Mercurial > hg > nginx
comparison src/event/ngx_event_openssl.c @ 1991:7cef148d87a0 stable-0.5
r1862, r1866, r1869, r1874 merge:
*) revert SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER, removed in r1852
*) fix bogus crit log message "SSL_shutdown() failed" introduced in r1852
*) pull all errors
author | Igor Sysoev <igor@sysoev.ru> |
---|---|
date | Sun, 04 May 2008 09:47:59 +0000 |
parents | 056347360e14 |
children |
comparison
equal
deleted
inserted
replaced
1990:c7757ce0ae97 | 1991:7cef148d87a0 |
---|---|
185 | 185 |
186 if (ngx_ssl_protocols[protocols >> 1] != 0) { | 186 if (ngx_ssl_protocols[protocols >> 1] != 0) { |
187 SSL_CTX_set_options(ssl->ctx, ngx_ssl_protocols[protocols >> 1]); | 187 SSL_CTX_set_options(ssl->ctx, ngx_ssl_protocols[protocols >> 1]); |
188 } | 188 } |
189 | 189 |
190 /* | |
191 * we need this option because in ngx_ssl_send_chain() | |
192 * we may switch to a buffered write and may copy leftover part of | |
193 * previously unbuffered data to our internal buffer | |
194 */ | |
195 SSL_CTX_set_mode(ssl->ctx, SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER); | |
196 | |
190 SSL_CTX_set_read_ahead(ssl->ctx, 1); | 197 SSL_CTX_set_read_ahead(ssl->ctx, 1); |
191 | 198 |
192 return NGX_OK; | 199 return NGX_OK; |
193 } | 200 } |
194 | 201 |
998 | 1005 |
999 sslerr = 0; | 1006 sslerr = 0; |
1000 | 1007 |
1001 /* SSL_shutdown() never return -1, on error it return 0 */ | 1008 /* SSL_shutdown() never return -1, on error it return 0 */ |
1002 | 1009 |
1003 if (n != 1) { | 1010 if (n != 1 && ERR_peek_error()) { |
1004 sslerr = SSL_get_error(c->ssl->connection, n); | 1011 sslerr = SSL_get_error(c->ssl->connection, n); |
1005 | 1012 |
1006 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, | 1013 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, |
1007 "SSL_get_error: %d", sslerr); | 1014 "SSL_get_error: %d", sslerr); |
1008 } | 1015 } |
1009 | 1016 |
1010 if (n == 1 | 1017 if (n == 1 || sslerr == 0 || sslerr == SSL_ERROR_ZERO_RETURN) { |
1011 || sslerr == SSL_ERROR_ZERO_RETURN | |
1012 || (sslerr == 0 && c->timedout)) | |
1013 { | |
1014 SSL_free(c->ssl->connection); | 1018 SSL_free(c->ssl->connection); |
1015 c->ssl = NULL; | 1019 c->ssl = NULL; |
1016 | 1020 |
1017 return NGX_OK; | 1021 return NGX_OK; |
1018 } | 1022 } |
1111 | 1115 |
1112 | 1116 |
1113 static void | 1117 static void |
1114 ngx_ssl_clear_error(ngx_log_t *log) | 1118 ngx_ssl_clear_error(ngx_log_t *log) |
1115 { | 1119 { |
1116 if (ERR_peek_error()) { | 1120 while (ERR_peek_error()) { |
1117 ngx_ssl_error(NGX_LOG_ALERT, log, 0, "ignoring stale global SSL error"); | 1121 ngx_ssl_error(NGX_LOG_ALERT, log, 0, "ignoring stale global SSL error"); |
1118 } | 1122 } |
1123 | |
1124 ERR_clear_error(); | |
1119 } | 1125 } |
1120 | 1126 |
1121 | 1127 |
1122 void ngx_cdecl | 1128 void ngx_cdecl |
1123 ngx_ssl_error(ngx_uint_t level, ngx_log_t *log, ngx_err_t err, char *fmt, ...) | 1129 ngx_ssl_error(ngx_uint_t level, ngx_log_t *log, ngx_err_t err, char *fmt, ...) |
1124 { | 1130 { |
1125 u_long n; | 1131 u_long n; |
1126 va_list args; | 1132 va_list args; |
1127 u_char errstr[NGX_MAX_CONF_ERRSTR], *p, *last; | 1133 u_char *p, *last; |
1134 u_char errstr[NGX_MAX_CONF_ERRSTR]; | |
1128 | 1135 |
1129 last = errstr + NGX_MAX_CONF_ERRSTR; | 1136 last = errstr + NGX_MAX_CONF_ERRSTR; |
1130 | 1137 |
1131 va_start(args, fmt); | 1138 va_start(args, fmt); |
1132 p = ngx_vsnprintf(errstr, sizeof(errstr) - 1, fmt, args); | 1139 p = ngx_vsnprintf(errstr, sizeof(errstr) - 1, fmt, args); |
1133 va_end(args); | 1140 va_end(args); |
1134 | 1141 |
1135 p = ngx_cpystrn(p, (u_char *) " (SSL:", last - p); | 1142 p = ngx_cpystrn(p, (u_char *) " (SSL:", last - p); |
1136 | 1143 |
1137 while (p < last) { | 1144 for ( ;; ) { |
1138 | 1145 |
1139 n = ERR_get_error(); | 1146 n = ERR_get_error(); |
1140 | 1147 |
1141 if (n == 0) { | 1148 if (n == 0) { |
1142 break; | 1149 break; |
1150 } | |
1151 | |
1152 if (p >= last) { | |
1153 continue; | |
1143 } | 1154 } |
1144 | 1155 |
1145 *p++ = ' '; | 1156 *p++ = ' '; |
1146 | 1157 |
1147 ERR_error_string_n(n, (char *) p, last - p); | 1158 ERR_error_string_n(n, (char *) p, last - p); |