summaryrefslogtreecommitdiffhomepage
path: root/src/event/ngx_event_openssl.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/event/ngx_event_openssl.c')
-rw-r--r--src/event/ngx_event_openssl.c21
1 files changed, 20 insertions, 1 deletions
diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c
index 8077f40a9..ca94a68ff 100644
--- a/src/event/ngx_event_openssl.c
+++ b/src/event/ngx_event_openssl.c
@@ -2573,6 +2573,18 @@ ngx_ssl_write(ngx_connection_t *c, u_char *data, size_t size)
sslerr = SSL_get_error(c->ssl->connection, n);
+ if (sslerr == SSL_ERROR_ZERO_RETURN) {
+
+ /*
+ * OpenSSL 1.1.1 fails to return SSL_ERROR_SYSCALL if an error
+ * happens during SSL_write() after close_notify alert from the
+ * peer, and returns SSL_ERROR_ZERO_RETURN instead,
+ * https://git.openssl.org/?p=openssl.git;a=commitdiff;h=8051ab2
+ */
+
+ sslerr = SSL_ERROR_SYSCALL;
+ }
+
err = (sslerr == SSL_ERROR_SYSCALL) ? ngx_errno : 0;
ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL_get_error: %d", sslerr);
@@ -2800,7 +2812,7 @@ ngx_ssl_shutdown(ngx_connection_t *c)
return NGX_OK;
}
- if (c->timedout) {
+ if (c->timedout || c->error || c->buffered) {
mode = SSL_RECEIVED_SHUTDOWN|SSL_SENT_SHUTDOWN;
SSL_set_quiet_shutdown(c->ssl->connection, 1);
@@ -2860,6 +2872,13 @@ ngx_ssl_shutdown(ngx_connection_t *c)
c->read->handler = ngx_ssl_shutdown_handler;
c->write->handler = ngx_ssl_shutdown_handler;
+ if (sslerr == SSL_ERROR_WANT_READ) {
+ c->read->ready = 0;
+
+ } else {
+ c->write->ready = 0;
+ }
+
if (ngx_handle_read_event(c->read, 0) != NGX_OK) {
return NGX_ERROR;
}
generated by cgit (git 2.34.1) at 2026-01-06 10:08:17 +0000