> On Mar 26, 2015, at 1:18 PM, shinr...@apache.org wrote:
> 
[snip]
> ----------------------------------------------------------------------
> diff --git a/iocore/net/SSLNetVConnection.cc b/iocore/net/SSLNetVConnection.cc
> index 3d58072..a1988f2 100644
> --- a/iocore/net/SSLNetVConnection.cc
> +++ b/iocore/net/SSLNetVConnection.cc
> @@ -762,6 +762,43 @@ SSLNetVConnection::SSLNetVConnection()
> {
> }
> 
> +void 
> +SSLNetVConnection::do_io_close(int lerrno)
> +{
> +  if (this->ssl != NULL && sslHandShakeComplete) {
> +    int new_shutdown_mode = 0, shutdown_mode = 0;
> +    if (this->lerrno < 0) {

Why do you look at VConnection::lerrno instead of the lerrno argument?

> +      new_shutdown_mode = SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN;
> +    } else {
> +      shutdown_mode = SSL_get_shutdown(ssl);
> +      Debug("ssl-shutdown", "previous shutdown state 0x%x", shutdown_mode);
> +      new_shutdown_mode = shutdown_mode | SSL_RECEIVED_SHUTDOWN;
> +    }
> +    if (new_shutdown_mode != shutdown_mode) {
> +      // We do not need to sit around and wait for the client's close-notify 
> if
> +      // they have not already sent it.  We will still be standards compliant
> +      Debug("ssl-shutdown", "new SSL_set_shutdown 0x%x", new_shutdown_mode);
> +      SSL_set_shutdown(ssl, new_shutdown_mode);
> +    }
> +
> +    // If the peer has already sent a FIN, don't bother with the shutdown
> +    // They will just send us a RST for our troubles
> +    // This test is not foolproof.  The client's fin could be on the wire 
> +    // at the same time we send the close-notify.  If so, the client will 
> likely
> +    // send RST anyway
> +    char c;
> +    ssize_t x = recv(this->con.fd, &c, 1, MSG_PEEK);
> +    // x < 0 means error.  x == 0 means fin sent
> +    if (x != 0) {
> +      // Send the close-notify
> +      int ret = SSL_shutdown(ssl);
> +      Debug("ssl-shutdown", "SSL_shutdown %s", (ret)?"success":"failed");
> +    }
> +  }
> +  // Go on and do the unix socket cleanups
> +  super::do_io_close(lerrno);
> +}
> +
> void
> SSLNetVConnection::free(EThread *t)
> {
> @@ -780,8 +817,6 @@ SSLNetVConnection::free(EThread *t)
>   closed = 0;
>   ink_assert(con.fd == NO_FD);
>   if (ssl != NULL) {
> -    /*if (sslHandShakeComplete)
> -       SSL_set_shutdown(ssl, SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN); */
>     SSL_free(ssl);
>     ssl = NULL;
>   }
> 
> http://git-wip-us.apache.org/repos/asf/trafficserver/blob/03734d05/iocore/net/SSLUtils.cc
> ----------------------------------------------------------------------
> diff --git a/iocore/net/SSLUtils.cc b/iocore/net/SSLUtils.cc
> index b813aee..75a44a7 100644
> --- a/iocore/net/SSLUtils.cc
> +++ b/iocore/net/SSLUtils.cc
> @@ -1238,8 +1238,6 @@ SSLInitServerContext(const SSLConfigParams *params, 
> const ssl_user_config &sslMu
>   SSL_CTX_set_options(ctx, SSL_OP_SAFARI_ECDHE_ECDSA_BUG);
> #endif
> 
> -  SSL_CTX_set_quiet_shutdown(ctx, 1);
> -
>   // pass phrase dialog configuration
>   passphrase_cb_userdata ud(params, sslMultCertSettings.dialog, 
> sslMultCertSettings.first_cert, sslMultCertSettings.key);
> 
> 

Reply via email to