Oops.. A typo (in the second block - line 951,6...) during the cut-and-paste
operation. This mail has the corrected version.
-Madhu
-----Original Message-----
From: Mathihalli, Madhusudan
Sent: Monday, February 23, 2004 1:22 PM
To: '[EMAIL PROTECTED]'
Subject: [PATCH] SSL not sending close alert message
Hi,
I started working on Justin's idea of creating a EOC
bucket - to do a SSL shutdown before the socket close(). But
since the ap_flush_conn is called just before closing the
socket - I thought of doing the SSL shutdown during the flush
itself. Let me know what you think of this patch.
-Madhu
Index: ssl_engine_io.c
===================================================================
RCS file: /home/cvspublic/httpd-2.0/modules/ssl/ssl_engine_io.c,v
retrieving revision 1.117
diff -u -r1.117 ssl_engine_io.c
--- ssl_engine_io.c 9 Feb 2004 20:29:22 -0000 1.117
+++ ssl_engine_io.c 23 Feb 2004 21:18:24 -0000
@@ -872,7 +872,8 @@
*/
static apr_status_t ssl_filter_io_shutdown(ssl_filter_ctx_t
*filter_ctx,
conn_rec *c,
- int abortive)
+ int abortive,
+ int shutdown_flag)
{
SSL *ssl = filter_ctx->pssl;
const char *type = "";
@@ -951,6 +952,9 @@
SSL_set_shutdown(ssl, shutdown_type);
SSL_smart_shutdown(ssl);
+ if (!shutdown_flag)
+ return APR_SUCCESS;
+
/* and finally log the fact that we've closed the connection */
if (c->base_server->loglevel >= APLOG_INFO) {
ap_log_error(APLOG_MARK, APLOG_INFO, 0, c->base_server,
@@ -990,7 +994,7 @@
}
c = (conn_rec *)SSL_get_app_data(filter_ctx->pssl);
- if ((ret = ssl_filter_io_shutdown(filter_ctx, c, 0)) !=
APR_SUCCESS) {
+ if ((ret = ssl_filter_io_shutdown(filter_ctx, c, 0, 1)) !=
APR_SUCCESS) {
ap_log_error(APLOG_MARK, APLOG_INFO, ret, NULL,
"SSL filter error shutting down I/O");
}
@@ -1025,7 +1029,7 @@
c->base_server,
"SSL Proxy connect failed");
ssl_log_ssl_error(APLOG_MARK, APLOG_INFO, c->base_server);
- return ssl_filter_io_shutdown(filter_ctx, c, 1);
+ return ssl_filter_io_shutdown(filter_ctx, c, 1, 1);
}
return APR_SUCCESS;
@@ -1089,7 +1093,7 @@
inctx->rc = APR_EGENERAL;
}
- return ssl_filter_io_shutdown(filter_ctx, c, 1);
+ return ssl_filter_io_shutdown(filter_ctx, c, 1, 1);
}
/*
@@ -1130,7 +1134,7 @@
error ? error : "unknown");
ssl_log_ssl_error(APLOG_MARK, APLOG_INFO, c->base_server);
- return ssl_filter_io_shutdown(filter_ctx, c, 1);
+ return ssl_filter_io_shutdown(filter_ctx, c, 1, 1);
}
}
@@ -1155,7 +1159,7 @@
ap_log_error(APLOG_MARK, APLOG_INFO, 0, c->base_server,
"No acceptable peer certificate available");
- return ssl_filter_io_shutdown(filter_ctx, c, 1);
+ return ssl_filter_io_shutdown(filter_ctx, c, 1, 1);
}
return APR_SUCCESS;
@@ -1392,6 +1396,7 @@
/* bio_filter_out_flush() already passed down
a flush bucket
* if there was any data to be flushed.
*/
+ ssl_filter_io_shutdown(filter_ctx, f->c, 0, 0);
apr_bucket_delete(bucket);
}
}
