Mercurial > hg > nginx
comparison src/event/ngx_event_openssl.c @ 7352:0de0b16a551c
SSL: corrected SSL_ERROR_WANT_WRITE / SSL_ERROR_WANT_READ logging.
While SSL_read() most likely to return SSL_ERROR_WANT_WRITE (and SSL_write()
accordingly SSL_ERROR_WANT_READ) during an SSL renegotiation, it is
not necessary mean that a renegotiation was started. In particular,
it can never happen during a renegotiation or can happen multiple times
during a renegotiation.
Because of the above, misleading "peer started SSL renegotiation" info
messages were replaced with "SSL_read: want write" and "SSL_write: want read"
debug ones.
Additionally, "SSL write handler" and "SSL read handler" are now logged
by the SSL write and read handlers, to make it easier to understand that
temporary SSL handlers are called instead of normal handlers.
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Mon, 10 Sep 2018 18:57:19 +0300 |
parents | ba971deb4b44 |
children | 87d2ea860f38 |
comparison
equal
deleted
inserted
replaced
7351:2b5528023f6b | 7352:0de0b16a551c |
---|---|
1679 return NGX_AGAIN; | 1679 return NGX_AGAIN; |
1680 } | 1680 } |
1681 | 1681 |
1682 if (sslerr == SSL_ERROR_WANT_WRITE) { | 1682 if (sslerr == SSL_ERROR_WANT_WRITE) { |
1683 | 1683 |
1684 ngx_log_error(NGX_LOG_INFO, c->log, 0, | 1684 ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0, |
1685 "peer started SSL renegotiation"); | 1685 "SSL_read: want write"); |
1686 | 1686 |
1687 c->write->ready = 0; | 1687 c->write->ready = 0; |
1688 | 1688 |
1689 if (ngx_handle_write_event(c->write, 0) != NGX_OK) { | 1689 if (ngx_handle_write_event(c->write, 0) != NGX_OK) { |
1690 return NGX_ERROR; | 1690 return NGX_ERROR; |
1721 ngx_ssl_write_handler(ngx_event_t *wev) | 1721 ngx_ssl_write_handler(ngx_event_t *wev) |
1722 { | 1722 { |
1723 ngx_connection_t *c; | 1723 ngx_connection_t *c; |
1724 | 1724 |
1725 c = wev->data; | 1725 c = wev->data; |
1726 | |
1727 ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL write handler"); | |
1726 | 1728 |
1727 c->read->handler(c->read); | 1729 c->read->handler(c->read); |
1728 } | 1730 } |
1729 | 1731 |
1730 | 1732 |
1936 return NGX_AGAIN; | 1938 return NGX_AGAIN; |
1937 } | 1939 } |
1938 | 1940 |
1939 if (sslerr == SSL_ERROR_WANT_READ) { | 1941 if (sslerr == SSL_ERROR_WANT_READ) { |
1940 | 1942 |
1941 ngx_log_error(NGX_LOG_INFO, c->log, 0, | 1943 ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0, |
1942 "peer started SSL renegotiation"); | 1944 "SSL_write: want read"); |
1943 | 1945 |
1944 c->read->ready = 0; | 1946 c->read->ready = 0; |
1945 | 1947 |
1946 if (ngx_handle_read_event(c->read, 0) != NGX_OK) { | 1948 if (ngx_handle_read_event(c->read, 0) != NGX_OK) { |
1947 return NGX_ERROR; | 1949 return NGX_ERROR; |
1974 ngx_ssl_read_handler(ngx_event_t *rev) | 1976 ngx_ssl_read_handler(ngx_event_t *rev) |
1975 { | 1977 { |
1976 ngx_connection_t *c; | 1978 ngx_connection_t *c; |
1977 | 1979 |
1978 c = rev->data; | 1980 c = rev->data; |
1981 | |
1982 ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL read handler"); | |
1979 | 1983 |
1980 c->write->handler(c->write); | 1984 c->write->handler(c->write); |
1981 } | 1985 } |
1982 | 1986 |
1983 | 1987 |