You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by yl...@apache.org on 2014/06/08 00:53:52 UTC

svn commit: r1601184 - in /httpd/httpd/trunk: CHANGES modules/ssl/ssl_util_ssl.c

Author: ylavic
Date: Sat Jun  7 22:53:52 2014
New Revision: 1601184

URL: http://svn.apache.org/r1601184
Log:
mod_ssl: Ensure that the SSL close notify alert is flushed to the client.
         PR54998.

Submitted By: Tim Kosse <tim.kosse filezilla-project.org>, ylavic
Committed By: ylavic

Modified:
    httpd/httpd/trunk/CHANGES
    httpd/httpd/trunk/modules/ssl/ssl_util_ssl.c

Modified: httpd/httpd/trunk/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/CHANGES?rev=1601184&r1=1601183&r2=1601184&view=diff
==============================================================================
--- httpd/httpd/trunk/CHANGES [utf-8] (original)
+++ httpd/httpd/trunk/CHANGES [utf-8] Sat Jun  7 22:53:52 2014
@@ -1,6 +1,9 @@
                                                          -*- coding: utf-8 -*-
 Changes with Apache 2.5.0
 
+  *) mod_ssl: Ensure that the SSL close notify alert is flushed to the client.
+     PR54998. [Tim Kosse <tim.kosse filezilla-project.org>, Yann Ylavic] 
+
   *) mod_log_config: Add GlobalLog to allow a globally defined log to
      be inherited by virtual hosts that define a CustomLog.
      [Edward Lu <Chaosed0 gmail.com>]

Modified: httpd/httpd/trunk/modules/ssl/ssl_util_ssl.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ssl/ssl_util_ssl.c?rev=1601184&r1=1601183&r2=1601184&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/ssl/ssl_util_ssl.c (original)
+++ httpd/httpd/trunk/modules/ssl/ssl_util_ssl.c Sat Jun  7 22:53:52 2014
@@ -125,6 +125,7 @@ int SSL_smart_shutdown(SSL *ssl)
 {
     int i;
     int rc;
+    int flush;
 
     /*
      * Repeat the calls, because SSL_shutdown internally dispatches through a
@@ -134,8 +135,17 @@ int SSL_smart_shutdown(SSL *ssl)
      * connection and OpenSSL cannot recognize it.
      */
     rc = 0;
+    flush = !(SSL_get_shutdown(ssl) & SSL_SENT_SHUTDOWN);
     for (i = 0; i < 4 /* max 2x pending + 2x data = 4 */; i++) {
-        if ((rc = SSL_shutdown(ssl)))
+        rc = SSL_shutdown(ssl);
+        if (rc >= 0 && flush && (SSL_get_shutdown(ssl) & SSL_SENT_SHUTDOWN)) {
+            /* Once the close notity is sent through the output filters,
+             * ensure it is flushed through the socket.
+             */
+            BIO_flush(ssl->wbio);
+            flush = 0;
+        }
+        if (rc != 0)
             break;
     }
     return rc;