Treat a “broken pipe” on SSL_shutdown() as a normal close

Starting with OpenSSL 3.4 errno is flowed up from
tls_retry_write_records() which upon EPIPE results in the following log
message

  2025/04/23 17:12:47 [alert] 14322#14324 *16 SSL_shutdown(25) failed (32: Broken pipe) (32: [null]) (OpenSSL: error:80000020:system library::Broken pipe:tls_retry_write_records failure)

Which is harmless except it trips up the
test/test_tls.py::test_tls_certificate_change test due it to looking for
"alert" log messages and failing if any are found.

Now, I think the tests are wrong to do this (they also don't seem to be
closing the TLS connection properly). But getting EPIPE when we're
shutting down the connection is likely harmless so treat it the same as
a clean shutdown which also gets rid of this log message.

Link: <https://github.com/openssl/openssl/commit/933f57dfe21657f7aba8f13e0cdb3b02dd64fcc3.patch>
Closes: https://github.com/nginx/unit/issues/1600
[ Commit message - Andrew ]
Signed-off-by: Andrew Clayton <a.clayton@nginx.com>

1 files changed, 2 insertions, 1 deletions

diff --git a/src/nxt_openssl.c b/src/nxt_openssl.c
index 8f66f45b..4a1e9179 100644
--- a/src/nxt_openssl.c
+++ b/src/nxt_openssl.c
@@ -1586,7 +1586,8 @@ nxt_openssl_conn_test_error(nxt_task_t *task, nxt_conn_t *c, int ret,
 
         nxt_debug(task, "ERR_peek_error(): %l", lib_err);
 
-        if (sys_err != 0 || lib_err != 0) {
+        /* Treat a broken pipe on shutdown as a normal close */
+        if (sys_err != NXT_EPIPE && (sys_err != 0 || lib_err != 0)) {
             c->socket.error = sys_err;
             return NXT_ERROR;
         }