Mercurial > hg > nginx
comparison src/event/ngx_event_openssl.c @ 8813:6674a50cbb6c quic
Merged with the default branch.
author | Sergey Kandaurov <pluknet@nginx.com> |
---|---|
date | Thu, 15 Jul 2021 16:28:21 +0300 |
parents | 05e0988a6898 5f765427c17a |
children | fac88e160653 |
comparison
equal
deleted
inserted
replaced
8812:e7a2d3914877 | 8813:6674a50cbb6c |
---|---|
2894 | 2894 |
2895 ngx_int_t | 2895 ngx_int_t |
2896 ngx_ssl_shutdown(ngx_connection_t *c) | 2896 ngx_ssl_shutdown(ngx_connection_t *c) |
2897 { | 2897 { |
2898 int n, sslerr, mode; | 2898 int n, sslerr, mode; |
2899 ngx_int_t rc; | |
2899 ngx_err_t err; | 2900 ngx_err_t err; |
2900 ngx_uint_t tries; | 2901 ngx_uint_t tries; |
2901 | 2902 |
2902 #if (NGX_QUIC) | 2903 #if (NGX_QUIC) |
2903 if (c->quic) { | 2904 if (c->quic) { |
2904 /* QUIC streams inherit SSL object */ | 2905 /* QUIC streams inherit SSL object */ |
2905 return NGX_OK; | 2906 return NGX_OK; |
2906 } | 2907 } |
2907 #endif | 2908 #endif |
2909 | |
2910 rc = NGX_OK; | |
2908 | 2911 |
2909 ngx_ssl_ocsp_cleanup(c); | 2912 ngx_ssl_ocsp_cleanup(c); |
2910 | 2913 |
2911 if (SSL_in_init(c->ssl->connection)) { | 2914 if (SSL_in_init(c->ssl->connection)) { |
2912 /* | 2915 /* |
2913 * OpenSSL 1.0.2f complains if SSL_shutdown() is called during | 2916 * OpenSSL 1.0.2f complains if SSL_shutdown() is called during |
2914 * an SSL handshake, while previous versions always return 0. | 2917 * an SSL handshake, while previous versions always return 0. |
2915 * Avoid calling SSL_shutdown() if handshake wasn't completed. | 2918 * Avoid calling SSL_shutdown() if handshake wasn't completed. |
2916 */ | 2919 */ |
2917 | 2920 |
2918 SSL_free(c->ssl->connection); | 2921 goto done; |
2919 c->ssl = NULL; | |
2920 c->recv = ngx_recv; | |
2921 | |
2922 return NGX_OK; | |
2923 } | 2922 } |
2924 | 2923 |
2925 if (c->timedout || c->error || c->buffered) { | 2924 if (c->timedout || c->error || c->buffered) { |
2926 mode = SSL_RECEIVED_SHUTDOWN|SSL_SENT_SHUTDOWN; | 2925 mode = SSL_RECEIVED_SHUTDOWN|SSL_SENT_SHUTDOWN; |
2927 SSL_set_quiet_shutdown(c->ssl->connection, 1); | 2926 SSL_set_quiet_shutdown(c->ssl->connection, 1); |
2959 n = SSL_shutdown(c->ssl->connection); | 2958 n = SSL_shutdown(c->ssl->connection); |
2960 | 2959 |
2961 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL_shutdown: %d", n); | 2960 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL_shutdown: %d", n); |
2962 | 2961 |
2963 if (n == 1) { | 2962 if (n == 1) { |
2964 SSL_free(c->ssl->connection); | 2963 goto done; |
2965 c->ssl = NULL; | |
2966 c->recv = ngx_recv; | |
2967 | |
2968 return NGX_OK; | |
2969 } | 2964 } |
2970 | 2965 |
2971 if (n == 0 && tries-- > 1) { | 2966 if (n == 0 && tries-- > 1) { |
2972 continue; | 2967 continue; |
2973 } | 2968 } |
2989 } else { | 2984 } else { |
2990 c->write->ready = 0; | 2985 c->write->ready = 0; |
2991 } | 2986 } |
2992 | 2987 |
2993 if (ngx_handle_read_event(c->read, 0) != NGX_OK) { | 2988 if (ngx_handle_read_event(c->read, 0) != NGX_OK) { |
2994 return NGX_ERROR; | 2989 goto failed; |
2995 } | 2990 } |
2996 | 2991 |
2997 if (ngx_handle_write_event(c->write, 0) != NGX_OK) { | 2992 if (ngx_handle_write_event(c->write, 0) != NGX_OK) { |
2998 return NGX_ERROR; | 2993 goto failed; |
2999 } | 2994 } |
3000 | 2995 |
3001 ngx_add_timer(c->read, 3000); | 2996 ngx_add_timer(c->read, 3000); |
3002 | 2997 |
3003 return NGX_AGAIN; | 2998 return NGX_AGAIN; |
3004 } | 2999 } |
3005 | 3000 |
3006 if (sslerr == SSL_ERROR_ZERO_RETURN || ERR_peek_error() == 0) { | 3001 if (sslerr == SSL_ERROR_ZERO_RETURN || ERR_peek_error() == 0) { |
3007 SSL_free(c->ssl->connection); | 3002 goto done; |
3008 c->ssl = NULL; | |
3009 c->recv = ngx_recv; | |
3010 | |
3011 return NGX_OK; | |
3012 } | 3003 } |
3013 | 3004 |
3014 err = (sslerr == SSL_ERROR_SYSCALL) ? ngx_errno : 0; | 3005 err = (sslerr == SSL_ERROR_SYSCALL) ? ngx_errno : 0; |
3015 | 3006 |
3016 ngx_ssl_connection_error(c, sslerr, err, "SSL_shutdown() failed"); | 3007 ngx_ssl_connection_error(c, sslerr, err, "SSL_shutdown() failed"); |
3017 | 3008 |
3018 SSL_free(c->ssl->connection); | 3009 break; |
3019 c->ssl = NULL; | 3010 } |
3011 | |
3012 failed: | |
3013 | |
3014 rc = NGX_ERROR; | |
3015 | |
3016 done: | |
3017 | |
3018 if (c->ssl->shutdown_without_free) { | |
3019 c->ssl->shutdown_without_free = 0; | |
3020 c->recv = ngx_recv; | 3020 c->recv = ngx_recv; |
3021 | 3021 return rc; |
3022 return NGX_ERROR; | 3022 } |
3023 } | 3023 |
3024 SSL_free(c->ssl->connection); | |
3025 c->ssl = NULL; | |
3026 c->recv = ngx_recv; | |
3027 | |
3028 return rc; | |
3024 } | 3029 } |
3025 | 3030 |
3026 | 3031 |
3027 static void | 3032 static void |
3028 ngx_ssl_shutdown_handler(ngx_event_t *ev) | 3033 ngx_ssl_shutdown_handler(ngx_event_t *ev) |