Fixed SSL logging with lingering close.
Recent fixes to SSL shutdown with lingering close (554c6ae25ffc, 1.19.5)
broke logging of SSL variables. To make sure logging of SSL variables
works properly, avoid freeing c->ssl when doing an SSL shutdown before
lingering close.
Reported by Reinis Rozitis
(http://mailman.nginx.org/pipermail/nginx/2021-May/060670.html).
diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c
index 0635783..396cc22 100644
--- a/src/event/ngx_event_openssl.c
+++ b/src/event/ngx_event_openssl.c
@@ -3008,6 +3008,12 @@
done:
+ if (c->ssl->shutdown_without_free) {
+ c->ssl->shutdown_without_free = 0;
+ c->recv = ngx_recv;
+ return rc;
+ }
+
SSL_free(c->ssl->connection);
c->ssl = NULL;
c->recv = ngx_recv;
diff --git a/src/event/ngx_event_openssl.h b/src/event/ngx_event_openssl.h
index 329760d..a415b4b 100644
--- a/src/event/ngx_event_openssl.h
+++ b/src/event/ngx_event_openssl.h
@@ -100,6 +100,7 @@
unsigned buffer:1;
unsigned no_wait_shutdown:1;
unsigned no_send_shutdown:1;
+ unsigned shutdown_without_free:1;
unsigned handshake_buffer_set:1;
unsigned try_early_data:1;
unsigned in_early:1;
diff --git a/src/http/ngx_http_request.c b/src/http/ngx_http_request.c
index 81b27a3..0bb122c 100644
--- a/src/http/ngx_http_request.c
+++ b/src/http/ngx_http_request.c
@@ -3400,6 +3400,8 @@
if (c->ssl) {
ngx_int_t rc;
+ c->ssl->shutdown_without_free = 1;
+
rc = ngx_ssl_shutdown(c);
if (rc == NGX_ERROR) {
