------------------------------------------------------------ revno: 13845 revision-id: squid3@treenet.co.nz-20150605234122-cc64o3mlr8qqk1f5 parent: squid3@treenet.co.nz-20150605233834-v3wmgui9ue5kubzg author: Christos Tsantilas committer: Amos Jeffries branch nick: 3.5 timestamp: Fri 2015-06-05 16:41:22 -0700 message: Fix assertion comm.cc:759: "Comm::IsConnOpen(conn)" in ConnStateData::getSslContextDone This is an ssertion inside ConnStateData::getSslContextDone while setting timeout. The reason is that the ConnStateData::clientConnection may closed while waiting response from ssl_crtd helper. This is a Measurement Factory project ------------------------------------------------------------ # Bazaar merge directive format 2 (Bazaar 0.90) # revision_id: squid3@treenet.co.nz-20150605234122-cc64o3mlr8qqk1f5 # target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 # testament_sha1: 6ea69b09ae60aa051d94d820b8c70d3fa3a6c7d6 # timestamp: 2015-06-05 23:51:02 +0000 # source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 # base_revision_id: squid3@treenet.co.nz-20150605233834-\ # v3wmgui9ue5kubzg # # Begin patch === modified file 'src/client_side.cc' --- src/client_side.cc 2015-06-05 23:22:22 +0000 +++ src/client_side.cc 2015-06-05 23:41:22 +0000 @@ -3947,6 +3947,11 @@ void ConnStateData::sslCrtdHandleReply(const Helper::Reply &reply) { + if (!isOpen()) { + debugs(33, 3, "Connection gone while waiting for ssl_crtd helper reply; helper reply:" << reply); + return; + } + if (reply.result == Helper::BrokenHelper) { debugs(33, 5, HERE << "Certificate for " << sslConnectHostOrIp << " cannot be generated. ssl_crtd response: " << reply); } else if (!reply.other().hasContent()) { === modified file 'src/ssl/support.cc' --- src/ssl/support.cc 2015-05-01 06:53:07 +0000 +++ src/ssl/support.cc 2015-06-05 23:41:22 +0000 @@ -1804,6 +1804,11 @@ SSL * SslCreate(SSL_CTX *sslContext, const int fd, Ssl::Bio::Type type, const char *squidCtx) { + if (fd < 0) { + debugs(83, DBG_IMPORTANT, "Gone connection"); + return NULL; + } + const char *errAction = NULL; int errCode = 0; if (SSL *ssl = SSL_new(sslContext)) {