RepoMirrors/haproxy
1
0
Fork 0
mirror of http://git.haproxy.org/git/haproxy.git/ synced 2025-03-24 20:07:33 +00:00
Code Issues Packages Projects Releases Wiki Activity

BUG/MAJOR: ssl: fix a regression in ssl_sock_shutw()

Browse Source 
Commit 405ff31 ("BUG/MINOR: ssl: assert on SSL_set_shutdown with BoringSSL")
introduced a regression causing some random crashes apparently due to
memory corruption. The issue is the use of SSL_CTX_set_quiet_shutdown()
instead of SSL_set_quiet_shutdown(), making it use a different structure
and causing the flag to be put who-knows-where.

Many thanks to Jarno Huuskonen who reported this bug early and who
bisected the issue to spot this patch. No backport is needed, this
is 1.8-specific.
This commit is contained in:
Willy Tarreau 2017-02-13 11:12:29 +01:00
parent 62c8a21c10
commit e3cc3a3026
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/ssl_sock.c
View File

@ -4177,7 +4177,7 @@ static void ssl_sock_shutw(struct connection *conn, int clean)
return;
if (!clean)
/* don't sent notify on SSL_shutdown */
SSL_CTX_set_quiet_shutdown(conn->xprt_ctx, 1);
SSL_set_quiet_shutdown(conn->xprt_ctx, 1);
/* no handshake was in progress, try a clean ssl shutdown */
if (SSL_shutdown(conn->xprt_ctx) <= 0) {
/* Clear openssl global errors stack */