Mercurial > hg > nginx-quic
view src/event/ngx_event_connect.h @ 8573:1a03af395f44
SSL: use of the SSL_OP_IGNORE_UNEXPECTED_EOF option.
A new behaviour was introduced in OpenSSL 1.1.1e, when a peer does not send
close_notify before closing the connection. Previously, it was to return
SSL_ERROR_SYSCALL with errno 0, known since at least OpenSSL 0.9.7, and is
handled gracefully in nginx. Now it returns SSL_ERROR_SSL with a distinct
reason SSL_R_UNEXPECTED_EOF_WHILE_READING ("unexpected eof while reading").
This leads to critical errors seen in nginx within various routines such as
SSL_do_handshake(), SSL_read(), SSL_shutdown(). The behaviour was restored
in OpenSSL 1.1.1f, but presents in OpenSSL 3.0 by default.
Use of the SSL_OP_IGNORE_UNEXPECTED_EOF option added in OpenSSL 3.0 allows
to set a compatible behaviour to return SSL_ERROR_ZERO_RETURN:
https://git.openssl.org/?p=openssl.git;a=commitdiff;h=09b90e0
See for additional details: https://github.com/openssl/openssl/issues/11381
author | Sergey Kandaurov <pluknet@nginx.com> |
---|---|
date | Tue, 10 Aug 2021 23:43:17 +0300 |
parents | 570d8c626eea |
children |
line wrap: on
line source
/* * Copyright (C) Igor Sysoev * Copyright (C) Nginx, Inc. */ #ifndef _NGX_EVENT_CONNECT_H_INCLUDED_ #define _NGX_EVENT_CONNECT_H_INCLUDED_ #include <ngx_config.h> #include <ngx_core.h> #include <ngx_event.h> #define NGX_PEER_KEEPALIVE 1 #define NGX_PEER_NEXT 2 #define NGX_PEER_FAILED 4 typedef struct ngx_peer_connection_s ngx_peer_connection_t; typedef ngx_int_t (*ngx_event_get_peer_pt)(ngx_peer_connection_t *pc, void *data); typedef void (*ngx_event_free_peer_pt)(ngx_peer_connection_t *pc, void *data, ngx_uint_t state); typedef void (*ngx_event_notify_peer_pt)(ngx_peer_connection_t *pc, void *data, ngx_uint_t type); typedef ngx_int_t (*ngx_event_set_peer_session_pt)(ngx_peer_connection_t *pc, void *data); typedef void (*ngx_event_save_peer_session_pt)(ngx_peer_connection_t *pc, void *data); struct ngx_peer_connection_s { ngx_connection_t *connection; struct sockaddr *sockaddr; socklen_t socklen; ngx_str_t *name; ngx_uint_t tries; ngx_msec_t start_time; ngx_event_get_peer_pt get; ngx_event_free_peer_pt free; ngx_event_notify_peer_pt notify; void *data; #if (NGX_SSL || NGX_COMPAT) ngx_event_set_peer_session_pt set_session; ngx_event_save_peer_session_pt save_session; #endif ngx_addr_t *local; int type; int rcvbuf; ngx_log_t *log; unsigned cached:1; unsigned transparent:1; unsigned so_keepalive:1; unsigned down:1; /* ngx_connection_log_error_e */ unsigned log_error:2; NGX_COMPAT_BEGIN(2) NGX_COMPAT_END }; ngx_int_t ngx_event_connect_peer(ngx_peer_connection_t *pc); ngx_int_t ngx_event_get_peer(ngx_peer_connection_t *pc, void *data); #endif /* _NGX_EVENT_CONNECT_H_INCLUDED_ */