Mercurial > hg > nginx-vendor-current
comparison src/event/ngx_event_openssl.c @ 88:e916a291e9aa NGINX_0_1_44
nginx 0.1.44
*) Feature: the IMAP/POP3 proxy supports SSL.
*) Feature: the "proxy_timeout" directive of the ngx_imap_proxy_module.
*) Feature: the "userid_mark" directive.
*) Feature: the $remote_user variable value is determined independently
of authorization use.
| author | Igor Sysoev <http://sysoev.ru> |
|---|---|
| date | Tue, 06 Sep 2005 00:00:00 +0400 |
| parents | 0790a8599248 |
| children | 71c46860eb55 |
comparison
equal
deleted
inserted
replaced
| 87:5b7ec80c3c40 | 88:e916a291e9aa |
|---|---|
| 11 #include <openssl/engine.h> | 11 #include <openssl/engine.h> |
| 12 | 12 |
| 13 | 13 |
| 14 static ngx_int_t ngx_ssl_handle_recv(ngx_connection_t *c, int n); | 14 static ngx_int_t ngx_ssl_handle_recv(ngx_connection_t *c, int n); |
| 15 static void ngx_ssl_write_handler(ngx_event_t *wev); | 15 static void ngx_ssl_write_handler(ngx_event_t *wev); |
| 16 static ssize_t ngx_ssl_write(ngx_connection_t *c, u_char *data, size_t size); | |
| 17 static void ngx_ssl_read_handler(ngx_event_t *rev); | 16 static void ngx_ssl_read_handler(ngx_event_t *rev); |
| 18 | 17 |
| 19 | 18 |
| 20 ngx_int_t | 19 ngx_int_t |
| 21 ngx_ssl_init(ngx_log_t *log) | 20 ngx_ssl_init(ngx_log_t *log) |
| 207 c->read->ready = 0; | 206 c->read->ready = 0; |
| 208 return NGX_AGAIN; | 207 return NGX_AGAIN; |
| 209 } | 208 } |
| 210 | 209 |
| 211 if (sslerr == SSL_ERROR_WANT_WRITE) { | 210 if (sslerr == SSL_ERROR_WANT_WRITE) { |
| 212 ngx_log_error(NGX_LOG_ALERT, c->log, err, | 211 |
| 213 "SSL wants to write%s", handshake); | 212 ngx_log_error(NGX_LOG_INFO, c->log, err, |
| 213 "client does SSL %shandshake", | |
| 214 SSL_is_init_finished(c->ssl->ssl) ? "re" : ""); | |
| 214 | 215 |
| 215 c->write->ready = 0; | 216 c->write->ready = 0; |
| 216 | 217 |
| 217 if (ngx_handle_write_event(c->write, 0) == NGX_ERROR) { | 218 if (ngx_handle_write_event(c->write, 0) == NGX_ERROR) { |
| 218 return NGX_ERROR; | 219 return NGX_ERROR; |
| 389 | 390 |
| 390 return in; | 391 return in; |
| 391 } | 392 } |
| 392 | 393 |
| 393 | 394 |
| 394 static ssize_t | 395 ssize_t |
| 395 ngx_ssl_write(ngx_connection_t *c, u_char *data, size_t size) | 396 ngx_ssl_write(ngx_connection_t *c, u_char *data, size_t size) |
| 396 { | 397 { |
| 397 int n, sslerr; | 398 int n, sslerr; |
| 398 ngx_err_t err; | 399 ngx_err_t err; |
| 399 char *handshake; | |
| 400 | 400 |
| 401 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL to write: %d", size); | 401 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL to write: %d", size); |
| 402 | 402 |
| 403 n = SSL_write(c->ssl->ssl, data, size); | 403 n = SSL_write(c->ssl->ssl, data, size); |
| 404 | 404 |
| 405 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL_write: %d", n); | 405 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL_write: %d", n); |
| 406 | 406 |
| 407 if (n > 0) { | 407 if (n > 0) { |
| 408 | |
| 409 #if (NGX_DEBUG) | |
| 410 | |
| 411 if (!c->ssl->handshaked && SSL_is_init_finished(c->ssl->ssl)) { | |
| 412 char buf[129], *s, *d; | |
| 413 SSL_CIPHER *cipher; | |
| 414 | |
| 415 c->ssl->handshaked = 1; | |
| 416 | |
| 417 cipher = SSL_get_current_cipher(c->ssl->ssl); | |
| 418 | |
| 419 if (cipher) { | |
| 420 SSL_CIPHER_description(cipher, &buf[1], 128); | |
| 421 | |
| 422 for (s = &buf[1], d = buf; *s; s++) { | |
| 423 if (*s == ' ' && *d == ' ') { | |
| 424 continue; | |
| 425 } | |
| 426 | |
| 427 if (*s == LF || *s == CR) { | |
| 428 continue; | |
| 429 } | |
| 430 | |
| 431 *++d = *s; | |
| 432 } | |
| 433 | |
| 434 if (*d != ' ') { | |
| 435 d++; | |
| 436 } | |
| 437 | |
| 438 *d = '\0'; | |
| 439 | |
| 440 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, | |
| 441 "SSL cipher: \"%s\"", &buf[1]); | |
| 442 } else { | |
| 443 ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0, | |
| 444 "SSL no shared ciphers"); | |
| 445 } | |
| 446 } | |
| 447 #endif | |
| 448 | |
| 408 if (c->ssl->saved_read_handler) { | 449 if (c->ssl->saved_read_handler) { |
| 409 | 450 |
| 410 c->read->handler = c->ssl->saved_read_handler; | 451 c->read->handler = c->ssl->saved_read_handler; |
| 411 c->ssl->saved_read_handler = NULL; | 452 c->ssl->saved_read_handler = NULL; |
| 412 c->read->ready = 1; | 453 c->read->ready = 1; |
| 438 return NGX_AGAIN; | 479 return NGX_AGAIN; |
| 439 } | 480 } |
| 440 | 481 |
| 441 if (sslerr == SSL_ERROR_WANT_READ) { | 482 if (sslerr == SSL_ERROR_WANT_READ) { |
| 442 | 483 |
| 443 if (!SSL_is_init_finished(c->ssl->ssl)) { | 484 ngx_log_error(NGX_LOG_INFO, c->log, err, |
| 444 handshake = " in SSL handshake"; | 485 "client does SSL %shandshake", |
| 445 | 486 SSL_is_init_finished(c->ssl->ssl) ? "re" : ""); |
| 446 } else { | |
| 447 handshake = ""; | |
| 448 } | |
| 449 | |
| 450 ngx_log_error(NGX_LOG_ALERT, c->log, err, | |
| 451 "SSL wants to read%s", handshake); | |
| 452 | 487 |
| 453 c->read->ready = 0; | 488 c->read->ready = 0; |
| 454 | 489 |
| 455 if (ngx_handle_read_event(c->read, 0) == NGX_ERROR) { | 490 if (ngx_handle_read_event(c->read, 0) == NGX_ERROR) { |
| 456 return NGX_ERROR; | 491 return NGX_ERROR; |