From: Doug MacEachern Date: Wed, 21 Nov 2001 19:22:46 +0000 (+0000) Subject: move c->notes.ssl::flag::{unclean,accurate}-shutdown to SSLConnRec.shutdown_type X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=8c42324a77451e3bc2f2a64f4e41e01ad4fc70a8;p=apache move c->notes.ssl::flag::{unclean,accurate}-shutdown to SSLConnRec.shutdown_type PR: Obtained from: Submitted by: Reviewed by: git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@92100 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/modules/ssl/mod_ssl.h b/modules/ssl/mod_ssl.h index 07a7f854d1..3ff4c7efff 100644 --- a/modules/ssl/mod_ssl.h +++ b/modules/ssl/mod_ssl.h @@ -450,9 +450,16 @@ typedef struct { apr_bucket_brigade *b; /* decrypted input */ } SSLFilterRec; +typedef enum { + SSL_SHUTDOWN_TYPE_STANDARD, + SSL_SHUTDOWN_TYPE_UNCLEAN, + SSL_SHUTDOWN_TYPE_ACCURATE +} ssl_shutdown_type_e; + typedef struct { SSL *ssl; const char *client_dn; + ssl_shutdown_type_e shutdown_type; } SSLConnRec; typedef struct { diff --git a/modules/ssl/ssl_engine_kernel.c b/modules/ssl/ssl_engine_kernel.c index 9df7e1c8b6..234e391569 100644 --- a/modules/ssl/ssl_engine_kernel.c +++ b/modules/ssl/ssl_engine_kernel.c @@ -121,24 +121,27 @@ apr_status_t ssl_hook_CloseConnection(SSLFilterRec *filter) * exchange close notify messages, but allow the user * to force the type of handshake via SetEnvIf directive */ - if (apr_table_get(conn->notes, "ssl::flag::unclean-shutdown") == PTRUE) { + switch (sslconn->shutdown_type) { + case SSL_SHUTDOWN_TYPE_STANDARD: + /* send close notify, but don't wait for clients close notify + (standard compliant and safe, so it's the DEFAULT!) */ + SSL_set_shutdown(ssl, SSL_RECEIVED_SHUTDOWN); + cpType = "standard"; + break; + case SSL_SHUTDOWN_TYPE_UNCLEAN: /* perform no close notify handshake at all (violates the SSL/TLS standard!) */ SSL_set_shutdown(ssl, SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN); cpType = "unclean"; - } - else if (apr_table_get(conn->notes, "ssl::flag::accurate-shutdown") == PTRUE) { + break; + case SSL_SHUTDOWN_TYPE_ACCURATE: /* send close notify and wait for clients close notify (standard compliant, but usually causes connection hangs) */ SSL_set_shutdown(ssl, 0); cpType = "accurate"; + break; } - else { - /* send close notify, but don't wait for clients close notify - (standard compliant and safe, so it's the DEFAULT!) */ - SSL_set_shutdown(ssl, SSL_RECEIVED_SHUTDOWN); - cpType = "standard"; - } + SSL_smart_shutdown(ssl); /* and finally log the fact that we've closed the connection */ @@ -218,14 +221,11 @@ int ssl_hook_Translate(request_rec *r) * to allow the close connection handler to use them. */ if (apr_table_get(r->subprocess_env, "ssl-unclean-shutdown") != NULL) - apr_table_setn(r->connection->notes, "ssl::flag::unclean-shutdown", PTRUE); - else - apr_table_setn(r->connection->notes, "ssl::flag::unclean-shutdown", PFALSE); - if (apr_table_get(r->subprocess_env, "ssl-accurate-shutdown") != NULL) - apr_table_setn(r->connection->notes, "ssl::flag::accurate-shutdown", PTRUE); + sslconn->shutdown_type = SSL_SHUTDOWN_TYPE_UNCLEAN; + else if (apr_table_get(r->subprocess_env, "ssl-accurate-shutdown") != NULL) + sslconn->shutdown_type = SSL_SHUTDOWN_TYPE_ACCURATE; else - apr_table_setn(r->connection->notes, "ssl::flag::accurate-shutdown", PFALSE); - + sslconn->shutdown_type = SSL_SHUTDOWN_TYPE_STANDARD; return DECLINED; }