Mercurial > hg > nginx-vendor-current
diff src/event/ngx_event_openssl.c @ 92:45945fa8b8ba NGINX_0_2_0
nginx 0.2.0
*) The pid-file names used during online upgrade was changed and now is
not required a manual rename operation. The old master process adds
the ".oldbin" suffix to its pid-file and executes a new binary file.
The new master process creates usual pid-file without the ".newbin"
suffix. If the master process exits, then old master process renames
back its pid-file with the ".oldbin" suffix to the pid-file without
suffix.
*) Change: the "worker_connections" directive, new name of the
"connections" directive; now the directive specifies maximum number
of connections, but not maximum socket descriptor number.
*) Feature: SSL supports the session cache inside one worker process.
*) Feature: the "satisfy_any" directive.
*) Change: the ngx_http_access_module and ngx_http_auth_basic_module do
not run for subrequests.
*) Feature: the "worker_rlimit_nofile" and "worker_rlimit_sigpending"
directives.
*) Bugfix: if all backend using in load-balancing failed after one
error, then nginx did not try do connect to them during 60 seconds.
*) Bugfix: in IMAP/POP3 command argument parsing.
Thanks to Rob Mueller.
*) Bugfix: errors while using SSL in IMAP/POP3 proxy.
*) Bugfix: errors while using SSI and gzipping.
*) Bugfix: the "Expires" and "Cache-Control" header lines were omitted
from the 304 responses.
Thanks to Alexandr Kukushkin.
| author | Igor Sysoev <http://sysoev.ru> |
|---|---|
| date | Fri, 23 Sep 2005 00:00:00 +0400 |
| parents | 71c46860eb55 |
| children | ca4f70b3ccc6 |
line wrap: on
line diff
--- a/src/event/ngx_event_openssl.c +++ b/src/event/ngx_event_openssl.c @@ -81,7 +81,7 @@ ngx_ssl_init(ngx_log_t *log) ngx_int_t -ngx_ssl_create_session(ngx_ssl_ctx_t *ssl_ctx, ngx_connection_t *c, +ngx_ssl_create_connection(ngx_ssl_ctx_t *ssl_ctx, ngx_connection_t *c, ngx_uint_t flags) { ngx_ssl_t *ssl; @@ -91,28 +91,28 @@ ngx_ssl_create_session(ngx_ssl_ctx_t *ss return NGX_ERROR; } - ssl->buf = ngx_create_temp_buf(c->pool, NGX_SSL_BUFSIZE); - if (ssl->buf == NULL) { - return NGX_ERROR; + if (flags & NGX_SSL_BUFFER) { + ssl->buffer = 1; + + ssl->buf = ngx_create_temp_buf(c->pool, NGX_SSL_BUFSIZE); + if (ssl->buf == NULL) { + return NGX_ERROR; + } } - if (flags & NGX_SSL_BUFFER) { - ssl->buffer = 1; - } + ssl->connection = SSL_new(ssl_ctx); - ssl->ssl = SSL_new(ssl_ctx); - - if (ssl->ssl == NULL) { + if (ssl->connection == NULL) { ngx_ssl_error(NGX_LOG_ALERT, c->log, 0, "SSL_new() failed"); return NGX_ERROR; } - if (SSL_set_fd(ssl->ssl, c->fd) == 0) { + if (SSL_set_fd(ssl->connection, c->fd) == 0) { ngx_ssl_error(NGX_LOG_ALERT, c->log, 0, "SSL_set_fd() failed"); return NGX_ERROR; } - SSL_set_accept_state(ssl->ssl); + SSL_set_accept_state(ssl->connection); c->ssl = ssl; @@ -138,7 +138,7 @@ ngx_ssl_recv(ngx_connection_t *c, u_char for ( ;; ) { - n = SSL_read(c->ssl->ssl, buf, size); + n = SSL_read(c->ssl->connection, buf, size); ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL_read: %d", n); @@ -148,13 +148,14 @@ ngx_ssl_recv(ngx_connection_t *c, u_char #if (NGX_DEBUG) - if (!c->ssl->handshaked && SSL_is_init_finished(c->ssl->ssl)) { + if (!c->ssl->handshaked && SSL_is_init_finished(c->ssl->connection)) + { char buf[129], *s, *d; SSL_CIPHER *cipher; c->ssl->handshaked = 1; - cipher = SSL_get_current_cipher(c->ssl->ssl); + cipher = SSL_get_current_cipher(c->ssl->connection); if (cipher) { SSL_CIPHER_description(cipher, &buf[1], 128); @@ -179,6 +180,12 @@ ngx_ssl_recv(ngx_connection_t *c, u_char ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL cipher: \"%s\"", &buf[1]); + + if (SSL_session_reused(c->ssl->connection)) { + ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, + "SSL reused session"); + } + } else { ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL no shared ciphers"); @@ -214,9 +221,10 @@ ngx_ssl_recv(ngx_connection_t *c, u_char static ngx_int_t ngx_ssl_handle_recv(ngx_connection_t *c, int n) { - int sslerr; - ngx_err_t err; - char *handshake; + int sslerr; + char *handshake; + ngx_err_t err; + ngx_uint_t level; if (n > 0) { @@ -242,14 +250,14 @@ ngx_ssl_handle_recv(ngx_connection_t *c, return NGX_OK; } - if (!SSL_is_init_finished(c->ssl->ssl)) { + if (!SSL_is_init_finished(c->ssl->connection)) { handshake = " in SSL handshake"; } else { handshake = ""; } - sslerr = SSL_get_error(c->ssl->ssl, n); + sslerr = SSL_get_error(c->ssl->connection, n); err = (sslerr == SSL_ERROR_SYSCALL) ? ngx_errno : 0; @@ -264,7 +272,7 @@ ngx_ssl_handle_recv(ngx_connection_t *c, ngx_log_error(NGX_LOG_INFO, c->log, err, "client does SSL %shandshake", - SSL_is_init_finished(c->ssl->ssl) ? "re" : ""); + SSL_is_init_finished(c->ssl->connection) ? "re" : ""); c->write->ready = 0; @@ -294,8 +302,34 @@ ngx_ssl_handle_recv(ngx_connection_t *c, return NGX_ERROR; } - ngx_ssl_error(NGX_LOG_ALERT, c->log, err, - "SSL_read() failed%s", handshake); + level = NGX_LOG_CRIT; + + if (sslerr == SSL_ERROR_SYSCALL) { + + if (err == NGX_ECONNRESET + || err == NGX_EPIPE + || err == NGX_ENOTCONN + || err == NGX_ECONNREFUSED + || err == NGX_EHOSTUNREACH) + { + switch (c->log_error) { + + case NGX_ERROR_IGNORE_ECONNRESET: + case NGX_ERROR_INFO: + level = NGX_LOG_INFO; + break; + + case NGX_ERROR_ERR: + level = NGX_LOG_ERR; + break; + + default: + break; + } + } + } + + ngx_ssl_error(level, c->log, err, "SSL_read() failed%s", handshake); return NGX_ERROR; } @@ -448,12 +482,13 @@ ngx_ssl_send_chain(ngx_connection_t *c, ssize_t ngx_ssl_write(ngx_connection_t *c, u_char *data, size_t size) { - int n, sslerr; - ngx_err_t err; + int n, sslerr; + ngx_err_t err; + ngx_uint_t level; ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL to write: %d", size); - n = SSL_write(c->ssl->ssl, data, size); + n = SSL_write(c->ssl->connection, data, size); ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL_write: %d", n); @@ -461,13 +496,13 @@ ngx_ssl_write(ngx_connection_t *c, u_cha #if (NGX_DEBUG) - if (!c->ssl->handshaked && SSL_is_init_finished(c->ssl->ssl)) { + if (!c->ssl->handshaked && SSL_is_init_finished(c->ssl->connection)) { char buf[129], *s, *d; SSL_CIPHER *cipher; c->ssl->handshaked = 1; - cipher = SSL_get_current_cipher(c->ssl->ssl); + cipher = SSL_get_current_cipher(c->ssl->connection); if (cipher) { SSL_CIPHER_description(cipher, &buf[1], 128); @@ -492,6 +527,12 @@ ngx_ssl_write(ngx_connection_t *c, u_cha ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL cipher: \"%s\"", &buf[1]); + + if (SSL_session_reused(c->ssl->connection)) { + ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, + "SSL reused session"); + } + } else { ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL no shared ciphers"); @@ -521,7 +562,7 @@ ngx_ssl_write(ngx_connection_t *c, u_cha return n; } - sslerr = SSL_get_error(c->ssl->ssl, n); + sslerr = SSL_get_error(c->ssl->connection, n); err = (sslerr == SSL_ERROR_SYSCALL) ? ngx_errno : 0; @@ -536,7 +577,7 @@ ngx_ssl_write(ngx_connection_t *c, u_cha ngx_log_error(NGX_LOG_INFO, c->log, err, "client does SSL %shandshake", - SSL_is_init_finished(c->ssl->ssl) ? "re" : ""); + SSL_is_init_finished(c->ssl->connection) ? "re" : ""); c->read->ready = 0; @@ -560,7 +601,34 @@ ngx_ssl_write(ngx_connection_t *c, u_cha c->ssl->no_rcv_shut = 1; c->ssl->no_send_shut = 1; - ngx_ssl_error(NGX_LOG_ALERT, c->log, err, "SSL_write() failed"); + level = NGX_LOG_CRIT; + + if (sslerr == SSL_ERROR_SYSCALL) { + + if (err == NGX_ECONNRESET + || err == NGX_EPIPE + || err == NGX_ENOTCONN + || err == NGX_ECONNREFUSED + || err == NGX_EHOSTUNREACH) + { + switch (c->log_error) { + + case NGX_ERROR_IGNORE_ECONNRESET: + case NGX_ERROR_INFO: + level = NGX_LOG_INFO; + break; + + case NGX_ERROR_ERR: + level = NGX_LOG_ERR; + break; + + default: + break; + } + } + } + + ngx_ssl_error(level, c->log, err, "SSL_write() failed"); return NGX_ERROR; } @@ -602,7 +670,7 @@ ngx_ssl_shutdown(ngx_connection_t *c) } if (mode) { - SSL_set_shutdown(c->ssl->ssl, mode); + SSL_set_shutdown(c->ssl->connection, mode); c->ssl->shutdown_set = 1; } } @@ -613,13 +681,14 @@ ngx_ssl_shutdown(ngx_connection_t *c) #endif for ( ;; ) { - n = SSL_shutdown(c->ssl->ssl); + n = SSL_shutdown(c->ssl->connection); ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL_shutdown: %d", n); if (n == 1 || (n == 0 && c->read->timedout)) { - SSL_free(c->ssl->ssl); + SSL_free(c->ssl->connection); c->ssl = NULL; + return NGX_OK; } @@ -632,7 +701,7 @@ ngx_ssl_shutdown(ngx_connection_t *c) } if (!again) { - sslerr = SSL_get_error(c->ssl->ssl, n); + sslerr = SSL_get_error(c->ssl->connection, n); ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL_get_error: %d", sslerr); @@ -660,6 +729,9 @@ ngx_ssl_shutdown(ngx_connection_t *c) ngx_ssl_error(NGX_LOG_ALERT, c->log, 0, "SSL_shutdown() failed"); + SSL_free(c->ssl->connection); + c->ssl = NULL; + return NGX_ERROR; }