Hello! On Fri, Mar 20, 2020 at 10:41:32AM +0300, Sergey Kandaurov wrote:
> > > On 18 Mar 2020, at 14:17, itpp2012 <nginx-fo...@forum.nginx.org> wrote: > > > > Logging getting swamped with: > > > > [crit] 1808#2740: *20747 SSL_read() failed (SSL: error:14095126:SSL > > routines:ssl3_read_n:unexpected eof while reading) while keepalive > > > > Related to: https://github.com/openssl/openssl/issues/10880 > > and this commit: > > https://github.com/openssl/openssl/commit/db943f43a60d1b5b1277e4b5317e8f288e7a0a3a > > > > Question: does this need to resolved in openssl or nginx ? > > So, they deliberately changed existing behaviour, known since > at least OpenSSL 0.9.7, in the stable branch which should not > be targeted (per their words) for introducing behaviour changes. > That is unfortunate and beyond explanation. > > To simply shut up the crit, this would require such an ugly hack. > > diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c > --- a/src/event/ngx_event_openssl.c > +++ b/src/event/ngx_event_openssl.c > @@ -2301,7 +2301,13 @@ ngx_ssl_handle_recv(ngx_connection_t *c, > c->ssl->no_wait_shutdown = 1; > c->ssl->no_send_shutdown = 1; > > - if (sslerr == SSL_ERROR_ZERO_RETURN || ERR_peek_error() == 0) { > + if (sslerr == SSL_ERROR_ZERO_RETURN || ERR_peek_error() == 0 > +#ifdef SSL_R_UNEXPECTED_EOF_WHILE_READING > + || (sslerr == SSL_ERROR_SSL && ERR_GET_REASON(ERR_peek_error()) > + == SSL_R_UNEXPECTED_EOF_WHILE_READING) > +#endif > + ) > + { > ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0, > "peer shutdown SSL cleanly"); > return NGX_DONE; I think a separate condition in an #ifdef might be preferred here, probably with better debug logging as well. -- Maxim Dounin http://mdounin.ru/ _______________________________________________ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
