Mercurial > hg > nginx

changeset 1991:7cef148d87a0 stable-0.5

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
r1862, r1866, r1869, r1874 merge: *) revert SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER, removed in r1852 *) fix bogus crit log message "SSL_shutdown() failed" introduced in r1852 *) pull all errors
author Igor Sysoev <igor@sysoev.ru>
date Sun, 04 May 2008 09:47:59 +0000
parents c7757ce0ae97
children ee49a83b6de2
files src/event/ngx_event_openssl.c
diffstat 1 files changed, 21 insertions(+), 10 deletions(-) [+]
line wrap: on
line diff
--- a/src/event/ngx_event_openssl.c
+++ b/src/event/ngx_event_openssl.c
@@ -187,6 +187,13 @@ ngx_ssl_create(ngx_ssl_t *ssl, ngx_uint_
         SSL_CTX_set_options(ssl->ctx, ngx_ssl_protocols[protocols >> 1]);
     }
 
+    /*
+     * we need this option because in ngx_ssl_send_chain()
+     * we may switch to a buffered write and may copy leftover part of
+     * previously unbuffered data to our internal buffer
+     */
+    SSL_CTX_set_mode(ssl->ctx, SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER);
+
     SSL_CTX_set_read_ahead(ssl->ctx, 1);
 
     return NGX_OK;
@@ -1000,17 +1007,14 @@ ngx_ssl_shutdown(ngx_connection_t *c)
 
     /* SSL_shutdown() never return -1, on error it return 0 */
 
-    if (n != 1) {
+    if (n != 1 && ERR_peek_error()) {
         sslerr = SSL_get_error(c->ssl->connection, n);
 
         ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0,
                        "SSL_get_error: %d", sslerr);
     }
 
-    if (n == 1
-        || sslerr == SSL_ERROR_ZERO_RETURN
-        || (sslerr == 0 && c->timedout))
-    {
+    if (n == 1 || sslerr == 0 || sslerr == SSL_ERROR_ZERO_RETURN) {
         SSL_free(c->ssl->connection);
         c->ssl = NULL;
 
@@ -1113,18 +1117,21 @@ ngx_ssl_connection_error(ngx_connection_
 static void
 ngx_ssl_clear_error(ngx_log_t *log)
 {
-    if (ERR_peek_error()) {
+    while (ERR_peek_error()) {
         ngx_ssl_error(NGX_LOG_ALERT, log, 0, "ignoring stale global SSL error");
     }
+
+    ERR_clear_error();
 }
 
 
 void ngx_cdecl
 ngx_ssl_error(ngx_uint_t level, ngx_log_t *log, ngx_err_t err, char *fmt, ...)
 {
-    u_long   n;
-    va_list  args;
-    u_char   errstr[NGX_MAX_CONF_ERRSTR], *p, *last;
+    u_long    n;
+    va_list   args;
+    u_char   *p, *last;
+    u_char    errstr[NGX_MAX_CONF_ERRSTR];
 
     last = errstr + NGX_MAX_CONF_ERRSTR;
 
@@ -1134,7 +1141,7 @@ ngx_ssl_error(ngx_uint_t level, ngx_log_
 
     p = ngx_cpystrn(p, (u_char *) " (SSL:", last - p);
 
-    while (p < last) {
+    for ( ;; ) {
 
         n = ERR_get_error();
 
@@ -1142,6 +1149,10 @@ ngx_ssl_error(ngx_uint_t level, ngx_log_
             break;
         }
 
+        if (p >= last) {
+            continue;
+        }
+
         *p++ = ' ';
 
         ERR_error_string_n(n, (char *) p, last - p);