nginx-vendor-current: src/event/ngx_event

annotate src/event/ngx_event_openssl.c @ 196:8759b346e431 NGINX_0_3_45

nginx 0.3.45 *) Feature: the "ssl_verify_client", "ssl_verify_depth", and "ssl_client_certificate" directives. *) Change: the $request_method variable now returns the main request method. *) Change: the ° symbol codes were changed in koi-win conversion table. *) Feature: the euro и N symbols were added to koi-win conversion table. *) Bugfix: if nginx distributed the requests among several backends and some backend failed, then requests intended for this backend was directed to one live backend only instead of being distributed among the rest.

author	Igor Sysoev <http://sysoev.ru>
date	Sat, 06 May 2006 00:00:00 +0400
parents	73e8476f9142
children	559bc7ec214e

rev	line source
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	2 /*
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	3 * Copyright (C) Igor Sysoev
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	4 */
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	5
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	6
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	7 #include <ngx_config.h>
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	8 #include <ngx_core.h>
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	9 #include <ngx_event.h>
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	10
90 71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	11
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	12 typedef struct {
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	13 ngx_str_t engine;
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	14 } ngx_openssl_conf_t;
28 7ca9bdc82b3f nginx 0.1.14 Igor Sysoev <http://sysoev.ru> parents: 22 diff changeset	15
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	16
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	17 static void ngx_ssl_handshake_handler(ngx_event_t *ev);
38 2879cd3a40cb nginx 0.1.19 Igor Sysoev <http://sysoev.ru> parents: 28 diff changeset	18 static ngx_int_t ngx_ssl_handle_recv(ngx_connection_t *c, int n);
22 8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	19 static void ngx_ssl_write_handler(ngx_event_t *wev);
8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	20 static void ngx_ssl_read_handler(ngx_event_t *rev);
126 df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	21 static void ngx_ssl_shutdown_handler(ngx_event_t *ev);
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	22 static void ngx_ssl_connection_error(ngx_connection_t *c, int sslerr,
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	23 ngx_err_t err, char *text);
90 71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	24 static void ngx_openssl_create_conf(ngx_cycle_t cycle);
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	25 static char ngx_openssl_init_conf(ngx_cycle_t cycle, void *conf);
120 e85dca77c46a nginx 0.3.7 Igor Sysoev <http://sysoev.ru> parents: 112 diff changeset	26 static void ngx_openssl_exit(ngx_cycle_t *cycle);
90 71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	27
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	28 #if !(NGX_SSL_ENGINE)
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	29 static char ngx_openssl_noengine(ngx_conf_t cf, ngx_command_t *cmd,
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	30 void *conf);
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	31 #endif
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	32
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	33
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	34 static ngx_command_t ngx_openssl_commands[] = {
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	35
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	36 { ngx_string("ssl_engine"),
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	37 NGX_MAIN_CONF\|NGX_DIRECT_CONF\|NGX_CONF_TAKE1,
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	38 #if (NGX_SSL_ENGINE)
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	39 ngx_conf_set_str_slot,
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	40 #else
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	41 ngx_openssl_noengine,
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	42 #endif
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	43 0,
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	44 offsetof(ngx_openssl_conf_t, engine),
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	45 NULL },
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	46
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	47 ngx_null_command
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	48 };
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	49
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	50
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	51 static ngx_core_module_t ngx_openssl_module_ctx = {
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	52 ngx_string("openssl"),
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	53 ngx_openssl_create_conf,
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	54 ngx_openssl_init_conf
126 df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	55 };
90 71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	56
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	57
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	58 ngx_module_t ngx_openssl_module = {
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	59 NGX_MODULE_V1,
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	60 &ngx_openssl_module_ctx, /* module context */
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	61 ngx_openssl_commands, /* module directives */
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	62 NGX_CORE_MODULE, /* module type */
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	63 NULL, /* init master */
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	64 NULL, /* init module */
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	65 NULL, /* init process */
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	66 NULL, /* init thread */
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	67 NULL, /* exit thread */
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	68 NULL, /* exit process */
120 e85dca77c46a nginx 0.3.7 Igor Sysoev <http://sysoev.ru> parents: 112 diff changeset	69 ngx_openssl_exit, /* exit master */
90 71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	70 NGX_MODULE_V1_PADDING
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	71 };
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	72
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	73
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	74 static long ngx_ssl_protocols[] = {
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	75 SSL_OP_NO_SSLv2\|SSL_OP_NO_SSLv3\|SSL_OP_NO_TLSv1,
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	76 SSL_OP_NO_SSLv3\|SSL_OP_NO_TLSv1,
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	77 SSL_OP_NO_SSLv2\|SSL_OP_NO_TLSv1,
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	78 SSL_OP_NO_TLSv1,
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	79 SSL_OP_NO_SSLv2\|SSL_OP_NO_SSLv3,
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	80 SSL_OP_NO_SSLv3,
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	81 SSL_OP_NO_SSLv2,
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	82 0,
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	83 };
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	84
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	85
38 2879cd3a40cb nginx 0.1.19 Igor Sysoev <http://sysoev.ru> parents: 28 diff changeset	86 ngx_int_t
2879cd3a40cb nginx 0.1.19 Igor Sysoev <http://sysoev.ru> parents: 28 diff changeset	87 ngx_ssl_init(ngx_log_t *log)
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	88 {
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	89 SSL_library_init();
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	90 SSL_load_error_strings();
90 71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	91
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	92 #if (NGX_SSL_ENGINE)
28 7ca9bdc82b3f nginx 0.1.14 Igor Sysoev <http://sysoev.ru> parents: 22 diff changeset	93 ENGINE_load_builtin_engines();
90 71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	94 #endif
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	95
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	96 return NGX_OK;
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	97 }
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	98
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	99
38 2879cd3a40cb nginx 0.1.19 Igor Sysoev <http://sysoev.ru> parents: 28 diff changeset	100 ngx_int_t
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	101 ngx_ssl_create(ngx_ssl_t *ssl, ngx_uint_t protocols)
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	102 {
126 df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	103 ssl->ctx = SSL_CTX_new(SSLv23_method());
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	104
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	105 if (ssl->ctx == NULL) {
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	106 ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0, "SSL_CTX_new() failed");
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	107 return NGX_ERROR;
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	108 }
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	109
126 df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	110 /* client side options */
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	111
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	112 SSL_CTX_set_options(ssl->ctx, SSL_OP_MICROSOFT_SESS_ID_BUG);
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	113 SSL_CTX_set_options(ssl->ctx, SSL_OP_NETSCAPE_CHALLENGE_BUG);
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	114 SSL_CTX_set_options(ssl->ctx, SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG);
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	115
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	116 /* server side options */
112 408f195b3482 nginx 0.3.3 Igor Sysoev <http://sysoev.ru> parents: 108 diff changeset	117
408f195b3482 nginx 0.3.3 Igor Sysoev <http://sysoev.ru> parents: 108 diff changeset	118 SSL_CTX_set_options(ssl->ctx, SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG);
408f195b3482 nginx 0.3.3 Igor Sysoev <http://sysoev.ru> parents: 108 diff changeset	119 SSL_CTX_set_options(ssl->ctx, SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER);
408f195b3482 nginx 0.3.3 Igor Sysoev <http://sysoev.ru> parents: 108 diff changeset	120
408f195b3482 nginx 0.3.3 Igor Sysoev <http://sysoev.ru> parents: 108 diff changeset	121 /* this option allow a potential SSL 2.0 rollback (CAN-2005-2969) */
408f195b3482 nginx 0.3.3 Igor Sysoev <http://sysoev.ru> parents: 108 diff changeset	122 SSL_CTX_set_options(ssl->ctx, SSL_OP_MSIE_SSLV2_RSA_PADDING);
408f195b3482 nginx 0.3.3 Igor Sysoev <http://sysoev.ru> parents: 108 diff changeset	123
408f195b3482 nginx 0.3.3 Igor Sysoev <http://sysoev.ru> parents: 108 diff changeset	124 SSL_CTX_set_options(ssl->ctx, SSL_OP_SSLEAY_080_CLIENT_DH_BUG);
408f195b3482 nginx 0.3.3 Igor Sysoev <http://sysoev.ru> parents: 108 diff changeset	125 SSL_CTX_set_options(ssl->ctx, SSL_OP_TLS_D5_BUG);
408f195b3482 nginx 0.3.3 Igor Sysoev <http://sysoev.ru> parents: 108 diff changeset	126 SSL_CTX_set_options(ssl->ctx, SSL_OP_TLS_BLOCK_PADDING_BUG);
408f195b3482 nginx 0.3.3 Igor Sysoev <http://sysoev.ru> parents: 108 diff changeset	127
408f195b3482 nginx 0.3.3 Igor Sysoev <http://sysoev.ru> parents: 108 diff changeset	128 #ifdef SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS
408f195b3482 nginx 0.3.3 Igor Sysoev <http://sysoev.ru> parents: 108 diff changeset	129 SSL_CTX_set_options(ssl->ctx, SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS);
408f195b3482 nginx 0.3.3 Igor Sysoev <http://sysoev.ru> parents: 108 diff changeset	130 #endif
408f195b3482 nginx 0.3.3 Igor Sysoev <http://sysoev.ru> parents: 108 diff changeset	131
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	132
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	133 if (ngx_ssl_protocols[protocols >> 1] != 0) {
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	134 SSL_CTX_set_options(ssl->ctx, ngx_ssl_protocols[protocols >> 1]);
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	135 }
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	136
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	137 SSL_CTX_set_mode(ssl->ctx, SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER);
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	138
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	139 SSL_CTX_set_read_ahead(ssl->ctx, 1);
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	140
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	141 return NGX_OK;
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	142 }
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	143
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	144
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	145 ngx_int_t
112 408f195b3482 nginx 0.3.3 Igor Sysoev <http://sysoev.ru> parents: 108 diff changeset	146 ngx_ssl_certificate(ngx_conf_t cf, ngx_ssl_t ssl, ngx_str_t *cert,
408f195b3482 nginx 0.3.3 Igor Sysoev <http://sysoev.ru> parents: 108 diff changeset	147 ngx_str_t *key)
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	148 {
112 408f195b3482 nginx 0.3.3 Igor Sysoev <http://sysoev.ru> parents: 108 diff changeset	149 if (ngx_conf_full_name(cf->cycle, cert) == NGX_ERROR) {
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	150 return NGX_ERROR;
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	151 }
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	152
112 408f195b3482 nginx 0.3.3 Igor Sysoev <http://sysoev.ru> parents: 108 diff changeset	153 if (SSL_CTX_use_certificate_chain_file(ssl->ctx, (char *) cert->data)
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	154 == 0)
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	155 {
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	156 ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0,
112 408f195b3482 nginx 0.3.3 Igor Sysoev <http://sysoev.ru> parents: 108 diff changeset	157 "SSL_CTX_use_certificate_chain_file(\"%s\") failed",
408f195b3482 nginx 0.3.3 Igor Sysoev <http://sysoev.ru> parents: 108 diff changeset	158 cert->data);
408f195b3482 nginx 0.3.3 Igor Sysoev <http://sysoev.ru> parents: 108 diff changeset	159 return NGX_ERROR;
408f195b3482 nginx 0.3.3 Igor Sysoev <http://sysoev.ru> parents: 108 diff changeset	160 }
408f195b3482 nginx 0.3.3 Igor Sysoev <http://sysoev.ru> parents: 108 diff changeset	161
408f195b3482 nginx 0.3.3 Igor Sysoev <http://sysoev.ru> parents: 108 diff changeset	162 if (ngx_conf_full_name(cf->cycle, key) == NGX_ERROR) {
408f195b3482 nginx 0.3.3 Igor Sysoev <http://sysoev.ru> parents: 108 diff changeset	163 return NGX_ERROR;
408f195b3482 nginx 0.3.3 Igor Sysoev <http://sysoev.ru> parents: 108 diff changeset	164 }
408f195b3482 nginx 0.3.3 Igor Sysoev <http://sysoev.ru> parents: 108 diff changeset	165
408f195b3482 nginx 0.3.3 Igor Sysoev <http://sysoev.ru> parents: 108 diff changeset	166 if (SSL_CTX_use_PrivateKey_file(ssl->ctx, (char *) key->data,
196 8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	167 SSL_FILETYPE_PEM)
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	168 == 0)
112 408f195b3482 nginx 0.3.3 Igor Sysoev <http://sysoev.ru> parents: 108 diff changeset	169 {
408f195b3482 nginx 0.3.3 Igor Sysoev <http://sysoev.ru> parents: 108 diff changeset	170 ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0,
408f195b3482 nginx 0.3.3 Igor Sysoev <http://sysoev.ru> parents: 108 diff changeset	171 "SSL_CTX_use_PrivateKey_file(\"%s\") failed", key->data);
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	172 return NGX_ERROR;
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	173 }
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	174
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	175 return NGX_OK;
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	176 }
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	177
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	178
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	179 ngx_int_t
196 8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	180 ngx_ssl_client_certificate(ngx_conf_t cf, ngx_ssl_t ssl, ngx_str_t *cert)
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	181 {
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	182 if (ngx_conf_full_name(cf->cycle, cert) == NGX_ERROR) {
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	183 return NGX_ERROR;
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	184 }
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	185
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	186 if (SSL_CTX_load_verify_locations(ssl->ctx, (char *) cert->data, NULL)
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	187 == 0)
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	188 {
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	189 ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0,
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	190 "SSL_CTX_load_verify_locations(\"%s\") failed",
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	191 cert->data);
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	192 return NGX_ERROR;
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	193 }
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	194
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	195 return NGX_OK;
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	196 }
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	197
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	198
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	199 ngx_int_t
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	200 ngx_ssl_generate_rsa512_key(ngx_ssl_t *ssl)
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	201 {
108 cf3d6edb3ad6 nginx 0.3.1 Igor Sysoev <http://sysoev.ru> parents: 98 diff changeset	202 if (SSL_CTX_need_tmp_RSA(ssl->ctx) == 0) {
cf3d6edb3ad6 nginx 0.3.1 Igor Sysoev <http://sysoev.ru> parents: 98 diff changeset	203 return NGX_OK;
cf3d6edb3ad6 nginx 0.3.1 Igor Sysoev <http://sysoev.ru> parents: 98 diff changeset	204 }
cf3d6edb3ad6 nginx 0.3.1 Igor Sysoev <http://sysoev.ru> parents: 98 diff changeset	205
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	206 ssl->rsa512_key = RSA_generate_key(512, RSA_F4, NULL, NULL);
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	207
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	208 if (ssl->rsa512_key) {
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	209 SSL_CTX_set_tmp_rsa(ssl->ctx, ssl->rsa512_key);
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	210 return NGX_OK;
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	211 }
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	212
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	213 ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0, "RSA_generate_key(512) failed");
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	214
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	215 return NGX_ERROR;
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	216 }
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	217
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	218
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	219 ngx_int_t
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	220 ngx_ssl_create_connection(ngx_ssl_t ssl, ngx_connection_t c, ngx_uint_t flags)
126 df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	221 {
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	222 ngx_ssl_connection_t *sc;
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	223
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	224 sc = ngx_pcalloc(c->pool, sizeof(ngx_ssl_connection_t));
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	225 if (sc == NULL) {
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	226 return NGX_ERROR;
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	227 }
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	228
92 45945fa8b8ba nginx 0.2.0 Igor Sysoev <http://sysoev.ru> parents: 90 diff changeset	229 if (flags & NGX_SSL_BUFFER) {
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	230 sc->buffer = 1;
92 45945fa8b8ba nginx 0.2.0 Igor Sysoev <http://sysoev.ru> parents: 90 diff changeset	231
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	232 sc->buf = ngx_create_temp_buf(c->pool, NGX_SSL_BUFSIZE);
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	233 if (sc->buf == NULL) {
92 45945fa8b8ba nginx 0.2.0 Igor Sysoev <http://sysoev.ru> parents: 90 diff changeset	234 return NGX_ERROR;
45945fa8b8ba nginx 0.2.0 Igor Sysoev <http://sysoev.ru> parents: 90 diff changeset	235 }
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	236 }
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	237
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	238 sc->connection = SSL_new(ssl->ctx);
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	239
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	240 if (sc->connection == NULL) {
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	241 ngx_ssl_error(NGX_LOG_ALERT, c->log, 0, "SSL_new() failed");
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	242 return NGX_ERROR;
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	243 }
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	244
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	245 if (SSL_set_fd(sc->connection, c->fd) == 0) {
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	246 ngx_ssl_error(NGX_LOG_ALERT, c->log, 0, "SSL_set_fd() failed");
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	247 return NGX_ERROR;
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	248 }
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	249
126 df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	250 if (flags & NGX_SSL_CLIENT) {
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	251 SSL_set_connect_state(sc->connection);
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	252
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	253 } else {
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	254 SSL_set_accept_state(sc->connection);
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	255 }
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	256
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	257 c->ssl = sc;
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	258
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	259 return NGX_OK;
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	260 }
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	261
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	262
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	263 ngx_int_t
126 df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	264 ngx_ssl_set_session(ngx_connection_t c, ngx_ssl_session_t session)
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	265 {
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	266 if (session) {
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	267 if (SSL_set_session(c->ssl->connection, session) == 0) {
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	268 ngx_ssl_error(NGX_LOG_ALERT, c->log, 0, "SSL_set_session() failed");
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	269 return NGX_ERROR;
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	270 }
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	271 }
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	272
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	273 return NGX_OK;
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	274 }
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	275
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	276
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	277 ngx_int_t
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	278 ngx_ssl_handshake(ngx_connection_t *c)
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	279 {
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	280 int n, sslerr;
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	281 ngx_err_t err;
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	282
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	283 n = SSL_do_handshake(c->ssl->connection);
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	284
126 df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	285 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL_do_handshake: %d", n);
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	286
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	287 if (n == 1) {
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	288
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	289 if (ngx_handle_read_event(c->read, 0) == NGX_ERROR) {
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	290 return NGX_ERROR;
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	291 }
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	292
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	293 if (ngx_handle_write_event(c->write, 0) == NGX_ERROR) {
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	294 return NGX_ERROR;
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	295 }
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	296
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	297 #if (NGX_DEBUG)
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	298 {
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	299 char buf[129], s, d;
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	300 SSL_CIPHER *cipher;
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	301
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	302 cipher = SSL_get_current_cipher(c->ssl->connection);
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	303
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	304 if (cipher) {
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	305 SSL_CIPHER_description(cipher, &buf[1], 128);
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	306
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	307 for (s = &buf[1], d = buf; *s; s++) {
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	308 if (s == ' ' && d == ' ') {
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	309 continue;
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	310 }
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	311
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	312 if (s == LF \|\| s == CR) {
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	313 continue;
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	314 }
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	315
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	316 ++d = s;
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	317 }
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	318
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	319 if (*d != ' ') {
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	320 d++;
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	321 }
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	322
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	323 *d = '\0';
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	324
132 91372f004adf nginx 0.3.13 Igor Sysoev <http://sysoev.ru> parents: 126 diff changeset	325 ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0,
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	326 "SSL: %s, cipher: \"%s\"",
126 df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	327 SSL_get_version(c->ssl->connection), &buf[1]);
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	328
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	329 if (SSL_session_reused(c->ssl->connection)) {
132 91372f004adf nginx 0.3.13 Igor Sysoev <http://sysoev.ru> parents: 126 diff changeset	330 ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0,
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	331 "SSL reused session");
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	332 }
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	333
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	334 } else {
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	335 ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0,
126 df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	336 "SSL no shared ciphers");
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	337 }
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	338 }
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	339 #endif
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	340
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	341 c->ssl->handshaked = 1;
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	342
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	343 c->recv = ngx_ssl_recv;
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	344 c->send = ngx_ssl_write;
126 df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	345 c->recv_chain = ngx_ssl_recv_chain;
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	346 c->send_chain = ngx_ssl_send_chain;
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	347
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	348 return NGX_OK;
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	349 }
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	350
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	351 sslerr = SSL_get_error(c->ssl->connection, n);
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	352
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	353 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL_get_error: %d", sslerr);
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	354
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	355 if (sslerr == SSL_ERROR_WANT_READ) {
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	356 c->read->ready = 0;
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	357 c->read->handler = ngx_ssl_handshake_handler;
140 55a211e5eeb7 nginx 0.3.17 Igor Sysoev <http://sysoev.ru> parents: 138 diff changeset	358 c->write->handler = ngx_ssl_handshake_handler;
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	359
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	360 if (ngx_handle_read_event(c->read, 0) == NGX_ERROR) {
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	361 return NGX_ERROR;
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	362 }
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	363
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	364 return NGX_AGAIN;
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	365 }
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	366
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	367 if (sslerr == SSL_ERROR_WANT_WRITE) {
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	368 c->write->ready = 0;
140 55a211e5eeb7 nginx 0.3.17 Igor Sysoev <http://sysoev.ru> parents: 138 diff changeset	369 c->read->handler = ngx_ssl_handshake_handler;
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	370 c->write->handler = ngx_ssl_handshake_handler;
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	371
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	372 if (ngx_handle_write_event(c->write, 0) == NGX_ERROR) {
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	373 return NGX_ERROR;
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	374 }
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	375
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	376 return NGX_AGAIN;
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	377 }
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	378
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	379 err = (sslerr == SSL_ERROR_SYSCALL) ? ngx_errno : 0;
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	380
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	381 c->ssl->no_wait_shutdown = 1;
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	382 c->ssl->no_send_shutdown = 1;
140 55a211e5eeb7 nginx 0.3.17 Igor Sysoev <http://sysoev.ru> parents: 138 diff changeset	383 c->read->eof = 1;
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	384
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	385 if (sslerr == SSL_ERROR_ZERO_RETURN \|\| ERR_peek_error() == 0) {
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	386 ngx_log_error(NGX_LOG_INFO, c->log, err,
126 df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	387 "peer closed connection in SSL handshake");
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	388
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	389 return NGX_ERROR;
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	390 }
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	391
140 55a211e5eeb7 nginx 0.3.17 Igor Sysoev <http://sysoev.ru> parents: 138 diff changeset	392 c->read->error = 1;
55a211e5eeb7 nginx 0.3.17 Igor Sysoev <http://sysoev.ru> parents: 138 diff changeset	393
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	394 ngx_ssl_connection_error(c, sslerr, err, "SSL_do_handshake() failed");
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	395
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	396 return NGX_ERROR;
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	397 }
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	398
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	399
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	400 static void
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	401 ngx_ssl_handshake_handler(ngx_event_t *ev)
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	402 {
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	403 ngx_connection_t *c;
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	404
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	405 c = ev->data;
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	406
98 8bf57caa374a nginx 0.2.3 Igor Sysoev <http://sysoev.ru> parents: 96 diff changeset	407 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0,
126 df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	408 "SSL handshake handler: %d", ev->write);
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	409
140 55a211e5eeb7 nginx 0.3.17 Igor Sysoev <http://sysoev.ru> parents: 138 diff changeset	410 if (ev->timedout) {
55a211e5eeb7 nginx 0.3.17 Igor Sysoev <http://sysoev.ru> parents: 138 diff changeset	411 c->ssl->handler(c);
55a211e5eeb7 nginx 0.3.17 Igor Sysoev <http://sysoev.ru> parents: 138 diff changeset	412 return;
55a211e5eeb7 nginx 0.3.17 Igor Sysoev <http://sysoev.ru> parents: 138 diff changeset	413 }
55a211e5eeb7 nginx 0.3.17 Igor Sysoev <http://sysoev.ru> parents: 138 diff changeset	414
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	415 if (ngx_ssl_handshake(c) == NGX_AGAIN) {
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	416 return;
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	417 }
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	418
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	419 c->ssl->handler(c);
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	420 }
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	421
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	422
38 2879cd3a40cb nginx 0.1.19 Igor Sysoev <http://sysoev.ru> parents: 28 diff changeset	423 ssize_t
126 df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	424 ngx_ssl_recv_chain(ngx_connection_t c, ngx_chain_t cl)
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	425 {
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	426 ssize_t n, bytes;
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	427 ngx_buf_t *b;
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	428
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	429 bytes = 0;
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	430
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	431 while (cl) {
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	432 b = cl->buf;
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	433
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	434 n = ngx_ssl_recv(c, b->last, b->end - b->last);
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	435
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	436 if (n > 0) {
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	437 b->last += n;
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	438 bytes += n;
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	439
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	440 if (b->last == b->end) {
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	441 cl = cl->next;
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	442 }
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	443
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	444 continue;
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	445 }
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	446
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	447 if (bytes) {
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	448 return bytes;
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	449 }
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	450
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	451 return n;
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	452 }
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	453
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	454 return bytes;
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	455 }
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	456
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	457
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	458 ssize_t
38 2879cd3a40cb nginx 0.1.19 Igor Sysoev <http://sysoev.ru> parents: 28 diff changeset	459 ngx_ssl_recv(ngx_connection_t c, u_char buf, size_t size)
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	460 {
38 2879cd3a40cb nginx 0.1.19 Igor Sysoev <http://sysoev.ru> parents: 28 diff changeset	461 int n, bytes;
2879cd3a40cb nginx 0.1.19 Igor Sysoev <http://sysoev.ru> parents: 28 diff changeset	462
2879cd3a40cb nginx 0.1.19 Igor Sysoev <http://sysoev.ru> parents: 28 diff changeset	463 if (c->ssl->last == NGX_ERROR) {
2879cd3a40cb nginx 0.1.19 Igor Sysoev <http://sysoev.ru> parents: 28 diff changeset	464 return NGX_ERROR;
2879cd3a40cb nginx 0.1.19 Igor Sysoev <http://sysoev.ru> parents: 28 diff changeset	465 }
2879cd3a40cb nginx 0.1.19 Igor Sysoev <http://sysoev.ru> parents: 28 diff changeset	466
126 df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	467 if (c->ssl->last == NGX_DONE) {
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	468 return 0;
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	469 }
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	470
38 2879cd3a40cb nginx 0.1.19 Igor Sysoev <http://sysoev.ru> parents: 28 diff changeset	471 bytes = 0;
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	472
38 2879cd3a40cb nginx 0.1.19 Igor Sysoev <http://sysoev.ru> parents: 28 diff changeset	473 /*
2879cd3a40cb nginx 0.1.19 Igor Sysoev <http://sysoev.ru> parents: 28 diff changeset	474 * SSL_read() may return data in parts, so try to read
2879cd3a40cb nginx 0.1.19 Igor Sysoev <http://sysoev.ru> parents: 28 diff changeset	475 * until SSL_read() would return no data
2879cd3a40cb nginx 0.1.19 Igor Sysoev <http://sysoev.ru> parents: 28 diff changeset	476 */
2879cd3a40cb nginx 0.1.19 Igor Sysoev <http://sysoev.ru> parents: 28 diff changeset	477
2879cd3a40cb nginx 0.1.19 Igor Sysoev <http://sysoev.ru> parents: 28 diff changeset	478 for ( ;; ) {
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	479
92 45945fa8b8ba nginx 0.2.0 Igor Sysoev <http://sysoev.ru> parents: 90 diff changeset	480 n = SSL_read(c->ssl->connection, buf, size);
38 2879cd3a40cb nginx 0.1.19 Igor Sysoev <http://sysoev.ru> parents: 28 diff changeset	481
126 df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	482 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL_read: %d", n);
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	483
38 2879cd3a40cb nginx 0.1.19 Igor Sysoev <http://sysoev.ru> parents: 28 diff changeset	484 if (n > 0) {
2879cd3a40cb nginx 0.1.19 Igor Sysoev <http://sysoev.ru> parents: 28 diff changeset	485 bytes += n;
2879cd3a40cb nginx 0.1.19 Igor Sysoev <http://sysoev.ru> parents: 28 diff changeset	486 }
2879cd3a40cb nginx 0.1.19 Igor Sysoev <http://sysoev.ru> parents: 28 diff changeset	487
2879cd3a40cb nginx 0.1.19 Igor Sysoev <http://sysoev.ru> parents: 28 diff changeset	488 c->ssl->last = ngx_ssl_handle_recv(c, n);
2879cd3a40cb nginx 0.1.19 Igor Sysoev <http://sysoev.ru> parents: 28 diff changeset	489
2879cd3a40cb nginx 0.1.19 Igor Sysoev <http://sysoev.ru> parents: 28 diff changeset	490 if (c->ssl->last != NGX_OK) {
28 7ca9bdc82b3f nginx 0.1.14 Igor Sysoev <http://sysoev.ru> parents: 22 diff changeset	491
38 2879cd3a40cb nginx 0.1.19 Igor Sysoev <http://sysoev.ru> parents: 28 diff changeset	492 if (bytes) {
2879cd3a40cb nginx 0.1.19 Igor Sysoev <http://sysoev.ru> parents: 28 diff changeset	493 return bytes;
126 df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	494 }
38 2879cd3a40cb nginx 0.1.19 Igor Sysoev <http://sysoev.ru> parents: 28 diff changeset	495
126 df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	496 if (c->ssl->last == NGX_DONE) {
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	497 return 0;
28 7ca9bdc82b3f nginx 0.1.14 Igor Sysoev <http://sysoev.ru> parents: 22 diff changeset	498 }
126 df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	499
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	500 return c->ssl->last;
28 7ca9bdc82b3f nginx 0.1.14 Igor Sysoev <http://sysoev.ru> parents: 22 diff changeset	501 }
7ca9bdc82b3f nginx 0.1.14 Igor Sysoev <http://sysoev.ru> parents: 22 diff changeset	502
38 2879cd3a40cb nginx 0.1.19 Igor Sysoev <http://sysoev.ru> parents: 28 diff changeset	503 size -= n;
2879cd3a40cb nginx 0.1.19 Igor Sysoev <http://sysoev.ru> parents: 28 diff changeset	504
2879cd3a40cb nginx 0.1.19 Igor Sysoev <http://sysoev.ru> parents: 28 diff changeset	505 if (size == 0) {
2879cd3a40cb nginx 0.1.19 Igor Sysoev <http://sysoev.ru> parents: 28 diff changeset	506 return bytes;
2879cd3a40cb nginx 0.1.19 Igor Sysoev <http://sysoev.ru> parents: 28 diff changeset	507 }
2879cd3a40cb nginx 0.1.19 Igor Sysoev <http://sysoev.ru> parents: 28 diff changeset	508
2879cd3a40cb nginx 0.1.19 Igor Sysoev <http://sysoev.ru> parents: 28 diff changeset	509 buf += n;
2879cd3a40cb nginx 0.1.19 Igor Sysoev <http://sysoev.ru> parents: 28 diff changeset	510 }
2879cd3a40cb nginx 0.1.19 Igor Sysoev <http://sysoev.ru> parents: 28 diff changeset	511 }
2879cd3a40cb nginx 0.1.19 Igor Sysoev <http://sysoev.ru> parents: 28 diff changeset	512
2879cd3a40cb nginx 0.1.19 Igor Sysoev <http://sysoev.ru> parents: 28 diff changeset	513
2879cd3a40cb nginx 0.1.19 Igor Sysoev <http://sysoev.ru> parents: 28 diff changeset	514 static ngx_int_t
2879cd3a40cb nginx 0.1.19 Igor Sysoev <http://sysoev.ru> parents: 28 diff changeset	515 ngx_ssl_handle_recv(ngx_connection_t *c, int n)
2879cd3a40cb nginx 0.1.19 Igor Sysoev <http://sysoev.ru> parents: 28 diff changeset	516 {
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	517 int sslerr;
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	518 ngx_err_t err;
38 2879cd3a40cb nginx 0.1.19 Igor Sysoev <http://sysoev.ru> parents: 28 diff changeset	519
2879cd3a40cb nginx 0.1.19 Igor Sysoev <http://sysoev.ru> parents: 28 diff changeset	520 if (n > 0) {
28 7ca9bdc82b3f nginx 0.1.14 Igor Sysoev <http://sysoev.ru> parents: 22 diff changeset	521
22 8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	522 if (c->ssl->saved_write_handler) {
8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	523
58 b55cbf18157e nginx 0.1.29 Igor Sysoev <http://sysoev.ru> parents: 50 diff changeset	524 c->write->handler = c->ssl->saved_write_handler;
22 8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	525 c->ssl->saved_write_handler = NULL;
8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	526 c->write->ready = 1;
8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	527
8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	528 if (ngx_handle_write_event(c->write, 0) == NGX_ERROR) {
8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	529 return NGX_ERROR;
8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	530 }
8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	531
112 408f195b3482 nginx 0.3.3 Igor Sysoev <http://sysoev.ru> parents: 108 diff changeset	532 ngx_post_event(c->write, &ngx_posted_events);
22 8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	533 }
8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	534
38 2879cd3a40cb nginx 0.1.19 Igor Sysoev <http://sysoev.ru> parents: 28 diff changeset	535 return NGX_OK;
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	536 }
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	537
92 45945fa8b8ba nginx 0.2.0 Igor Sysoev <http://sysoev.ru> parents: 90 diff changeset	538 sslerr = SSL_get_error(c->ssl->connection, n);
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	539
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	540 err = (sslerr == SSL_ERROR_SYSCALL) ? ngx_errno : 0;
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	541
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	542 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL_get_error: %d", sslerr);
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	543
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	544 if (sslerr == SSL_ERROR_WANT_READ) {
4 4b2dafa26fe2 nginx 0.1.2 Igor Sysoev <http://sysoev.ru> parents: 2 diff changeset	545 c->read->ready = 0;
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	546 return NGX_AGAIN;
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	547 }
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	548
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	549 if (sslerr == SSL_ERROR_WANT_WRITE) {
88 e916a291e9aa nginx 0.1.44 Igor Sysoev <http://sysoev.ru> parents: 62 diff changeset	550
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	551 ngx_log_error(NGX_LOG_INFO, c->log, 0,
126 df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	552 "peer started SSL renegotiation");
22 8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	553
8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	554 c->write->ready = 0;
8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	555
8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	556 if (ngx_handle_write_event(c->write, 0) == NGX_ERROR) {
8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	557 return NGX_ERROR;
8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	558 }
8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	559
8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	560 /*
8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	561 * we do not set the timer because there is already the read event timer
8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	562 */
8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	563
8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	564 if (c->ssl->saved_write_handler == NULL) {
58 b55cbf18157e nginx 0.1.29 Igor Sysoev <http://sysoev.ru> parents: 50 diff changeset	565 c->ssl->saved_write_handler = c->write->handler;
b55cbf18157e nginx 0.1.29 Igor Sysoev <http://sysoev.ru> parents: 50 diff changeset	566 c->write->handler = ngx_ssl_write_handler;
22 8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	567 }
8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	568
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	569 return NGX_AGAIN;
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	570 }
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	571
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	572 c->ssl->no_wait_shutdown = 1;
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	573 c->ssl->no_send_shutdown = 1;
138 8e6d4d96ec4c nginx 0.3.16 Igor Sysoev <http://sysoev.ru> parents: 132 diff changeset	574 c->read->eof = 1;
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	575
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	576 if (sslerr == SSL_ERROR_ZERO_RETURN \|\| ERR_peek_error() == 0) {
126 df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	577 ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0,
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	578 "peer shutdown SSL cleanly");
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	579 return NGX_DONE;
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	580 }
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	581
140 55a211e5eeb7 nginx 0.3.17 Igor Sysoev <http://sysoev.ru> parents: 138 diff changeset	582 c->read->error = 1;
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	583 ngx_ssl_connection_error(c, sslerr, err, "SSL_read() failed");
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	584
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	585 return NGX_ERROR;
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	586 }
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	587
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	588
38 2879cd3a40cb nginx 0.1.19 Igor Sysoev <http://sysoev.ru> parents: 28 diff changeset	589 static void
2879cd3a40cb nginx 0.1.19 Igor Sysoev <http://sysoev.ru> parents: 28 diff changeset	590 ngx_ssl_write_handler(ngx_event_t *wev)
22 8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	591 {
8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	592 ngx_connection_t *c;
8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	593
8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	594 c = wev->data;
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	595
58 b55cbf18157e nginx 0.1.29 Igor Sysoev <http://sysoev.ru> parents: 50 diff changeset	596 c->read->handler(c->read);
22 8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	597 }
8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	598
8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	599
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	600 /*
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	601 * OpenSSL has no SSL_writev() so we copy several bufs into our 16K buffer
22 8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	602 * before the SSL_write() call to decrease a SSL overhead.
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	603 *
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	604 * Besides for protocols such as HTTP it is possible to always buffer
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	605 * the output to decrease a SSL overhead some more.
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	606 */
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	607
38 2879cd3a40cb nginx 0.1.19 Igor Sysoev <http://sysoev.ru> parents: 28 diff changeset	608 ngx_chain_t *
2879cd3a40cb nginx 0.1.19 Igor Sysoev <http://sysoev.ru> parents: 28 diff changeset	609 ngx_ssl_send_chain(ngx_connection_t c, ngx_chain_t in, off_t limit)
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	610 {
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	611 int n;
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	612 ngx_uint_t flush;
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	613 ssize_t send, size;
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	614 ngx_buf_t *buf;
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	615
146 36af50a5582d nginx 0.3.20 Igor Sysoev <http://sysoev.ru> parents: 140 diff changeset	616 if (!c->ssl->buffer
36af50a5582d nginx 0.3.20 Igor Sysoev <http://sysoev.ru> parents: 140 diff changeset	617 \|\| (in && in->next == NULL && !(c->buffered & NGX_SSL_BUFFERED)))
36af50a5582d nginx 0.3.20 Igor Sysoev <http://sysoev.ru> parents: 140 diff changeset	618 {
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	619
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	620 /*
126 df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	621 * we avoid a buffer copy if
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	622 * we do not need to buffer the output
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	623 * or the incoming buf is a single and our buffer is empty
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	624 */
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	625
126 df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	626 while (in) {
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	627 if (ngx_buf_special(in->buf)) {
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	628 in = in->next;
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	629 continue;
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	630 }
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	631
126 df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	632 n = ngx_ssl_write(c, in->buf->pos, in->buf->last - in->buf->pos);
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	633
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	634 if (n == NGX_ERROR) {
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	635 return NGX_CHAIN_ERROR;
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	636 }
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	637
126 df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	638 if (n == NGX_AGAIN) {
146 36af50a5582d nginx 0.3.20 Igor Sysoev <http://sysoev.ru> parents: 140 diff changeset	639 c->buffered \|= NGX_SSL_BUFFERED;
126 df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	640 return in;
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	641 }
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	642
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	643 in->buf->pos += n;
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	644
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	645 if (in->buf->pos == in->buf->last) {
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	646 in = in->next;
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	647 }
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	648 }
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	649
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	650 return in;
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	651 }
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	652
22 8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	653
8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	654 /* the maximum limit size is the maximum uint32_t value - the page size */
8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	655
8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	656 if (limit == 0 \|\| limit > NGX_MAX_UINT32_VALUE - ngx_pagesize) {
8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	657 limit = NGX_MAX_UINT32_VALUE - ngx_pagesize;
8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	658 }
8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	659
8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	660
126 df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	661 buf = c->ssl->buf;
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	662 send = 0;
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	663 flush = (in == NULL) ? 1 : 0;
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	664
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	665 for ( ;; ) {
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	666
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	667 while (in && buf->last < buf->end) {
132 91372f004adf nginx 0.3.13 Igor Sysoev <http://sysoev.ru> parents: 126 diff changeset	668 if (in->buf->last_buf \|\| in->buf->flush) {
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	669 flush = 1;
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	670 }
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	671
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	672 if (ngx_buf_special(in->buf)) {
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	673 in = in->next;
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	674 continue;
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	675 }
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	676
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	677 size = in->buf->last - in->buf->pos;
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	678
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	679 if (size > buf->end - buf->last) {
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	680 size = buf->end - buf->last;
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	681 }
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	682
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	683 if (send + size > limit) {
126 df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	684 size = (ssize_t) (limit - send);
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	685 flush = 1;
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	686 }
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	687
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	688 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0,
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	689 "SSL buf copy: %d", size);
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	690
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	691 ngx_memcpy(buf->last, in->buf->pos, size);
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	692
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	693 buf->last += size;
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	694
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	695 in->buf->pos += size;
126 df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	696
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	697 if (in->buf->pos == in->buf->last) {
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	698 in = in->next;
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	699 }
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	700 }
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	701
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	702 size = buf->last - buf->pos;
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	703
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	704 if (!flush && buf->last < buf->end && c->ssl->buffer) {
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	705 break;
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	706 }
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	707
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	708 n = ngx_ssl_write(c, buf->pos, size);
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	709
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	710 if (n == NGX_ERROR) {
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	711 return NGX_CHAIN_ERROR;
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	712 }
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	713
60 df7d3fff122b nginx 0.1.30 Igor Sysoev <http://sysoev.ru> parents: 58 diff changeset	714 if (n == NGX_AGAIN) {
146 36af50a5582d nginx 0.3.20 Igor Sysoev <http://sysoev.ru> parents: 140 diff changeset	715 c->buffered \|= NGX_SSL_BUFFERED;
60 df7d3fff122b nginx 0.1.30 Igor Sysoev <http://sysoev.ru> parents: 58 diff changeset	716 return in;
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	717 }
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	718
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	719 buf->pos += n;
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	720 send += n;
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	721 c->sent += n;
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	722
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	723 if (n < size) {
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	724 break;
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	725 }
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	726
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	727 if (buf->pos == buf->last) {
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	728 buf->pos = buf->start;
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	729 buf->last = buf->start;
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	730 }
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	731
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	732 if (in == NULL \|\| send == limit) {
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	733 break;
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	734 }
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	735 }
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	736
146 36af50a5582d nginx 0.3.20 Igor Sysoev <http://sysoev.ru> parents: 140 diff changeset	737 if (buf->pos < buf->last) {
36af50a5582d nginx 0.3.20 Igor Sysoev <http://sysoev.ru> parents: 140 diff changeset	738 c->buffered \|= NGX_SSL_BUFFERED;
36af50a5582d nginx 0.3.20 Igor Sysoev <http://sysoev.ru> parents: 140 diff changeset	739
36af50a5582d nginx 0.3.20 Igor Sysoev <http://sysoev.ru> parents: 140 diff changeset	740 } else {
36af50a5582d nginx 0.3.20 Igor Sysoev <http://sysoev.ru> parents: 140 diff changeset	741 c->buffered &= ~NGX_SSL_BUFFERED;
36af50a5582d nginx 0.3.20 Igor Sysoev <http://sysoev.ru> parents: 140 diff changeset	742 }
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	743
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	744 return in;
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	745 }
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	746
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	747
88 e916a291e9aa nginx 0.1.44 Igor Sysoev <http://sysoev.ru> parents: 62 diff changeset	748 ssize_t
38 2879cd3a40cb nginx 0.1.19 Igor Sysoev <http://sysoev.ru> parents: 28 diff changeset	749 ngx_ssl_write(ngx_connection_t c, u_char data, size_t size)
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	750 {
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	751 int n, sslerr;
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	752 ngx_err_t err;
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	753
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	754 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL to write: %d", size);
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	755
92 45945fa8b8ba nginx 0.2.0 Igor Sysoev <http://sysoev.ru> parents: 90 diff changeset	756 n = SSL_write(c->ssl->connection, data, size);
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	757
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	758 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL_write: %d", n);
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	759
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	760 if (n > 0) {
88 e916a291e9aa nginx 0.1.44 Igor Sysoev <http://sysoev.ru> parents: 62 diff changeset	761
22 8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	762 if (c->ssl->saved_read_handler) {
8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	763
58 b55cbf18157e nginx 0.1.29 Igor Sysoev <http://sysoev.ru> parents: 50 diff changeset	764 c->read->handler = c->ssl->saved_read_handler;
22 8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	765 c->ssl->saved_read_handler = NULL;
8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	766 c->read->ready = 1;
8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	767
8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	768 if (ngx_handle_read_event(c->read, 0) == NGX_ERROR) {
8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	769 return NGX_ERROR;
8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	770 }
8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	771
112 408f195b3482 nginx 0.3.3 Igor Sysoev <http://sysoev.ru> parents: 108 diff changeset	772 ngx_post_event(c->read, &ngx_posted_events);
22 8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	773 }
8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	774
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	775 return n;
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	776 }
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	777
92 45945fa8b8ba nginx 0.2.0 Igor Sysoev <http://sysoev.ru> parents: 90 diff changeset	778 sslerr = SSL_get_error(c->ssl->connection, n);
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	779
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	780 err = (sslerr == SSL_ERROR_SYSCALL) ? ngx_errno : 0;
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	781
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	782 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL_get_error: %d", sslerr);
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	783
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	784 if (sslerr == SSL_ERROR_WANT_WRITE) {
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	785 c->write->ready = 0;
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	786 return NGX_AGAIN;
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	787 }
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	788
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	789 if (sslerr == SSL_ERROR_WANT_READ) {
2 cc9f381affaa nginx 0.1.1 Igor Sysoev <http://sysoev.ru> parents: 0 diff changeset	790
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	791 ngx_log_error(NGX_LOG_INFO, c->log, 0,
126 df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	792 "peer started SSL renegotiation");
22 8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	793
8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	794 c->read->ready = 0;
8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	795
8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	796 if (ngx_handle_read_event(c->read, 0) == NGX_ERROR) {
8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	797 return NGX_ERROR;
8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	798 }
8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	799
8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	800 /*
8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	801 * we do not set the timer because there is already
8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	802 * the write event timer
8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	803 */
8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	804
8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	805 if (c->ssl->saved_read_handler == NULL) {
58 b55cbf18157e nginx 0.1.29 Igor Sysoev <http://sysoev.ru> parents: 50 diff changeset	806 c->ssl->saved_read_handler = c->read->handler;
b55cbf18157e nginx 0.1.29 Igor Sysoev <http://sysoev.ru> parents: 50 diff changeset	807 c->read->handler = ngx_ssl_read_handler;
22 8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	808 }
8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	809
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	810 return NGX_AGAIN;
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	811 }
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	812
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	813 c->ssl->no_wait_shutdown = 1;
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	814 c->ssl->no_send_shutdown = 1;
140 55a211e5eeb7 nginx 0.3.17 Igor Sysoev <http://sysoev.ru> parents: 138 diff changeset	815 c->write->error = 1;
92 45945fa8b8ba nginx 0.2.0 Igor Sysoev <http://sysoev.ru> parents: 90 diff changeset	816
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	817 ngx_ssl_connection_error(c, sslerr, err, "SSL_write() failed");
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	818
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	819 return NGX_ERROR;
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	820 }
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	821
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	822
38 2879cd3a40cb nginx 0.1.19 Igor Sysoev <http://sysoev.ru> parents: 28 diff changeset	823 static void
2879cd3a40cb nginx 0.1.19 Igor Sysoev <http://sysoev.ru> parents: 28 diff changeset	824 ngx_ssl_read_handler(ngx_event_t *rev)
22 8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	825 {
8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	826 ngx_connection_t *c;
8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	827
8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	828 c = rev->data;
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	829
58 b55cbf18157e nginx 0.1.29 Igor Sysoev <http://sysoev.ru> parents: 50 diff changeset	830 c->write->handler(c->write);
22 8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	831 }
8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	832
8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	833
38 2879cd3a40cb nginx 0.1.19 Igor Sysoev <http://sysoev.ru> parents: 28 diff changeset	834 ngx_int_t
2879cd3a40cb nginx 0.1.19 Igor Sysoev <http://sysoev.ru> parents: 28 diff changeset	835 ngx_ssl_shutdown(ngx_connection_t *c)
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	836 {
22 8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	837 int n, sslerr, mode;
140 55a211e5eeb7 nginx 0.3.17 Igor Sysoev <http://sysoev.ru> parents: 138 diff changeset	838 ngx_err_t err;
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	839 ngx_uint_t again;
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	840
126 df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	841 if (c->timedout) {
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	842 mode = SSL_RECEIVED_SHUTDOWN\|SSL_SENT_SHUTDOWN;
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	843
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	844 } else {
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	845 mode = SSL_get_shutdown(c->ssl->connection);
22 8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	846
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	847 if (c->ssl->no_wait_shutdown) {
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	848 mode \|= SSL_RECEIVED_SHUTDOWN;
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	849 }
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	850
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	851 if (c->ssl->no_send_shutdown) {
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	852 mode \|= SSL_SENT_SHUTDOWN;
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	853 }
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	854 }
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	855
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	856 SSL_set_shutdown(c->ssl->connection, mode);
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	857
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	858 again = 0;
10 46833bd150cb nginx 0.1.5 Igor Sysoev <http://sysoev.ru> parents: 4 diff changeset	859 sslerr = 0;
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	860
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	861 for ( ;; ) {
92 45945fa8b8ba nginx 0.2.0 Igor Sysoev <http://sysoev.ru> parents: 90 diff changeset	862 n = SSL_shutdown(c->ssl->connection);
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	863
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	864 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL_shutdown: %d", n);
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	865
126 df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	866 if (n == 1 \|\| (n == 0 && c->timedout)) {
92 45945fa8b8ba nginx 0.2.0 Igor Sysoev <http://sysoev.ru> parents: 90 diff changeset	867 SSL_free(c->ssl->connection);
22 8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	868 c->ssl = NULL;
92 45945fa8b8ba nginx 0.2.0 Igor Sysoev <http://sysoev.ru> parents: 90 diff changeset	869
22 8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	870 return NGX_OK;
8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	871 }
8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	872
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	873 if (n == 0) {
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	874 again = 1;
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	875 break;
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	876 }
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	877
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	878 break;
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	879 }
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	880
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	881 if (!again) {
92 45945fa8b8ba nginx 0.2.0 Igor Sysoev <http://sysoev.ru> parents: 90 diff changeset	882 sslerr = SSL_get_error(c->ssl->connection, n);
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	883
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	884 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0,
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	885 "SSL_get_error: %d", sslerr);
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	886 }
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	887
138 8e6d4d96ec4c nginx 0.3.16 Igor Sysoev <http://sysoev.ru> parents: 132 diff changeset	888 if (again
8e6d4d96ec4c nginx 0.3.16 Igor Sysoev <http://sysoev.ru> parents: 132 diff changeset	889 \|\| sslerr == SSL_ERROR_WANT_READ
8e6d4d96ec4c nginx 0.3.16 Igor Sysoev <http://sysoev.ru> parents: 132 diff changeset	890 \|\| sslerr == SSL_ERROR_WANT_WRITE)
8e6d4d96ec4c nginx 0.3.16 Igor Sysoev <http://sysoev.ru> parents: 132 diff changeset	891 {
126 df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	892 c->read->handler = ngx_ssl_shutdown_handler;
138 8e6d4d96ec4c nginx 0.3.16 Igor Sysoev <http://sysoev.ru> parents: 132 diff changeset	893 c->write->handler = ngx_ssl_shutdown_handler;
126 df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	894
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	895 if (ngx_handle_read_event(c->read, 0) == NGX_ERROR) {
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	896 return NGX_ERROR;
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	897 }
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	898
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	899 if (ngx_handle_write_event(c->write, 0) == NGX_ERROR) {
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	900 return NGX_ERROR;
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	901 }
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	902
138 8e6d4d96ec4c nginx 0.3.16 Igor Sysoev <http://sysoev.ru> parents: 132 diff changeset	903 if (again \|\| sslerr == SSL_ERROR_WANT_READ) {
8e6d4d96ec4c nginx 0.3.16 Igor Sysoev <http://sysoev.ru> parents: 132 diff changeset	904 ngx_add_timer(c->read, 30000);
8e6d4d96ec4c nginx 0.3.16 Igor Sysoev <http://sysoev.ru> parents: 132 diff changeset	905 }
8e6d4d96ec4c nginx 0.3.16 Igor Sysoev <http://sysoev.ru> parents: 132 diff changeset	906
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	907 return NGX_AGAIN;
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	908 }
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	909
140 55a211e5eeb7 nginx 0.3.17 Igor Sysoev <http://sysoev.ru> parents: 138 diff changeset	910 err = (sslerr == SSL_ERROR_SYSCALL) ? ngx_errno : 0;
55a211e5eeb7 nginx 0.3.17 Igor Sysoev <http://sysoev.ru> parents: 138 diff changeset	911
55a211e5eeb7 nginx 0.3.17 Igor Sysoev <http://sysoev.ru> parents: 138 diff changeset	912 ngx_ssl_connection_error(c, sslerr, err, "SSL_shutdown() failed");
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	913
92 45945fa8b8ba nginx 0.2.0 Igor Sysoev <http://sysoev.ru> parents: 90 diff changeset	914 SSL_free(c->ssl->connection);
45945fa8b8ba nginx 0.2.0 Igor Sysoev <http://sysoev.ru> parents: 90 diff changeset	915 c->ssl = NULL;
45945fa8b8ba nginx 0.2.0 Igor Sysoev <http://sysoev.ru> parents: 90 diff changeset	916
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	917 return NGX_ERROR;
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	918 }
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	919
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	920
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	921 static void
126 df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	922 ngx_ssl_shutdown_handler(ngx_event_t *ev)
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	923 {
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	924 ngx_connection_t *c;
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	925 ngx_connection_handler_pt handler;
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	926
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	927 c = ev->data;
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	928 handler = c->ssl->handler;
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	929
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	930 if (ev->timedout) {
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	931 c->timedout = 1;
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	932 }
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	933
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	934 ngx_log_debug0(NGX_LOG_DEBUG_HTTP, ev->log, 0, "SSL shutdown handler");
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	935
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	936 if (ngx_ssl_shutdown(c) == NGX_AGAIN) {
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	937 return;
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	938 }
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	939
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	940 handler(c);
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	941 }
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	942
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	943
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	944 static void
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	945 ngx_ssl_connection_error(ngx_connection_t *c, int sslerr, ngx_err_t err,
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	946 char *text)
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	947 {
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	948 ngx_uint_t level;
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	949
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	950 level = NGX_LOG_CRIT;
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	951
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	952 if (sslerr == SSL_ERROR_SYSCALL) {
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	953
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	954 if (err == NGX_ECONNRESET
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	955 \|\| err == NGX_EPIPE
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	956 \|\| err == NGX_ENOTCONN
138 8e6d4d96ec4c nginx 0.3.16 Igor Sysoev <http://sysoev.ru> parents: 132 diff changeset	957 #if !(NGX_CRIT_ETIMEDOUT)
8e6d4d96ec4c nginx 0.3.16 Igor Sysoev <http://sysoev.ru> parents: 132 diff changeset	958 \|\| err == NGX_ETIMEDOUT
8e6d4d96ec4c nginx 0.3.16 Igor Sysoev <http://sysoev.ru> parents: 132 diff changeset	959 #endif
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	960 \|\| err == NGX_ECONNREFUSED
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	961 \|\| err == NGX_EHOSTUNREACH)
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	962 {
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	963 switch (c->log_error) {
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	964
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	965 case NGX_ERROR_IGNORE_ECONNRESET:
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	966 case NGX_ERROR_INFO:
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	967 level = NGX_LOG_INFO;
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	968 break;
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	969
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	970 case NGX_ERROR_ERR:
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	971 level = NGX_LOG_ERR;
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	972 break;
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	973
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	974 default:
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	975 break;
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	976 }
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	977 }
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	978 }
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	979
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	980 ngx_ssl_error(level, c->log, err, text);
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	981 }
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	982
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	983
132 91372f004adf nginx 0.3.13 Igor Sysoev <http://sysoev.ru> parents: 126 diff changeset	984 void ngx_cdecl
38 2879cd3a40cb nginx 0.1.19 Igor Sysoev <http://sysoev.ru> parents: 28 diff changeset	985 ngx_ssl_error(ngx_uint_t level, ngx_log_t log, ngx_err_t err, char fmt, ...)
126 df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	986 {
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	987 u_long n;
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	988 va_list args;
10 46833bd150cb nginx 0.1.5 Igor Sysoev <http://sysoev.ru> parents: 4 diff changeset	989 u_char errstr[NGX_MAX_CONF_ERRSTR], p, last;
46833bd150cb nginx 0.1.5 Igor Sysoev <http://sysoev.ru> parents: 4 diff changeset	990
46833bd150cb nginx 0.1.5 Igor Sysoev <http://sysoev.ru> parents: 4 diff changeset	991 last = errstr + NGX_MAX_CONF_ERRSTR;
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	992
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	993 va_start(args, fmt);
10 46833bd150cb nginx 0.1.5 Igor Sysoev <http://sysoev.ru> parents: 4 diff changeset	994 p = ngx_vsnprintf(errstr, sizeof(errstr) - 1, fmt, args);
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	995 va_end(args);
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	996
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	997 p = ngx_cpystrn(p, (u_char *) " (SSL:", last - p);
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	998
132 91372f004adf nginx 0.3.13 Igor Sysoev <http://sysoev.ru> parents: 126 diff changeset	999 while (p < last) {
91372f004adf nginx 0.3.13 Igor Sysoev <http://sysoev.ru> parents: 126 diff changeset	1000
91372f004adf nginx 0.3.13 Igor Sysoev <http://sysoev.ru> parents: 126 diff changeset	1001 n = ERR_get_error();
91372f004adf nginx 0.3.13 Igor Sysoev <http://sysoev.ru> parents: 126 diff changeset	1002
91372f004adf nginx 0.3.13 Igor Sysoev <http://sysoev.ru> parents: 126 diff changeset	1003 if (n == 0) {
91372f004adf nginx 0.3.13 Igor Sysoev <http://sysoev.ru> parents: 126 diff changeset	1004 break;
91372f004adf nginx 0.3.13 Igor Sysoev <http://sysoev.ru> parents: 126 diff changeset	1005 }
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	1006
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	1007 *p++ = ' ';
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1008
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	1009 ERR_error_string_n(n, (char *) p, last - p);
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	1010
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	1011 while (p < last && *p) {
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	1012 p++;
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	1013 }
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	1014 }
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1015
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1016 ngx_log_error(level, log, err, "%s)", errstr);
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1017 }
58 b55cbf18157e nginx 0.1.29 Igor Sysoev <http://sysoev.ru> parents: 50 diff changeset	1018
b55cbf18157e nginx 0.1.29 Igor Sysoev <http://sysoev.ru> parents: 50 diff changeset	1019
b55cbf18157e nginx 0.1.29 Igor Sysoev <http://sysoev.ru> parents: 50 diff changeset	1020 void
b55cbf18157e nginx 0.1.29 Igor Sysoev <http://sysoev.ru> parents: 50 diff changeset	1021 ngx_ssl_cleanup_ctx(void *data)
b55cbf18157e nginx 0.1.29 Igor Sysoev <http://sysoev.ru> parents: 50 diff changeset	1022 {
138 8e6d4d96ec4c nginx 0.3.16 Igor Sysoev <http://sysoev.ru> parents: 132 diff changeset	1023 ngx_ssl_t *ssl = data;
58 b55cbf18157e nginx 0.1.29 Igor Sysoev <http://sysoev.ru> parents: 50 diff changeset	1024
138 8e6d4d96ec4c nginx 0.3.16 Igor Sysoev <http://sysoev.ru> parents: 132 diff changeset	1025 if (ssl->rsa512_key) {
8e6d4d96ec4c nginx 0.3.16 Igor Sysoev <http://sysoev.ru> parents: 132 diff changeset	1026 RSA_free(ssl->rsa512_key);
8e6d4d96ec4c nginx 0.3.16 Igor Sysoev <http://sysoev.ru> parents: 132 diff changeset	1027 }
108 cf3d6edb3ad6 nginx 0.3.1 Igor Sysoev <http://sysoev.ru> parents: 98 diff changeset	1028
138 8e6d4d96ec4c nginx 0.3.16 Igor Sysoev <http://sysoev.ru> parents: 132 diff changeset	1029 SSL_CTX_free(ssl->ctx);
58 b55cbf18157e nginx 0.1.29 Igor Sysoev <http://sysoev.ru> parents: 50 diff changeset	1030 }
90 71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	1031
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	1032
160 73e8476f9142 nginx 0.3.27 Igor Sysoev <http://sysoev.ru> parents: 146 diff changeset	1033 u_char *
73e8476f9142 nginx 0.3.27 Igor Sysoev <http://sysoev.ru> parents: 146 diff changeset	1034 ngx_ssl_get_protocol(ngx_connection_t *c)
73e8476f9142 nginx 0.3.27 Igor Sysoev <http://sysoev.ru> parents: 146 diff changeset	1035 {
73e8476f9142 nginx 0.3.27 Igor Sysoev <http://sysoev.ru> parents: 146 diff changeset	1036 return (u_char *) SSL_get_version(c->ssl->connection);
73e8476f9142 nginx 0.3.27 Igor Sysoev <http://sysoev.ru> parents: 146 diff changeset	1037 }
73e8476f9142 nginx 0.3.27 Igor Sysoev <http://sysoev.ru> parents: 146 diff changeset	1038
73e8476f9142 nginx 0.3.27 Igor Sysoev <http://sysoev.ru> parents: 146 diff changeset	1039
73e8476f9142 nginx 0.3.27 Igor Sysoev <http://sysoev.ru> parents: 146 diff changeset	1040 u_char *
73e8476f9142 nginx 0.3.27 Igor Sysoev <http://sysoev.ru> parents: 146 diff changeset	1041 ngx_ssl_get_cipher_name(ngx_connection_t *c)
73e8476f9142 nginx 0.3.27 Igor Sysoev <http://sysoev.ru> parents: 146 diff changeset	1042 {
73e8476f9142 nginx 0.3.27 Igor Sysoev <http://sysoev.ru> parents: 146 diff changeset	1043 return (u_char *) SSL_get_cipher_name(c->ssl->connection);
73e8476f9142 nginx 0.3.27 Igor Sysoev <http://sysoev.ru> parents: 146 diff changeset	1044 }
73e8476f9142 nginx 0.3.27 Igor Sysoev <http://sysoev.ru> parents: 146 diff changeset	1045
73e8476f9142 nginx 0.3.27 Igor Sysoev <http://sysoev.ru> parents: 146 diff changeset	1046
196 8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1047 ngx_int_t
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1048 ngx_ssl_get_subject_dn(ngx_connection_t c, ngx_pool_t pool, ngx_str_t *s)
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1049 {
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1050 char *p;
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1051 size_t len;
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1052 X509 *cert;
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1053 X509_NAME *name;
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1054
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1055 s->len = 0;
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1056
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1057 cert = SSL_get_peer_certificate(c->ssl->connection);
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1058
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1059 if (cert == NULL) {
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1060 return NGX_OK;
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1061 }
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1062
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1063 name = X509_get_subject_name(cert);
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1064
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1065 if (name == NULL) {
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1066 return NGX_ERROR;
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1067 }
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1068
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1069 p = X509_NAME_oneline(name, NULL, 0);
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1070
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1071 for (len = 0; p[len]; len++) { /* void */ }
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1072
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1073 s->len = len;
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1074 s->data = ngx_palloc(pool, len);
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1075 if (s->data == NULL) {
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1076 OPENSSL_free(p);
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1077 return NGX_ERROR;
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1078 }
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1079
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1080 ngx_memcpy(s->data, p, len);
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1081
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1082 OPENSSL_free(p);
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1083
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1084 return NGX_OK;
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1085 }
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1086
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1087
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1088 ngx_int_t
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1089 ngx_ssl_get_issuer_dn(ngx_connection_t c, ngx_pool_t pool, ngx_str_t *s)
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1090 {
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1091 char *p;
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1092 size_t len;
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1093 X509 *cert;
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1094 X509_NAME *name;
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1095
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1096 s->len = 0;
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1097
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1098 cert = SSL_get_peer_certificate(c->ssl->connection);
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1099
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1100 if (cert == NULL) {
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1101 return NGX_OK;
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1102 }
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1103
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1104 name = X509_get_issuer_name(cert);
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1105
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1106 if (name == NULL) {
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1107 return NGX_ERROR;
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1108 }
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1109
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1110 p = X509_NAME_oneline(name, NULL, 0);
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1111
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1112 for (len = 0; p[len]; len++) { /* void */ }
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1113
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1114 s->len = len;
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1115 s->data = ngx_palloc(pool, len);
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1116 if (s->data == NULL) {
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1117 OPENSSL_free(p);
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1118 return NGX_ERROR;
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1119 }
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1120
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1121 ngx_memcpy(s->data, p, len);
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1122
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1123 OPENSSL_free(p);
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1124
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1125 return NGX_OK;
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1126 }
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1127
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1128
90 71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	1129 static void *
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	1130 ngx_openssl_create_conf(ngx_cycle_t *cycle)
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	1131 {
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	1132 ngx_openssl_conf_t *oscf;
126 df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	1133
90 71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	1134 oscf = ngx_pcalloc(cycle->pool, sizeof(ngx_openssl_conf_t));
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	1135 if (oscf == NULL) {
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	1136 return NGX_CONF_ERROR;
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	1137 }
126 df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	1138
90 71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	1139 /*
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	1140 * set by ngx_pcalloc():
126 df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	1141 *
90 71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	1142 * oscf->engine.len = 0;
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	1143 * oscf->engine.data = NULL;
126 df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	1144 */
90 71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	1145
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	1146 return oscf;
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	1147 }
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	1148
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	1149
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	1150 static char *
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	1151 ngx_openssl_init_conf(ngx_cycle_t cycle, void conf)
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	1152 {
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	1153 #if (NGX_SSL_ENGINE)
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	1154 ngx_openssl_conf_t *oscf = conf;
120 e85dca77c46a nginx 0.3.7 Igor Sysoev <http://sysoev.ru> parents: 112 diff changeset	1155
90 71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	1156 ENGINE *engine;
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	1157
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	1158 if (oscf->engine.len == 0) {
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	1159 return NGX_CONF_OK;
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	1160 }
126 df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	1161
90 71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	1162 engine = ENGINE_by_id((const char *) oscf->engine.data);
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	1163
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	1164 if (engine == NULL) {
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	1165 ngx_ssl_error(NGX_LOG_WARN, cycle->log, 0,
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	1166 "ENGINE_by_id(\"%V\") failed", &oscf->engine);
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	1167 return NGX_CONF_ERROR;
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	1168 }
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	1169
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	1170 if (ENGINE_set_default(engine, ENGINE_METHOD_ALL) == 0) {
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	1171 ngx_ssl_error(NGX_LOG_WARN, cycle->log, 0,
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	1172 "ENGINE_set_default(\"%V\", ENGINE_METHOD_ALL) failed",
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	1173 &oscf->engine);
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	1174 return NGX_CONF_ERROR;
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	1175 }
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	1176
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	1177 ENGINE_free(engine);
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	1178
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	1179 #endif
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	1180
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	1181 return NGX_CONF_OK;
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	1182 }
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	1183
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	1184
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	1185 #if !(NGX_SSL_ENGINE)
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	1186
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	1187 static char *
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	1188 ngx_openssl_noengine(ngx_conf_t cf, ngx_command_t cmd, void *conf)
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	1189 {
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	1190 ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
112 408f195b3482 nginx 0.3.3 Igor Sysoev <http://sysoev.ru> parents: 108 diff changeset	1191 "\"ssl_engine\" directive is available only in "
408f195b3482 nginx 0.3.3 Igor Sysoev <http://sysoev.ru> parents: 108 diff changeset	1192 "OpenSSL 0.9.7 and higher,");
90 71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	1193
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	1194 return NGX_CONF_ERROR;
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	1195 }
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	1196
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	1197 #endif
120 e85dca77c46a nginx 0.3.7 Igor Sysoev <http://sysoev.ru> parents: 112 diff changeset	1198
e85dca77c46a nginx 0.3.7 Igor Sysoev <http://sysoev.ru> parents: 112 diff changeset	1199
e85dca77c46a nginx 0.3.7 Igor Sysoev <http://sysoev.ru> parents: 112 diff changeset	1200 static void
e85dca77c46a nginx 0.3.7 Igor Sysoev <http://sysoev.ru> parents: 112 diff changeset	1201 ngx_openssl_exit(ngx_cycle_t *cycle)
e85dca77c46a nginx 0.3.7 Igor Sysoev <http://sysoev.ru> parents: 112 diff changeset	1202 {
e85dca77c46a nginx 0.3.7 Igor Sysoev <http://sysoev.ru> parents: 112 diff changeset	1203 #if (NGX_SSL_ENGINE)
e85dca77c46a nginx 0.3.7 Igor Sysoev <http://sysoev.ru> parents: 112 diff changeset	1204 ENGINE_cleanup();
e85dca77c46a nginx 0.3.7 Igor Sysoev <http://sysoev.ru> parents: 112 diff changeset	1205 #endif
e85dca77c46a nginx 0.3.7 Igor Sysoev <http://sysoev.ru> parents: 112 diff changeset	1206 }

Mercurial > hg > nginx-vendor-current

annotate src/event/ngx_event_openssl.c @ 196:8759b346e431 NGINX_0_3_45