Mirror/aports
1
0
Fork 0
mirror of https://gitlab.alpinelinux.org/alpine/aports.git synced 2025-07-13 03:09:51 +03:00
Code Issues Wiki Activity
aports/community/unit/fix-ssl-shutdown.patch
Andy Postnikov d91943fb6e community/unit: update patch
2025-04-28 23:55:09 +02:00

47 lines
2 KiB
Diff
Raw Permalink Blame History

Patch-Source: https://github.com/nginx/unit/commit/8bd57347c835be885613e62cb05777ea9bb5291d
From 8bd57347c835be885613e62cb05777ea9bb5291d Mon Sep 17 00:00:00 2001
From: Andy Postnikov <apostnikov@gmail.com>
Date: Thu, 24 Apr 2025 02:11:15 +0200
Subject: [PATCH] =?UTF-8?q?Treat=20a=20=E2=80=9Cbroken=20pipe=E2=80=9D=20o?=
=?UTF-8?q?n=20SSL=5Fshutdown()=20as=20a=20normal=20close?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Starting with OpenSSL 3.4 errno is flowed up from
tls_retry_write_records() which upon EPIPE results in the following log
message
2025/04/23 17:12:47 [alert] 14322#14324 *16 SSL_shutdown(25) failed (32: Broken pipe) (32: [null]) (OpenSSL: error:80000020:system library::Broken pipe:tls_retry_write_records failure)
Which is harmless except it trips up the
test/test_tls.py::test_tls_certificate_change test due it to looking for
"alert" log messages and failing if any are found.
Now, I think the tests are wrong to do this (they also don't seem to be
closing the TLS connection properly). But getting EPIPE when we're
shutting down the connection is likely harmless so treat it the same as
a clean shutdown which also gets rid of this log message.
Link: <https://github.com/openssl/openssl/commit/933f57dfe21657f7aba8f13e0cdb3b02dd64fcc3.patch>
Closes: https://github.com/nginx/unit/issues/1600
[ Commit message - Andrew ]
Signed-off-by: Andrew Clayton <a.clayton@nginx.com>
---
src/nxt_openssl.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/src/nxt_openssl.c b/src/nxt_openssl.c
index 8f66f45b3..4a1e91792 100644
--- a/src/nxt_openssl.c
+++ b/src/nxt_openssl.c
@@ -1586,7 +1586,8 @@ nxt_openssl_conn_test_error(nxt_task_t *task, nxt_conn_t *c, int ret,
nxt_debug(task, "ERR_peek_error(): %l", lib_err);
- if (sys_err != 0 || lib_err != 0) {
+ /* Treat a broken pipe on shutdown as a normal close */
+ if (sys_err != NXT_EPIPE && (sys_err != 0 || lib_err != 0)) {
c->socket.error = sys_err;
return NXT_ERROR;
}
Reference in a new issue View git blame Copy permalink