> On 18 Mar 2020, at 14:17, itpp2012 <nginx-fo...@forum.nginx.org> wrote: > > Logging getting swamped with: > > [crit] 1808#2740: *20747 SSL_read() failed (SSL: error:14095126:SSL > routines:ssl3_read_n:unexpected eof while reading) while keepalive > > Related to: https://github.com/openssl/openssl/issues/10880 > and this commit: > https://github.com/openssl/openssl/commit/db943f43a60d1b5b1277e4b5317e8f288e7a0a3a > > Question: does this need to resolved in openssl or nginx ?
So, they deliberately changed existing behaviour, known since at least OpenSSL 0.9.7, in the stable branch which should not be targeted (per their words) for introducing behaviour changes. That is unfortunate and beyond explanation. To simply shut up the crit, this would require such an ugly hack. diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c --- a/src/event/ngx_event_openssl.c +++ b/src/event/ngx_event_openssl.c @@ -2301,7 +2301,13 @@ ngx_ssl_handle_recv(ngx_connection_t *c, c->ssl->no_wait_shutdown = 1; c->ssl->no_send_shutdown = 1; - if (sslerr == SSL_ERROR_ZERO_RETURN || ERR_peek_error() == 0) { + if (sslerr == SSL_ERROR_ZERO_RETURN || ERR_peek_error() == 0 +#ifdef SSL_R_UNEXPECTED_EOF_WHILE_READING + || (sslerr == SSL_ERROR_SSL && ERR_GET_REASON(ERR_peek_error()) + == SSL_R_UNEXPECTED_EOF_WHILE_READING) +#endif + ) + { ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0, "peer shutdown SSL cleanly"); return NGX_DONE; -- Sergey Kandaurov _______________________________________________ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx