mod_ssl: Ensure that the SSL close notify alert is flushed to the client.

         PR54998.

Submitted By: Tim Kosse <tim.kosse filezilla-project.org>, ylavic
Committed By: ylavic

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1601184 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/CHANGES b/CHANGES
index d3f7399ebd50f11b10c05dd7829785eacc84418e..4ef66ba0d276cf57b9eb23751eecaef3a3d07f3b 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -1,6 +1,9 @@
                                                          -*- coding: utf-8 -*-
 Changes with Apache 2.5.0
 
+  *) mod_ssl: Ensure that the SSL close notify alert is flushed to the client.
+     PR54998. [Tim Kosse <tim.kosse filezilla-project.org>, Yann Ylavic] 
+
   *) mod_log_config: Add GlobalLog to allow a globally defined log to
      be inherited by virtual hosts that define a CustomLog.
      [Edward Lu <Chaosed0 gmail.com>]

diff --git a/modules/ssl/ssl_util_ssl.c b/modules/ssl/ssl_util_ssl.c
index 0bf377682c0c6d02f94fa19ba515255334029b5d..c5da7723188b26a6f4c5eeb5d3d8b228ec5274bc 100644 (file)
--- a/modules/ssl/ssl_util_ssl.c
+++ b/modules/ssl/ssl_util_ssl.c
@@ -125,6 +125,7 @@ int SSL_smart_shutdown(SSL *ssl)
 {
     int i;
     int rc;
+    int flush;
 
     /*
      * Repeat the calls, because SSL_shutdown internally dispatches through a
@@ -134,8 +135,17 @@ int SSL_smart_shutdown(SSL *ssl)
      * connection and OpenSSL cannot recognize it.
      */
     rc = 0;
+    flush = !(SSL_get_shutdown(ssl) & SSL_SENT_SHUTDOWN);
     for (i = 0; i < 4 /* max 2x pending + 2x data = 4 */; i++) {
-        if ((rc = SSL_shutdown(ssl)))
+        rc = SSL_shutdown(ssl);
+        if (rc >= 0 && flush && (SSL_get_shutdown(ssl) & SSL_SENT_SHUTDOWN)) {
+            /* Once the close notity is sent through the output filters,
+             * ensure it is flushed through the socket.
+             */
+            BIO_flush(ssl->wbio);
+            flush = 0;
+        }
+        if (rc != 0)
             break;
     }
     return rc;