Mercurial > hg > nginx
comparison src/event/ngx_event_openssl.c @ 489:45a460f82aec release-0.1.19
nginx-0.1.19-RELEASE import
*) Bugfix: now, if request contains the zero, then the 404 error is
returned for the local requests.
*) Bugfix: nginx could not be built on NetBSD 2.0.
*) Bugfix: the timeout may occur while reading of the the client
request body via SSL connections.
author | Igor Sysoev <igor@sysoev.ru> |
---|---|
date | Wed, 16 Feb 2005 13:40:36 +0000 |
parents | c52408583801 |
children | 0f836f0288ee |
comparison
equal
deleted
inserted
replaced
488:24c8dcb960fd | 489:45a460f82aec |
---|---|
9 #include <ngx_event.h> | 9 #include <ngx_event.h> |
10 | 10 |
11 #include <openssl/engine.h> | 11 #include <openssl/engine.h> |
12 | 12 |
13 | 13 |
14 static ngx_int_t ngx_ssl_handle_recv(ngx_connection_t *c, int n); | |
14 static void ngx_ssl_write_handler(ngx_event_t *wev); | 15 static void ngx_ssl_write_handler(ngx_event_t *wev); |
15 static ssize_t ngx_ssl_write(ngx_connection_t *c, u_char *data, size_t size); | 16 static ssize_t ngx_ssl_write(ngx_connection_t *c, u_char *data, size_t size); |
16 static void ngx_ssl_read_handler(ngx_event_t *rev); | 17 static void ngx_ssl_read_handler(ngx_event_t *rev); |
17 | 18 |
18 | 19 |
19 ngx_int_t ngx_ssl_init(ngx_log_t *log) | 20 ngx_int_t |
21 ngx_ssl_init(ngx_log_t *log) | |
20 { | 22 { |
21 ENGINE *engine; | 23 ENGINE *engine; |
22 | 24 |
23 SSL_library_init(); | 25 SSL_library_init(); |
24 SSL_load_error_strings(); | 26 SSL_load_error_strings(); |
26 | 28 |
27 return NGX_OK; | 29 return NGX_OK; |
28 } | 30 } |
29 | 31 |
30 | 32 |
31 ngx_int_t ngx_ssl_create_session(ngx_ssl_ctx_t *ssl_ctx, ngx_connection_t *c, | 33 ngx_int_t |
32 ngx_uint_t flags) | 34 ngx_ssl_create_session(ngx_ssl_ctx_t *ssl_ctx, ngx_connection_t *c, |
35 ngx_uint_t flags) | |
33 { | 36 { |
34 ngx_ssl_t *ssl; | 37 ngx_ssl_t *ssl; |
35 | 38 |
36 if (!(ssl = ngx_pcalloc(c->pool, sizeof(ngx_ssl_t)))) { | 39 if (!(ssl = ngx_pcalloc(c->pool, sizeof(ngx_ssl_t)))) { |
37 return NGX_ERROR; | 40 return NGX_ERROR; |
63 | 66 |
64 return NGX_OK; | 67 return NGX_OK; |
65 } | 68 } |
66 | 69 |
67 | 70 |
68 ssize_t ngx_ssl_recv(ngx_connection_t *c, u_char *buf, size_t size) | 71 ssize_t |
69 { | 72 ngx_ssl_recv(ngx_connection_t *c, u_char *buf, size_t size) |
70 int n, sslerr; | 73 { |
74 int n, bytes; | |
75 | |
76 if (c->ssl->last == NGX_ERROR) { | |
77 return NGX_ERROR; | |
78 } | |
79 | |
80 bytes = 0; | |
81 | |
82 /* | |
83 * SSL_read() may return data in parts, so try to read | |
84 * until SSL_read() would return no data | |
85 */ | |
86 | |
87 for ( ;; ) { | |
88 | |
89 n = SSL_read(c->ssl->ssl, buf, size); | |
90 | |
91 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL_read: %d", n); | |
92 | |
93 if (n > 0) { | |
94 | |
95 bytes += n; | |
96 | |
97 #if (NGX_DEBUG) | |
98 | |
99 if (!c->ssl->handshaked && SSL_is_init_finished(c->ssl->ssl)) { | |
100 char buf[129], *s, *d; | |
101 SSL_CIPHER *cipher; | |
102 | |
103 c->ssl->handshaked = 1; | |
104 | |
105 cipher = SSL_get_current_cipher(c->ssl->ssl); | |
106 | |
107 if (cipher) { | |
108 SSL_CIPHER_description(cipher, &buf[1], 128); | |
109 | |
110 for (s = &buf[1], d = buf; *s; s++) { | |
111 if (*s == ' ' && *d == ' ') { | |
112 continue; | |
113 } | |
114 | |
115 if (*s == '\n' || *s == '\r') { | |
116 continue; | |
117 } | |
118 | |
119 *++d = *s; | |
120 } | |
121 | |
122 if (*d != ' ') { | |
123 d++; | |
124 } | |
125 | |
126 *d = '\0'; | |
127 | |
128 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, | |
129 "SSL cipher: \"%s\"", &buf[1]); | |
130 } else { | |
131 ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0, | |
132 "SSL no shared ciphers"); | |
133 } | |
134 } | |
135 #endif | |
136 | |
137 } | |
138 | |
139 c->ssl->last = ngx_ssl_handle_recv(c, n); | |
140 | |
141 if (c->ssl->last != NGX_OK) { | |
142 | |
143 if (bytes) { | |
144 return bytes; | |
145 | |
146 } else { | |
147 return c->ssl->last; | |
148 } | |
149 } | |
150 | |
151 size -= n; | |
152 | |
153 if (size == 0) { | |
154 return bytes; | |
155 } | |
156 | |
157 buf += n; | |
158 } | |
159 } | |
160 | |
161 | |
162 static ngx_int_t | |
163 ngx_ssl_handle_recv(ngx_connection_t *c, int n) | |
164 { | |
165 int sslerr; | |
71 ngx_err_t err; | 166 ngx_err_t err; |
72 char *handshake; | 167 char *handshake; |
73 | 168 |
74 n = SSL_read(c->ssl->ssl, buf, size); | |
75 | |
76 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL_read: %d", n); | |
77 | |
78 if (n > 0) { | 169 if (n > 0) { |
79 | |
80 #if (NGX_DEBUG) | |
81 | |
82 if (!c->ssl->handshaked && SSL_is_init_finished(c->ssl->ssl)) { | |
83 char buf[129], *s, *d; | |
84 SSL_CIPHER *cipher; | |
85 | |
86 c->ssl->handshaked = 1; | |
87 | |
88 cipher = SSL_get_current_cipher(c->ssl->ssl); | |
89 | |
90 if (cipher) { | |
91 SSL_CIPHER_description(cipher, &buf[1], 128); | |
92 | |
93 for (s = &buf[1], d = buf; *s; s++) { | |
94 if (*s == ' ' && *d == ' ') { | |
95 continue; | |
96 } | |
97 | |
98 if (*s == '\n' || *s == '\r') { | |
99 continue; | |
100 } | |
101 | |
102 *++d = *s; | |
103 } | |
104 | |
105 if (*d != ' ') { | |
106 d++; | |
107 } | |
108 | |
109 *d = '\0'; | |
110 | |
111 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, | |
112 "SSL cipher: \"%s\"", &buf[1]); | |
113 } else { | |
114 ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0, | |
115 "SSL no shared ciphers"); | |
116 } | |
117 } | |
118 | |
119 #endif | |
120 | 170 |
121 if (c->ssl->saved_write_handler) { | 171 if (c->ssl->saved_write_handler) { |
122 | 172 |
123 c->write->event_handler = c->ssl->saved_write_handler; | 173 c->write->event_handler = c->ssl->saved_write_handler; |
124 c->ssl->saved_write_handler = NULL; | 174 c->ssl->saved_write_handler = NULL; |
135 ngx_post_event(c->write); | 185 ngx_post_event(c->write); |
136 | 186 |
137 ngx_mutex_unlock(ngx_posted_events_mutex); | 187 ngx_mutex_unlock(ngx_posted_events_mutex); |
138 } | 188 } |
139 | 189 |
140 return n; | 190 return NGX_OK; |
141 } | 191 } |
142 | 192 |
143 if (!SSL_is_init_finished(c->ssl->ssl)) { | 193 if (!SSL_is_init_finished(c->ssl->ssl)) { |
144 handshake = " in SSL handshake"; | 194 handshake = " in SSL handshake"; |
145 | 195 |
195 | 245 |
196 return NGX_ERROR; | 246 return NGX_ERROR; |
197 } | 247 } |
198 | 248 |
199 | 249 |
200 static void ngx_ssl_write_handler(ngx_event_t *wev) | 250 static void |
251 ngx_ssl_write_handler(ngx_event_t *wev) | |
201 { | 252 { |
202 ngx_connection_t *c; | 253 ngx_connection_t *c; |
203 | 254 |
204 c = wev->data; | 255 c = wev->data; |
205 c->read->event_handler(c->read); | 256 c->read->event_handler(c->read); |
212 * | 263 * |
213 * Besides for protocols such as HTTP it is possible to always buffer | 264 * Besides for protocols such as HTTP it is possible to always buffer |
214 * the output to decrease a SSL overhead some more. | 265 * the output to decrease a SSL overhead some more. |
215 */ | 266 */ |
216 | 267 |
217 ngx_chain_t *ngx_ssl_send_chain(ngx_connection_t *c, ngx_chain_t *in, | 268 ngx_chain_t * |
218 off_t limit) | 269 ngx_ssl_send_chain(ngx_connection_t *c, ngx_chain_t *in, off_t limit) |
219 { | 270 { |
220 int n; | 271 int n; |
221 ngx_uint_t flush; | 272 ngx_uint_t flush; |
222 ssize_t send, size; | 273 ssize_t send, size; |
223 ngx_buf_t *buf; | 274 ngx_buf_t *buf; |
336 | 387 |
337 return in; | 388 return in; |
338 } | 389 } |
339 | 390 |
340 | 391 |
341 static ssize_t ngx_ssl_write(ngx_connection_t *c, u_char *data, size_t size) | 392 static ssize_t |
393 ngx_ssl_write(ngx_connection_t *c, u_char *data, size_t size) | |
342 { | 394 { |
343 int n, sslerr; | 395 int n, sslerr; |
344 ngx_err_t err; | 396 ngx_err_t err; |
345 char *handshake; | 397 char *handshake; |
346 | 398 |
422 | 474 |
423 return NGX_ERROR; | 475 return NGX_ERROR; |
424 } | 476 } |
425 | 477 |
426 | 478 |
427 static void ngx_ssl_read_handler(ngx_event_t *rev) | 479 static void |
480 ngx_ssl_read_handler(ngx_event_t *rev) | |
428 { | 481 { |
429 ngx_connection_t *c; | 482 ngx_connection_t *c; |
430 | 483 |
431 c = rev->data; | 484 c = rev->data; |
432 c->write->event_handler(c->write); | 485 c->write->event_handler(c->write); |
433 } | 486 } |
434 | 487 |
435 | 488 |
436 ngx_int_t ngx_ssl_shutdown(ngx_connection_t *c) | 489 ngx_int_t |
490 ngx_ssl_shutdown(ngx_connection_t *c) | |
437 { | 491 { |
438 int n, sslerr, mode; | 492 int n, sslerr, mode; |
439 ngx_uint_t again; | 493 ngx_uint_t again; |
440 | 494 |
441 if (!c->ssl->shutdown_set) { | 495 if (!c->ssl->shutdown_set) { |
518 | 572 |
519 return NGX_ERROR; | 573 return NGX_ERROR; |
520 } | 574 } |
521 | 575 |
522 | 576 |
523 void ngx_ssl_error(ngx_uint_t level, ngx_log_t *log, ngx_err_t err, | 577 void |
524 char *fmt, ...) | 578 ngx_ssl_error(ngx_uint_t level, ngx_log_t *log, ngx_err_t err, char *fmt, ...) |
525 { | 579 { |
526 u_char errstr[NGX_MAX_CONF_ERRSTR], *p, *last; | 580 u_char errstr[NGX_MAX_CONF_ERRSTR], *p, *last; |
527 va_list args; | 581 va_list args; |
528 | 582 |
529 last = errstr + NGX_MAX_CONF_ERRSTR; | 583 last = errstr + NGX_MAX_CONF_ERRSTR; |