Mercurial > hg > nginx
comparison src/event/ngx_event_openssl.c @ 7891:573bd30e46b4
SSL: set events ready flags after handshake.
The c->read->ready and c->write->ready flags might be reset during
the handshake, and not set again if the handshake was finished on
the other event. At the same time, some data might be read from
the socket during the handshake, so missing c->read->ready flag might
result in a connection hang, for example, when waiting for an SMTP
greeting (which was already received during the handshake).
Found by Sergey Kandaurov.
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Tue, 03 Aug 2021 20:50:30 +0300 |
parents | 5f765427c17a |
children | 34a3a1a2d197 |
comparison
equal
deleted
inserted
replaced
7890:1563bbcdb90c | 7891:573bd30e46b4 |
---|---|
1738 c->recv = ngx_ssl_recv; | 1738 c->recv = ngx_ssl_recv; |
1739 c->send = ngx_ssl_write; | 1739 c->send = ngx_ssl_write; |
1740 c->recv_chain = ngx_ssl_recv_chain; | 1740 c->recv_chain = ngx_ssl_recv_chain; |
1741 c->send_chain = ngx_ssl_send_chain; | 1741 c->send_chain = ngx_ssl_send_chain; |
1742 | 1742 |
1743 c->read->ready = 1; | |
1744 c->write->ready = 1; | |
1745 | |
1743 #ifndef SSL_OP_NO_RENEGOTIATION | 1746 #ifndef SSL_OP_NO_RENEGOTIATION |
1744 #if OPENSSL_VERSION_NUMBER < 0x10100000L | 1747 #if OPENSSL_VERSION_NUMBER < 0x10100000L |
1745 #ifdef SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS | 1748 #ifdef SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS |
1746 | 1749 |
1747 /* initial handshake done, disable renegotiation (CVE-2009-3555) */ | 1750 /* initial handshake done, disable renegotiation (CVE-2009-3555) */ |
1882 | 1885 |
1883 c->recv = ngx_ssl_recv; | 1886 c->recv = ngx_ssl_recv; |
1884 c->send = ngx_ssl_write; | 1887 c->send = ngx_ssl_write; |
1885 c->recv_chain = ngx_ssl_recv_chain; | 1888 c->recv_chain = ngx_ssl_recv_chain; |
1886 c->send_chain = ngx_ssl_send_chain; | 1889 c->send_chain = ngx_ssl_send_chain; |
1890 | |
1891 c->read->ready = 1; | |
1892 c->write->ready = 1; | |
1887 | 1893 |
1888 rc = ngx_ssl_ocsp_validate(c); | 1894 rc = ngx_ssl_ocsp_validate(c); |
1889 | 1895 |
1890 if (rc == NGX_ERROR) { | 1896 if (rc == NGX_ERROR) { |
1891 return NGX_ERROR; | 1897 return NGX_ERROR; |