# HG changeset patch
# User Valentin Bartenev <vbart@nginx.com>
# Date 1359387625 0
# Node ID 1d819608ad4a72df6208e4c9d304a27e261cf056
# Parent  674f8739e443aba5e7f9248ec0ee679964eb2800
SSL: avoid calling SSL_write() with zero data size.

According to documentation, calling SSL_write() with num=0 bytes to be sent
results in undefined behavior.

We don't currently call ngx_ssl_send_chain() with empty chain and buffer.
This check handles the case of a chain with total data size that is
a multiple of NGX_SSL_BUFSIZE, and with the special buffer at the end.

In practice such cases resulted in premature connection close and critical
error "SSL_write() failed (SSL:)" in the error log.

diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c
--- a/src/event/ngx_event_openssl.c
+++ b/src/event/ngx_event_openssl.c
@@ -1213,6 +1213,12 @@ ngx_ssl_send_chain(ngx_connection_t *c, 
 
         size = buf->last - buf->pos;
 
+        if (size == 0) {
+            buf->flush = 0;
+            c->buffered &= ~NGX_SSL_BUFFERED;
+            return in;
+        }
+
         n = ngx_ssl_write(c, buf->pos, size);
 
         if (n == NGX_ERROR) {