Changeset b429e4c in mod_gnutls for src/mod_gnutls.c

Timestamp:
Feb 3, 2015, 6:31:46 AM (5 years ago)
Author:
Thomas Klute <thomas2.klute@…>
Branches:
debian/master, debian/stretch-backports, jessie-backports, master, upstream
Children:
b324906
Parents:
d7a8286
git-author:
Thomas Klute <thomas2.klute@…> (02/03/15 05:46:50)
git-committer:
Thomas Klute <thomas2.klute@…> (02/03/15 06:31:46)
Message:

Cleanup handler for proxy TLS connections

When handling client connections, the TLS connection is closed when the
the data source announces "end of connection" with an EOC bucket in the
output bucket brigade. For proxy back end connections there is no such
mechanism.

This commit adds a pre cleanup hook to the connection memory pool of
proxy back end connections, which will try to close the TLS connection
and then deinit the GnuTLS session.

Note that mod_proxy might not close connections immediately, so there is
no guarantee as to when exactly the cleanup will happen. This means that
the TLS session termination might be too late to be meaningful to the
peer, but either way the GnuTLS session structure will be deinitialized
properly. If you need to ensure that connections are closed immediately,
you might want to look at the "proxy-nokeepalive" environment variable
for mod_proxy_http.

(No files)

Note: See TracChangeset for help on using the changeset viewer.