Repository: trafficserver Updated Branches: refs/heads/master d41edbca4 -> 03734d05e
TS-2709: ATS does not send close-notify on shutdown. Project: http://git-wip-us.apache.org/repos/asf/trafficserver/repo Commit: http://git-wip-us.apache.org/repos/asf/trafficserver/commit/03734d05 Tree: http://git-wip-us.apache.org/repos/asf/trafficserver/tree/03734d05 Diff: http://git-wip-us.apache.org/repos/asf/trafficserver/diff/03734d05 Branch: refs/heads/master Commit: 03734d05e28af8a7b105a0579056c913fb5d1bc5 Parents: d41edbc Author: shinrich <shinr...@yahoo-inc.com> Authored: Thu Mar 26 15:11:28 2015 -0500 Committer: shinrich <shinr...@yahoo-inc.com> Committed: Thu Mar 26 15:17:36 2015 -0500 ---------------------------------------------------------------------- CHANGES | 2 ++ iocore/net/P_SSLNetVConnection.h | 1 + iocore/net/SSLNetVConnection.cc | 39 +++++++++++++++++++++++++++++++++-- iocore/net/SSLUtils.cc | 2 -- 4 files changed, 40 insertions(+), 4 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/trafficserver/blob/03734d05/CHANGES ---------------------------------------------------------------------- diff --git a/CHANGES b/CHANGES index 93657c3..d3aaf02 100644 --- a/CHANGES +++ b/CHANGES @@ -1,6 +1,8 @@ -*- coding: utf-8 -*- Changes with Apache Traffic Server 5.3.0 + *) [TS-2709] ATS does not send close-notify on shutdown. Confuses some clients. + *) [TS-3467] Cleanup tmp files created from traffic_via tests. *) [TS-3419] Run the source through clang-format. Keep it clean! http://git-wip-us.apache.org/repos/asf/trafficserver/blob/03734d05/iocore/net/P_SSLNetVConnection.h ---------------------------------------------------------------------- diff --git a/iocore/net/P_SSLNetVConnection.h b/iocore/net/P_SSLNetVConnection.h index f458bb7..2d7f5de 100644 --- a/iocore/net/P_SSLNetVConnection.h +++ b/iocore/net/P_SSLNetVConnection.h @@ -113,6 +113,7 @@ public: virtual int64_t load_buffer_and_write(int64_t towrite, int64_t &wattempted, int64_t &total_written, MIOBufferAccessor &buf, int &needs); void registerNextProtocolSet(const SSLNextProtocolSet *); + virtual void do_io_close(int lerrno = -1); //////////////////////////////////////////////////////////// // Instances of NetVConnection should be allocated // http://git-wip-us.apache.org/repos/asf/trafficserver/blob/03734d05/iocore/net/SSLNetVConnection.cc ---------------------------------------------------------------------- diff --git a/iocore/net/SSLNetVConnection.cc b/iocore/net/SSLNetVConnection.cc index 3d58072..a1988f2 100644 --- a/iocore/net/SSLNetVConnection.cc +++ b/iocore/net/SSLNetVConnection.cc @@ -762,6 +762,43 @@ SSLNetVConnection::SSLNetVConnection() { } +void +SSLNetVConnection::do_io_close(int lerrno) +{ + if (this->ssl != NULL && sslHandShakeComplete) { + int new_shutdown_mode = 0, shutdown_mode = 0; + if (this->lerrno < 0) { + new_shutdown_mode = SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN; + } else { + shutdown_mode = SSL_get_shutdown(ssl); + Debug("ssl-shutdown", "previous shutdown state 0x%x", shutdown_mode); + new_shutdown_mode = shutdown_mode | SSL_RECEIVED_SHUTDOWN; + } + if (new_shutdown_mode != shutdown_mode) { + // We do not need to sit around and wait for the client's close-notify if + // they have not already sent it. We will still be standards compliant + Debug("ssl-shutdown", "new SSL_set_shutdown 0x%x", new_shutdown_mode); + SSL_set_shutdown(ssl, new_shutdown_mode); + } + + // If the peer has already sent a FIN, don't bother with the shutdown + // They will just send us a RST for our troubles + // This test is not foolproof. The client's fin could be on the wire + // at the same time we send the close-notify. If so, the client will likely + // send RST anyway + char c; + ssize_t x = recv(this->con.fd, &c, 1, MSG_PEEK); + // x < 0 means error. x == 0 means fin sent + if (x != 0) { + // Send the close-notify + int ret = SSL_shutdown(ssl); + Debug("ssl-shutdown", "SSL_shutdown %s", (ret)?"success":"failed"); + } + } + // Go on and do the unix socket cleanups + super::do_io_close(lerrno); +} + void SSLNetVConnection::free(EThread *t) { @@ -780,8 +817,6 @@ SSLNetVConnection::free(EThread *t) closed = 0; ink_assert(con.fd == NO_FD); if (ssl != NULL) { - /*if (sslHandShakeComplete) - SSL_set_shutdown(ssl, SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN); */ SSL_free(ssl); ssl = NULL; } http://git-wip-us.apache.org/repos/asf/trafficserver/blob/03734d05/iocore/net/SSLUtils.cc ---------------------------------------------------------------------- diff --git a/iocore/net/SSLUtils.cc b/iocore/net/SSLUtils.cc index b813aee..75a44a7 100644 --- a/iocore/net/SSLUtils.cc +++ b/iocore/net/SSLUtils.cc @@ -1238,8 +1238,6 @@ SSLInitServerContext(const SSLConfigParams *params, const ssl_user_config &sslMu SSL_CTX_set_options(ctx, SSL_OP_SAFARI_ECDHE_ECDSA_BUG); #endif - SSL_CTX_set_quiet_shutdown(ctx, 1); - // pass phrase dialog configuration passphrase_cb_userdata ud(params, sslMultCertSettings.dialog, sslMultCertSettings.first_cert, sslMultCertSettings.key);