last modified time | relevance | path

Searched hist:2090 (Results 1 – 1 of 1) sorted by relevance

H A Dnxt_openssl.cdiff 2090:e6102bb58d1d Wed May 11 20:04:00 UTC 2022 Sergey Kandaurov <pluknet@nginx.com> Using SSL_OP_IGNORE_UNEXPECTED_EOF.

A new behaviour was introduced in OpenSSL 1.1.1e, when a peer does not send
close_notify before closing the connection. Previously, it was to return
SSL_ERROR_SYSCALL with errno 0, known since at least OpenSSL 0.9.7, and is
handled gracefully in unitd. Now it returns SSL_ERROR_SSL with a distinct
reason SSL_R_UNEXPECTED_EOF_WHILE_READING ("unexpected eof while reading").
This leads to critical errors seen in nginx within various routines such as
SSL_do_handshake(), SSL_read(), SSL_shutdown(). The behaviour was restored
in OpenSSL 1.1.1f, but presents in OpenSSL 3.0 by default.

Use of the SSL_OP_IGNORE_UNEXPECTED_EOF option added in OpenSSL 3.0 allows
setting a compatible behaviour to return SSL_ERROR_ZERO_RETURN:

See for additional details: https://github.com/openssl/openssl/issues/11381