Mercurial > hg > nginx
changeset 384:e7054aaedf68
nginx-0.0.7-2004-07-09-11:12:14 import
| author | Igor Sysoev <igor@sysoev.ru> |
|---|---|
| date | Fri, 09 Jul 2004 07:12:14 +0000 |
| parents | c05876036128 |
| children | 79050a10aacb |
| files | src/http/modules/ngx_http_ssl_filter.c src/http/modules/ngx_http_ssl_filter.h src/http/ngx_http_request.h src/http/ngx_http_special_response.c |
| diffstat | 4 files changed, 58 insertions(+), 3 deletions(-) [+] |
line wrap: on
line diff
--- a/src/http/modules/ngx_http_ssl_filter.c +++ b/src/http/modules/ngx_http_ssl_filter.c @@ -111,8 +111,30 @@ ngx_int_t ngx_http_ssl_read(ngx_http_req return NGX_AGAIN; } + if (rc == SSL_ERROR_ZERO_RETURN) { + ngx_log_error(NGX_LOG_INFO, r->connection->log, 0, + "client closed connection while SSL handshake"); + + ngx_http_ssl_close_request(ctx->ssl, SSL_RECEIVED_SHUTDOWN); + + return NGX_ERROR; + } + + if (ERR_GET_REASON(ERR_peek_error()) == SSL_R_HTTP_REQUEST) { + ngx_log_error(NGX_LOG_ERR, r->connection->log, 0, + "client sent HTTP request to HTTPS port"); + + ngx_http_ssl_close_request(ctx->ssl, + SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN); + + return NGX_OK; + } + ngx_http_ssl_error(NGX_LOG_ALERT, r->connection->log, rc, "SSL_accept() failed"); + + ngx_http_ssl_close_request(ctx->ssl, SSL_RECEIVED_SHUTDOWN); + return NGX_ERROR; } @@ -174,6 +196,14 @@ static ngx_http_ssl_ctx_t *ngx_http_ssl_ } +void ngx_http_ssl_close_request(SSL *ssl, int mode) +{ + SSL_set_shutdown(ssl, mode); + SSL_smart_shutdown(ssl); + SSL_free(ssl); +} + + static void ngx_http_ssl_error(ngx_uint_t level, ngx_log_t *log, int err, char *fmt, ...) {
--- a/src/http/modules/ngx_http_ssl_filter.h +++ b/src/http/modules/ngx_http_ssl_filter.h @@ -6,8 +6,11 @@ #include <ngx_core.h> #include <ngx_http.h> +#include <openssl/ssl.h> + ngx_int_t ngx_http_ssl_read(ngx_http_request_t *r); +void ngx_http_ssl_close_request(SSL *ssl, int mode); #endif /* _NGX_HTTP_SSL_FILTER_H_INCLUDED_ */
--- a/src/http/ngx_http_request.h +++ b/src/http/ngx_http_request.h @@ -54,7 +54,13 @@ /* Our own HTTP codes */ -#define NGX_HTTP_NGX_CODES NGX_HTTP_INVALID_HOST +#define NGX_HTTP_NGX_CODES NGX_HTTP_TO_HTTPS + +/* + * We use the special code for the plain HTTP requests that are sent to + * HTTPS port to distinguish it from 4XX in an error page redirection + */ +#define NGX_HTTP_TO_HTTPS 497 /* * We use the special code for the requests with invalid host name
--- a/src/http/ngx_http_special_response.c +++ b/src/http/ngx_http_special_response.c @@ -102,6 +102,14 @@ static char error_416_page[] = ; +static char error_497_page[] = +"<html>" CRLF +"<head><title>The plain HTTP request was sent to HTTPS port</title></head>" CRLF +"<body bgcolor=\"white\">" CRLF +"<center><h1>The plain HTTP request was sent to HTTPS por</h1></center>" CRLF +; + + static char error_500_page[] = "<html>" CRLF "<head><title>500 Internal Server Error</title></head>" CRLF @@ -166,8 +174,9 @@ static ngx_str_t error_pages[] = { ngx_null_string, /* 415 */ ngx_string(error_416_page), - ngx_string(error_404_page), /* 498 */ - ngx_null_string, /* 499 */ + ngx_string(error_400_page), /* 497, http to https */ + ngx_string(error_404_page), /* 498, invalid host name */ + ngx_null_string, /* 499, client closed connection */ ngx_string(error_500_page), ngx_string(error_501_page), @@ -199,6 +208,7 @@ ngx_int_t ngx_http_special_response_hand case NGX_HTTP_BAD_REQUEST: case NGX_HTTP_REQUEST_ENTITY_TOO_LARGE: case NGX_HTTP_REQUEST_URI_TOO_LARGE: + case NGX_HTTP_TO_HTTPS: case NGX_HTTP_INTERNAL_SERVER_ERROR: r->keepalive = 0; } @@ -207,6 +217,7 @@ ngx_int_t ngx_http_special_response_hand if (r->lingering_close == 1) { switch (error) { case NGX_HTTP_BAD_REQUEST: + case NGX_HTTP_TO_HTTPS: r->lingering_close = 0; } } @@ -241,6 +252,11 @@ ngx_int_t ngx_http_special_response_hand err = error - NGX_HTTP_NGX_CODES + 3 + 17; switch (error) { + case NGX_HTTP_TO_HTTPS: + r->headers_out.status = NGX_HTTP_BAD_REQUEST; + error = NGX_HTTP_BAD_REQUEST; + break; + case NGX_HTTP_INVALID_HOST: r->headers_out.status = NGX_HTTP_NOT_FOUND; error = NGX_HTTP_NOT_FOUND;