Skip to content

mod_ssl: Keep existing flags when calling SSL_set_shutdown() #560

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: trunk
Choose a base branch
from
Open

mod_ssl: Keep existing flags when calling SSL_set_shutdown() #560

wants to merge 1 commit into from
+10 −2

Conversation

@mkauf
Copy link

@mkauf mkauf commented Oct 18, 2025

Preserve existing flags (SSL_RECEIVED_SHUTDOWN or SSL_SENT_SHUTDOWN) when calling SSL_set_shutdown().

For abortive or unclean shutdowns, additionally call SSL_set_quiet_shutdown().

@mkauf
mod_ssl: Keep existing flags when calling SSL_set_shutdown()
7611144 
Preserve existing flags (SSL_RECEIVED_SHUTDOWN or SSL_SENT_SHUTDOWN) when
calling SSL_set_shutdown().

For abortive or unclean shutdowns, additionally call SSL_set_quiet_shutdown().
@notroj
Copy link
Collaborator

notroj commented Oct 28, 2025

Thanks @mkauf LGTM, is there a user-visible impact for this?

@mkauf
Copy link
Author

mkauf commented Oct 30, 2025

@notroj I think that there is a user-visible impact if "ssl-accurate-shutdown" is used, and the client shuts down the connection first by sending a close notify alert. Previously, mod_ssl would wait for a second close notify alert from the client, ignoring that the client has already sent one.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@mkauf @notroj