Mercurial > hg > nginx
comparison src/event/ngx_event_openssl.c @ 8510:532fe796b0e2 quic
Merged with the default branch.
| author | Roman Arutyunyan <arut@nginx.com> |
|---|---|
| date | Tue, 18 Aug 2020 16:22:00 +0300 |
| parents | b0953b020be7 09fb2135a589 |
| children | 0875101c08f7 |
comparison
equal
deleted
inserted
replaced
| 8509:bce9e9643444 | 8510:532fe796b0e2 |
|---|---|
| 2772 | 2772 |
| 2773 | 2773 |
| 2774 ngx_int_t | 2774 ngx_int_t |
| 2775 ngx_ssl_shutdown(ngx_connection_t *c) | 2775 ngx_ssl_shutdown(ngx_connection_t *c) |
| 2776 { | 2776 { |
| 2777 int n, sslerr, mode; | 2777 int n, sslerr, mode; |
| 2778 ngx_err_t err; | 2778 ngx_err_t err; |
| 2779 ngx_uint_t tries; | |
| 2779 | 2780 |
| 2780 #if (NGX_QUIC) | 2781 #if (NGX_QUIC) |
| 2781 if (c->qs) { | 2782 if (c->qs) { |
| 2782 /* QUIC streams inherit SSL object */ | 2783 /* QUIC streams inherit SSL object */ |
| 2783 return NGX_OK; | 2784 return NGX_OK; |
| 2821 | 2822 |
| 2822 SSL_set_shutdown(c->ssl->connection, mode); | 2823 SSL_set_shutdown(c->ssl->connection, mode); |
| 2823 | 2824 |
| 2824 ngx_ssl_clear_error(c->log); | 2825 ngx_ssl_clear_error(c->log); |
| 2825 | 2826 |
| 2826 n = SSL_shutdown(c->ssl->connection); | 2827 tries = 2; |
| 2827 | 2828 |
| 2828 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL_shutdown: %d", n); | 2829 for ( ;; ) { |
| 2829 | 2830 |
| 2830 sslerr = 0; | 2831 /* |
| 2831 | 2832 * For bidirectional shutdown, SSL_shutdown() needs to be called |
| 2832 /* before 0.9.8m SSL_shutdown() returned 0 instead of -1 on errors */ | 2833 * twice: first call sends the "close notify" alert and returns 0, |
| 2833 | 2834 * second call waits for the peer's "close notify" alert. |
| 2834 if (n != 1 && ERR_peek_error()) { | 2835 */ |
| 2836 | |
| 2837 n = SSL_shutdown(c->ssl->connection); | |
| 2838 | |
| 2839 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL_shutdown: %d", n); | |
| 2840 | |
| 2841 if (n == 1) { | |
| 2842 SSL_free(c->ssl->connection); | |
| 2843 c->ssl = NULL; | |
| 2844 | |
| 2845 return NGX_OK; | |
| 2846 } | |
| 2847 | |
| 2848 if (n == 0 && tries-- > 1) { | |
| 2849 continue; | |
| 2850 } | |
| 2851 | |
| 2852 /* before 0.9.8m SSL_shutdown() returned 0 instead of -1 on errors */ | |
| 2853 | |
| 2835 sslerr = SSL_get_error(c->ssl->connection, n); | 2854 sslerr = SSL_get_error(c->ssl->connection, n); |
| 2836 | 2855 |
| 2837 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, | 2856 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, |
| 2838 "SSL_get_error: %d", sslerr); | 2857 "SSL_get_error: %d", sslerr); |
| 2839 } | 2858 |
| 2840 | 2859 if (sslerr == SSL_ERROR_WANT_READ || sslerr == SSL_ERROR_WANT_WRITE) { |
| 2841 if (n == 1 || sslerr == 0 || sslerr == SSL_ERROR_ZERO_RETURN) { | 2860 c->read->handler = ngx_ssl_shutdown_handler; |
| 2861 c->write->handler = ngx_ssl_shutdown_handler; | |
| 2862 | |
| 2863 if (ngx_handle_read_event(c->read, 0) != NGX_OK) { | |
| 2864 return NGX_ERROR; | |
| 2865 } | |
| 2866 | |
| 2867 if (ngx_handle_write_event(c->write, 0) != NGX_OK) { | |
| 2868 return NGX_ERROR; | |
| 2869 } | |
| 2870 | |
| 2871 ngx_add_timer(c->read, 3000); | |
| 2872 | |
| 2873 return NGX_AGAIN; | |
| 2874 } | |
| 2875 | |
| 2876 if (sslerr == SSL_ERROR_ZERO_RETURN || ERR_peek_error() == 0) { | |
| 2877 SSL_free(c->ssl->connection); | |
| 2878 c->ssl = NULL; | |
| 2879 | |
| 2880 return NGX_OK; | |
| 2881 } | |
| 2882 | |
| 2883 err = (sslerr == SSL_ERROR_SYSCALL) ? ngx_errno : 0; | |
| 2884 | |
| 2885 ngx_ssl_connection_error(c, sslerr, err, "SSL_shutdown() failed"); | |
| 2886 | |
| 2842 SSL_free(c->ssl->connection); | 2887 SSL_free(c->ssl->connection); |
| 2843 c->ssl = NULL; | 2888 c->ssl = NULL; |
| 2844 | 2889 |
| 2845 return NGX_OK; | 2890 return NGX_ERROR; |
| 2846 } | 2891 } |
| 2847 | |
| 2848 if (sslerr == SSL_ERROR_WANT_READ || sslerr == SSL_ERROR_WANT_WRITE) { | |
| 2849 c->read->handler = ngx_ssl_shutdown_handler; | |
| 2850 c->write->handler = ngx_ssl_shutdown_handler; | |
| 2851 | |
| 2852 if (ngx_handle_read_event(c->read, 0) != NGX_OK) { | |
| 2853 return NGX_ERROR; | |
| 2854 } | |
| 2855 | |
| 2856 if (ngx_handle_write_event(c->write, 0) != NGX_OK) { | |
| 2857 return NGX_ERROR; | |
| 2858 } | |
| 2859 | |
| 2860 if (sslerr == SSL_ERROR_WANT_READ) { | |
| 2861 ngx_add_timer(c->read, 30000); | |
| 2862 } | |
| 2863 | |
| 2864 return NGX_AGAIN; | |
| 2865 } | |
| 2866 | |
| 2867 err = (sslerr == SSL_ERROR_SYSCALL) ? ngx_errno : 0; | |
| 2868 | |
| 2869 ngx_ssl_connection_error(c, sslerr, err, "SSL_shutdown() failed"); | |
| 2870 | |
| 2871 SSL_free(c->ssl->connection); | |
| 2872 c->ssl = NULL; | |
| 2873 | |
| 2874 return NGX_ERROR; | |
| 2875 } | 2892 } |
| 2876 | 2893 |
| 2877 | 2894 |
| 2878 static void | 2895 static void |
| 2879 ngx_ssl_shutdown_handler(ngx_event_t *ev) | 2896 ngx_ssl_shutdown_handler(ngx_event_t *ev) |