Nope.. It didn't work that way. The only way I've been able to get the Alert message on the client is by using the log_transaction hook to do the SSL_shutdown() - it's a ugly hack. The more I think about it, I feel there's a need for something like pre-close hook OR have the lingering_close invoke the filter code for _CONNECTION_TYPE filters. -Madhu
________________________________ From: Joe Orton [mailto:[EMAIL PROTECTED] Sent: Fri 2/6/2004 7:03 AM To: [EMAIL PROTECTED] Subject: Re: mod_ssl not sending Alert upon close ? On Thu, Feb 05, 2004 at 02:03:29PM -0800, Mathihalli, Madhusudan wrote: > Okay. here's what I think is happening : (Client => C Server -> S) You're right, the alert is never getting sent! > C -> S : initiates connection > C <-> S : handshake > S -> C : server sends application data > S -> C : server tries to read from the socket > -> finds nothing (0 bytes returned) > -> assumes transaction is completed, and starts cleanup process > -> closes the connection first > -> frees the pool, which invokes ssl_io_filter_cleanup() and inturn > ssl_io_filter_shutdown() > -> ssl_io_filter_shutdown() tries to send 'Close notify' > OOPS ! The connection has already been terminated Yes - it's too late to rely on pool cleanups to send the alert: I think the right place to do this is when the output filter gets the EOS bucket: the patch below fixes for my tests, can you test against MSIE? I'm not convinced about the ordering of the flush/shutdown... --- modules/ssl/ssl_engine_io.c 23 Jan 2004 16:50:24 -0000 1.114 +++ modules/ssl/ssl_engine_io.c 6 Feb 2004 14:55:16 -0000 @@ -1404,6 +1404,11 @@ * These types do not require translation by OpenSSL. */ if (APR_BUCKET_IS_EOS(bucket) || APR_BUCKET_IS_FLUSH(bucket)) { + if (APR_BUCKET_IS_EOS(bucket)) { + status = ssl_filter_io_shutdown(filter_ctx, f->c, 0); + if (status) break; + } + if (bio_filter_out_flush(filter_ctx->pbioWrite) < 0) { status = outctx->rc; break;
<<winmail.dat>>
