From: Yann Ylavic Date: Sat, 7 Jun 2014 22:53:52 +0000 (+0000) Subject: mod_ssl: Ensure that the SSL close notify alert is flushed to the client. X-Git-Tag: 2.5.0-alpha~4097 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=6502fec22a4736465301d970b567195ba48d60ff;p=apache mod_ssl: Ensure that the SSL close notify alert is flushed to the client. PR54998. Submitted By: Tim Kosse , ylavic Committed By: ylavic git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1601184 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/CHANGES b/CHANGES index d3f7399ebd..4ef66ba0d2 100644 --- a/CHANGES +++ b/CHANGES @@ -1,6 +1,9 @@ -*- coding: utf-8 -*- Changes with Apache 2.5.0 + *) mod_ssl: Ensure that the SSL close notify alert is flushed to the client. + PR54998. [Tim Kosse , Yann Ylavic] + *) mod_log_config: Add GlobalLog to allow a globally defined log to be inherited by virtual hosts that define a CustomLog. [Edward Lu ] diff --git a/modules/ssl/ssl_util_ssl.c b/modules/ssl/ssl_util_ssl.c index 0bf377682c..c5da772318 100644 --- a/modules/ssl/ssl_util_ssl.c +++ b/modules/ssl/ssl_util_ssl.c @@ -125,6 +125,7 @@ int SSL_smart_shutdown(SSL *ssl) { int i; int rc; + int flush; /* * Repeat the calls, because SSL_shutdown internally dispatches through a @@ -134,8 +135,17 @@ int SSL_smart_shutdown(SSL *ssl) * connection and OpenSSL cannot recognize it. */ rc = 0; + flush = !(SSL_get_shutdown(ssl) & SSL_SENT_SHUTDOWN); for (i = 0; i < 4 /* max 2x pending + 2x data = 4 */; i++) { - if ((rc = SSL_shutdown(ssl))) + rc = SSL_shutdown(ssl); + if (rc >= 0 && flush && (SSL_get_shutdown(ssl) & SSL_SENT_SHUTDOWN)) { + /* Once the close notity is sent through the output filters, + * ensure it is flushed through the socket. + */ + BIO_flush(ssl->wbio); + flush = 0; + } + if (rc != 0) break; } return rc;