Send the 'Close Alert' message to the peer upon closing a SSL session. This (6de04d1f) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP Apache Httpd

ssl_engine_io.c

+19 −1

Original line number	Diff line number	Diff line
		@@ -100,6 +100,7 @@ typedef struct {
		BIO *pbioWrite;
		ap_filter_t *pInputFilter;
		ap_filter_t *pOutputFilter;
		int nobuffer; /* non-zero to prevent buffering */
		} ssl_filter_ctx_t;

		typedef struct {
		@@ -193,7 +194,8 @@ static int bio_filter_out_write(BIO bio, const char in, int inl)
		*/
		BIO_clear_retry_flags(bio);

		if (!outctx->length && (inl + outctx->blen < sizeof(outctx->buffer))) {
		if (!outctx->length && (inl + outctx->blen < sizeof(outctx->buffer)) &&
		!outctx->filter_ctx->nobuffer) {
		/* the first two SSL_writes (of 1024 and 261 bytes)
		* need to be in the same packet (vec[0].iov_base)
		*/
		@@ -1396,6 +1398,22 @@ static apr_status_t ssl_io_filter_output(ap_filter_t *f,
		apr_bucket_delete(bucket);
		}
		}
		else if (AP_BUCKET_IS_EOC(bucket)) {
		/* The special "EOC" bucket means a shutdown is needed;
		* - turn off buffering in bio_filter_out_write
		* - issue the SSL_shutdown
		*/
		filter_ctx->nobuffer = 1;
		status = ssl_filter_io_shutdown(filter_ctx, f->c, 0);
		if (status != APR_SUCCESS) {
		ap_log_error(APLOG_MARK, APLOG_INFO, status, NULL,
		"SSL filter error shutting down I/O");
		}
		if ((status = ap_pass_brigade(f->next, bb)) != APR_SUCCESS) {
		return status;
		}
		break;
		}
		else {
		/* filter output */
		const char *data;