# HG changeset patch # User Igor Sysoev # Date 1089835678 0 # Node ID d1222d46b3f906a24e5005d6b27d4a077477cc10 # Parent b670db10cbbda47da32191699981600bfaa8abb2 nginx-0.0.7-2004-07-15-00:07:58 import diff --git a/auto/modules b/auto/modules --- a/auto/modules +++ b/auto/modules @@ -43,10 +43,10 @@ fi # the filter order is important # ngx_http_write_filter -# ngx_http_ssl_filter # ngx_http_header_filter # ngx_http_chunked_filter # ngx_http_range_header_filter +# ngx_http_ssl_filter # ngx_http_gzip_filter # ngx_http_charset_filter # ngx_http_ssi_filter @@ -55,10 +55,13 @@ fi # ngx_http_range_body_filter # ngx_http_not_modified_filter -HTTP_FILTER_MODULES="$HTTP_WRITE_FILTER_MODULE" +HTTP_FILTER_MODULES="$HTTP_WRITE_FILTER_MODULE \ + $HTTP_HEADER_FILTER_MODULE \ + $HTTP_CHUNKED_FILTER_MODULE \ + $HTTP_RANGE_HEADER_FILTER_MODULE" if [ $HTTP_SSL = YES ]; then - have=NGX_HTTP_SSL . auto/have + have=NGX_OPENSSL . auto/have HTTP_FILTER_MODULES="$HTTP_FILTER_MODULES $HTTP_SSL_FILTER_MODULE" HTTP_DEPS="$HTTP_DEPS $HTTP_SSL_DEPS" HTTP_SRCS="$HTTP_SRCS $HTTP_SSL_SRCS" @@ -66,11 +69,6 @@ if [ $HTTP_SSL = YES ]; then CORE_LIBS="$CORE_LIBS -lssl -lcrypto" fi -HTTP_FILTER_MODULES="$HTTP_FILTER_MODULES \ - $HTTP_HEADER_FILTER_MODULE \ - $HTTP_CHUNKED_FILTER_MODULE \ - $HTTP_RANGE_HEADER_FILTER_MODULE" - if [ $HTTP_GZIP = YES ]; then have=NGX_HTTP_GZIP . auto/have USE_ZLIB=YES diff --git a/src/core/ngx_connection.h b/src/core/ngx_connection.h --- a/src/core/ngx_connection.h +++ b/src/core/ngx_connection.h @@ -90,6 +90,10 @@ struct ngx_connection_s { socklen_t socklen; ngx_str_t addr_text; +#if (NGX_OPENSSL) + SSL *ssl; +#endif + #if (HAVE_IOCP) struct sockaddr *local_sockaddr; socklen_t local_socklen; diff --git a/src/core/ngx_core.h b/src/core/ngx_core.h --- a/src/core/ngx_core.h +++ b/src/core/ngx_core.h @@ -55,6 +55,10 @@ typedef struct ngx_connection_s ngx_con #include #include #include +#if (NGX_OPENSSL) +#include +#include +#endif #include diff --git a/src/http/modules/ngx_http_ssl_filter.c b/src/http/modules/ngx_http_ssl_filter.c --- a/src/http/modules/ngx_http_ssl_filter.c +++ b/src/http/modules/ngx_http_ssl_filter.c @@ -3,9 +3,6 @@ #include #include -#include -#include - #define NGX_DEFLAUT_CERTIFICATE "cert.pem" #define NGX_DEFLAUT_CERTIFICATE_KEY "cert.pem" @@ -25,9 +22,7 @@ typedef struct { } ngx_http_ssl_ctx_t; -static ngx_http_ssl_ctx_t *ngx_http_ssl_create_ctx(ngx_http_request_t *r); -static ngx_chain_t *ngx_http_ssl_write(ngx_http_request_t *r, ngx_chain_t *in, - off_t limit); +static ngx_int_t ngx_http_ssl_create_ssl(ngx_http_request_t *r); static void ngx_http_ssl_error(ngx_uint_t level, ngx_log_t *log, int err, char *fmt, ...); static void *ngx_http_ssl_create_srv_conf(ngx_conf_t *cf); @@ -87,56 +82,55 @@ ngx_module_t ngx_http_ssl_filter_module }; -ngx_int_t ngx_http_ssl_read(ngx_http_request_t *r, u_char *buf, size_t n) +ngx_int_t ngx_http_ssl_read(ngx_http_request_t *r, u_char *buf, size_t size) { - int rc; + int n; + SSL *ssl; ngx_http_ssl_ctx_t *ctx; ngx_http_log_ctx_t *log_ctx; - ctx = ngx_http_get_module_ctx(r, ngx_http_ssl_filter_module); - - if (ctx == NULL) { - ctx = ngx_http_ssl_create_ctx(r); - - if (ctx == NULL) { + if (r->connection->ssl == NULL) { + if (ngx_http_ssl_create_ssl(r) == NGX_ERROR) { return NGX_HTTP_INTERNAL_SERVER_ERROR; } } - rc = SSL_read(ctx->ssl, buf, n); + ssl = r->connection->ssl; + + n = SSL_read(ssl, buf, size); ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, - "SSL_read: %d", rc); + "SSL_read: %d", n); - if (rc > 0) { - return rc; + if (n > 0) { + return n; } - rc = SSL_get_error(ctx->ssl, rc); + n = SSL_get_error(ssl, n); ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, - "SSL_get_error: %d", rc); + "SSL_get_error: %d", n); - if (rc == SSL_ERROR_WANT_READ) { + if (n == SSL_ERROR_WANT_READ) { return NGX_AGAIN; } #if 0 - if (rc == SSL_ERROR_WANT_WRITE) { + if (n == SSL_ERROR_WANT_WRITE) { return NGX_AGAIN; } #endif - if (!SSL_is_init_finished(ctx->ssl)) { + if (!SSL_is_init_finished(ssl)) { log_ctx = (ngx_http_log_ctx_t *) r->connection->log->data; log_ctx->action = "SSL handshake"; } - if (rc == SSL_ERROR_ZERO_RETURN) { + if (n == SSL_ERROR_ZERO_RETURN) { ngx_log_error(NGX_LOG_INFO, r->connection->log, 0, "client closed connection"); - SSL_set_shutdown(ctx->ssl, SSL_RECEIVED_SHUTDOWN); + SSL_set_shutdown(ssl, SSL_RECEIVED_SHUTDOWN); return NGX_SSL_ERROR; } @@ -145,72 +139,25 @@ ngx_int_t ngx_http_ssl_read(ngx_http_req ngx_log_error(NGX_LOG_ERR, r->connection->log, 0, "client sent plain HTTP request to HTTPS port"); - SSL_set_shutdown(ctx->ssl, - SSL_RECEIVED_SHUTDOWN|SSL_SENT_SHUTDOWN); + SSL_set_shutdown(ssl, SSL_RECEIVED_SHUTDOWN|SSL_SENT_SHUTDOWN); return NGX_SSL_HTTP_ERROR; } - ngx_http_ssl_error(NGX_LOG_ALERT, r->connection->log, rc, + ngx_http_ssl_error(NGX_LOG_ALERT, r->connection->log, n, "SSL_read() failed"); - SSL_set_shutdown(ctx->ssl, SSL_RECEIVED_SHUTDOWN); + SSL_set_shutdown(ssl, SSL_RECEIVED_SHUTDOWN); return NGX_SSL_ERROR; } -ngx_int_t ngx_http_ssl_writer(ngx_http_request_t *r, ngx_chain_t *in) +ngx_chain_t *ngx_http_ssl_write(ngx_connection_t *c, ngx_chain_t *in, + off_t limit) { - ngx_http_ssl_ctx_t *ctx; - - ctx = ngx_http_get_module_ctx(r, ngx_http_ssl_filter_module); - - if (in == NULL) { - rc = SSL_shutdown(ctx->ssl); - - ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, - "SSL_shutdown: %d", rc); - - if (rc == 0) { - return NGX_AGAIN; - } - - if (rc == 1) { - SSL_free(ctx->ssl); - return NGX_OK; - } - - rc = SSL_get_error(ctx->ssl, rc); - - ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, - "SSL_get_error: %d", rc); - - if (rc == SSL_ERROR_WANT_WRITE) { - return NGX_AGAIN; - } - - ngx_http_ssl_error(NGX_LOG_ALERT, r->connection->log, rc, - "SSL_shutdown() failed"); - - return NGX_ERROR; - } - - ch = ngx_http_ssl_write(r, ctx, in, 0); - - return NGX_OK; -} - - -static ngx_chain_t *ngx_http_ssl_write(ngx_http_request_t *r, - ngx_http_ssl_ctx_t *ctx, - ngx_chain_t *in, - off_t limit) -{ - int rc; - size_t send, size; - - ctx = ngx_http_get_module_ctx(r, ngx_http_ssl_filter_module); + int n; + ssize_t send, size; send = 0; @@ -225,51 +172,110 @@ static ngx_chain_t *ngx_http_ssl_write(n size = limit - send; } - rc = SSL_write(ctx->ssl, in->buf->pos, size); + ngx_log_debug1(NGX_LOG_DEBUG_HTTP, c->log, 0, "SSL to write: %d", size); + + n = SSL_write(c->ssl, in->buf->pos, size); + + ngx_log_debug1(NGX_LOG_DEBUG_HTTP, c->log, 0, "SSL_write: %d", n); - if (rc > 0) { - in->buf->pos += rc; + if (n > 0) { + in->buf->pos += n; + send += n; - if (rc == size) { - continue; + if (n == size) { + if (send < limit) { + continue; + } + + return in; } - r->connection->write->ready = 0; + c->write->ready = 0; return in; } + + n = SSL_get_error(c->ssl, n); + + ngx_log_debug1(NGX_LOG_DEBUG_HTTP, c->log, 0, "SSL_get_error: %d", n); + + if (n == SSL_ERROR_WANT_WRITE) { + c->write->ready = 0; + return in; + } + + ngx_http_ssl_error(NGX_LOG_ALERT, c->log, n, "SSL_write() failed"); + + return NGX_CHAIN_ERROR; } return in; } -static ngx_http_ssl_ctx_t *ngx_http_ssl_create_ctx(ngx_http_request_t *r) +ngx_int_t ngx_http_ssl_shutdown(ngx_http_request_t *r) { - ngx_http_ssl_ctx_t *ctx; + int n; + SSL *ssl; + + ssl = r->connection->ssl; + + n = SSL_shutdown(ssl); + + ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, + "SSL_shutdown: %d", n); + + if (n == 0) { + return NGX_AGAIN; + } + + if (n == 1) { + SSL_free(ssl); + r->connection->ssl = NULL; + return NGX_OK; + } + + n = SSL_get_error(ssl, n); + + ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, + "SSL_get_error: %d", n); + + if (n == SSL_ERROR_WANT_WRITE) { + return NGX_AGAIN; + } + + ngx_http_ssl_error(NGX_LOG_ALERT, r->connection->log, n, + "SSL_shutdown() failed"); + + return NGX_ERROR; +} + + +static ngx_int_t ngx_http_ssl_create_ssl(ngx_http_request_t *r) +{ + SSL *ssl; ngx_http_ssl_srv_conf_t *scf; - ngx_http_create_ctx(r, ctx, ngx_http_ssl_filter_module, - sizeof(ngx_http_ssl_ctx_t), NULL); - scf = ngx_http_get_module_srv_conf(r, ngx_http_ssl_filter_module); - ctx->ssl = SSL_new(scf->ssl_ctx); + ssl = SSL_new(scf->ssl_ctx); - if (ctx->ssl == NULL) { + if (ssl == NULL) { ngx_http_ssl_error(NGX_LOG_ALERT, r->connection->log, 0, "SSL_new() failed"); - return NULL; + return NGX_ERROR; } - if (SSL_set_fd(ctx->ssl, r->connection->fd) == 0) { + if (SSL_set_fd(ssl, r->connection->fd) == 0) { ngx_http_ssl_error(NGX_LOG_ALERT, r->connection->log, 0, "SSL_set_fd() failed"); - return NULL; + return NGX_ERROR; } - SSL_set_accept_state(ctx->ssl); + SSL_set_accept_state(ssl); - return ctx; + r->connection->ssl = ssl; + + return NGX_OK; } diff --git a/src/http/modules/ngx_http_ssl_filter.h b/src/http/modules/ngx_http_ssl_filter.h --- a/src/http/modules/ngx_http_ssl_filter.h +++ b/src/http/modules/ngx_http_ssl_filter.h @@ -6,15 +6,15 @@ #include #include -#include - #define NGX_SSL_ERROR -10 #define NGX_SSL_HTTP_ERROR -11 -ngx_int_t ngx_http_ssl_read(ngx_http_request_t *r, u_char *buf, size_t n); -ngx_int_t ngx_http_ssl_writer(ngx_http_request_t *r, ngx_chain_t *in); +ngx_int_t ngx_http_ssl_read(ngx_http_request_t *r, u_char *buf, size_t size); +ngx_int_t ngx_http_ssl_shutdown(ngx_http_request_t *r); +ngx_chain_t *ngx_http_ssl_write(ngx_connection_t *c, ngx_chain_t *in, + off_t limit); void ngx_http_ssl_close_connection(SSL *ssl, ngx_log_t *log); diff --git a/src/http/ngx_http.h b/src/http/ngx_http.h --- a/src/http/ngx_http.h +++ b/src/http/ngx_http.h @@ -21,7 +21,7 @@ typedef struct ngx_http_cleanup_s ngx_h #include #include -#if (NGX_HTTP_SSL) +#if (NGX_OPENSSL) #include #endif diff --git a/src/http/ngx_http_request.c b/src/http/ngx_http_request.c --- a/src/http/ngx_http_request.c +++ b/src/http/ngx_http_request.c @@ -229,6 +229,11 @@ static void ngx_http_init_request(ngx_ev r->srv_conf = cscf->ctx->srv_conf; r->loc_conf = cscf->ctx->loc_conf; +#if 1 + r->ssl = 1; + r->filter_need_in_memory = 1; +#endif + server_name = cscf->server_names.elts; r->server_name = &server_name->name; @@ -815,12 +820,17 @@ static ssize_t ngx_http_read_request_hea return NGX_AGAIN; } -#if 0 - n = ngx_http_ssl_read(r, r->header_in->last, - r->header_in->end - r->header_in->last); -#else - n = ngx_recv(r->connection, r->header_in->last, - r->header_in->end - r->header_in->last); +/* STUB */ +#if (NGX_OPENSSL) + if (r->ssl) { + n = ngx_http_ssl_read(r, r->header_in->last, + r->header_in->end - r->header_in->last); + } else { +#endif + n = ngx_recv(r->connection, r->header_in->last, + r->header_in->end - r->header_in->last); +#if (NGX_OPENSSL) + } #endif if (n == NGX_AGAIN) { diff --git a/src/http/ngx_http_request.h b/src/http/ngx_http_request.h --- a/src/http/ngx_http_request.h +++ b/src/http/ngx_http_request.h @@ -280,6 +280,7 @@ struct ngx_http_request_s { unsigned complex_uri:1; unsigned header_timeout_set:1; + unsigned ssl:1; unsigned proxy:1; unsigned bypass_cache:1; unsigned no_cache:1; diff --git a/src/http/ngx_http_write_filter.c b/src/http/ngx_http_write_filter.c --- a/src/http/ngx_http_write_filter.c +++ b/src/http/ngx_http_write_filter.c @@ -53,6 +53,12 @@ ngx_int_t ngx_http_write_filter(ngx_http sizeof(ngx_http_write_filter_ctx_t), NGX_ERROR); } +#if (NGX_OPENSSL) + if (r->ssl && in == NULL && ctx->out == NULL) { + return ngx_http_ssl_shutdown(r); + } +#endif + size = 0; flush = 0; last = 0; @@ -123,9 +129,20 @@ ngx_int_t ngx_http_write_filter(ngx_http sent = r->connection->sent; - chain = ngx_write_chain(r->connection, ctx->out, - clcf->limit_rate ? clcf->limit_rate: - OFF_T_MAX_VALUE); +/* STUB */ +#if (NGX_OPENSSL) + if (r->ssl) { + chain = ngx_http_ssl_write(r->connection, ctx->out, + clcf->limit_rate ? clcf->limit_rate: + OFF_T_MAX_VALUE); + } else { +#endif + chain = ngx_write_chain(r->connection, ctx->out, + clcf->limit_rate ? clcf->limit_rate: + OFF_T_MAX_VALUE); +#if (NGX_OPENSSL) + } +#endif ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, "http write filter %X", chain);