Mercurial > hg > nginx-vendor-0-5
diff src/event/ngx_event_openssl.c @ 332:2eea67ed0bc2 NGINX_0_5_36
nginx 0.5.36
*) Bugfix: the "sub_filter" directive might set text to change into
output.
*) Bugfix: a segmentation fault occurred in worker process, if empty
stub block was used second time in SSI.
*) Bugfix: the "proxy_store" and "fastcgi_store" directives did not
check a response length.
*) Bugfix: nginx issued the bogus error message "SSL_shutdown() failed
(SSL: )"; bug appeared in 0.5.35.
*) Bugfix: in HTTPS mode requests might fail with the "bad write retry"
error; bug appeared in 0.5.35.
*) Bugfix: the "fastcgi_catch_stderr" directive did return error code;
now it returns 502 code, that can be rerouted to a next server using
the "fastcgi_next_upstream invalid_header" directive.
*) Bugfix: a segmentation fault occurred in master process if the
"fastcgi_catch_stderr" directive was used; bug appeared in
0.5.32.
Thanks to Manlio Perillo.
author | Igor Sysoev <http://sysoev.ru> |
---|---|
date | Sun, 04 May 2008 00:00:00 +0400 |
parents | c60beecc6ab5 |
children |
line wrap: on
line diff
--- a/src/event/ngx_event_openssl.c +++ b/src/event/ngx_event_openssl.c @@ -187,6 +187,13 @@ ngx_ssl_create(ngx_ssl_t *ssl, ngx_uint_ SSL_CTX_set_options(ssl->ctx, ngx_ssl_protocols[protocols >> 1]); } + /* + * we need this option because in ngx_ssl_send_chain() + * we may switch to a buffered write and may copy leftover part of + * previously unbuffered data to our internal buffer + */ + SSL_CTX_set_mode(ssl->ctx, SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER); + SSL_CTX_set_read_ahead(ssl->ctx, 1); return NGX_OK; @@ -1000,17 +1007,14 @@ ngx_ssl_shutdown(ngx_connection_t *c) /* SSL_shutdown() never return -1, on error it return 0 */ - if (n != 1) { + if (n != 1 && ERR_peek_error()) { sslerr = SSL_get_error(c->ssl->connection, n); ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL_get_error: %d", sslerr); } - if (n == 1 - || sslerr == SSL_ERROR_ZERO_RETURN - || (sslerr == 0 && c->timedout)) - { + if (n == 1 || sslerr == 0 || sslerr == SSL_ERROR_ZERO_RETURN) { SSL_free(c->ssl->connection); c->ssl = NULL; @@ -1113,18 +1117,21 @@ ngx_ssl_connection_error(ngx_connection_ static void ngx_ssl_clear_error(ngx_log_t *log) { - if (ERR_peek_error()) { + while (ERR_peek_error()) { ngx_ssl_error(NGX_LOG_ALERT, log, 0, "ignoring stale global SSL error"); } + + ERR_clear_error(); } void ngx_cdecl ngx_ssl_error(ngx_uint_t level, ngx_log_t *log, ngx_err_t err, char *fmt, ...) { - u_long n; - va_list args; - u_char errstr[NGX_MAX_CONF_ERRSTR], *p, *last; + u_long n; + va_list args; + u_char *p, *last; + u_char errstr[NGX_MAX_CONF_ERRSTR]; last = errstr + NGX_MAX_CONF_ERRSTR; @@ -1134,7 +1141,7 @@ ngx_ssl_error(ngx_uint_t level, ngx_log_ p = ngx_cpystrn(p, (u_char *) " (SSL:", last - p); - while (p < last) { + for ( ;; ) { n = ERR_get_error(); @@ -1142,6 +1149,10 @@ ngx_ssl_error(ngx_uint_t level, ngx_log_ break; } + if (p >= last) { + continue; + } + *p++ = ' '; ERR_error_string_n(n, (char *) p, last - p);