Mercurial > hg > nginx-quic
view src/core/ngx_config.h @ 8573:1a03af395f44
SSL: use of the SSL_OP_IGNORE_UNEXPECTED_EOF option.
A new behaviour was introduced in OpenSSL 1.1.1e, when a peer does not send
close_notify before closing the connection. Previously, it was to return
SSL_ERROR_SYSCALL with errno 0, known since at least OpenSSL 0.9.7, and is
handled gracefully in nginx. Now it returns SSL_ERROR_SSL with a distinct
reason SSL_R_UNEXPECTED_EOF_WHILE_READING ("unexpected eof while reading").
This leads to critical errors seen in nginx within various routines such as
SSL_do_handshake(), SSL_read(), SSL_shutdown(). The behaviour was restored
in OpenSSL 1.1.1f, but presents in OpenSSL 3.0 by default.
Use of the SSL_OP_IGNORE_UNEXPECTED_EOF option added in OpenSSL 3.0 allows
to set a compatible behaviour to return SSL_ERROR_ZERO_RETURN:
https://git.openssl.org/?p=openssl.git;a=commitdiff;h=09b90e0
See for additional details: https://github.com/openssl/openssl/issues/11381
author | Sergey Kandaurov <pluknet@nginx.com> |
---|---|
date | Tue, 10 Aug 2021 23:43:17 +0300 |
parents | d200a0fd00b7 |
children |
line wrap: on
line source
/* * Copyright (C) Igor Sysoev * Copyright (C) Nginx, Inc. */ #ifndef _NGX_CONFIG_H_INCLUDED_ #define _NGX_CONFIG_H_INCLUDED_ #include <ngx_auto_headers.h> #if defined __DragonFly__ && !defined __FreeBSD__ #define __FreeBSD__ 4 #define __FreeBSD_version 480101 #endif #if (NGX_FREEBSD) #include <ngx_freebsd_config.h> #elif (NGX_LINUX) #include <ngx_linux_config.h> #elif (NGX_SOLARIS) #include <ngx_solaris_config.h> #elif (NGX_DARWIN) #include <ngx_darwin_config.h> #elif (NGX_WIN32) #include <ngx_win32_config.h> #else /* POSIX */ #include <ngx_posix_config.h> #endif #ifndef NGX_HAVE_SO_SNDLOWAT #define NGX_HAVE_SO_SNDLOWAT 1 #endif #if !(NGX_WIN32) #define ngx_signal_helper(n) SIG##n #define ngx_signal_value(n) ngx_signal_helper(n) #define ngx_random random /* TODO: #ifndef */ #define NGX_SHUTDOWN_SIGNAL QUIT #define NGX_TERMINATE_SIGNAL TERM #define NGX_NOACCEPT_SIGNAL WINCH #define NGX_RECONFIGURE_SIGNAL HUP #if (NGX_LINUXTHREADS) #define NGX_REOPEN_SIGNAL INFO #define NGX_CHANGEBIN_SIGNAL XCPU #else #define NGX_REOPEN_SIGNAL USR1 #define NGX_CHANGEBIN_SIGNAL USR2 #endif #define ngx_cdecl #define ngx_libc_cdecl #endif typedef intptr_t ngx_int_t; typedef uintptr_t ngx_uint_t; typedef intptr_t ngx_flag_t; #define NGX_INT32_LEN (sizeof("-2147483648") - 1) #define NGX_INT64_LEN (sizeof("-9223372036854775808") - 1) #if (NGX_PTR_SIZE == 4) #define NGX_INT_T_LEN NGX_INT32_LEN #define NGX_MAX_INT_T_VALUE 2147483647 #else #define NGX_INT_T_LEN NGX_INT64_LEN #define NGX_MAX_INT_T_VALUE 9223372036854775807 #endif #ifndef NGX_ALIGNMENT #define NGX_ALIGNMENT sizeof(unsigned long) /* platform word */ #endif #define ngx_align(d, a) (((d) + (a - 1)) & ~(a - 1)) #define ngx_align_ptr(p, a) \ (u_char *) (((uintptr_t) (p) + ((uintptr_t) a - 1)) & ~((uintptr_t) a - 1)) #define ngx_abort abort /* TODO: platform specific: array[NGX_INVALID_ARRAY_INDEX] must cause SIGSEGV */ #define NGX_INVALID_ARRAY_INDEX 0x80000000 /* TODO: auto_conf: ngx_inline inline __inline __inline__ */ #ifndef ngx_inline #define ngx_inline inline #endif #ifndef INADDR_NONE /* Solaris */ #define INADDR_NONE ((unsigned int) -1) #endif #ifdef MAXHOSTNAMELEN #define NGX_MAXHOSTNAMELEN MAXHOSTNAMELEN #else #define NGX_MAXHOSTNAMELEN 256 #endif #define NGX_MAX_UINT32_VALUE (uint32_t) 0xffffffff #define NGX_MAX_INT32_VALUE (uint32_t) 0x7fffffff #if (NGX_COMPAT) #define NGX_COMPAT_BEGIN(slots) uint64_t spare[slots]; #define NGX_COMPAT_END #else #define NGX_COMPAT_BEGIN(slots) #define NGX_COMPAT_END #endif #endif /* _NGX_CONFIG_H_INCLUDED_ */