[Minor] Improve SSL shutdown to keep connections in SSL cache

author Vsevolod Stakhov <vsevolod@highsecure.ru>

Wed, 8 Aug 2018 11:21:12 +0000 (12:21 +0100)

committer Vsevolod Stakhov <vsevolod@highsecure.ru>

Wed, 8 Aug 2018 13:01:37 +0000 (14:01 +0100)
author Vsevolod Stakhov <vsevolod@highsecure.ru>
Wed, 8 Aug 2018 11:21:12 +0000 (12:21 +0100)
committer Vsevolod Stakhov <vsevolod@highsecure.ru>
Wed, 8 Aug 2018 13:01:37 +0000 (14:01 +0100)
diff --git a/src/libutil/ssl_util.c b/src/libutil/ssl_util.c

index a90bd5e361e6ece273b2960be2a5635256090d34..1eab5821f1cdb08392ce7257e57959b62ae5d7e7 100644 (file)
--- a/src/libutil/ssl_util.c
+++ b/src/libutil/ssl_util.c
@@ -746,6 +746,18 @@ void
  rspamd_ssl_connection_free (struct rspamd_ssl_connection *conn)
  {
         if (conn) {
+               /*
+                * SSL_RECEIVED_SHUTDOWN tells SSL_shutdown to act as if we had already
+                * received a close notify from the other end.  SSL_shutdown will then
+                * send the final close notify in reply.  The other end will receive the
+                * close notify and send theirs.  By this time, we will have already
+                * closed the socket and the other end's real close notify will never be
+                * received.  In effect, both sides will think that they have completed a
+                * clean shutdown and keep their sessions valid.  This strategy will fail
+                * if the socket is not ready for writing, in which case this hack will
+                * lead to an unclean shutdown and lost session on the other end.
+                */
+               SSL_set_shutdown (conn->ssl, SSL_RECEIVED_SHUTDOWN);
                 SSL_shutdown (conn->ssl);
                 SSL_free (conn->ssl);
author	Vsevolod Stakhov <vsevolod@highsecure.ru>
	Wed, 8 Aug 2018 11:21:12 +0000 (12:21 +0100)
committer	Vsevolod Stakhov <vsevolod@highsecure.ru>
	Wed, 8 Aug 2018 13:01:37 +0000 (14:01 +0100)