@abh3 commented on this pull request.
OK, this will work but it does slow the connection turnaround because it tries to do a bidirectional shutdown which I don't think is needed. So, while not technically wrong there is a possible improvement and I leave it up to you to decide which way to go.
In src/XrdHttp/XrdHttpProtocol.cc:
> @@ -1759,10 +1759,17 @@ void XrdHttpProtocol::Cleanup() { if (ssl) { - - if (SSL_shutdown(ssl) != 1) { - TRACE(ALL, " SSL_shutdown failed"); - ERR_print_errors(sslbio_err); + int ret = SSL_shutdown(ssl); + if (ret != 1) { + if(ret == 0) { + //https://www.openssl.org/docs/man1.0.2/man3/SSL_shutdown.html + //Call again SSL_shutdown + ret = SSL_shutdown(ssl);
So, tell me why we need a bidirectional shutdown here. From the same documentation "If a unidirectional shutdown is enough (the underlying connection shall be closed anyway), this first call to SSL_shutdown() is sufficient." I think the actual problem was that the original code insisted that the return value be one when in fact 1 or 0 was good enough and only -1 should have reported an error. However, a zero return should clear the error stack as a misleading error may have been placed on the stack. Agree?
—
Reply to this email directly, view it on GitHub, or unsubscribe.
You are receiving this because you are subscribed to this thread.
Use REPLY-ALL to reply to list
To unsubscribe from the XROOTD-DEV list, click the following link:
https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-DEV&A=1