On Mon, Feb 6, 2017 at 12:53 PM, Plüm, Rüdiger, Vodafone Group <ruediger.pl...@vodafone.com> wrote: > > IMHO we currently fail after we processed an EOC (no matter if in the > same brigade or in a follow up brigade) and we should continue doing > so.
We fail in the same brigade thanks to ssl_filter_write() when pssl is NULL, but I think that if we wanted to also fail for subsequent brigades, we need something like: Index: modules/ssl/ssl_engine_io.c =================================================================== --- modules/ssl/ssl_engine_io.c (revision 1781582) +++ modules/ssl/ssl_engine_io.c (working copy) @@ -1777,14 +1775,15 @@ static apr_status_t ssl_io_filter_output(ap_filter return APR_ECONNABORTED; } - /* Reinstate any buffered content */ - ap_filter_reinstate_brigade(f, bb, &flush_upto); - if (!filter_ctx->pssl) { /* ssl_filter_io_shutdown was called */ - return ap_pass_brigade(f->next, bb); + apr_brigade_cleanup(bb); + return APR_EGENERAL; } + /* Reinstate any buffered content */ + ap_filter_reinstate_brigade(f, bb, &flush_upto); + inctx = (bio_filter_in_ctx_t *)BIO_get_data(filter_ctx->pbioRead); outctx = (bio_filter_out_ctx_t *)BIO_get_data(filter_ctx->pbioWrite); _ Regards, Yann.