[PATCH] SSL not sending close alert message

Mon, 23 Feb 2004 13:22:06 -0800 

Hi,
        I started working on Justin's idea of creating a EOC bucket - to do a SSL 
shutdown before the socket close(). But since the ap_flush_conn is called just before 
closing the socket - I thought of doing the SSL shutdown during the flush itself. Let 
me know what you think of this patch.

-Madhu

Index: ssl_engine_io.c
===================================================================
RCS file: /home/cvspublic/httpd-2.0/modules/ssl/ssl_engine_io.c,v
retrieving revision 1.117
diff -u -r1.117 ssl_engine_io.c
--- ssl_engine_io.c     9 Feb 2004 20:29:22 -0000       1.117
+++ ssl_engine_io.c     23 Feb 2004 21:18:24 -0000
@@ -872,7 +872,8 @@
  */
 static apr_status_t ssl_filter_io_shutdown(ssl_filter_ctx_t *filter_ctx,
                                            conn_rec *c,
-                                           int abortive)
+                                           int abortive,
+                                           int shutdown_flag)
 {
     SSL *ssl = filter_ctx->pssl;
     const char *type = "";
@@ -951,6 +952,9 @@
     SSL_set_shutdown(ssl, shutdown_type);
     SSL_smart_shutdown(ssl);
 
+    if (shutdown_flag)
+        return APR_SUCCESS;
+
     /* and finally log the fact that we've closed the connection */
     if (c->base_server->loglevel >= APLOG_INFO) {
         ap_log_error(APLOG_MARK, APLOG_INFO, 0, c->base_server,
@@ -990,7 +994,7 @@
     }
 
     c = (conn_rec *)SSL_get_app_data(filter_ctx->pssl);
-    if ((ret = ssl_filter_io_shutdown(filter_ctx, c, 0)) != APR_SUCCESS) {
+    if ((ret = ssl_filter_io_shutdown(filter_ctx, c, 0, 1)) != APR_SUCCESS) {
         ap_log_error(APLOG_MARK, APLOG_INFO, ret, NULL,
                      "SSL filter error shutting down I/O");
     }
@@ -1025,7 +1029,7 @@
                          c->base_server,
                          "SSL Proxy connect failed");
             ssl_log_ssl_error(APLOG_MARK, APLOG_INFO, c->base_server);
-            return ssl_filter_io_shutdown(filter_ctx, c, 1);
+            return ssl_filter_io_shutdown(filter_ctx, c, 1, 1);
         }
 
         return APR_SUCCESS;
@@ -1089,7 +1093,7 @@
             inctx->rc = APR_EGENERAL;
         }
 
-        return ssl_filter_io_shutdown(filter_ctx, c, 1);
+        return ssl_filter_io_shutdown(filter_ctx, c, 1, 1);
     }
 
     /*
@@ -1130,7 +1134,7 @@
                          error ? error : "unknown");
             ssl_log_ssl_error(APLOG_MARK, APLOG_INFO, c->base_server);
 
-            return ssl_filter_io_shutdown(filter_ctx, c, 1);
+            return ssl_filter_io_shutdown(filter_ctx, c, 1, 1);
         }
     }
 
@@ -1155,7 +1159,7 @@
         ap_log_error(APLOG_MARK, APLOG_INFO, 0, c->base_server,
                      "No acceptable peer certificate available");
 
-        return ssl_filter_io_shutdown(filter_ctx, c, 1);
+        return ssl_filter_io_shutdown(filter_ctx, c, 1, 1);
     }
 
     return APR_SUCCESS;
@@ -1392,6 +1396,7 @@
                 /* bio_filter_out_flush() already passed down a flush bucket
                  * if there was any data to be flushed.
                  */
+                ssl_filter_io_shutdown(filter_ctx, f->c, 0, 0);
                 apr_bucket_delete(bucket);
             }
         }

Reply via email to