MINOR: ssl: Make sure we don't shutw the connection before the handshake.
Instead of trying to finish the handshake in ssl_sock_shutw, which may
fail, try not to shutdown until the handshake is finished.
diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index c652d0a..d197796 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -5655,13 +5655,6 @@
*/
static void ssl_sock_shutw(struct connection *conn, int clean)
{
- /* If we're done with the connection before we did the handshake
- * force the handshake anyway, so that the session is in a consistent
- * state
- */
- if (conn->flags & CO_FL_EARLY_SSL_HS)
- SSL_do_handshake(conn->xprt_ctx);
-
if (conn->flags & CO_FL_HANDSHAKE)
return;
if (!clean)
diff --git a/src/stream_interface.c b/src/stream_interface.c
index 4ac2320..02c3be1 100644
--- a/src/stream_interface.c
+++ b/src/stream_interface.c
@@ -458,8 +458,10 @@
/* process consumer side */
if (channel_is_empty(oc)) {
+ struct connection *conn = objt_cs(si->end) ? objt_cs(si->end)->conn : NULL;
+
if (((oc->flags & (CF_SHUTW|CF_SHUTW_NOW)) == CF_SHUTW_NOW) &&
- (si->state == SI_ST_EST))
+ (si->state == SI_ST_EST) && (!conn || !(conn->flags & (CO_FL_HANDSHAKE | CO_FL_EARLY_SSL_HS))))
si_shutw(si);
oc->wex = TICK_ETERNITY;
}