I am testing 0.5.35 as a replacement for my perdition IMAP/POP3
proxies. I fed a bit of real traffic to nginx today and within a
few seconds I see SSL_shutdown errors in the logs. Nothing in
testing produced that error but it is 100% repeatable. It looks
to me to be a bogus error message.
FreeBSD 4.11 and openssl 0.9.8g.
openssl s_client -connect localhost:995
+OK POP3 ready
quit
+OK
closed
2008/01/17 19:08:51 [debug] 75716#0: *1 malloc: 080D4F00:256
2008/01/17 19:08:51 [debug] 75716#0: *1 pop3 auth state
2008/01/17 19:08:51 [debug] 75716#0: *1 SSL_read: 5
2008/01/17 19:08:51 [debug] 75716#0: *1 SSL_read: -1
2008/01/17 19:08:51 [debug] 75716#0: *1 SSL_get_error: 2
2008/01/17 19:08:51 [debug] 75716#0: *1 SSL to write: 5
2008/01/17 19:08:51 [debug] 75716#0: *1 SSL_write: 5
2008/01/17 19:08:51 [debug] 75716#0: *1 close mail connection: 12
2008/01/17 19:08:51 [debug] 75716#0: *1 SSL_shutdown: 0
2008/01/17 19:08:51 [debug] 75716#0: *1 SSL_get_error: 5
2008/01/17 19:08:51 [crit] 75716#0: *1 SSL_shutdown() failed (SSL:)
while in auth state, client: 127.0.0.1, server: 127.0.0.1:995
SSL_set_shutdown() is called with mode == 0. n == 5 after
SSL_get_error()
as is sslerr logged above. ngx_errno (errno) == 0.
It seems like this is a non error condition. I’m silencing the
message with this bit of code in ngx_ssl_shutdown():1039
err = (sslerr == SSL_ERROR_SYSCALL) ? ngx_errno : 0;
if (err == 0)
{
SSL_free(c->ssl->connection);
c->ssl = NULL;
return NGX_OK;
}
IMAP/POP3 starttls and pure SSL sessions work just fine. That’s
what makes me think this is a bogus message. Could this error be
the symptom of a problem elsewhere?
