diff options
-rw-r--r-- | ChangeLog | 9 | ||||
-rw-r--r-- | ext/openssl/ossl_ssl.c | 13 |
2 files changed, 21 insertions, 1 deletions
@@ -1,3 +1,12 @@ +Fri Jun 24 15:54:14 2011 Hiroshi Nakamura <nahi@ruby-lang.org> + + * ext/openssl/ossl_ssl.c (ossl_ssl_shutdown): Try to shutdown SSL + connection more gracefully. Call SSL_shutdown() max 4 times until it + returns 1 (success). Bi-directional SSL close has several states but + SSL_shutdown() kicks only 1 transition per call. Max 4 is from + mod_ssl.c of Apache httpd that says 'max 2x pending * 2x data = 4'. + See #4237. + Fri Jun 24 07:24:37 2011 Eric Hodel <drbrain@segment7.net> * lib/rake/version.rb: Fixed VERSION to work with tool/rbinstall.rb diff --git a/ext/openssl/ossl_ssl.c b/ext/openssl/ossl_ssl.c index a9f31020eb..6fa48bac41 100644 --- a/ext/openssl/ossl_ssl.c +++ b/ext/openssl/ossl_ssl.c @@ -970,8 +970,19 @@ ossl_sslctx_flush_sessions(int argc, VALUE *argv, VALUE self) static void ossl_ssl_shutdown(SSL *ssl) { + int i, rc; + if (ssl) { - SSL_shutdown(ssl); + /* 4 is from SSL_smart_shutdown() of mod_ssl.c (v2.2.19) */ + /* It says max 2x pending + 2x data = 4 */ + for (i = 0; i < 4; ++i) { + /* + * Ignore the case SSL_shutdown returns -1. Empty handshake_func + * must not happen. + */ + if (rc = SSL_shutdown(ssl)) + break; + } SSL_clear(ssl); } } |