Mercurial > hg > nginx
view auto/endianness @ 7706:61011bfcdb49
SSL: workaround for incorrect SSL_write() errors in OpenSSL 1.1.1.
OpenSSL 1.1.1 fails to return SSL_ERROR_SYSCALL if an error happens
during SSL_write() after close_notify alert from the peer, and returns
SSL_ERROR_ZERO_RETURN instead. Broken by this commit, which removes
the "i == 0" check around the SSL_RECEIVED_SHUTDOWN one:
https://git.openssl.org/?p=openssl.git;a=commitdiff;h=8051ab2
In particular, if a client closed the connection without reading
the response but with properly sent close_notify alert, this resulted in
unexpected "SSL_write() failed while ..." critical log message instead
of correct "SSL_write() failed (32: Broken pipe)" at the info level.
Since SSL_ERROR_ZERO_RETURN cannot be legitimately returned after
SSL_write(), the fix is to convert all SSL_ERROR_ZERO_RETURN errors
after SSL_write() to SSL_ERROR_SYSCALL.
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Wed, 16 Sep 2020 18:26:22 +0300 |
parents | e3faa5fb7772 |
children |
line wrap: on
line source
# Copyright (C) Igor Sysoev # Copyright (C) Nginx, Inc. echo $ngx_n "checking for system byte ordering ...$ngx_c" cat << END >> $NGX_AUTOCONF_ERR ---------------------------------------- checking for system byte ordering END cat << END > $NGX_AUTOTEST.c int main(void) { int i = 0x11223344; char *p; p = (char *) &i; if (*p == 0x44) return 0; return 1; } END ngx_test="$CC $CC_TEST_FLAGS $CC_AUX_FLAGS \ -o $NGX_AUTOTEST $NGX_AUTOTEST.c $NGX_LD_OPT $ngx_feature_libs" eval "$ngx_test >> $NGX_AUTOCONF_ERR 2>&1" if [ -x $NGX_AUTOTEST ]; then if $NGX_AUTOTEST >/dev/null 2>&1; then echo " little endian" have=NGX_HAVE_LITTLE_ENDIAN . auto/have else echo " big endian" fi rm -rf $NGX_AUTOTEST* else rm -rf $NGX_AUTOTEST* echo echo "$0: error: cannot detect system byte ordering" exit 1 fi