Hi, I started working on Justin's idea of creating a EOC bucket - to do a SSL shutdown before the socket close(). But since the ap_flush_conn is called just before closing the socket - I thought of doing the SSL shutdown during the flush itself. Let me know what you think of this patch.
-Madhu Index: ssl_engine_io.c =================================================================== RCS file: /home/cvspublic/httpd-2.0/modules/ssl/ssl_engine_io.c,v retrieving revision 1.117 diff -u -r1.117 ssl_engine_io.c --- ssl_engine_io.c 9 Feb 2004 20:29:22 -0000 1.117 +++ ssl_engine_io.c 23 Feb 2004 21:18:24 -0000 @@ -872,7 +872,8 @@ */ static apr_status_t ssl_filter_io_shutdown(ssl_filter_ctx_t *filter_ctx, conn_rec *c, - int abortive) + int abortive, + int shutdown_flag) { SSL *ssl = filter_ctx->pssl; const char *type = ""; @@ -951,6 +952,9 @@ SSL_set_shutdown(ssl, shutdown_type); SSL_smart_shutdown(ssl); + if (shutdown_flag) + return APR_SUCCESS; + /* and finally log the fact that we've closed the connection */ if (c->base_server->loglevel >= APLOG_INFO) { ap_log_error(APLOG_MARK, APLOG_INFO, 0, c->base_server, @@ -990,7 +994,7 @@ } c = (conn_rec *)SSL_get_app_data(filter_ctx->pssl); - if ((ret = ssl_filter_io_shutdown(filter_ctx, c, 0)) != APR_SUCCESS) { + if ((ret = ssl_filter_io_shutdown(filter_ctx, c, 0, 1)) != APR_SUCCESS) { ap_log_error(APLOG_MARK, APLOG_INFO, ret, NULL, "SSL filter error shutting down I/O"); } @@ -1025,7 +1029,7 @@ c->base_server, "SSL Proxy connect failed"); ssl_log_ssl_error(APLOG_MARK, APLOG_INFO, c->base_server); - return ssl_filter_io_shutdown(filter_ctx, c, 1); + return ssl_filter_io_shutdown(filter_ctx, c, 1, 1); } return APR_SUCCESS; @@ -1089,7 +1093,7 @@ inctx->rc = APR_EGENERAL; } - return ssl_filter_io_shutdown(filter_ctx, c, 1); + return ssl_filter_io_shutdown(filter_ctx, c, 1, 1); } /* @@ -1130,7 +1134,7 @@ error ? error : "unknown"); ssl_log_ssl_error(APLOG_MARK, APLOG_INFO, c->base_server); - return ssl_filter_io_shutdown(filter_ctx, c, 1); + return ssl_filter_io_shutdown(filter_ctx, c, 1, 1); } } @@ -1155,7 +1159,7 @@ ap_log_error(APLOG_MARK, APLOG_INFO, 0, c->base_server, "No acceptable peer certificate available"); - return ssl_filter_io_shutdown(filter_ctx, c, 1); + return ssl_filter_io_shutdown(filter_ctx, c, 1, 1); } return APR_SUCCESS; @@ -1392,6 +1396,7 @@ /* bio_filter_out_flush() already passed down a flush bucket * if there was any data to be flushed. */ + ssl_filter_io_shutdown(filter_ctx, f->c, 0, 0); apr_bucket_delete(bucket); } }