Mercurial > hg > nginx

diff src/event/ngx_event_openssl.c @ 2280:6453161bf53e

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
always use buffer, if connection is buffered, this fixes OpenSSL "bad write retry" error, when *) nginx passed a single buf greater than our buffer (say 32K) to OpenSSL, *) OpenSSL returns SSL_ERROR_WANT_WRITE, *) after some time nginx has to send a new data, *) so there are at least two bufs nginx does pass them directly to OpenSSL, *) but copies the first buf part to buffer, and sends the buffer to OpenSSL. *) because the data length is lesser than it was in previous SSL_write(): 16K < 32K, OpenSSL returns SSL_R_BAD_WRITE_RETRY.
author Igor Sysoev <igor@sysoev.ru>
date Thu, 23 Oct 2008 05:58:10 +0000
parents cbf6f2eb57ad
children 31fafd8e7436
line wrap: on
line diff
--- a/src/event/ngx_event_openssl.c
+++ b/src/event/ngx_event_openssl.c
@@ -188,13 +188,6 @@ ngx_ssl_create(ngx_ssl_t *ssl, ngx_uint_
         SSL_CTX_set_options(ssl->ctx, ngx_ssl_protocols[protocols >> 1]);
     }
 
-    /*
-     * we need this option because in ngx_ssl_send_chain()
-     * we may switch to a buffered write and may copy leftover part of
-     * previously unbuffered data to our internal buffer
-     */
-    SSL_CTX_set_mode(ssl->ctx, SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER);
-
     SSL_CTX_set_read_ahead(ssl->ctx, 1);
 
     return NGX_OK;
@@ -860,14 +853,7 @@ ngx_ssl_send_chain(ngx_connection_t *c, 
     ssize_t      send, size;
     ngx_buf_t   *buf;
 
-    if (!c->ssl->buffer
-        || (in && in->next == NULL && !(c->buffered & NGX_SSL_BUFFERED)))
-    {
-        /*
-         * we avoid a buffer copy if
-         *     we do not need to buffer the output
-         *     or the incoming buf is a single and our buffer is empty
-         */
+    if (!c->ssl->buffer) {
 
         while (in) {
             if (ngx_buf_special(in->buf)) {