)]}'
{
  "commit": "e126b246e1b140e63ae703a8444b9f50c97b0057",
  "tree": "38247c3404908c6651b7c67f4ca5925b64635eff",
  "parents": [
    "cdea239824f069c5140a8428cf9f9cf28d1369f5"
  ],
  "author": {
    "name": "Maxim Dounin",
    "email": "mdounin@mdounin.ru",
    "time": "Mon Aug 10 18:52:09 2020 +0300"
  },
  "committer": {
    "name": "Maxim Dounin",
    "email": "mdounin@mdounin.ru",
    "time": "Mon Aug 10 18:52:09 2020 +0300"
  },
  "message": "SSL: fixed shutdown handling.\n\nPreviously, bidirectional shutdown never worked, due to two issues\nin the code:\n\n1. The code only tested SSL_ERROR_WANT_READ and SSL_ERROR_WANT_WRITE\n   when there was an error in the error queue, which cannot happen.\n   The bug was introduced in an attempt to fix unexpected error logging\n   as reported with OpenSSL 0.9.8g\n   (http://mailman.nginx.org/pipermail/nginx/2008-January/003084.html).\n\n2. The code never called SSL_shutdown() for the second time to wait for\n   the peer\u0027s close_notify alert.\n\nThis change fixes both issues.\n\nNote that after this change bidirectional shutdown is expected to work for\nthe first time, so c-\u003essl-\u003eno_wait_shutdown now makes a difference.  This\nis not a problem for HTTP code which always uses c-\u003essl-\u003eno_wait_shutdown,\nbut might be a problem for stream and mail code, as well as 3rd party\nmodules.\n\nTo minimize the effect of the change, the timeout, which was used to be 30\nseconds and not configurable, though never actually used, is now set to\n3 seconds.  It is also expanded to apply to both SSL_ERROR_WANT_READ and\nSSL_ERROR_WANT_WRITE, so timeout is properly set if writing to the socket\nbuffer is not possible.\n",
  "tree_diff": [
    {
      "type": "modify",
      "old_id": "f589b9812ff5490b1bc15bb27d53b69e22e88cdf",
      "old_mode": 33188,
      "old_path": "src/event/ngx_event_openssl.c",
      "new_id": "f387c720dfa923017d4c29574b57d751e63214b3",
      "new_mode": 33188,
      "new_path": "src/event/ngx_event_openssl.c"
    }
  ]
}
