Mercurial > hg > nginx-vendor-current

comparison src/event/ngx_event_openssl.c @ 38:2879cd3a40cb NGINX_0_1_19

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
nginx 0.1.19 *) Bugfix: now, if request contains the zero, then the 404 error is returned for the local requests. *) Bugfix: nginx could not be built on NetBSD 2.0. *) Bugfix: the timeout may occur while reading of the the client request body via SSL connections.
author Igor Sysoev <http://sysoev.ru>
date Wed, 16 Feb 2005 00:00:00 +0300
parents 7ca9bdc82b3f
children bc4fc02c96a3
comparison
equal deleted inserted replaced
37:3376a7dea5d6 38:2879cd3a40cb
9 #include <ngx_event.h> 9 #include <ngx_event.h>
10 10
11 #include <openssl/engine.h> 11 #include <openssl/engine.h>
12 12
13 13
14 static ngx_int_t ngx_ssl_handle_recv(ngx_connection_t *c, int n);
14 static void ngx_ssl_write_handler(ngx_event_t *wev); 15 static void ngx_ssl_write_handler(ngx_event_t *wev);
15 static ssize_t ngx_ssl_write(ngx_connection_t *c, u_char *data, size_t size); 16 static ssize_t ngx_ssl_write(ngx_connection_t *c, u_char *data, size_t size);
16 static void ngx_ssl_read_handler(ngx_event_t *rev); 17 static void ngx_ssl_read_handler(ngx_event_t *rev);
17 18
18 19
19 ngx_int_t ngx_ssl_init(ngx_log_t *log) 20 ngx_int_t
21 ngx_ssl_init(ngx_log_t *log)
20 { 22 {
21 ENGINE *engine; 23 ENGINE *engine;
22 24
23 SSL_library_init(); 25 SSL_library_init();
24 SSL_load_error_strings(); 26 SSL_load_error_strings();
26 28
27 return NGX_OK; 29 return NGX_OK;
28 } 30 }
29 31
30 32
31 ngx_int_t ngx_ssl_create_session(ngx_ssl_ctx_t *ssl_ctx, ngx_connection_t *c, 33 ngx_int_t
32 ngx_uint_t flags) 34 ngx_ssl_create_session(ngx_ssl_ctx_t *ssl_ctx, ngx_connection_t *c,
35 ngx_uint_t flags)
33 { 36 {
34 ngx_ssl_t *ssl; 37 ngx_ssl_t *ssl;
35 38
36 if (!(ssl = ngx_pcalloc(c->pool, sizeof(ngx_ssl_t)))) { 39 if (!(ssl = ngx_pcalloc(c->pool, sizeof(ngx_ssl_t)))) {
37 return NGX_ERROR; 40 return NGX_ERROR;
63 66
64 return NGX_OK; 67 return NGX_OK;
65 } 68 }
66 69
67 70
68 ssize_t ngx_ssl_recv(ngx_connection_t *c, u_char *buf, size_t size) 71 ssize_t
69 { 72 ngx_ssl_recv(ngx_connection_t *c, u_char *buf, size_t size)
70 int n, sslerr; 73 {
74 int n, bytes;
75
76 if (c->ssl->last == NGX_ERROR) {
77 return NGX_ERROR;
78 }
79
80 bytes = 0;
81
82 /*
83 * SSL_read() may return data in parts, so try to read
84 * until SSL_read() would return no data
85 */
86
87 for ( ;; ) {
88
89 n = SSL_read(c->ssl->ssl, buf, size);
90
91 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL_read: %d", n);
92
93 if (n > 0) {
94
95 bytes += n;
96
97 #if (NGX_DEBUG)
98
99 if (!c->ssl->handshaked && SSL_is_init_finished(c->ssl->ssl)) {
100 char buf[129], *s, *d;
101 SSL_CIPHER *cipher;
102
103 c->ssl->handshaked = 1;
104
105 cipher = SSL_get_current_cipher(c->ssl->ssl);
106
107 if (cipher) {
108 SSL_CIPHER_description(cipher, &buf[1], 128);
109
110 for (s = &buf[1], d = buf; *s; s++) {
111 if (*s == ' ' && *d == ' ') {
112 continue;
113 }
114
115 if (*s == '\n' || *s == '\r') {
116 continue;
117 }
118
119 *++d = *s;
120 }
121
122 if (*d != ' ') {
123 d++;
124 }
125
126 *d = '\0';
127
128 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0,
129 "SSL cipher: \"%s\"", &buf[1]);
130 } else {
131 ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0,
132 "SSL no shared ciphers");
133 }
134 }
135 #endif
136
137 }
138
139 c->ssl->last = ngx_ssl_handle_recv(c, n);
140
141 if (c->ssl->last != NGX_OK) {
142
143 if (bytes) {
144 return bytes;
145
146 } else {
147 return c->ssl->last;
148 }
149 }
150
151 size -= n;
152
153 if (size == 0) {
154 return bytes;
155 }
156
157 buf += n;
158 }
159 }
160
161
162 static ngx_int_t
163 ngx_ssl_handle_recv(ngx_connection_t *c, int n)
164 {
165 int sslerr;
71 ngx_err_t err; 166 ngx_err_t err;
72 char *handshake; 167 char *handshake;
73 168
74 n = SSL_read(c->ssl->ssl, buf, size);
75
76 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL_read: %d", n);
77
78 if (n > 0) { 169 if (n > 0) {
79
80 #if (NGX_DEBUG)
81
82 if (!c->ssl->handshaked && SSL_is_init_finished(c->ssl->ssl)) {
83 char buf[129], *s, *d;
84 SSL_CIPHER *cipher;
85
86 c->ssl->handshaked = 1;
87
88 cipher = SSL_get_current_cipher(c->ssl->ssl);
89
90 if (cipher) {
91 SSL_CIPHER_description(cipher, &buf[1], 128);
92
93 for (s = &buf[1], d = buf; *s; s++) {
94 if (*s == ' ' && *d == ' ') {
95 continue;
96 }
97
98 if (*s == '\n' || *s == '\r') {
99 continue;
100 }
101
102 *++d = *s;
103 }
104
105 if (*d != ' ') {
106 d++;
107 }
108
109 *d = '\0';
110
111 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0,
112 "SSL cipher: \"%s\"", &buf[1]);
113 } else {
114 ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0,
115 "SSL no shared ciphers");
116 }
117 }
118
119 #endif
120 170
121 if (c->ssl->saved_write_handler) { 171 if (c->ssl->saved_write_handler) {
122 172
123 c->write->event_handler = c->ssl->saved_write_handler; 173 c->write->event_handler = c->ssl->saved_write_handler;
124 c->ssl->saved_write_handler = NULL; 174 c->ssl->saved_write_handler = NULL;
135 ngx_post_event(c->write); 185 ngx_post_event(c->write);
136 186
137 ngx_mutex_unlock(ngx_posted_events_mutex); 187 ngx_mutex_unlock(ngx_posted_events_mutex);
138 } 188 }
139 189
140 return n; 190 return NGX_OK;
141 } 191 }
142 192
143 if (!SSL_is_init_finished(c->ssl->ssl)) { 193 if (!SSL_is_init_finished(c->ssl->ssl)) {
144 handshake = " in SSL handshake"; 194 handshake = " in SSL handshake";
145 195
195 245
196 return NGX_ERROR; 246 return NGX_ERROR;
197 } 247 }
198 248
199 249
200 static void ngx_ssl_write_handler(ngx_event_t *wev) 250 static void
251 ngx_ssl_write_handler(ngx_event_t *wev)
201 { 252 {
202 ngx_connection_t *c; 253 ngx_connection_t *c;
203 254
204 c = wev->data; 255 c = wev->data;
205 c->read->event_handler(c->read); 256 c->read->event_handler(c->read);
212 * 263 *
213 * Besides for protocols such as HTTP it is possible to always buffer 264 * Besides for protocols such as HTTP it is possible to always buffer
214 * the output to decrease a SSL overhead some more. 265 * the output to decrease a SSL overhead some more.
215 */ 266 */
216 267
217 ngx_chain_t *ngx_ssl_send_chain(ngx_connection_t *c, ngx_chain_t *in, 268 ngx_chain_t *
218 off_t limit) 269 ngx_ssl_send_chain(ngx_connection_t *c, ngx_chain_t *in, off_t limit)
219 { 270 {
220 int n; 271 int n;
221 ngx_uint_t flush; 272 ngx_uint_t flush;
222 ssize_t send, size; 273 ssize_t send, size;
223 ngx_buf_t *buf; 274 ngx_buf_t *buf;
336 387
337 return in; 388 return in;
338 } 389 }
339 390
340 391
341 static ssize_t ngx_ssl_write(ngx_connection_t *c, u_char *data, size_t size) 392 static ssize_t
393 ngx_ssl_write(ngx_connection_t *c, u_char *data, size_t size)
342 { 394 {
343 int n, sslerr; 395 int n, sslerr;
344 ngx_err_t err; 396 ngx_err_t err;
345 char *handshake; 397 char *handshake;
346 398
422 474
423 return NGX_ERROR; 475 return NGX_ERROR;
424 } 476 }
425 477
426 478
427 static void ngx_ssl_read_handler(ngx_event_t *rev) 479 static void
480 ngx_ssl_read_handler(ngx_event_t *rev)
428 { 481 {
429 ngx_connection_t *c; 482 ngx_connection_t *c;
430 483
431 c = rev->data; 484 c = rev->data;
432 c->write->event_handler(c->write); 485 c->write->event_handler(c->write);
433 } 486 }
434 487
435 488
436 ngx_int_t ngx_ssl_shutdown(ngx_connection_t *c) 489 ngx_int_t
490 ngx_ssl_shutdown(ngx_connection_t *c)
437 { 491 {
438 int n, sslerr, mode; 492 int n, sslerr, mode;
439 ngx_uint_t again; 493 ngx_uint_t again;
440 494
441 if (!c->ssl->shutdown_set) { 495 if (!c->ssl->shutdown_set) {
518 572
519 return NGX_ERROR; 573 return NGX_ERROR;
520 } 574 }
521 575
522 576
523 void ngx_ssl_error(ngx_uint_t level, ngx_log_t *log, ngx_err_t err, 577 void
524 char *fmt, ...) 578 ngx_ssl_error(ngx_uint_t level, ngx_log_t *log, ngx_err_t err, char *fmt, ...)
525 { 579 {
526 u_char errstr[NGX_MAX_CONF_ERRSTR], *p, *last; 580 u_char errstr[NGX_MAX_CONF_ERRSTR], *p, *last;
527 va_list args; 581 va_list args;
528 582
529 last = errstr + NGX_MAX_CONF_ERRSTR; 583 last = errstr + NGX_MAX_CONF_ERRSTR;