Fixed SSL logging with lingering close.

Recent fixes to SSL shutdown with lingering close (554c6ae25ffc, 1.19.5) broke logging of SSL variables. To make sure logging of SSL variables works properly, avoid freeing c->ssl when doing an SSL shutdown before lingering close. Reported by Reinis Rozitis (http://mailman.nginx.org/pipermail/nginx/2021-May/060670.html).
2021-06-01 17:37:51 +03:00 · 2021-06-01 17:37:51 +03:00 · b53023e0e5
parent 2b215d01f2
commit b53023e0e5
3 changed files with 9 additions and 0 deletions
--- a/src/event/ngx_event_openssl.c
+++ b/src/event/ngx_event_openssl.c
@ -3008,6 +3008,12 @@ failed:

 done:

+    if (c->ssl->shutdown_without_free) {
+        c->ssl->shutdown_without_free = 0;
+        c->recv = ngx_recv;
+        return rc;
+    }
+
    SSL_free(c->ssl->connection);
    c->ssl = NULL;
    c->recv = ngx_recv;
--- a/src/event/ngx_event_openssl.h
+++ b/src/event/ngx_event_openssl.h
@ -100,6 +100,7 @@ struct ngx_ssl_connection_s {
    unsigned                    buffer:1;
    unsigned                    no_wait_shutdown:1;
    unsigned                    no_send_shutdown:1;
+    unsigned                    shutdown_without_free:1;
    unsigned                    handshake_buffer_set:1;
    unsigned                    try_early_data:1;
    unsigned                    in_early:1;
--- a/src/http/ngx_http_request.c
+++ b/src/http/ngx_http_request.c
@ -3398,6 +3398,8 @@ ngx_http_set_lingering_close(ngx_connection_t *c)
    if (c->ssl) {
        ngx_int_t  rc;

+        c->ssl->shutdown_without_free = 1;
+
        rc = ngx_ssl_shutdown(c);

        if (rc == NGX_ERROR) {