diff options
| author | Vsevolod Stakhov <vsevolod@highsecure.ru> | 2018-08-08 12:21:12 +0100 |
|---|---|---|
| committer | Vsevolod Stakhov <vsevolod@highsecure.ru> | 2018-08-08 14:01:37 +0100 |
| commit | 54cc6c482fa36e7fd291c88e0875800935e647ad (patch) | |
| tree | bb247fd3b3d07c184b92da19e594a1cbab1a6f51 | |
| parent | 5decc49cd15d0b50fe900a8e19a6ab5f8623ec0d (diff) | |
| download | rspamd-54cc6c482fa36e7fd291c88e0875800935e647ad.tar.gz rspamd-54cc6c482fa36e7fd291c88e0875800935e647ad.zip | |
[Minor] Improve SSL shutdown to keep connections in SSL cache
| -rw-r--r-- | src/libutil/ssl_util.c | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/src/libutil/ssl_util.c b/src/libutil/ssl_util.c index a90bd5e36..1eab5821f 100644 --- a/src/libutil/ssl_util.c +++ b/src/libutil/ssl_util.c @@ -746,6 +746,18 @@ void rspamd_ssl_connection_free (struct rspamd_ssl_connection *conn) { if (conn) { + /* + * SSL_RECEIVED_SHUTDOWN tells SSL_shutdown to act as if we had already + * received a close notify from the other end. SSL_shutdown will then + * send the final close notify in reply. The other end will receive the + * close notify and send theirs. By this time, we will have already + * closed the socket and the other end's real close notify will never be + * received. In effect, both sides will think that they have completed a + * clean shutdown and keep their sessions valid. This strategy will fail + * if the socket is not ready for writing, in which case this hack will + * lead to an unclean shutdown and lost session on the other end. + */ + SSL_set_shutdown (conn->ssl, SSL_RECEIVED_SHUTDOWN); SSL_shutdown (conn->ssl); SSL_free (conn->ssl); |