
+        return NGX_OK;
+    }
+
    if (c->timedout) {
        mode = SSL_RECEIVED_SHUTDOWN|SSL_SENT_SHUTDOWN;
        SSL_set_quiet_shutdown(c->ssl->connection, 1);