Mercurial > hg > nginx
view src/mail/ngx_mail_imap_module.h @ 7965:f2bbbc0ccdfb stable-1.20
SSL: use of the SSL_OP_IGNORE_UNEXPECTED_EOF option.
A new behaviour was introduced in OpenSSL 1.1.1e, when a peer does not send
close_notify before closing the connection. Previously, it was to return
SSL_ERROR_SYSCALL with errno 0, known since at least OpenSSL 0.9.7, and is
handled gracefully in nginx. Now it returns SSL_ERROR_SSL with a distinct
reason SSL_R_UNEXPECTED_EOF_WHILE_READING ("unexpected eof while reading").
This leads to critical errors seen in nginx within various routines such as
SSL_do_handshake(), SSL_read(), SSL_shutdown(). The behaviour was restored
in OpenSSL 1.1.1f, but presents in OpenSSL 3.0 by default.
Use of the SSL_OP_IGNORE_UNEXPECTED_EOF option added in OpenSSL 3.0 allows
to set a compatible behaviour to return SSL_ERROR_ZERO_RETURN:
https://git.openssl.org/?p=openssl.git;a=commitdiff;h=09b90e0
See for additional details: https://github.com/openssl/openssl/issues/11381
author | Sergey Kandaurov <pluknet@nginx.com> |
---|---|
date | Tue, 10 Aug 2021 23:43:17 +0300 |
parents | d620f497c50f |
children |
line wrap: on
line source
/* * Copyright (C) Igor Sysoev * Copyright (C) Nginx, Inc. */ #ifndef _NGX_MAIL_IMAP_MODULE_H_INCLUDED_ #define _NGX_MAIL_IMAP_MODULE_H_INCLUDED_ #include <ngx_config.h> #include <ngx_core.h> #include <ngx_mail.h> typedef struct { size_t client_buffer_size; ngx_str_t capability; ngx_str_t starttls_capability; ngx_str_t starttls_only_capability; ngx_uint_t auth_methods; ngx_array_t capabilities; } ngx_mail_imap_srv_conf_t; void ngx_mail_imap_init_session(ngx_mail_session_t *s, ngx_connection_t *c); void ngx_mail_imap_init_protocol(ngx_event_t *rev); void ngx_mail_imap_auth_state(ngx_event_t *rev); ngx_int_t ngx_mail_imap_parse_command(ngx_mail_session_t *s); extern ngx_module_t ngx_mail_imap_module; #endif /* _NGX_MAIL_IMAP_MODULE_H_INCLUDED_ */