[nginx] Fixed SSL logging with lingering close.

Tue, 01 Jun 2021 07:43:03 -0700 

details:   https://hg.nginx.org/nginx/rev/5f765427c17a
branches:  
changeset: 7871:5f765427c17a
user:      Maxim Dounin <[email protected]>
date:      Tue Jun 01 17:37:51 2021 +0300
description:
Fixed SSL logging with lingering close.

Recent fixes to SSL shutdown with lingering close (554c6ae25ffc, 1.19.5)
broke logging of SSL variables.  To make sure logging of SSL variables
works properly, avoid freeing c->ssl when doing an SSL shutdown before
lingering close.

Reported by Reinis Rozitis
(http://mailman.nginx.org/pipermail/nginx/2021-May/060670.html).

diffstat:

 src/event/ngx_event_openssl.c |  6 ++++++
 src/event/ngx_event_openssl.h |  1 +
 src/http/ngx_http_request.c   |  2 ++
 3 files changed, 9 insertions(+), 0 deletions(-)

diffs (39 lines):

diff -r fecf645ff2f8 -r 5f765427c17a src/event/ngx_event_openssl.c
--- a/src/event/ngx_event_openssl.c     Tue Jun 01 17:37:49 2021 +0300
+++ b/src/event/ngx_event_openssl.c     Tue Jun 01 17:37:51 2021 +0300
@@ -3008,6 +3008,12 @@ failed:
 
 done:
 
+    if (c->ssl->shutdown_without_free) {
+        c->ssl->shutdown_without_free = 0;
+        c->recv = ngx_recv;
+        return rc;
+    }
+
     SSL_free(c->ssl->connection);
     c->ssl = NULL;
     c->recv = ngx_recv;
diff -r fecf645ff2f8 -r 5f765427c17a src/event/ngx_event_openssl.h
--- a/src/event/ngx_event_openssl.h     Tue Jun 01 17:37:49 2021 +0300
+++ b/src/event/ngx_event_openssl.h     Tue Jun 01 17:37:51 2021 +0300
@@ -100,6 +100,7 @@ struct ngx_ssl_connection_s {
     unsigned                    buffer:1;
     unsigned                    no_wait_shutdown:1;
     unsigned                    no_send_shutdown:1;
+    unsigned                    shutdown_without_free:1;
     unsigned                    handshake_buffer_set:1;
     unsigned                    try_early_data:1;
     unsigned                    in_early:1;
diff -r fecf645ff2f8 -r 5f765427c17a src/http/ngx_http_request.c
--- a/src/http/ngx_http_request.c       Tue Jun 01 17:37:49 2021 +0300
+++ b/src/http/ngx_http_request.c       Tue Jun 01 17:37:51 2021 +0300
@@ -3400,6 +3400,8 @@ ngx_http_set_lingering_close(ngx_connect
     if (c->ssl) {
         ngx_int_t  rc;
 
+        c->ssl->shutdown_without_free = 1;
+
         rc = ngx_ssl_shutdown(c);
 
         if (rc == NGX_ERROR) {
_______________________________________________
nginx-devel mailing list
[email protected]
http://mailman.nginx.org/mailman/listinfo/nginx-devel

Reply via email to