Hi Willy, > De: "Willy Tarreau" <[email protected]> > [...] > Hmmm wait a minute, there's bug in this commit : > > @@ -4022,15 +4022,15 @@ static void ssl_sock_shutw(struct connection > *conn, int > { > if (conn->flags & CO_FL_HANDSHAKE) > return; > + if (!clean) > + /* don't sent notify on SSL_shutdown */ > + SSL_CTX_set_quiet_shutdown(conn->xprt_ctx, 1); > > Here we call SSL_CTX_set_quiet_shutdown() (which takes an SSL_CTX *) > instead of SSL_set_quiet_shutdown() which applies to an SSL*. > Unfortunately conn->xprt_ctx is a void* so there is no warning, and > who knows where the flag is set. It may overwrite any internal field, > pointer etc... > > Jarno, please try this, I'm pretty sure it will fix the problem for > you : > > diff --git a/src/ssl_sock.c b/src/ssl_sock.c > index 232a497..e7eb5df 100644 > --- a/src/ssl_sock.c > +++ b/src/ssl_sock.c > @@ -4177,7 +4177,7 @@ static void ssl_sock_shutw(struct connection > *conn, int cl > return; > if (!clean) > /* don't sent notify on SSL_shutdown */ > - SSL_CTX_set_quiet_shutdown(conn->xprt_ctx, 1); > + SSL_set_quiet_shutdown(conn->xprt_ctx, 1); > /* no handshake was in progress, try a clean ssl shutdown */ > if (SSL_shutdown(conn->xprt_ctx) <= 0) { > /* Clear openssl global errors stack */
>From some quick tests in a docker container with centos 7, once the patch is >applied, I don't reproduce the segfault anymore. I let Jarno confirm but it looks promising ;-) X-Bogosity: Unsure, tests=bogofilter, spamicity=0.479861, version=1.2.4 cheers, Cyril Bonté
