Mercurial > hg > nginx
comparison src/event/ngx_event_openssl.c @ 8510:532fe796b0e2 quic
Merged with the default branch.
author | Roman Arutyunyan <arut@nginx.com> |
---|---|
date | Tue, 18 Aug 2020 16:22:00 +0300 |
parents | b0953b020be7 09fb2135a589 |
children | 0875101c08f7 |
comparison
equal
deleted
inserted
replaced
8509:bce9e9643444 | 8510:532fe796b0e2 |
---|---|
2772 | 2772 |
2773 | 2773 |
2774 ngx_int_t | 2774 ngx_int_t |
2775 ngx_ssl_shutdown(ngx_connection_t *c) | 2775 ngx_ssl_shutdown(ngx_connection_t *c) |
2776 { | 2776 { |
2777 int n, sslerr, mode; | 2777 int n, sslerr, mode; |
2778 ngx_err_t err; | 2778 ngx_err_t err; |
2779 ngx_uint_t tries; | |
2779 | 2780 |
2780 #if (NGX_QUIC) | 2781 #if (NGX_QUIC) |
2781 if (c->qs) { | 2782 if (c->qs) { |
2782 /* QUIC streams inherit SSL object */ | 2783 /* QUIC streams inherit SSL object */ |
2783 return NGX_OK; | 2784 return NGX_OK; |
2821 | 2822 |
2822 SSL_set_shutdown(c->ssl->connection, mode); | 2823 SSL_set_shutdown(c->ssl->connection, mode); |
2823 | 2824 |
2824 ngx_ssl_clear_error(c->log); | 2825 ngx_ssl_clear_error(c->log); |
2825 | 2826 |
2826 n = SSL_shutdown(c->ssl->connection); | 2827 tries = 2; |
2827 | 2828 |
2828 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL_shutdown: %d", n); | 2829 for ( ;; ) { |
2829 | 2830 |
2830 sslerr = 0; | 2831 /* |
2831 | 2832 * For bidirectional shutdown, SSL_shutdown() needs to be called |
2832 /* before 0.9.8m SSL_shutdown() returned 0 instead of -1 on errors */ | 2833 * twice: first call sends the "close notify" alert and returns 0, |
2833 | 2834 * second call waits for the peer's "close notify" alert. |
2834 if (n != 1 && ERR_peek_error()) { | 2835 */ |
2836 | |
2837 n = SSL_shutdown(c->ssl->connection); | |
2838 | |
2839 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL_shutdown: %d", n); | |
2840 | |
2841 if (n == 1) { | |
2842 SSL_free(c->ssl->connection); | |
2843 c->ssl = NULL; | |
2844 | |
2845 return NGX_OK; | |
2846 } | |
2847 | |
2848 if (n == 0 && tries-- > 1) { | |
2849 continue; | |
2850 } | |
2851 | |
2852 /* before 0.9.8m SSL_shutdown() returned 0 instead of -1 on errors */ | |
2853 | |
2835 sslerr = SSL_get_error(c->ssl->connection, n); | 2854 sslerr = SSL_get_error(c->ssl->connection, n); |
2836 | 2855 |
2837 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, | 2856 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, |
2838 "SSL_get_error: %d", sslerr); | 2857 "SSL_get_error: %d", sslerr); |
2839 } | 2858 |
2840 | 2859 if (sslerr == SSL_ERROR_WANT_READ || sslerr == SSL_ERROR_WANT_WRITE) { |
2841 if (n == 1 || sslerr == 0 || sslerr == SSL_ERROR_ZERO_RETURN) { | 2860 c->read->handler = ngx_ssl_shutdown_handler; |
2861 c->write->handler = ngx_ssl_shutdown_handler; | |
2862 | |
2863 if (ngx_handle_read_event(c->read, 0) != NGX_OK) { | |
2864 return NGX_ERROR; | |
2865 } | |
2866 | |
2867 if (ngx_handle_write_event(c->write, 0) != NGX_OK) { | |
2868 return NGX_ERROR; | |
2869 } | |
2870 | |
2871 ngx_add_timer(c->read, 3000); | |
2872 | |
2873 return NGX_AGAIN; | |
2874 } | |
2875 | |
2876 if (sslerr == SSL_ERROR_ZERO_RETURN || ERR_peek_error() == 0) { | |
2877 SSL_free(c->ssl->connection); | |
2878 c->ssl = NULL; | |
2879 | |
2880 return NGX_OK; | |
2881 } | |
2882 | |
2883 err = (sslerr == SSL_ERROR_SYSCALL) ? ngx_errno : 0; | |
2884 | |
2885 ngx_ssl_connection_error(c, sslerr, err, "SSL_shutdown() failed"); | |
2886 | |
2842 SSL_free(c->ssl->connection); | 2887 SSL_free(c->ssl->connection); |
2843 c->ssl = NULL; | 2888 c->ssl = NULL; |
2844 | 2889 |
2845 return NGX_OK; | 2890 return NGX_ERROR; |
2846 } | 2891 } |
2847 | |
2848 if (sslerr == SSL_ERROR_WANT_READ || sslerr == SSL_ERROR_WANT_WRITE) { | |
2849 c->read->handler = ngx_ssl_shutdown_handler; | |
2850 c->write->handler = ngx_ssl_shutdown_handler; | |
2851 | |
2852 if (ngx_handle_read_event(c->read, 0) != NGX_OK) { | |
2853 return NGX_ERROR; | |
2854 } | |
2855 | |
2856 if (ngx_handle_write_event(c->write, 0) != NGX_OK) { | |
2857 return NGX_ERROR; | |
2858 } | |
2859 | |
2860 if (sslerr == SSL_ERROR_WANT_READ) { | |
2861 ngx_add_timer(c->read, 30000); | |
2862 } | |
2863 | |
2864 return NGX_AGAIN; | |
2865 } | |
2866 | |
2867 err = (sslerr == SSL_ERROR_SYSCALL) ? ngx_errno : 0; | |
2868 | |
2869 ngx_ssl_connection_error(c, sslerr, err, "SSL_shutdown() failed"); | |
2870 | |
2871 SSL_free(c->ssl->connection); | |
2872 c->ssl = NULL; | |
2873 | |
2874 return NGX_ERROR; | |
2875 } | 2892 } |
2876 | 2893 |
2877 | 2894 |
2878 static void | 2895 static void |
2879 ngx_ssl_shutdown_handler(ngx_event_t *ev) | 2896 ngx_ssl_shutdown_handler(ngx_event_t *ev) |