Mercurial > hg > nginx-vendor-0-5
comparison src/event/ngx_event_openssl.c @ 330:c60beecc6ab5 NGINX_0_5_35
nginx 0.5.35
*) Change: now the ngx_http_userid_module adds start time microseconds
to the cookie field contains a pid value.
*) Change: now the uname(2) is used on Linux instead of procfs.
Thanks to Ilya Novikov.
*) Feature: the "If-Range" request header line support.
Thanks to Alexander V. Inyukhin.
*) Bugfix: in HTTPS mode requests might fail with the "bad write retry"
error; bug appeared in 0.5.13.
*) Bugfix: the STARTTLS in SMTP mode did not work.
Thanks to Oleg Motienko.
*) Bugfix: large_client_header_buffers did not freed before going to
keep-alive state.
Thanks to Olexander Shtepa.
*) Bugfix: the "limit_rate" directive did not allow to use full
throughput, even if limit value was very high.
*) Bugfix: the $status variable was equal to 0 if a proxied server
returned response in HTTP/0.9 version.
*) Bugfix: if the "?" character was in a "error_page" directive, then
it was escaped in a proxied request; bug appeared in 0.5.32.
author | Igor Sysoev <http://sysoev.ru> |
---|---|
date | Tue, 08 Jan 2008 00:00:00 +0300 |
parents | f70f2f565fe0 |
children | 2eea67ed0bc2 |
comparison
equal
deleted
inserted
replaced
329:d792b2cd78fe | 330:c60beecc6ab5 |
---|---|
20 static void ngx_ssl_write_handler(ngx_event_t *wev); | 20 static void ngx_ssl_write_handler(ngx_event_t *wev); |
21 static void ngx_ssl_read_handler(ngx_event_t *rev); | 21 static void ngx_ssl_read_handler(ngx_event_t *rev); |
22 static void ngx_ssl_shutdown_handler(ngx_event_t *ev); | 22 static void ngx_ssl_shutdown_handler(ngx_event_t *ev); |
23 static void ngx_ssl_connection_error(ngx_connection_t *c, int sslerr, | 23 static void ngx_ssl_connection_error(ngx_connection_t *c, int sslerr, |
24 ngx_err_t err, char *text); | 24 ngx_err_t err, char *text); |
25 static void ngx_ssl_clear_error(ngx_log_t *log); | |
25 | 26 |
26 static ngx_int_t ngx_ssl_session_cache_init(ngx_shm_zone_t *shm_zone, | 27 static ngx_int_t ngx_ssl_session_cache_init(ngx_shm_zone_t *shm_zone, |
27 void *data); | 28 void *data); |
28 static int ngx_ssl_new_session(ngx_ssl_conn_t *ssl_conn, | 29 static int ngx_ssl_new_session(ngx_ssl_conn_t *ssl_conn, |
29 ngx_ssl_session_t *sess); | 30 ngx_ssl_session_t *sess); |
184 | 185 |
185 if (ngx_ssl_protocols[protocols >> 1] != 0) { | 186 if (ngx_ssl_protocols[protocols >> 1] != 0) { |
186 SSL_CTX_set_options(ssl->ctx, ngx_ssl_protocols[protocols >> 1]); | 187 SSL_CTX_set_options(ssl->ctx, ngx_ssl_protocols[protocols >> 1]); |
187 } | 188 } |
188 | 189 |
189 SSL_CTX_set_mode(ssl->ctx, SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER); | |
190 | |
191 SSL_CTX_set_read_ahead(ssl->ctx, 1); | 190 SSL_CTX_set_read_ahead(ssl->ctx, 1); |
192 | 191 |
193 return NGX_OK; | 192 return NGX_OK; |
194 } | 193 } |
195 | 194 |
402 ngx_ssl_handshake(ngx_connection_t *c) | 401 ngx_ssl_handshake(ngx_connection_t *c) |
403 { | 402 { |
404 int n, sslerr; | 403 int n, sslerr; |
405 ngx_err_t err; | 404 ngx_err_t err; |
406 | 405 |
406 ngx_ssl_clear_error(c->log); | |
407 | |
407 n = SSL_do_handshake(c->ssl->connection); | 408 n = SSL_do_handshake(c->ssl->connection); |
408 | 409 |
409 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL_do_handshake: %d", n); | 410 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL_do_handshake: %d", n); |
410 | 411 |
411 if (n == 1) { | 412 if (n == 1) { |
599 if (c->ssl->last == NGX_DONE) { | 600 if (c->ssl->last == NGX_DONE) { |
600 return 0; | 601 return 0; |
601 } | 602 } |
602 | 603 |
603 bytes = 0; | 604 bytes = 0; |
605 | |
606 ngx_ssl_clear_error(c->log); | |
604 | 607 |
605 /* | 608 /* |
606 * SSL_read() may return data in parts, so try to read | 609 * SSL_read() may return data in parts, so try to read |
607 * until SSL_read() would return no data | 610 * until SSL_read() would return no data |
608 */ | 611 */ |
880 ngx_ssl_write(ngx_connection_t *c, u_char *data, size_t size) | 883 ngx_ssl_write(ngx_connection_t *c, u_char *data, size_t size) |
881 { | 884 { |
882 int n, sslerr; | 885 int n, sslerr; |
883 ngx_err_t err; | 886 ngx_err_t err; |
884 | 887 |
888 ngx_ssl_clear_error(c->log); | |
889 | |
885 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL to write: %d", size); | 890 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL to write: %d", size); |
886 | 891 |
887 n = SSL_write(c->ssl->connection, data, size); | 892 n = SSL_write(c->ssl->connection, data, size); |
888 | 893 |
889 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL_write: %d", n); | 894 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL_write: %d", n); |
963 | 968 |
964 | 969 |
965 ngx_int_t | 970 ngx_int_t |
966 ngx_ssl_shutdown(ngx_connection_t *c) | 971 ngx_ssl_shutdown(ngx_connection_t *c) |
967 { | 972 { |
968 int n, sslerr, mode; | 973 int n, sslerr, mode; |
969 ngx_err_t err; | 974 ngx_err_t err; |
970 ngx_uint_t again; | |
971 | 975 |
972 if (c->timedout) { | 976 if (c->timedout) { |
973 mode = SSL_RECEIVED_SHUTDOWN|SSL_SENT_SHUTDOWN; | 977 mode = SSL_RECEIVED_SHUTDOWN|SSL_SENT_SHUTDOWN; |
974 | 978 |
975 } else { | 979 } else { |
984 } | 988 } |
985 } | 989 } |
986 | 990 |
987 SSL_set_shutdown(c->ssl->connection, mode); | 991 SSL_set_shutdown(c->ssl->connection, mode); |
988 | 992 |
989 again = 0; | 993 ngx_ssl_clear_error(c->log); |
994 | |
995 n = SSL_shutdown(c->ssl->connection); | |
996 | |
997 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL_shutdown: %d", n); | |
998 | |
990 sslerr = 0; | 999 sslerr = 0; |
991 | 1000 |
992 for ( ;; ) { | 1001 /* SSL_shutdown() never return -1, on error it return 0 */ |
993 n = SSL_shutdown(c->ssl->connection); | 1002 |
994 | 1003 if (n != 1) { |
995 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL_shutdown: %d", n); | |
996 | |
997 if (n == 1 || (n == 0 && c->timedout)) { | |
998 SSL_free(c->ssl->connection); | |
999 c->ssl = NULL; | |
1000 | |
1001 return NGX_OK; | |
1002 } | |
1003 | |
1004 if (n == 0) { | |
1005 again = 1; | |
1006 break; | |
1007 } | |
1008 | |
1009 break; | |
1010 } | |
1011 | |
1012 if (!again) { | |
1013 sslerr = SSL_get_error(c->ssl->connection, n); | 1004 sslerr = SSL_get_error(c->ssl->connection, n); |
1014 | 1005 |
1015 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, | 1006 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, |
1016 "SSL_get_error: %d", sslerr); | 1007 "SSL_get_error: %d", sslerr); |
1017 } | 1008 } |
1018 | 1009 |
1019 if (again | 1010 if (n == 1 |
1020 || sslerr == SSL_ERROR_WANT_READ | 1011 || sslerr == SSL_ERROR_ZERO_RETURN |
1021 || sslerr == SSL_ERROR_WANT_WRITE) | 1012 || (sslerr == 0 && c->timedout)) |
1022 { | 1013 { |
1014 SSL_free(c->ssl->connection); | |
1015 c->ssl = NULL; | |
1016 | |
1017 return NGX_OK; | |
1018 } | |
1019 | |
1020 if (sslerr == SSL_ERROR_WANT_READ || sslerr == SSL_ERROR_WANT_WRITE) { | |
1023 c->read->handler = ngx_ssl_shutdown_handler; | 1021 c->read->handler = ngx_ssl_shutdown_handler; |
1024 c->write->handler = ngx_ssl_shutdown_handler; | 1022 c->write->handler = ngx_ssl_shutdown_handler; |
1025 | 1023 |
1026 if (ngx_handle_read_event(c->read, 0) == NGX_ERROR) { | 1024 if (ngx_handle_read_event(c->read, 0) == NGX_ERROR) { |
1027 return NGX_ERROR; | 1025 return NGX_ERROR; |
1029 | 1027 |
1030 if (ngx_handle_write_event(c->write, 0) == NGX_ERROR) { | 1028 if (ngx_handle_write_event(c->write, 0) == NGX_ERROR) { |
1031 return NGX_ERROR; | 1029 return NGX_ERROR; |
1032 } | 1030 } |
1033 | 1031 |
1034 if (again || sslerr == SSL_ERROR_WANT_READ) { | 1032 if (sslerr == SSL_ERROR_WANT_READ) { |
1035 ngx_add_timer(c->read, 30000); | 1033 ngx_add_timer(c->read, 30000); |
1036 } | 1034 } |
1037 | 1035 |
1038 return NGX_AGAIN; | 1036 return NGX_AGAIN; |
1039 } | 1037 } |
1107 } | 1105 } |
1108 } | 1106 } |
1109 } | 1107 } |
1110 | 1108 |
1111 ngx_ssl_error(level, c->log, err, text); | 1109 ngx_ssl_error(level, c->log, err, text); |
1110 } | |
1111 | |
1112 | |
1113 static void | |
1114 ngx_ssl_clear_error(ngx_log_t *log) | |
1115 { | |
1116 if (ERR_peek_error()) { | |
1117 ngx_ssl_error(NGX_LOG_ALERT, log, 0, "ignoring stale global SSL error"); | |
1118 } | |
1112 } | 1119 } |
1113 | 1120 |
1114 | 1121 |
1115 void ngx_cdecl | 1122 void ngx_cdecl |
1116 ngx_ssl_error(ngx_uint_t level, ngx_log_t *log, ngx_err_t err, char *fmt, ...) | 1123 ngx_ssl_error(ngx_uint_t level, ngx_log_t *log, ngx_err_t err, char *fmt, ...) |