Mercurial > hg > nginx-vendor-0-5

comparison src/event/ngx_event_openssl.c @ 330:c60beecc6ab5 NGINX_0_5_35

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
nginx 0.5.35 *) Change: now the ngx_http_userid_module adds start time microseconds to the cookie field contains a pid value. *) Change: now the uname(2) is used on Linux instead of procfs. Thanks to Ilya Novikov. *) Feature: the "If-Range" request header line support. Thanks to Alexander V. Inyukhin. *) Bugfix: in HTTPS mode requests might fail with the "bad write retry" error; bug appeared in 0.5.13. *) Bugfix: the STARTTLS in SMTP mode did not work. Thanks to Oleg Motienko. *) Bugfix: large_client_header_buffers did not freed before going to keep-alive state. Thanks to Olexander Shtepa. *) Bugfix: the "limit_rate" directive did not allow to use full throughput, even if limit value was very high. *) Bugfix: the $status variable was equal to 0 if a proxied server returned response in HTTP/0.9 version. *) Bugfix: if the "?" character was in a "error_page" directive, then it was escaped in a proxied request; bug appeared in 0.5.32.
author Igor Sysoev <http://sysoev.ru>
date Tue, 08 Jan 2008 00:00:00 +0300
parents f70f2f565fe0
children 2eea67ed0bc2
comparison
equal deleted inserted replaced
329:d792b2cd78fe 330:c60beecc6ab5
20 static void ngx_ssl_write_handler(ngx_event_t *wev); 20 static void ngx_ssl_write_handler(ngx_event_t *wev);
21 static void ngx_ssl_read_handler(ngx_event_t *rev); 21 static void ngx_ssl_read_handler(ngx_event_t *rev);
22 static void ngx_ssl_shutdown_handler(ngx_event_t *ev); 22 static void ngx_ssl_shutdown_handler(ngx_event_t *ev);
23 static void ngx_ssl_connection_error(ngx_connection_t *c, int sslerr, 23 static void ngx_ssl_connection_error(ngx_connection_t *c, int sslerr,
24 ngx_err_t err, char *text); 24 ngx_err_t err, char *text);
25 static void ngx_ssl_clear_error(ngx_log_t *log);
25 26
26 static ngx_int_t ngx_ssl_session_cache_init(ngx_shm_zone_t *shm_zone, 27 static ngx_int_t ngx_ssl_session_cache_init(ngx_shm_zone_t *shm_zone,
27 void *data); 28 void *data);
28 static int ngx_ssl_new_session(ngx_ssl_conn_t *ssl_conn, 29 static int ngx_ssl_new_session(ngx_ssl_conn_t *ssl_conn,
29 ngx_ssl_session_t *sess); 30 ngx_ssl_session_t *sess);
184 185
185 if (ngx_ssl_protocols[protocols >> 1] != 0) { 186 if (ngx_ssl_protocols[protocols >> 1] != 0) {
186 SSL_CTX_set_options(ssl->ctx, ngx_ssl_protocols[protocols >> 1]); 187 SSL_CTX_set_options(ssl->ctx, ngx_ssl_protocols[protocols >> 1]);
187 } 188 }
188 189
189 SSL_CTX_set_mode(ssl->ctx, SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER);
190
191 SSL_CTX_set_read_ahead(ssl->ctx, 1); 190 SSL_CTX_set_read_ahead(ssl->ctx, 1);
192 191
193 return NGX_OK; 192 return NGX_OK;
194 } 193 }
195 194
402 ngx_ssl_handshake(ngx_connection_t *c) 401 ngx_ssl_handshake(ngx_connection_t *c)
403 { 402 {
404 int n, sslerr; 403 int n, sslerr;
405 ngx_err_t err; 404 ngx_err_t err;
406 405
406 ngx_ssl_clear_error(c->log);
407
407 n = SSL_do_handshake(c->ssl->connection); 408 n = SSL_do_handshake(c->ssl->connection);
408 409
409 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL_do_handshake: %d", n); 410 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL_do_handshake: %d", n);
410 411
411 if (n == 1) { 412 if (n == 1) {
599 if (c->ssl->last == NGX_DONE) { 600 if (c->ssl->last == NGX_DONE) {
600 return 0; 601 return 0;
601 } 602 }
602 603
603 bytes = 0; 604 bytes = 0;
605
606 ngx_ssl_clear_error(c->log);
604 607
605 /* 608 /*
606 * SSL_read() may return data in parts, so try to read 609 * SSL_read() may return data in parts, so try to read
607 * until SSL_read() would return no data 610 * until SSL_read() would return no data
608 */ 611 */
880 ngx_ssl_write(ngx_connection_t *c, u_char *data, size_t size) 883 ngx_ssl_write(ngx_connection_t *c, u_char *data, size_t size)
881 { 884 {
882 int n, sslerr; 885 int n, sslerr;
883 ngx_err_t err; 886 ngx_err_t err;
884 887
888 ngx_ssl_clear_error(c->log);
889
885 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL to write: %d", size); 890 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL to write: %d", size);
886 891
887 n = SSL_write(c->ssl->connection, data, size); 892 n = SSL_write(c->ssl->connection, data, size);
888 893
889 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL_write: %d", n); 894 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL_write: %d", n);
963 968
964 969
965 ngx_int_t 970 ngx_int_t
966 ngx_ssl_shutdown(ngx_connection_t *c) 971 ngx_ssl_shutdown(ngx_connection_t *c)
967 { 972 {
968 int n, sslerr, mode; 973 int n, sslerr, mode;
969 ngx_err_t err; 974 ngx_err_t err;
970 ngx_uint_t again;
971 975
972 if (c->timedout) { 976 if (c->timedout) {
973 mode = SSL_RECEIVED_SHUTDOWN|SSL_SENT_SHUTDOWN; 977 mode = SSL_RECEIVED_SHUTDOWN|SSL_SENT_SHUTDOWN;
974 978
975 } else { 979 } else {
984 } 988 }
985 } 989 }
986 990
987 SSL_set_shutdown(c->ssl->connection, mode); 991 SSL_set_shutdown(c->ssl->connection, mode);
988 992
989 again = 0; 993 ngx_ssl_clear_error(c->log);
994
995 n = SSL_shutdown(c->ssl->connection);
996
997 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL_shutdown: %d", n);
998
990 sslerr = 0; 999 sslerr = 0;
991 1000
992 for ( ;; ) { 1001 /* SSL_shutdown() never return -1, on error it return 0 */
993 n = SSL_shutdown(c->ssl->connection); 1002
994 1003 if (n != 1) {
995 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL_shutdown: %d", n);
996
997 if (n == 1 || (n == 0 && c->timedout)) {
998 SSL_free(c->ssl->connection);
999 c->ssl = NULL;
1000
1001 return NGX_OK;
1002 }
1003
1004 if (n == 0) {
1005 again = 1;
1006 break;
1007 }
1008
1009 break;
1010 }
1011
1012 if (!again) {
1013 sslerr = SSL_get_error(c->ssl->connection, n); 1004 sslerr = SSL_get_error(c->ssl->connection, n);
1014 1005
1015 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, 1006 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0,
1016 "SSL_get_error: %d", sslerr); 1007 "SSL_get_error: %d", sslerr);
1017 } 1008 }
1018 1009
1019 if (again 1010 if (n == 1
1020 || sslerr == SSL_ERROR_WANT_READ 1011 || sslerr == SSL_ERROR_ZERO_RETURN
1021 || sslerr == SSL_ERROR_WANT_WRITE) 1012 || (sslerr == 0 && c->timedout))
1022 { 1013 {
1014 SSL_free(c->ssl->connection);
1015 c->ssl = NULL;
1016
1017 return NGX_OK;
1018 }
1019
1020 if (sslerr == SSL_ERROR_WANT_READ || sslerr == SSL_ERROR_WANT_WRITE) {
1023 c->read->handler = ngx_ssl_shutdown_handler; 1021 c->read->handler = ngx_ssl_shutdown_handler;
1024 c->write->handler = ngx_ssl_shutdown_handler; 1022 c->write->handler = ngx_ssl_shutdown_handler;
1025 1023
1026 if (ngx_handle_read_event(c->read, 0) == NGX_ERROR) { 1024 if (ngx_handle_read_event(c->read, 0) == NGX_ERROR) {
1027 return NGX_ERROR; 1025 return NGX_ERROR;
1029 1027
1030 if (ngx_handle_write_event(c->write, 0) == NGX_ERROR) { 1028 if (ngx_handle_write_event(c->write, 0) == NGX_ERROR) {
1031 return NGX_ERROR; 1029 return NGX_ERROR;
1032 } 1030 }
1033 1031
1034 if (again || sslerr == SSL_ERROR_WANT_READ) { 1032 if (sslerr == SSL_ERROR_WANT_READ) {
1035 ngx_add_timer(c->read, 30000); 1033 ngx_add_timer(c->read, 30000);
1036 } 1034 }
1037 1035
1038 return NGX_AGAIN; 1036 return NGX_AGAIN;
1039 } 1037 }
1107 } 1105 }
1108 } 1106 }
1109 } 1107 }
1110 1108
1111 ngx_ssl_error(level, c->log, err, text); 1109 ngx_ssl_error(level, c->log, err, text);
1110 }
1111
1112
1113 static void
1114 ngx_ssl_clear_error(ngx_log_t *log)
1115 {
1116 if (ERR_peek_error()) {
1117 ngx_ssl_error(NGX_LOG_ALERT, log, 0, "ignoring stale global SSL error");
1118 }
1112 } 1119 }
1113 1120
1114 1121
1115 void ngx_cdecl 1122 void ngx_cdecl
1116 ngx_ssl_error(ngx_uint_t level, ngx_log_t *log, ngx_err_t err, char *fmt, ...) 1123 ngx_ssl_error(ngx_uint_t level, ngx_log_t *log, ngx_err_t err, char *fmt, ...)