Mercurial > hg > nginx-ranges
comparison src/event/ngx_event_openssl.c @ 88:e916a291e9aa NGINX_0_1_44
nginx 0.1.44
*) Feature: the IMAP/POP3 proxy supports SSL.
*) Feature: the "proxy_timeout" directive of the ngx_imap_proxy_module.
*) Feature: the "userid_mark" directive.
*) Feature: the $remote_user variable value is determined independently
of authorization use.
author | Igor Sysoev <http://sysoev.ru> |
---|---|
date | Tue, 06 Sep 2005 00:00:00 +0400 |
parents | 0790a8599248 |
children | 71c46860eb55 |
comparison
equal
deleted
inserted
replaced
87:5b7ec80c3c40 | 88:e916a291e9aa |
---|---|
11 #include <openssl/engine.h> | 11 #include <openssl/engine.h> |
12 | 12 |
13 | 13 |
14 static ngx_int_t ngx_ssl_handle_recv(ngx_connection_t *c, int n); | 14 static ngx_int_t ngx_ssl_handle_recv(ngx_connection_t *c, int n); |
15 static void ngx_ssl_write_handler(ngx_event_t *wev); | 15 static void ngx_ssl_write_handler(ngx_event_t *wev); |
16 static ssize_t ngx_ssl_write(ngx_connection_t *c, u_char *data, size_t size); | |
17 static void ngx_ssl_read_handler(ngx_event_t *rev); | 16 static void ngx_ssl_read_handler(ngx_event_t *rev); |
18 | 17 |
19 | 18 |
20 ngx_int_t | 19 ngx_int_t |
21 ngx_ssl_init(ngx_log_t *log) | 20 ngx_ssl_init(ngx_log_t *log) |
207 c->read->ready = 0; | 206 c->read->ready = 0; |
208 return NGX_AGAIN; | 207 return NGX_AGAIN; |
209 } | 208 } |
210 | 209 |
211 if (sslerr == SSL_ERROR_WANT_WRITE) { | 210 if (sslerr == SSL_ERROR_WANT_WRITE) { |
212 ngx_log_error(NGX_LOG_ALERT, c->log, err, | 211 |
213 "SSL wants to write%s", handshake); | 212 ngx_log_error(NGX_LOG_INFO, c->log, err, |
213 "client does SSL %shandshake", | |
214 SSL_is_init_finished(c->ssl->ssl) ? "re" : ""); | |
214 | 215 |
215 c->write->ready = 0; | 216 c->write->ready = 0; |
216 | 217 |
217 if (ngx_handle_write_event(c->write, 0) == NGX_ERROR) { | 218 if (ngx_handle_write_event(c->write, 0) == NGX_ERROR) { |
218 return NGX_ERROR; | 219 return NGX_ERROR; |
389 | 390 |
390 return in; | 391 return in; |
391 } | 392 } |
392 | 393 |
393 | 394 |
394 static ssize_t | 395 ssize_t |
395 ngx_ssl_write(ngx_connection_t *c, u_char *data, size_t size) | 396 ngx_ssl_write(ngx_connection_t *c, u_char *data, size_t size) |
396 { | 397 { |
397 int n, sslerr; | 398 int n, sslerr; |
398 ngx_err_t err; | 399 ngx_err_t err; |
399 char *handshake; | |
400 | 400 |
401 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL to write: %d", size); | 401 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL to write: %d", size); |
402 | 402 |
403 n = SSL_write(c->ssl->ssl, data, size); | 403 n = SSL_write(c->ssl->ssl, data, size); |
404 | 404 |
405 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL_write: %d", n); | 405 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL_write: %d", n); |
406 | 406 |
407 if (n > 0) { | 407 if (n > 0) { |
408 | |
409 #if (NGX_DEBUG) | |
410 | |
411 if (!c->ssl->handshaked && SSL_is_init_finished(c->ssl->ssl)) { | |
412 char buf[129], *s, *d; | |
413 SSL_CIPHER *cipher; | |
414 | |
415 c->ssl->handshaked = 1; | |
416 | |
417 cipher = SSL_get_current_cipher(c->ssl->ssl); | |
418 | |
419 if (cipher) { | |
420 SSL_CIPHER_description(cipher, &buf[1], 128); | |
421 | |
422 for (s = &buf[1], d = buf; *s; s++) { | |
423 if (*s == ' ' && *d == ' ') { | |
424 continue; | |
425 } | |
426 | |
427 if (*s == LF || *s == CR) { | |
428 continue; | |
429 } | |
430 | |
431 *++d = *s; | |
432 } | |
433 | |
434 if (*d != ' ') { | |
435 d++; | |
436 } | |
437 | |
438 *d = '\0'; | |
439 | |
440 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, | |
441 "SSL cipher: \"%s\"", &buf[1]); | |
442 } else { | |
443 ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0, | |
444 "SSL no shared ciphers"); | |
445 } | |
446 } | |
447 #endif | |
448 | |
408 if (c->ssl->saved_read_handler) { | 449 if (c->ssl->saved_read_handler) { |
409 | 450 |
410 c->read->handler = c->ssl->saved_read_handler; | 451 c->read->handler = c->ssl->saved_read_handler; |
411 c->ssl->saved_read_handler = NULL; | 452 c->ssl->saved_read_handler = NULL; |
412 c->read->ready = 1; | 453 c->read->ready = 1; |
438 return NGX_AGAIN; | 479 return NGX_AGAIN; |
439 } | 480 } |
440 | 481 |
441 if (sslerr == SSL_ERROR_WANT_READ) { | 482 if (sslerr == SSL_ERROR_WANT_READ) { |
442 | 483 |
443 if (!SSL_is_init_finished(c->ssl->ssl)) { | 484 ngx_log_error(NGX_LOG_INFO, c->log, err, |
444 handshake = " in SSL handshake"; | 485 "client does SSL %shandshake", |
445 | 486 SSL_is_init_finished(c->ssl->ssl) ? "re" : ""); |
446 } else { | |
447 handshake = ""; | |
448 } | |
449 | |
450 ngx_log_error(NGX_LOG_ALERT, c->log, err, | |
451 "SSL wants to read%s", handshake); | |
452 | 487 |
453 c->read->ready = 0; | 488 c->read->ready = 0; |
454 | 489 |
455 if (ngx_handle_read_event(c->read, 0) == NGX_ERROR) { | 490 if (ngx_handle_read_event(c->read, 0) == NGX_ERROR) { |
456 return NGX_ERROR; | 491 return NGX_ERROR; |