Mercurial > hg > nginx-vendor-current
comparison src/event/ngx_event_openssl.c @ 92:45945fa8b8ba NGINX_0_2_0
nginx 0.2.0
*) The pid-file names used during online upgrade was changed and now is
not required a manual rename operation. The old master process adds
the ".oldbin" suffix to its pid-file and executes a new binary file.
The new master process creates usual pid-file without the ".newbin"
suffix. If the master process exits, then old master process renames
back its pid-file with the ".oldbin" suffix to the pid-file without
suffix.
*) Change: the "worker_connections" directive, new name of the
"connections" directive; now the directive specifies maximum number
of connections, but not maximum socket descriptor number.
*) Feature: SSL supports the session cache inside one worker process.
*) Feature: the "satisfy_any" directive.
*) Change: the ngx_http_access_module and ngx_http_auth_basic_module do
not run for subrequests.
*) Feature: the "worker_rlimit_nofile" and "worker_rlimit_sigpending"
directives.
*) Bugfix: if all backend using in load-balancing failed after one
error, then nginx did not try do connect to them during 60 seconds.
*) Bugfix: in IMAP/POP3 command argument parsing.
Thanks to Rob Mueller.
*) Bugfix: errors while using SSL in IMAP/POP3 proxy.
*) Bugfix: errors while using SSI and gzipping.
*) Bugfix: the "Expires" and "Cache-Control" header lines were omitted
from the 304 responses.
Thanks to Alexandr Kukushkin.
author | Igor Sysoev <http://sysoev.ru> |
---|---|
date | Fri, 23 Sep 2005 00:00:00 +0400 |
parents | 71c46860eb55 |
children | ca4f70b3ccc6 |
comparison
equal
deleted
inserted
replaced
91:c3eee83ea942 | 92:45945fa8b8ba |
---|---|
79 return NGX_OK; | 79 return NGX_OK; |
80 } | 80 } |
81 | 81 |
82 | 82 |
83 ngx_int_t | 83 ngx_int_t |
84 ngx_ssl_create_session(ngx_ssl_ctx_t *ssl_ctx, ngx_connection_t *c, | 84 ngx_ssl_create_connection(ngx_ssl_ctx_t *ssl_ctx, ngx_connection_t *c, |
85 ngx_uint_t flags) | 85 ngx_uint_t flags) |
86 { | 86 { |
87 ngx_ssl_t *ssl; | 87 ngx_ssl_t *ssl; |
88 | 88 |
89 ssl = ngx_pcalloc(c->pool, sizeof(ngx_ssl_t)); | 89 ssl = ngx_pcalloc(c->pool, sizeof(ngx_ssl_t)); |
90 if (ssl == NULL) { | 90 if (ssl == NULL) { |
91 return NGX_ERROR; | 91 return NGX_ERROR; |
92 } | 92 } |
93 | 93 |
94 ssl->buf = ngx_create_temp_buf(c->pool, NGX_SSL_BUFSIZE); | |
95 if (ssl->buf == NULL) { | |
96 return NGX_ERROR; | |
97 } | |
98 | |
99 if (flags & NGX_SSL_BUFFER) { | 94 if (flags & NGX_SSL_BUFFER) { |
100 ssl->buffer = 1; | 95 ssl->buffer = 1; |
101 } | 96 |
102 | 97 ssl->buf = ngx_create_temp_buf(c->pool, NGX_SSL_BUFSIZE); |
103 ssl->ssl = SSL_new(ssl_ctx); | 98 if (ssl->buf == NULL) { |
104 | 99 return NGX_ERROR; |
105 if (ssl->ssl == NULL) { | 100 } |
101 } | |
102 | |
103 ssl->connection = SSL_new(ssl_ctx); | |
104 | |
105 if (ssl->connection == NULL) { | |
106 ngx_ssl_error(NGX_LOG_ALERT, c->log, 0, "SSL_new() failed"); | 106 ngx_ssl_error(NGX_LOG_ALERT, c->log, 0, "SSL_new() failed"); |
107 return NGX_ERROR; | 107 return NGX_ERROR; |
108 } | 108 } |
109 | 109 |
110 if (SSL_set_fd(ssl->ssl, c->fd) == 0) { | 110 if (SSL_set_fd(ssl->connection, c->fd) == 0) { |
111 ngx_ssl_error(NGX_LOG_ALERT, c->log, 0, "SSL_set_fd() failed"); | 111 ngx_ssl_error(NGX_LOG_ALERT, c->log, 0, "SSL_set_fd() failed"); |
112 return NGX_ERROR; | 112 return NGX_ERROR; |
113 } | 113 } |
114 | 114 |
115 SSL_set_accept_state(ssl->ssl); | 115 SSL_set_accept_state(ssl->connection); |
116 | 116 |
117 c->ssl = ssl; | 117 c->ssl = ssl; |
118 | 118 |
119 return NGX_OK; | 119 return NGX_OK; |
120 } | 120 } |
136 * until SSL_read() would return no data | 136 * until SSL_read() would return no data |
137 */ | 137 */ |
138 | 138 |
139 for ( ;; ) { | 139 for ( ;; ) { |
140 | 140 |
141 n = SSL_read(c->ssl->ssl, buf, size); | 141 n = SSL_read(c->ssl->connection, buf, size); |
142 | 142 |
143 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL_read: %d", n); | 143 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL_read: %d", n); |
144 | 144 |
145 if (n > 0) { | 145 if (n > 0) { |
146 | 146 |
147 bytes += n; | 147 bytes += n; |
148 | 148 |
149 #if (NGX_DEBUG) | 149 #if (NGX_DEBUG) |
150 | 150 |
151 if (!c->ssl->handshaked && SSL_is_init_finished(c->ssl->ssl)) { | 151 if (!c->ssl->handshaked && SSL_is_init_finished(c->ssl->connection)) |
152 { | |
152 char buf[129], *s, *d; | 153 char buf[129], *s, *d; |
153 SSL_CIPHER *cipher; | 154 SSL_CIPHER *cipher; |
154 | 155 |
155 c->ssl->handshaked = 1; | 156 c->ssl->handshaked = 1; |
156 | 157 |
157 cipher = SSL_get_current_cipher(c->ssl->ssl); | 158 cipher = SSL_get_current_cipher(c->ssl->connection); |
158 | 159 |
159 if (cipher) { | 160 if (cipher) { |
160 SSL_CIPHER_description(cipher, &buf[1], 128); | 161 SSL_CIPHER_description(cipher, &buf[1], 128); |
161 | 162 |
162 for (s = &buf[1], d = buf; *s; s++) { | 163 for (s = &buf[1], d = buf; *s; s++) { |
177 | 178 |
178 *d = '\0'; | 179 *d = '\0'; |
179 | 180 |
180 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, | 181 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, |
181 "SSL cipher: \"%s\"", &buf[1]); | 182 "SSL cipher: \"%s\"", &buf[1]); |
183 | |
184 if (SSL_session_reused(c->ssl->connection)) { | |
185 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, | |
186 "SSL reused session"); | |
187 } | |
188 | |
182 } else { | 189 } else { |
183 ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0, | 190 ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0, |
184 "SSL no shared ciphers"); | 191 "SSL no shared ciphers"); |
185 } | 192 } |
186 } | 193 } |
212 | 219 |
213 | 220 |
214 static ngx_int_t | 221 static ngx_int_t |
215 ngx_ssl_handle_recv(ngx_connection_t *c, int n) | 222 ngx_ssl_handle_recv(ngx_connection_t *c, int n) |
216 { | 223 { |
217 int sslerr; | 224 int sslerr; |
218 ngx_err_t err; | 225 char *handshake; |
219 char *handshake; | 226 ngx_err_t err; |
227 ngx_uint_t level; | |
220 | 228 |
221 if (n > 0) { | 229 if (n > 0) { |
222 | 230 |
223 if (c->ssl->saved_write_handler) { | 231 if (c->ssl->saved_write_handler) { |
224 | 232 |
240 } | 248 } |
241 | 249 |
242 return NGX_OK; | 250 return NGX_OK; |
243 } | 251 } |
244 | 252 |
245 if (!SSL_is_init_finished(c->ssl->ssl)) { | 253 if (!SSL_is_init_finished(c->ssl->connection)) { |
246 handshake = " in SSL handshake"; | 254 handshake = " in SSL handshake"; |
247 | 255 |
248 } else { | 256 } else { |
249 handshake = ""; | 257 handshake = ""; |
250 } | 258 } |
251 | 259 |
252 sslerr = SSL_get_error(c->ssl->ssl, n); | 260 sslerr = SSL_get_error(c->ssl->connection, n); |
253 | 261 |
254 err = (sslerr == SSL_ERROR_SYSCALL) ? ngx_errno : 0; | 262 err = (sslerr == SSL_ERROR_SYSCALL) ? ngx_errno : 0; |
255 | 263 |
256 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL_get_error: %d", sslerr); | 264 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL_get_error: %d", sslerr); |
257 | 265 |
262 | 270 |
263 if (sslerr == SSL_ERROR_WANT_WRITE) { | 271 if (sslerr == SSL_ERROR_WANT_WRITE) { |
264 | 272 |
265 ngx_log_error(NGX_LOG_INFO, c->log, err, | 273 ngx_log_error(NGX_LOG_INFO, c->log, err, |
266 "client does SSL %shandshake", | 274 "client does SSL %shandshake", |
267 SSL_is_init_finished(c->ssl->ssl) ? "re" : ""); | 275 SSL_is_init_finished(c->ssl->connection) ? "re" : ""); |
268 | 276 |
269 c->write->ready = 0; | 277 c->write->ready = 0; |
270 | 278 |
271 if (ngx_handle_write_event(c->write, 0) == NGX_ERROR) { | 279 if (ngx_handle_write_event(c->write, 0) == NGX_ERROR) { |
272 return NGX_ERROR; | 280 return NGX_ERROR; |
292 "client closed connection%s", handshake); | 300 "client closed connection%s", handshake); |
293 | 301 |
294 return NGX_ERROR; | 302 return NGX_ERROR; |
295 } | 303 } |
296 | 304 |
297 ngx_ssl_error(NGX_LOG_ALERT, c->log, err, | 305 level = NGX_LOG_CRIT; |
298 "SSL_read() failed%s", handshake); | 306 |
307 if (sslerr == SSL_ERROR_SYSCALL) { | |
308 | |
309 if (err == NGX_ECONNRESET | |
310 || err == NGX_EPIPE | |
311 || err == NGX_ENOTCONN | |
312 || err == NGX_ECONNREFUSED | |
313 || err == NGX_EHOSTUNREACH) | |
314 { | |
315 switch (c->log_error) { | |
316 | |
317 case NGX_ERROR_IGNORE_ECONNRESET: | |
318 case NGX_ERROR_INFO: | |
319 level = NGX_LOG_INFO; | |
320 break; | |
321 | |
322 case NGX_ERROR_ERR: | |
323 level = NGX_LOG_ERR; | |
324 break; | |
325 | |
326 default: | |
327 break; | |
328 } | |
329 } | |
330 } | |
331 | |
332 ngx_ssl_error(level, c->log, err, "SSL_read() failed%s", handshake); | |
299 | 333 |
300 return NGX_ERROR; | 334 return NGX_ERROR; |
301 } | 335 } |
302 | 336 |
303 | 337 |
446 | 480 |
447 | 481 |
448 ssize_t | 482 ssize_t |
449 ngx_ssl_write(ngx_connection_t *c, u_char *data, size_t size) | 483 ngx_ssl_write(ngx_connection_t *c, u_char *data, size_t size) |
450 { | 484 { |
451 int n, sslerr; | 485 int n, sslerr; |
452 ngx_err_t err; | 486 ngx_err_t err; |
487 ngx_uint_t level; | |
453 | 488 |
454 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL to write: %d", size); | 489 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL to write: %d", size); |
455 | 490 |
456 n = SSL_write(c->ssl->ssl, data, size); | 491 n = SSL_write(c->ssl->connection, data, size); |
457 | 492 |
458 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL_write: %d", n); | 493 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL_write: %d", n); |
459 | 494 |
460 if (n > 0) { | 495 if (n > 0) { |
461 | 496 |
462 #if (NGX_DEBUG) | 497 #if (NGX_DEBUG) |
463 | 498 |
464 if (!c->ssl->handshaked && SSL_is_init_finished(c->ssl->ssl)) { | 499 if (!c->ssl->handshaked && SSL_is_init_finished(c->ssl->connection)) { |
465 char buf[129], *s, *d; | 500 char buf[129], *s, *d; |
466 SSL_CIPHER *cipher; | 501 SSL_CIPHER *cipher; |
467 | 502 |
468 c->ssl->handshaked = 1; | 503 c->ssl->handshaked = 1; |
469 | 504 |
470 cipher = SSL_get_current_cipher(c->ssl->ssl); | 505 cipher = SSL_get_current_cipher(c->ssl->connection); |
471 | 506 |
472 if (cipher) { | 507 if (cipher) { |
473 SSL_CIPHER_description(cipher, &buf[1], 128); | 508 SSL_CIPHER_description(cipher, &buf[1], 128); |
474 | 509 |
475 for (s = &buf[1], d = buf; *s; s++) { | 510 for (s = &buf[1], d = buf; *s; s++) { |
490 | 525 |
491 *d = '\0'; | 526 *d = '\0'; |
492 | 527 |
493 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, | 528 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, |
494 "SSL cipher: \"%s\"", &buf[1]); | 529 "SSL cipher: \"%s\"", &buf[1]); |
530 | |
531 if (SSL_session_reused(c->ssl->connection)) { | |
532 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, | |
533 "SSL reused session"); | |
534 } | |
535 | |
495 } else { | 536 } else { |
496 ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0, | 537 ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0, |
497 "SSL no shared ciphers"); | 538 "SSL no shared ciphers"); |
498 } | 539 } |
499 } | 540 } |
519 } | 560 } |
520 | 561 |
521 return n; | 562 return n; |
522 } | 563 } |
523 | 564 |
524 sslerr = SSL_get_error(c->ssl->ssl, n); | 565 sslerr = SSL_get_error(c->ssl->connection, n); |
525 | 566 |
526 err = (sslerr == SSL_ERROR_SYSCALL) ? ngx_errno : 0; | 567 err = (sslerr == SSL_ERROR_SYSCALL) ? ngx_errno : 0; |
527 | 568 |
528 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL_get_error: %d", sslerr); | 569 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL_get_error: %d", sslerr); |
529 | 570 |
534 | 575 |
535 if (sslerr == SSL_ERROR_WANT_READ) { | 576 if (sslerr == SSL_ERROR_WANT_READ) { |
536 | 577 |
537 ngx_log_error(NGX_LOG_INFO, c->log, err, | 578 ngx_log_error(NGX_LOG_INFO, c->log, err, |
538 "client does SSL %shandshake", | 579 "client does SSL %shandshake", |
539 SSL_is_init_finished(c->ssl->ssl) ? "re" : ""); | 580 SSL_is_init_finished(c->ssl->connection) ? "re" : ""); |
540 | 581 |
541 c->read->ready = 0; | 582 c->read->ready = 0; |
542 | 583 |
543 if (ngx_handle_read_event(c->read, 0) == NGX_ERROR) { | 584 if (ngx_handle_read_event(c->read, 0) == NGX_ERROR) { |
544 return NGX_ERROR; | 585 return NGX_ERROR; |
558 } | 599 } |
559 | 600 |
560 c->ssl->no_rcv_shut = 1; | 601 c->ssl->no_rcv_shut = 1; |
561 c->ssl->no_send_shut = 1; | 602 c->ssl->no_send_shut = 1; |
562 | 603 |
563 ngx_ssl_error(NGX_LOG_ALERT, c->log, err, "SSL_write() failed"); | 604 level = NGX_LOG_CRIT; |
605 | |
606 if (sslerr == SSL_ERROR_SYSCALL) { | |
607 | |
608 if (err == NGX_ECONNRESET | |
609 || err == NGX_EPIPE | |
610 || err == NGX_ENOTCONN | |
611 || err == NGX_ECONNREFUSED | |
612 || err == NGX_EHOSTUNREACH) | |
613 { | |
614 switch (c->log_error) { | |
615 | |
616 case NGX_ERROR_IGNORE_ECONNRESET: | |
617 case NGX_ERROR_INFO: | |
618 level = NGX_LOG_INFO; | |
619 break; | |
620 | |
621 case NGX_ERROR_ERR: | |
622 level = NGX_LOG_ERR; | |
623 break; | |
624 | |
625 default: | |
626 break; | |
627 } | |
628 } | |
629 } | |
630 | |
631 ngx_ssl_error(level, c->log, err, "SSL_write() failed"); | |
564 | 632 |
565 return NGX_ERROR; | 633 return NGX_ERROR; |
566 } | 634 } |
567 | 635 |
568 | 636 |
600 mode |= SSL_SENT_SHUTDOWN; | 668 mode |= SSL_SENT_SHUTDOWN; |
601 } | 669 } |
602 } | 670 } |
603 | 671 |
604 if (mode) { | 672 if (mode) { |
605 SSL_set_shutdown(c->ssl->ssl, mode); | 673 SSL_set_shutdown(c->ssl->connection, mode); |
606 c->ssl->shutdown_set = 1; | 674 c->ssl->shutdown_set = 1; |
607 } | 675 } |
608 } | 676 } |
609 | 677 |
610 again = 0; | 678 again = 0; |
611 #if (NGX_SUPPRESS_WARN) | 679 #if (NGX_SUPPRESS_WARN) |
612 sslerr = 0; | 680 sslerr = 0; |
613 #endif | 681 #endif |
614 | 682 |
615 for ( ;; ) { | 683 for ( ;; ) { |
616 n = SSL_shutdown(c->ssl->ssl); | 684 n = SSL_shutdown(c->ssl->connection); |
617 | 685 |
618 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL_shutdown: %d", n); | 686 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL_shutdown: %d", n); |
619 | 687 |
620 if (n == 1 || (n == 0 && c->read->timedout)) { | 688 if (n == 1 || (n == 0 && c->read->timedout)) { |
621 SSL_free(c->ssl->ssl); | 689 SSL_free(c->ssl->connection); |
622 c->ssl = NULL; | 690 c->ssl = NULL; |
691 | |
623 return NGX_OK; | 692 return NGX_OK; |
624 } | 693 } |
625 | 694 |
626 if (n == 0) { | 695 if (n == 0) { |
627 again = 1; | 696 again = 1; |
630 | 699 |
631 break; | 700 break; |
632 } | 701 } |
633 | 702 |
634 if (!again) { | 703 if (!again) { |
635 sslerr = SSL_get_error(c->ssl->ssl, n); | 704 sslerr = SSL_get_error(c->ssl->connection, n); |
636 | 705 |
637 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, | 706 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, |
638 "SSL_get_error: %d", sslerr); | 707 "SSL_get_error: %d", sslerr); |
639 } | 708 } |
640 | 709 |
657 | 726 |
658 return NGX_AGAIN; | 727 return NGX_AGAIN; |
659 } | 728 } |
660 | 729 |
661 ngx_ssl_error(NGX_LOG_ALERT, c->log, 0, "SSL_shutdown() failed"); | 730 ngx_ssl_error(NGX_LOG_ALERT, c->log, 0, "SSL_shutdown() failed"); |
731 | |
732 SSL_free(c->ssl->connection); | |
733 c->ssl = NULL; | |
662 | 734 |
663 return NGX_ERROR; | 735 return NGX_ERROR; |
664 } | 736 } |
665 | 737 |
666 | 738 |