From 2fb11dffaedc5af66b1442b0315c54a4b9da585d Mon Sep 17 00:00:00 2001
From: Roman Arutyunyan <arutyunyan.roman@gmail.com>
Date: Wed, 3 Apr 2024 11:24:47 +0400
Subject: [PATCH] SSL shutdown for rtmps.

While rtmp module does not support SSL, starting from nginx 1.25.5 an SSL
connection can be passed from nginx stream pass module.  Such connections
should be shut down on connection closure.

An rtmps example:

rtmp {
    server {
        listen 1935; # rtmp
        application foo {
            live on;
        }
    }
}

stream {
    server {
        listen 1936 ssl; # rtmps
        ssl_certificate example.com.crt;
        ssl_certificate_key example.com.key;
        pass 127.0.0.1:1935;
    }
}
---
 ngx_rtmp_init.c | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/ngx_rtmp_init.c b/ngx_rtmp_init.c
index 3f54169..459406d 100644
--- a/ngx_rtmp_init.c
+++ b/ngx_rtmp_init.c
@@ -258,6 +258,17 @@ ngx_rtmp_close_connection(ngx_connection_t *c)
 
     ngx_log_debug0(NGX_LOG_DEBUG_RTMP, c->log, 0, "close connection");
 
+#if (NGX_SSL)
+
+    if (c->ssl) {
+        if (ngx_ssl_shutdown(c) == NGX_AGAIN) {
+            c->ssl->handler = ngx_rtmp_close_connection;
+            return;
+        }
+    }
+
+#endif
+
 #if (NGX_STAT_STUB)
     (void) ngx_atomic_fetch_add(ngx_stat_active, -1);
 #endif