Mercurial > hg > nginx-vendor-0-5
comparison src/event/ngx_event_openssl.c @ 332:2eea67ed0bc2 NGINX_0_5_36
nginx 0.5.36
*) Bugfix: the "sub_filter" directive might set text to change into
output.
*) Bugfix: a segmentation fault occurred in worker process, if empty
stub block was used second time in SSI.
*) Bugfix: the "proxy_store" and "fastcgi_store" directives did not
check a response length.
*) Bugfix: nginx issued the bogus error message "SSL_shutdown() failed
(SSL: )"; bug appeared in 0.5.35.
*) Bugfix: in HTTPS mode requests might fail with the "bad write retry"
error; bug appeared in 0.5.35.
*) Bugfix: the "fastcgi_catch_stderr" directive did return error code;
now it returns 502 code, that can be rerouted to a next server using
the "fastcgi_next_upstream invalid_header" directive.
*) Bugfix: a segmentation fault occurred in master process if the
"fastcgi_catch_stderr" directive was used; bug appeared in
0.5.32.
Thanks to Manlio Perillo.
| author | Igor Sysoev <http://sysoev.ru> |
|---|---|
| date | Sun, 04 May 2008 00:00:00 +0400 |
| parents | c60beecc6ab5 |
| children |
comparison
equal
deleted
inserted
replaced
| 331:27fb10cee3fd | 332:2eea67ed0bc2 |
|---|---|
| 185 | 185 |
| 186 if (ngx_ssl_protocols[protocols >> 1] != 0) { | 186 if (ngx_ssl_protocols[protocols >> 1] != 0) { |
| 187 SSL_CTX_set_options(ssl->ctx, ngx_ssl_protocols[protocols >> 1]); | 187 SSL_CTX_set_options(ssl->ctx, ngx_ssl_protocols[protocols >> 1]); |
| 188 } | 188 } |
| 189 | 189 |
| 190 /* | |
| 191 * we need this option because in ngx_ssl_send_chain() | |
| 192 * we may switch to a buffered write and may copy leftover part of | |
| 193 * previously unbuffered data to our internal buffer | |
| 194 */ | |
| 195 SSL_CTX_set_mode(ssl->ctx, SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER); | |
| 196 | |
| 190 SSL_CTX_set_read_ahead(ssl->ctx, 1); | 197 SSL_CTX_set_read_ahead(ssl->ctx, 1); |
| 191 | 198 |
| 192 return NGX_OK; | 199 return NGX_OK; |
| 193 } | 200 } |
| 194 | 201 |
| 998 | 1005 |
| 999 sslerr = 0; | 1006 sslerr = 0; |
| 1000 | 1007 |
| 1001 /* SSL_shutdown() never return -1, on error it return 0 */ | 1008 /* SSL_shutdown() never return -1, on error it return 0 */ |
| 1002 | 1009 |
| 1003 if (n != 1) { | 1010 if (n != 1 && ERR_peek_error()) { |
| 1004 sslerr = SSL_get_error(c->ssl->connection, n); | 1011 sslerr = SSL_get_error(c->ssl->connection, n); |
| 1005 | 1012 |
| 1006 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, | 1013 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, |
| 1007 "SSL_get_error: %d", sslerr); | 1014 "SSL_get_error: %d", sslerr); |
| 1008 } | 1015 } |
| 1009 | 1016 |
| 1010 if (n == 1 | 1017 if (n == 1 || sslerr == 0 || sslerr == SSL_ERROR_ZERO_RETURN) { |
| 1011 || sslerr == SSL_ERROR_ZERO_RETURN | |
| 1012 || (sslerr == 0 && c->timedout)) | |
| 1013 { | |
| 1014 SSL_free(c->ssl->connection); | 1018 SSL_free(c->ssl->connection); |
| 1015 c->ssl = NULL; | 1019 c->ssl = NULL; |
| 1016 | 1020 |
| 1017 return NGX_OK; | 1021 return NGX_OK; |
| 1018 } | 1022 } |
| 1111 | 1115 |
| 1112 | 1116 |
| 1113 static void | 1117 static void |
| 1114 ngx_ssl_clear_error(ngx_log_t *log) | 1118 ngx_ssl_clear_error(ngx_log_t *log) |
| 1115 { | 1119 { |
| 1116 if (ERR_peek_error()) { | 1120 while (ERR_peek_error()) { |
| 1117 ngx_ssl_error(NGX_LOG_ALERT, log, 0, "ignoring stale global SSL error"); | 1121 ngx_ssl_error(NGX_LOG_ALERT, log, 0, "ignoring stale global SSL error"); |
| 1118 } | 1122 } |
| 1123 | |
| 1124 ERR_clear_error(); | |
| 1119 } | 1125 } |
| 1120 | 1126 |
| 1121 | 1127 |
| 1122 void ngx_cdecl | 1128 void ngx_cdecl |
| 1123 ngx_ssl_error(ngx_uint_t level, ngx_log_t *log, ngx_err_t err, char *fmt, ...) | 1129 ngx_ssl_error(ngx_uint_t level, ngx_log_t *log, ngx_err_t err, char *fmt, ...) |
| 1124 { | 1130 { |
| 1125 u_long n; | 1131 u_long n; |
| 1126 va_list args; | 1132 va_list args; |
| 1127 u_char errstr[NGX_MAX_CONF_ERRSTR], *p, *last; | 1133 u_char *p, *last; |
| 1134 u_char errstr[NGX_MAX_CONF_ERRSTR]; | |
| 1128 | 1135 |
| 1129 last = errstr + NGX_MAX_CONF_ERRSTR; | 1136 last = errstr + NGX_MAX_CONF_ERRSTR; |
| 1130 | 1137 |
| 1131 va_start(args, fmt); | 1138 va_start(args, fmt); |
| 1132 p = ngx_vsnprintf(errstr, sizeof(errstr) - 1, fmt, args); | 1139 p = ngx_vsnprintf(errstr, sizeof(errstr) - 1, fmt, args); |
| 1133 va_end(args); | 1140 va_end(args); |
| 1134 | 1141 |
| 1135 p = ngx_cpystrn(p, (u_char *) " (SSL:", last - p); | 1142 p = ngx_cpystrn(p, (u_char *) " (SSL:", last - p); |
| 1136 | 1143 |
| 1137 while (p < last) { | 1144 for ( ;; ) { |
| 1138 | 1145 |
| 1139 n = ERR_get_error(); | 1146 n = ERR_get_error(); |
| 1140 | 1147 |
| 1141 if (n == 0) { | 1148 if (n == 0) { |
| 1142 break; | 1149 break; |
| 1150 } | |
| 1151 | |
| 1152 if (p >= last) { | |
| 1153 continue; | |
| 1143 } | 1154 } |
| 1144 | 1155 |
| 1145 *p++ = ' '; | 1156 *p++ = ' '; |
| 1146 | 1157 |
| 1147 ERR_error_string_n(n, (char *) p, last - p); | 1158 ERR_error_string_n(n, (char *) p, last - p); |