Mercurial > hg > nginx-vendor-current

comparison src/event/ngx_event_openssl.c @ 92:45945fa8b8ba NGINX_0_2_0

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
nginx 0.2.0 *) The pid-file names used during online upgrade was changed and now is not required a manual rename operation. The old master process adds the ".oldbin" suffix to its pid-file and executes a new binary file. The new master process creates usual pid-file without the ".newbin" suffix. If the master process exits, then old master process renames back its pid-file with the ".oldbin" suffix to the pid-file without suffix. *) Change: the "worker_connections" directive, new name of the "connections" directive; now the directive specifies maximum number of connections, but not maximum socket descriptor number. *) Feature: SSL supports the session cache inside one worker process. *) Feature: the "satisfy_any" directive. *) Change: the ngx_http_access_module and ngx_http_auth_basic_module do not run for subrequests. *) Feature: the "worker_rlimit_nofile" and "worker_rlimit_sigpending" directives. *) Bugfix: if all backend using in load-balancing failed after one error, then nginx did not try do connect to them during 60 seconds. *) Bugfix: in IMAP/POP3 command argument parsing. Thanks to Rob Mueller. *) Bugfix: errors while using SSL in IMAP/POP3 proxy. *) Bugfix: errors while using SSI and gzipping. *) Bugfix: the "Expires" and "Cache-Control" header lines were omitted from the 304 responses. Thanks to Alexandr Kukushkin.
author Igor Sysoev <http://sysoev.ru>
date Fri, 23 Sep 2005 00:00:00 +0400
parents 71c46860eb55
children ca4f70b3ccc6
comparison
equal deleted inserted replaced
91:c3eee83ea942 92:45945fa8b8ba
79 return NGX_OK; 79 return NGX_OK;
80 } 80 }
81 81
82 82
83 ngx_int_t 83 ngx_int_t
84 ngx_ssl_create_session(ngx_ssl_ctx_t *ssl_ctx, ngx_connection_t *c, 84 ngx_ssl_create_connection(ngx_ssl_ctx_t *ssl_ctx, ngx_connection_t *c,
85 ngx_uint_t flags) 85 ngx_uint_t flags)
86 { 86 {
87 ngx_ssl_t *ssl; 87 ngx_ssl_t *ssl;
88 88
89 ssl = ngx_pcalloc(c->pool, sizeof(ngx_ssl_t)); 89 ssl = ngx_pcalloc(c->pool, sizeof(ngx_ssl_t));
90 if (ssl == NULL) { 90 if (ssl == NULL) {
91 return NGX_ERROR; 91 return NGX_ERROR;
92 } 92 }
93 93
94 ssl->buf = ngx_create_temp_buf(c->pool, NGX_SSL_BUFSIZE);
95 if (ssl->buf == NULL) {
96 return NGX_ERROR;
97 }
98
99 if (flags & NGX_SSL_BUFFER) { 94 if (flags & NGX_SSL_BUFFER) {
100 ssl->buffer = 1; 95 ssl->buffer = 1;
101 } 96
102 97 ssl->buf = ngx_create_temp_buf(c->pool, NGX_SSL_BUFSIZE);
103 ssl->ssl = SSL_new(ssl_ctx); 98 if (ssl->buf == NULL) {
104 99 return NGX_ERROR;
105 if (ssl->ssl == NULL) { 100 }
101 }
102
103 ssl->connection = SSL_new(ssl_ctx);
104
105 if (ssl->connection == NULL) {
106 ngx_ssl_error(NGX_LOG_ALERT, c->log, 0, "SSL_new() failed"); 106 ngx_ssl_error(NGX_LOG_ALERT, c->log, 0, "SSL_new() failed");
107 return NGX_ERROR; 107 return NGX_ERROR;
108 } 108 }
109 109
110 if (SSL_set_fd(ssl->ssl, c->fd) == 0) { 110 if (SSL_set_fd(ssl->connection, c->fd) == 0) {
111 ngx_ssl_error(NGX_LOG_ALERT, c->log, 0, "SSL_set_fd() failed"); 111 ngx_ssl_error(NGX_LOG_ALERT, c->log, 0, "SSL_set_fd() failed");
112 return NGX_ERROR; 112 return NGX_ERROR;
113 } 113 }
114 114
115 SSL_set_accept_state(ssl->ssl); 115 SSL_set_accept_state(ssl->connection);
116 116
117 c->ssl = ssl; 117 c->ssl = ssl;
118 118
119 return NGX_OK; 119 return NGX_OK;
120 } 120 }
136 * until SSL_read() would return no data 136 * until SSL_read() would return no data
137 */ 137 */
138 138
139 for ( ;; ) { 139 for ( ;; ) {
140 140
141 n = SSL_read(c->ssl->ssl, buf, size); 141 n = SSL_read(c->ssl->connection, buf, size);
142 142
143 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL_read: %d", n); 143 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL_read: %d", n);
144 144
145 if (n > 0) { 145 if (n > 0) {
146 146
147 bytes += n; 147 bytes += n;
148 148
149 #if (NGX_DEBUG) 149 #if (NGX_DEBUG)
150 150
151 if (!c->ssl->handshaked && SSL_is_init_finished(c->ssl->ssl)) { 151 if (!c->ssl->handshaked && SSL_is_init_finished(c->ssl->connection))
152 {
152 char buf[129], *s, *d; 153 char buf[129], *s, *d;
153 SSL_CIPHER *cipher; 154 SSL_CIPHER *cipher;
154 155
155 c->ssl->handshaked = 1; 156 c->ssl->handshaked = 1;
156 157
157 cipher = SSL_get_current_cipher(c->ssl->ssl); 158 cipher = SSL_get_current_cipher(c->ssl->connection);
158 159
159 if (cipher) { 160 if (cipher) {
160 SSL_CIPHER_description(cipher, &buf[1], 128); 161 SSL_CIPHER_description(cipher, &buf[1], 128);
161 162
162 for (s = &buf[1], d = buf; *s; s++) { 163 for (s = &buf[1], d = buf; *s; s++) {
177 178
178 *d = '\0'; 179 *d = '\0';
179 180
180 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, 181 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0,
181 "SSL cipher: \"%s\"", &buf[1]); 182 "SSL cipher: \"%s\"", &buf[1]);
183
184 if (SSL_session_reused(c->ssl->connection)) {
185 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0,
186 "SSL reused session");
187 }
188
182 } else { 189 } else {
183 ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0, 190 ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0,
184 "SSL no shared ciphers"); 191 "SSL no shared ciphers");
185 } 192 }
186 } 193 }
212 219
213 220
214 static ngx_int_t 221 static ngx_int_t
215 ngx_ssl_handle_recv(ngx_connection_t *c, int n) 222 ngx_ssl_handle_recv(ngx_connection_t *c, int n)
216 { 223 {
217 int sslerr; 224 int sslerr;
218 ngx_err_t err; 225 char *handshake;
219 char *handshake; 226 ngx_err_t err;
227 ngx_uint_t level;
220 228
221 if (n > 0) { 229 if (n > 0) {
222 230
223 if (c->ssl->saved_write_handler) { 231 if (c->ssl->saved_write_handler) {
224 232
240 } 248 }
241 249
242 return NGX_OK; 250 return NGX_OK;
243 } 251 }
244 252
245 if (!SSL_is_init_finished(c->ssl->ssl)) { 253 if (!SSL_is_init_finished(c->ssl->connection)) {
246 handshake = " in SSL handshake"; 254 handshake = " in SSL handshake";
247 255
248 } else { 256 } else {
249 handshake = ""; 257 handshake = "";
250 } 258 }
251 259
252 sslerr = SSL_get_error(c->ssl->ssl, n); 260 sslerr = SSL_get_error(c->ssl->connection, n);
253 261
254 err = (sslerr == SSL_ERROR_SYSCALL) ? ngx_errno : 0; 262 err = (sslerr == SSL_ERROR_SYSCALL) ? ngx_errno : 0;
255 263
256 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL_get_error: %d", sslerr); 264 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL_get_error: %d", sslerr);
257 265
262 270
263 if (sslerr == SSL_ERROR_WANT_WRITE) { 271 if (sslerr == SSL_ERROR_WANT_WRITE) {
264 272
265 ngx_log_error(NGX_LOG_INFO, c->log, err, 273 ngx_log_error(NGX_LOG_INFO, c->log, err,
266 "client does SSL %shandshake", 274 "client does SSL %shandshake",
267 SSL_is_init_finished(c->ssl->ssl) ? "re" : ""); 275 SSL_is_init_finished(c->ssl->connection) ? "re" : "");
268 276
269 c->write->ready = 0; 277 c->write->ready = 0;
270 278
271 if (ngx_handle_write_event(c->write, 0) == NGX_ERROR) { 279 if (ngx_handle_write_event(c->write, 0) == NGX_ERROR) {
272 return NGX_ERROR; 280 return NGX_ERROR;
292 "client closed connection%s", handshake); 300 "client closed connection%s", handshake);
293 301
294 return NGX_ERROR; 302 return NGX_ERROR;
295 } 303 }
296 304
297 ngx_ssl_error(NGX_LOG_ALERT, c->log, err, 305 level = NGX_LOG_CRIT;
298 "SSL_read() failed%s", handshake); 306
307 if (sslerr == SSL_ERROR_SYSCALL) {
308
309 if (err == NGX_ECONNRESET
310 || err == NGX_EPIPE
311 || err == NGX_ENOTCONN
312 || err == NGX_ECONNREFUSED
313 || err == NGX_EHOSTUNREACH)
314 {
315 switch (c->log_error) {
316
317 case NGX_ERROR_IGNORE_ECONNRESET:
318 case NGX_ERROR_INFO:
319 level = NGX_LOG_INFO;
320 break;
321
322 case NGX_ERROR_ERR:
323 level = NGX_LOG_ERR;
324 break;
325
326 default:
327 break;
328 }
329 }
330 }
331
332 ngx_ssl_error(level, c->log, err, "SSL_read() failed%s", handshake);
299 333
300 return NGX_ERROR; 334 return NGX_ERROR;
301 } 335 }
302 336
303 337
446 480
447 481
448 ssize_t 482 ssize_t
449 ngx_ssl_write(ngx_connection_t *c, u_char *data, size_t size) 483 ngx_ssl_write(ngx_connection_t *c, u_char *data, size_t size)
450 { 484 {
451 int n, sslerr; 485 int n, sslerr;
452 ngx_err_t err; 486 ngx_err_t err;
487 ngx_uint_t level;
453 488
454 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL to write: %d", size); 489 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL to write: %d", size);
455 490
456 n = SSL_write(c->ssl->ssl, data, size); 491 n = SSL_write(c->ssl->connection, data, size);
457 492
458 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL_write: %d", n); 493 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL_write: %d", n);
459 494
460 if (n > 0) { 495 if (n > 0) {
461 496
462 #if (NGX_DEBUG) 497 #if (NGX_DEBUG)
463 498
464 if (!c->ssl->handshaked && SSL_is_init_finished(c->ssl->ssl)) { 499 if (!c->ssl->handshaked && SSL_is_init_finished(c->ssl->connection)) {
465 char buf[129], *s, *d; 500 char buf[129], *s, *d;
466 SSL_CIPHER *cipher; 501 SSL_CIPHER *cipher;
467 502
468 c->ssl->handshaked = 1; 503 c->ssl->handshaked = 1;
469 504
470 cipher = SSL_get_current_cipher(c->ssl->ssl); 505 cipher = SSL_get_current_cipher(c->ssl->connection);
471 506
472 if (cipher) { 507 if (cipher) {
473 SSL_CIPHER_description(cipher, &buf[1], 128); 508 SSL_CIPHER_description(cipher, &buf[1], 128);
474 509
475 for (s = &buf[1], d = buf; *s; s++) { 510 for (s = &buf[1], d = buf; *s; s++) {
490 525
491 *d = '\0'; 526 *d = '\0';
492 527
493 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, 528 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0,
494 "SSL cipher: \"%s\"", &buf[1]); 529 "SSL cipher: \"%s\"", &buf[1]);
530
531 if (SSL_session_reused(c->ssl->connection)) {
532 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0,
533 "SSL reused session");
534 }
535
495 } else { 536 } else {
496 ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0, 537 ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0,
497 "SSL no shared ciphers"); 538 "SSL no shared ciphers");
498 } 539 }
499 } 540 }
519 } 560 }
520 561
521 return n; 562 return n;
522 } 563 }
523 564
524 sslerr = SSL_get_error(c->ssl->ssl, n); 565 sslerr = SSL_get_error(c->ssl->connection, n);
525 566
526 err = (sslerr == SSL_ERROR_SYSCALL) ? ngx_errno : 0; 567 err = (sslerr == SSL_ERROR_SYSCALL) ? ngx_errno : 0;
527 568
528 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL_get_error: %d", sslerr); 569 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL_get_error: %d", sslerr);
529 570
534 575
535 if (sslerr == SSL_ERROR_WANT_READ) { 576 if (sslerr == SSL_ERROR_WANT_READ) {
536 577
537 ngx_log_error(NGX_LOG_INFO, c->log, err, 578 ngx_log_error(NGX_LOG_INFO, c->log, err,
538 "client does SSL %shandshake", 579 "client does SSL %shandshake",
539 SSL_is_init_finished(c->ssl->ssl) ? "re" : ""); 580 SSL_is_init_finished(c->ssl->connection) ? "re" : "");
540 581
541 c->read->ready = 0; 582 c->read->ready = 0;
542 583
543 if (ngx_handle_read_event(c->read, 0) == NGX_ERROR) { 584 if (ngx_handle_read_event(c->read, 0) == NGX_ERROR) {
544 return NGX_ERROR; 585 return NGX_ERROR;
558 } 599 }
559 600
560 c->ssl->no_rcv_shut = 1; 601 c->ssl->no_rcv_shut = 1;
561 c->ssl->no_send_shut = 1; 602 c->ssl->no_send_shut = 1;
562 603
563 ngx_ssl_error(NGX_LOG_ALERT, c->log, err, "SSL_write() failed"); 604 level = NGX_LOG_CRIT;
605
606 if (sslerr == SSL_ERROR_SYSCALL) {
607
608 if (err == NGX_ECONNRESET
609 || err == NGX_EPIPE
610 || err == NGX_ENOTCONN
611 || err == NGX_ECONNREFUSED
612 || err == NGX_EHOSTUNREACH)
613 {
614 switch (c->log_error) {
615
616 case NGX_ERROR_IGNORE_ECONNRESET:
617 case NGX_ERROR_INFO:
618 level = NGX_LOG_INFO;
619 break;
620
621 case NGX_ERROR_ERR:
622 level = NGX_LOG_ERR;
623 break;
624
625 default:
626 break;
627 }
628 }
629 }
630
631 ngx_ssl_error(level, c->log, err, "SSL_write() failed");
564 632
565 return NGX_ERROR; 633 return NGX_ERROR;
566 } 634 }
567 635
568 636
600 mode |= SSL_SENT_SHUTDOWN; 668 mode |= SSL_SENT_SHUTDOWN;
601 } 669 }
602 } 670 }
603 671
604 if (mode) { 672 if (mode) {
605 SSL_set_shutdown(c->ssl->ssl, mode); 673 SSL_set_shutdown(c->ssl->connection, mode);
606 c->ssl->shutdown_set = 1; 674 c->ssl->shutdown_set = 1;
607 } 675 }
608 } 676 }
609 677
610 again = 0; 678 again = 0;
611 #if (NGX_SUPPRESS_WARN) 679 #if (NGX_SUPPRESS_WARN)
612 sslerr = 0; 680 sslerr = 0;
613 #endif 681 #endif
614 682
615 for ( ;; ) { 683 for ( ;; ) {
616 n = SSL_shutdown(c->ssl->ssl); 684 n = SSL_shutdown(c->ssl->connection);
617 685
618 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL_shutdown: %d", n); 686 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL_shutdown: %d", n);
619 687
620 if (n == 1 || (n == 0 && c->read->timedout)) { 688 if (n == 1 || (n == 0 && c->read->timedout)) {
621 SSL_free(c->ssl->ssl); 689 SSL_free(c->ssl->connection);
622 c->ssl = NULL; 690 c->ssl = NULL;
691
623 return NGX_OK; 692 return NGX_OK;
624 } 693 }
625 694
626 if (n == 0) { 695 if (n == 0) {
627 again = 1; 696 again = 1;
630 699
631 break; 700 break;
632 } 701 }
633 702
634 if (!again) { 703 if (!again) {
635 sslerr = SSL_get_error(c->ssl->ssl, n); 704 sslerr = SSL_get_error(c->ssl->connection, n);
636 705
637 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, 706 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0,
638 "SSL_get_error: %d", sslerr); 707 "SSL_get_error: %d", sslerr);
639 } 708 }
640 709
657 726
658 return NGX_AGAIN; 727 return NGX_AGAIN;
659 } 728 }
660 729
661 ngx_ssl_error(NGX_LOG_ALERT, c->log, 0, "SSL_shutdown() failed"); 730 ngx_ssl_error(NGX_LOG_ALERT, c->log, 0, "SSL_shutdown() failed");
731
732 SSL_free(c->ssl->connection);
733 c->ssl = NULL;
662 734
663 return NGX_ERROR; 735 return NGX_ERROR;
664 } 736 }
665 737
666 738