Mercurial > hg > nginx
changeset 395:f8f0f1834266
nginx-0.0.7-2004-07-16-21:11:43 import
| author | Igor Sysoev <igor@sysoev.ru> |
|---|---|
| date | Fri, 16 Jul 2004 17:11:43 +0000 |
| parents | e7a68e14ccd3 |
| children | 6f3b20c1ac50 |
| files | auto/modules auto/sources src/core/ngx_buf.h src/core/ngx_core.h src/core/ngx_output_chain.c src/event/ngx_event.h src/event/ngx_event_openssl.c src/event/ngx_event_openssl.h src/http/modules/ngx_http_ssl_filter.c src/http/modules/ngx_http_ssl_filter.h src/http/modules/ngx_http_ssl_module.c src/http/modules/ngx_http_ssl_module.h src/http/modules/proxy/ngx_http_proxy_handler.h src/http/ngx_http.h src/http/ngx_http_config.h src/http/ngx_http_core_module.c src/http/ngx_http_core_module.h src/http/ngx_http_request.c src/http/ngx_http_request.h src/http/ngx_http_write_filter.c src/os/win32/ngx_os.h |
| diffstat | 19 files changed, 329 insertions(+), 117 deletions(-) [+] |
line wrap: on
line diff
--- a/auto/modules +++ b/auto/modules @@ -60,19 +60,6 @@ HTTP_FILTER_MODULES="$HTTP_WRITE_FILTER_ $HTTP_CHUNKED_FILTER_MODULE \ $HTTP_RANGE_HEADER_FILTER_MODULE" -if [ $HTTP_SSL = YES ]; then - HTTP_FILTER_MODULES="$HTTP_FILTER_MODULES $HTTP_SSL_FILTER_MODULE" - HTTP_DEPS="$HTTP_DEPS $HTTP_SSL_DEPS" - HTTP_SRCS="$HTTP_SRCS $HTTP_SSL_SRCS" - - # STUB: move to auto/libs/ssl after md5 - have=NGX_HTTP_SSL . auto/have - have=NGX_OPENSSL . auto/have - CORE_DEPS="$CORE_DEPS $OPENSSL_DEPS" - CORE_SRCS="$CORE_SRCS $OPENSSL_SRCS" - CORE_LIBS="$CORE_LIBS -lssl -lcrypto" -fi - if [ $HTTP_GZIP = YES ]; then have=NGX_HTTP_GZIP . auto/have USE_ZLIB=YES @@ -113,6 +100,19 @@ if [ $HTTP_REWRITE = YES -a $USE_PCRE != HTTP_SRCS="$HTTP_SRCS $HTTP_REWRITE_SRCS" fi +if [ $HTTP_SSL = YES ]; then + HTTP_MODULES="$HTTP_MODULES $HTTP_SSL_MODULE" + HTTP_DEPS="$HTTP_DEPS $HTTP_SSL_DEPS" + HTTP_SRCS="$HTTP_SRCS $HTTP_SSL_SRCS" + + # STUB: move to auto/libs/ssl after md5 + have=NGX_HTTP_SSL . auto/have + have=NGX_OPENSSL . auto/have + CORE_DEPS="$CORE_DEPS $OPENSSL_DEPS" + CORE_SRCS="$CORE_SRCS $OPENSSL_SRCS" + CORE_LIBS="$CORE_LIBS -lssl -lcrypto" +fi + if [ $HTTP_PROXY = YES ]; then have=NGX_HTTP_PROXY . auto/have USE_MD5=YES
--- a/auto/sources +++ b/auto/sources @@ -253,11 +253,6 @@ HTTP_GZIP_FILTER_MODULE=ngx_http_gzip_fi HTTP_GZIP_SRCS=src/http/modules/ngx_http_gzip_filter.c -HTTP_SSL_FILTER_MODULE=ngx_http_ssl_filter_module -HTTP_SSL_DEPS=src/http/modules/ngx_http_ssl_filter.h -HTTP_SSL_SRCS=src/http/modules/ngx_http_ssl_filter.c - - HTTP_SSI_FILTER_MODULE=ngx_http_ssi_filter_module HTTP_SSI_SRCS=src/http/modules/ngx_http_ssi_filter.c @@ -274,6 +269,11 @@ HTTP_REWRITE_MODULE=ngx_http_rewrite_mod HTTP_REWRITE_SRCS=src/http/modules/ngx_http_rewrite_handler.c +HTTP_SSL_MODULE=ngx_http_ssl_module +HTTP_SSL_DEPS=src/http/modules/ngx_http_ssl_module.h +HTTP_SSL_SRCS=src/http/modules/ngx_http_ssl_module.c + + HTTP_PROXY_MODULE=ngx_http_proxy_module HTTP_PROXY_INCS="src/http/modules/proxy" HTTP_PROXY_DEPS=src/http/modules/proxy/ngx_http_proxy_handler.h
--- a/src/core/ngx_buf.h +++ b/src/core/ngx_buf.h @@ -132,6 +132,7 @@ typedef struct { #define NGX_CHAIN_ERROR (ngx_chain_t *) NGX_ERROR +#define NGX_CHAIN_AGAIN (ngx_chain_t *) NGX_AGAIN #define ngx_buf_in_memory(b) (b->temporary || b->memory || b->mmap)
--- a/src/core/ngx_core.h +++ b/src/core/ngx_core.h @@ -14,6 +14,9 @@ typedef struct ngx_file_s ngx_fil typedef struct ngx_event_s ngx_event_t; typedef struct ngx_connection_s ngx_connection_t; +typedef void (*ngx_event_handler_pt)(ngx_event_t *ev); + + #define NGX_OK 0 #define NGX_ERROR -1
--- a/src/core/ngx_output_chain.c +++ b/src/core/ngx_output_chain.c @@ -274,7 +274,7 @@ ngx_int_t ngx_chain_writer(void *data, n ngx_log_debug1(NGX_LOG_DEBUG_CORE, ctx->connection->log, 0, "WRITER0: %X", ctx->out); - ctx->out = ngx_write_chain(ctx->connection, ctx->out, ctx->limit); + ctx->out = ngx_send_chain(ctx->connection, ctx->out, ctx->limit); ngx_log_debug1(NGX_LOG_DEBUG_CORE, ctx->connection->log, 0, "WRITER1: %X", ctx->out);
--- a/src/event/ngx_event.h +++ b/src/event/ngx_event.h @@ -6,9 +6,6 @@ #include <ngx_core.h> -typedef void (*ngx_event_handler_pt)(ngx_event_t *ev); - - #define NGX_INVALID_INDEX 0xd0d0d0d0 @@ -391,7 +388,7 @@ extern ngx_event_actions_t ngx_event_a #define ngx_recv ngx_io.recv #define ngx_recv_chain ngx_io.recv_chain -#define ngx_write_chain ngx_io.send_chain +#define ngx_send_chain ngx_io.send_chain
--- a/src/event/ngx_event_openssl.c +++ b/src/event/ngx_event_openssl.c @@ -13,23 +13,34 @@ ngx_int_t ngx_ssl_init(ngx_log_t *log) } -ngx_int_t ngx_ssl_create_session(ngx_ssl_ctx_t *ssl_ctx, ngx_connection_t *c) +ngx_int_t ngx_ssl_create_session(ngx_ssl_ctx_t *ssl_ctx, ngx_connection_t *c, + ngx_uint_t flags) { ngx_ssl_t *ssl; - ssl = SSL_new(ssl_ctx); - - if (ssl == NULL) { - ngx_ssl_error(NGX_LOG_ALERT, c->log, "SSL_new() failed"); + if (!(ssl = ngx_pcalloc(c->pool, sizeof(ngx_ssl_t)))) { return NGX_ERROR; } - if (SSL_set_fd(ssl, c->fd) == 0) { - ngx_ssl_error(NGX_LOG_ALERT, c->log, "SSL_set_fd() failed"); + if (flags & NGX_SSL_BUFFER) { + if (!(ssl->buf = ngx_create_temp_buf(c->pool, NGX_SSL_BUFSIZE))) { + return NGX_ERROR; + } + } + + ssl->ssl = SSL_new(ssl_ctx); + + if (ssl->ssl == NULL) { + ngx_ssl_error(NGX_LOG_ALERT, c->log, 0, "SSL_new() failed"); return NGX_ERROR; } - SSL_set_accept_state(ssl); + if (SSL_set_fd(ssl->ssl, c->fd) == 0) { + ngx_ssl_error(NGX_LOG_ALERT, c->log, 0, "SSL_set_fd() failed"); + return NGX_ERROR; + } + + SSL_set_accept_state(ssl->ssl); c->ssl = ssl; @@ -39,10 +50,11 @@ ngx_int_t ngx_ssl_create_session(ngx_ssl ngx_int_t ngx_ssl_recv(ngx_connection_t *c, u_char *buf, size_t size) { - int n; + int n, sslerr; + ngx_err_t err; char *handshake; - n = SSL_read(c->ssl, buf, size); + n = SSL_read(c->ssl->ssl, buf, size); ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL_read: %d", n); @@ -50,48 +62,42 @@ ngx_int_t ngx_ssl_recv(ngx_connection_t return n; } - n = SSL_get_error(c->ssl, n); + sslerr = SSL_get_error(c->ssl->ssl, n); + + ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL_get_error: %d", sslerr); - ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL_get_error: %d", n); + err = (sslerr == SSL_ERROR_SYSCALL) ? ngx_errno : 0; - if (n == SSL_ERROR_WANT_READ) { + if (sslerr == SSL_ERROR_WANT_READ) { return NGX_AGAIN; } #if 0 - if (n == SSL_ERROR_WANT_WRITE) { + if (sslerr == SSL_ERROR_WANT_WRITE) { return NGX_AGAIN; } #endif - if (!SSL_is_init_finished(c->ssl)) { + if (!SSL_is_init_finished(c->ssl->ssl)) { handshake = "in SSL handshake"; } else { handshake = ""; } - if (n == SSL_ERROR_ZERO_RETURN) { - ngx_log_error(NGX_LOG_INFO, c->log, 0, + if (sslerr == SSL_ERROR_ZERO_RETURN || ERR_peek_error() == 0) { + ngx_log_error(NGX_LOG_INFO, c->log, err, "client closed connection%s", handshake); - SSL_set_shutdown(c->ssl, SSL_RECEIVED_SHUTDOWN); + SSL_set_shutdown(c->ssl->ssl, SSL_RECEIVED_SHUTDOWN); return NGX_ERROR; } - if (ERR_GET_REASON(ERR_peek_error()) == SSL_R_HTTP_REQUEST) { - ngx_log_error(NGX_LOG_ERR, c->log, 0, - "client sent plain HTTP request to HTTPS port"); - - SSL_set_shutdown(c->ssl, SSL_RECEIVED_SHUTDOWN|SSL_SENT_SHUTDOWN); + ngx_ssl_error(NGX_LOG_ALERT, c->log, err, + "SSL_read() failed%s", handshake); - return NGX_SSL_HTTP_ERROR; - } - - ngx_ssl_error(NGX_LOG_ALERT, c->log, "SSL_read() failed%s", handshake); - - SSL_set_shutdown(c->ssl, SSL_RECEIVED_SHUTDOWN); + SSL_set_shutdown(c->ssl->ssl, SSL_RECEIVED_SHUTDOWN); return NGX_ERROR; } @@ -100,11 +106,112 @@ ngx_int_t ngx_ssl_recv(ngx_connection_t ngx_chain_t *ngx_ssl_send_chain(ngx_connection_t *c, ngx_chain_t *in, off_t limit) { - int n; - ssize_t send, size; + int n; + ssize_t send, size; + ngx_buf_t *buf; send = 0; + buf = c->ssl->buf; + +#if 0 + + if (buf) { + + for ( ;; ) { + + for ( /* void */ ; in && buf->last < buf->end; in = in->next) { + if (ngx_buf_special(in->buf)) { + continue; + } + + size = in->buf->last - in->buf->pos; + + if (size > buf->end - buf->last) { + size = buf->end - buf->last; + } + + ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, + "SSL buf copy: %d", size); + + ngx_memcpy(buf->last, in->buf->pos, size); + + buf->last += size; + in->buf->pos += size; + } + + size = buf->last - buf->pos; + + if (send + size > limit) { + size = limit - send; + } + + ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, + "SSL to write: %d", size); + + n = SSL_write(c->ssl->ssl, buf->pos, size); + + ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, + "SSL_write: %d", n); + + if (n > 0) { + buf->pos += n; + send += n; + + if (n < size) { + break; + } + + if (send < limit) { + if (buf->pos == buf->last) { + buf->pos = buf->start; + buf->last = buf->start; + } + + if (in == NULL) { + break; + } + + continue; + } + } + + n = SSL_get_error(c->ssl->ssl, n); + + ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, + "SSL_get_error: %d", n); + + if (n == SSL_ERROR_WANT_WRITE) { + break; + } + +#if 0 + if (n == SSL_ERROR_WANT_READ) { + break; + } +#endif + + ngx_ssl_error(NGX_LOG_ALERT, c->log, "SSL_write() failed"); + + return NGX_CHAIN_ERROR; + } + + if (in) { + c->write->ready = 0; + return in; + } + + if (buf->pos == buf->last) { + return NULL; + + } else { + c->write->ready = 0; + return NGX_CHAIN_AGAIN; + } + } + +#endif + for (/* void */; in; in = in->next) { if (ngx_buf_special(in->buf)) { continue; @@ -119,7 +226,7 @@ ngx_chain_t *ngx_ssl_send_chain(ngx_conn ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL to write: %d", size); - n = SSL_write(c->ssl, in->buf->pos, size); + n = SSL_write(c->ssl->ssl, in->buf->pos, size); ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL_write: %d", n); @@ -139,7 +246,7 @@ ngx_chain_t *ngx_ssl_send_chain(ngx_conn return in; } - n = SSL_get_error(c->ssl, n); + n = SSL_get_error(c->ssl->ssl, n); ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL_get_error: %d", n); @@ -154,7 +261,7 @@ ngx_chain_t *ngx_ssl_send_chain(ngx_conn } #endif - ngx_ssl_error(NGX_LOG_ALERT, c->log, "SSL_write() failed"); + ngx_ssl_error(NGX_LOG_ALERT, c->log, 0, "SSL_write() failed"); return NGX_CHAIN_ERROR; } @@ -176,13 +283,13 @@ ngx_int_t ngx_ssl_shutdown(ngx_connectio #endif #if 0 - SSL_set_shutdown(c->ssl, SSL_RECEIVED_SHUTDOWN); + SSL_set_shutdown(c->ssl->ssl, SSL_RECEIVED_SHUTDOWN); #endif again = 0; for ( ;; ) { - n = SSL_shutdown(c->ssl); + n = SSL_shutdown(c->ssl->ssl); ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL_shutdown: %d", n); @@ -192,7 +299,7 @@ ngx_int_t ngx_ssl_shutdown(ngx_connectio } if (n == 1) { - SSL_free(c->ssl); + SSL_free(c->ssl->ssl); c->ssl = NULL; return NGX_OK; } @@ -201,7 +308,7 @@ ngx_int_t ngx_ssl_shutdown(ngx_connectio } if (!again) { - n = SSL_get_error(c->ssl, n); + n = SSL_get_error(c->ssl->ssl, n); ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL_get_error: %d", n); } @@ -226,17 +333,18 @@ ngx_int_t ngx_ssl_shutdown(ngx_connectio return NGX_AGAIN; } - ngx_ssl_error(NGX_LOG_ALERT, c->log, "SSL_shutdown() failed"); + ngx_ssl_error(NGX_LOG_ALERT, c->log, 0, "SSL_shutdown() failed"); return NGX_ERROR; } -void ngx_ssl_error(ngx_uint_t level, ngx_log_t *log, char *fmt, ...) +void ngx_ssl_error(ngx_uint_t level, ngx_log_t *log, ngx_err_t err, + char *fmt, ...) { - int len; - char errstr[NGX_MAX_CONF_ERRSTR]; - va_list args; + int len; + char errstr[NGX_MAX_CONF_ERRSTR]; + va_list args; va_start(args, fmt); len = ngx_vsnprintf(errstr, sizeof(errstr) - 1, fmt, args); @@ -252,5 +360,5 @@ void ngx_ssl_error(ngx_uint_t level, ngx ERR_error_string_n(ERR_get_error(), errstr + len, sizeof(errstr) - len - 1); - ngx_log_error(level, log, 0, "%s)", errstr); + ngx_log_error(level, log, err, "%s)", errstr); }
--- a/src/event/ngx_event_openssl.h +++ b/src/event/ngx_event_openssl.h @@ -9,20 +9,31 @@ #include <openssl/err.h> -typedef SSL ngx_ssl_t; +typedef struct { + SSL *ssl; + ngx_buf_t *buf; + ngx_event_handler_pt saved_handler; +} ngx_ssl_t; + + typedef SSL_CTX ngx_ssl_ctx_t; -#define NGX_SSL_HTTP_ERROR -10 +#define NGX_SSL_BUFFER 1 + + +#define NGX_SSL_BUFSIZE 16384 ngx_int_t ngx_ssl_init(ngx_log_t *log); -ngx_int_t ngx_ssl_create_session(ngx_ssl_ctx_t *ctx, ngx_connection_t *c); +ngx_int_t ngx_ssl_create_session(ngx_ssl_ctx_t *ctx, ngx_connection_t *c, + ngx_uint_t flags); ngx_int_t ngx_ssl_recv(ngx_connection_t *c, u_char *buf, size_t size); ngx_chain_t *ngx_ssl_send_chain(ngx_connection_t *c, ngx_chain_t *in, off_t limit); ngx_int_t ngx_ssl_shutdown(ngx_connection_t *c); -void ngx_ssl_error(ngx_uint_t level, ngx_log_t *log, char *fmt, ...); +void ngx_ssl_error(ngx_uint_t level, ngx_log_t *log, ngx_err_t err, + char *fmt, ...); #endif /* _NGX_EVENT_OPENSSL_H_INCLUDED_ */
rename from src/http/modules/ngx_http_ssl_filter.c rename to src/http/modules/ngx_http_ssl_module.c --- a/src/http/modules/ngx_http_ssl_filter.c +++ b/src/http/modules/ngx_http_ssl_module.c @@ -11,10 +11,9 @@ static void *ngx_http_ssl_create_srv_conf(ngx_conf_t *cf); static char *ngx_http_ssl_merge_srv_conf(ngx_conf_t *cf, void *parent, void *child); -static ngx_int_t ngx_http_ssl_init_process(ngx_cycle_t *cycle); -static ngx_command_t ngx_http_charset_filter_commands[] = { +static ngx_command_t ngx_http_ssl_commands[] = { { ngx_string("ssl"), NGX_HTTP_SRV_CONF|NGX_CONF_FLAG, @@ -41,7 +40,7 @@ static ngx_command_t ngx_http_charset_f }; -static ngx_http_module_t ngx_http_ssl_filter_module_ctx = { +static ngx_http_module_t ngx_http_ssl_module_ctx = { NULL, /* pre conf */ NULL, /* create main configuration */ @@ -55,13 +54,13 @@ static ngx_http_module_t ngx_http_ssl_f }; -ngx_module_t ngx_http_ssl_filter_module = { +ngx_module_t ngx_http_ssl_module = { NGX_MODULE, - &ngx_http_ssl_filter_module_ctx, /* module context */ - ngx_http_charset_filter_commands, /* module directives */ + &ngx_http_ssl_module_ctx, /* module context */ + ngx_http_ssl_commands, /* module directives */ NGX_HTTP_MODULE, /* module type */ NULL, /* init module */ - ngx_http_ssl_init_process /* init process */ + NULL /* init process */ }; @@ -102,13 +101,13 @@ static char *ngx_http_ssl_merge_srv_conf conf->ssl_ctx = SSL_CTX_new(SSLv23_server_method()); if (conf->ssl_ctx == NULL) { - ngx_ssl_error(NGX_LOG_EMERG, cf->log, "SSL_CTX_new() failed"); + ngx_ssl_error(NGX_LOG_EMERG, cf->log, 0, "SSL_CTX_new() failed"); return NGX_CONF_ERROR; } if (SSL_CTX_use_certificate_file(conf->ssl_ctx, conf->certificate.data, SSL_FILETYPE_PEM) == 0) { - ngx_ssl_error(NGX_LOG_EMERG, cf->log, + ngx_ssl_error(NGX_LOG_EMERG, cf->log, 0, "SSL_CTX_use_certificate_file(\"%s\") failed", conf->certificate.data); return NGX_CONF_ERROR; @@ -116,7 +115,7 @@ static char *ngx_http_ssl_merge_srv_conf if (SSL_CTX_use_PrivateKey_file(conf->ssl_ctx, conf->certificate_key.data, SSL_FILETYPE_PEM) == 0) { - ngx_ssl_error(NGX_LOG_EMERG, cf->log, + ngx_ssl_error(NGX_LOG_EMERG, cf->log, 0, "SSL_CTX_use_PrivateKey_file(\"%s\") failed", conf->certificate_key.data); return NGX_CONF_ERROR; @@ -126,6 +125,8 @@ static char *ngx_http_ssl_merge_srv_conf } +#if 0 + static ngx_int_t ngx_http_ssl_init_process(ngx_cycle_t *cycle) { ngx_uint_t i; @@ -138,7 +139,7 @@ static ngx_int_t ngx_http_ssl_init_proce cscfp = cmcf->servers.elts; for (i = 0; i < cmcf->servers.nelts; i++) { - sscf = cscfp[i]->ctx->srv_conf[ngx_http_ssl_filter_module.ctx_index]; + sscf = cscfp[i]->ctx->srv_conf[ngx_http_ssl_module.ctx_index]; if (sscf->enable) { cscfp[i]->recv = ngx_ssl_recv; @@ -148,3 +149,5 @@ static ngx_int_t ngx_http_ssl_init_proce return NGX_OK; } + +#endif
rename from src/http/modules/ngx_http_ssl_filter.h rename to src/http/modules/ngx_http_ssl_module.h --- a/src/http/modules/ngx_http_ssl_filter.h +++ b/src/http/modules/ngx_http_ssl_module.h @@ -1,5 +1,5 @@ -#ifndef _NGX_HTTP_SSL_FILTER_H_INCLUDED_ -#define _NGX_HTTP_SSL_FILTER_H_INCLUDED_ +#ifndef _NGX_HTTP_SSL_H_INCLUDED_ +#define _NGX_HTTP_SSL_H_INCLUDED_ #include <ngx_config.h> @@ -24,7 +24,7 @@ ngx_chain_t *ngx_http_ssl_write(ngx_conn void ngx_http_ssl_close_connection(SSL *ssl, ngx_log_t *log); -extern ngx_module_t ngx_http_ssl_filter_module; +extern ngx_module_t ngx_http_ssl_module; -#endif /* _NGX_HTTP_SSL_FILTER_H_INCLUDED_ */ +#endif /* _NGX_HTTP_SSL_H_INCLUDED_ */
--- a/src/http/modules/proxy/ngx_http_proxy_handler.h +++ b/src/http/modules/proxy/ngx_http_proxy_handler.h @@ -203,7 +203,7 @@ typedef struct { } ngx_http_proxy_log_ctx_t; -#define NGX_HTTP_PROXY_PARSE_NO_HEADER 20 +#define NGX_HTTP_PROXY_PARSE_NO_HEADER 30 #define NGX_HTTP_PROXY_FT_ERROR 0x02
--- a/src/http/ngx_http.h +++ b/src/http/ngx_http.h @@ -21,8 +21,8 @@ typedef struct ngx_http_cleanup_s ngx_h #include <ngx_http_log_handler.h> #include <ngx_http_core_module.h> -#if (NGX_OPENSSL) -#include <ngx_http_ssl_filter.h> +#if (NGX_HTTP_SSL) +#include <ngx_http_ssl_module.h> #endif
--- a/src/http/ngx_http_config.h +++ b/src/http/ngx_http_config.h @@ -45,8 +45,11 @@ typedef struct { #define ngx_http_conf_get_module_main_conf(cf, module) \ ((ngx_http_conf_ctx_t *) cf->ctx)->main_conf[module.ctx_index] -#define ngx_http_conf_get_module_srv_conf(cf, module) \ - ngx_http_conf_get_module_srv_conf_could_not_be_implemented() +/* + * ngx_http_conf_get_module_srv_conf() and ngx_http_conf_get_module_loc_conf() + * could not be correctly implemented because at the merge phase cf->ctx + * points to http{}'s ctx + */ #define ngx_http_cycle_get_module_main_conf(cycle, module) \ ((ngx_http_conf_ctx_t *) \
--- a/src/http/ngx_http_core_module.c +++ b/src/http/ngx_http_core_module.c @@ -18,7 +18,6 @@ static void *ngx_http_core_create_loc_co static char *ngx_http_core_merge_loc_conf(ngx_conf_t *cf, void *parent, void *child); -static ngx_int_t ngx_http_core_init_process(ngx_cycle_t *cycle); static char *ngx_server_block(ngx_conf_t *cf, ngx_command_t *cmd, void *dummy); static int ngx_cmp_locations(const void *first, const void *second); static char *ngx_location_block(ngx_conf_t *cf, ngx_command_t *cmd, @@ -304,7 +303,7 @@ ngx_module_t ngx_http_core_module = { ngx_http_core_commands, /* module directives */ NGX_HTTP_MODULE, /* module type */ NULL, /* init module */ - ngx_http_core_init_process /* init process */ + NULL /* init process */ }; @@ -822,6 +821,8 @@ int ngx_http_delay_handler(ngx_http_requ #endif +#if 0 + static ngx_int_t ngx_http_core_init_process(ngx_cycle_t *cycle) { ngx_uint_t i; @@ -853,6 +854,8 @@ static ngx_int_t ngx_http_core_init_proc return NGX_OK; } +#endif + static char *ngx_server_block(ngx_conf_t *cf, ngx_command_t *cmd, void *dummy) {
--- a/src/http/ngx_http_core_module.h +++ b/src/http/ngx_http_core_module.h @@ -47,9 +47,6 @@ typedef struct { typedef struct { - ngx_recv_pt recv; - ngx_send_chain_pt send_chain; - /* * array of ngx_http_core_loc_conf_t, used in the translation handler * and in the merge phase
--- a/src/http/ngx_http_request.c +++ b/src/http/ngx_http_request.c @@ -6,6 +6,9 @@ static void ngx_http_init_request(ngx_event_t *ev); +#if (NGX_HTTP_SSL) +static void ngx_http_check_ssl_handshake(ngx_event_t *rev); +#endif static void ngx_http_process_request_line(ngx_event_t *rev); static void ngx_http_process_request_headers(ngx_event_t *rev); static ssize_t ngx_http_read_request_header(ngx_http_request_t *r); @@ -40,6 +43,7 @@ static char *client_header_errors[] = { "client %s sent HTTP/1.1 request without \"Host\" header, URL: %s", "client %s sent invalid \"Content-Length\" header, URL: %s", "client %s sent POST method without \"Content-Length\" header, URL: %s", + "client %s sent plain HTTP request to HTTPS port, URL: %s", "client %s sent invalid \"Host\" header \"%s\", URL: %s" }; @@ -232,16 +236,24 @@ static void ngx_http_init_request(ngx_ev r->srv_conf = cscf->ctx->srv_conf; r->loc_conf = cscf->ctx->loc_conf; + rev->event_handler = ngx_http_process_request_line; + + r->recv = ngx_recv; + r->send_chain = ngx_send_chain; + #if (NGX_HTTP_SSL) - sscf = ngx_http_get_module_srv_conf(r, ngx_http_ssl_filter_module); + sscf = ngx_http_get_module_srv_conf(r, ngx_http_ssl_module); if (sscf->enable) { - if (ngx_ssl_create_session(sscf->ssl_ctx, c) == NGX_ERROR) { + if (ngx_ssl_create_session(sscf->ssl_ctx, c, NGX_SSL_BUFFER) + == NGX_ERROR) + { ngx_http_close_connection(c); return; } r->filter_need_in_memory = 1; + rev->event_handler = ngx_http_check_ssl_handshake; } #endif @@ -321,10 +333,58 @@ static void ngx_http_init_request(ngx_ev r->http_state = NGX_HTTP_READING_REQUEST_STATE; + rev->event_handler(rev); +} + + +#if (NGX_HTTP_SSL) + +static void ngx_http_check_ssl_handshake(ngx_event_t *rev) +{ + int n; + u_char buf[1]; + ngx_connection_t *c; + ngx_http_request_t *r; + + c = rev->data; + r = c->data; + + ngx_log_debug0(NGX_LOG_DEBUG_HTTP, rev->log, 0, + "http check ssl handshake"); + + if (rev->timedout) { + ngx_http_client_error(r, 0, NGX_HTTP_REQUEST_TIME_OUT); + return; + } + + n = recv(c->fd, buf, 1, MSG_PEEK); + + if (n == -1 && ngx_socket_errno == NGX_EAGAIN) { + return; + } + + if (n == 1) { + if (buf[0] == 0x80 /* SSLv2 */ || buf[0] == 0x16 /* SSLv3/TLSv1 */) { + ngx_log_debug1(NGX_LOG_DEBUG_HTTP, rev->log, 0, + "https ssl handshake: 0x%X", buf[0]); + + r->recv = ngx_ssl_recv; + r->send_chain = ngx_ssl_send_chain; + + } else { + ngx_log_debug0(NGX_LOG_DEBUG_HTTP, rev->log, 0, + "plain http"); + + r->plain_http = 1; + } + } + rev->event_handler = ngx_http_process_request_line; ngx_http_process_request_line(rev); } +#endif + static void ngx_http_process_request_line(ngx_event_t *rev) { @@ -832,13 +892,12 @@ static ssize_t ngx_http_read_request_hea return NGX_AGAIN; } - cscf = ngx_http_get_module_srv_conf(r, ngx_http_core_module); - - n = cscf->recv(r->connection, r->header_in->last, - r->header_in->end - r->header_in->last); + n = r->recv(r->connection, r->header_in->last, + r->header_in->end - r->header_in->last); if (n == NGX_AGAIN) { if (!r->header_timeout_set) { + cscf = ngx_http_get_module_srv_conf(r, ngx_http_core_module); ngx_add_timer(rev, cscf->client_header_timeout); r->header_timeout_set = 1; } @@ -939,6 +998,10 @@ static ngx_int_t ngx_http_process_reques return NGX_HTTP_PARSE_POST_WO_CL_HEADER; } + if (r->plain_http) { + return NGX_HTTP_PARSE_HTTP_TO_HTTPS; + } + if (r->headers_in.connection) { if (r->headers_in.connection->value.len == 5 && ngx_strcasecmp(r->headers_in.connection->value.data, "close") @@ -1873,7 +1936,9 @@ static void ngx_http_client_error(ngx_ht r->connection->log->handler = NULL; if (ctx->url) { - if (client_error == NGX_HTTP_PARSE_INVALID_HOST) { + switch (client_error) { + + case NGX_HTTP_PARSE_INVALID_HOST: ngx_log_error(NGX_LOG_ERR, r->connection->log, 0, client_header_errors[client_error - NGX_HTTP_CLIENT_ERROR], ctx->client, r->headers_in.host->value.data, ctx->url); @@ -1888,7 +1953,14 @@ static void ngx_http_client_error(ngx_ht return; } - } else { + break; + + case NGX_HTTP_PARSE_HTTP_TO_HTTPS: + error = NGX_HTTP_TO_HTTPS; + + /* fall through */ + + default: ngx_log_error(NGX_LOG_ERR, r->connection->log, 0, client_header_errors[client_error - NGX_HTTP_CLIENT_ERROR], ctx->client, ctx->url);
--- a/src/http/ngx_http_request.h +++ b/src/http/ngx_http_request.h @@ -31,7 +31,8 @@ #define NGX_HTTP_PARSE_NO_HOST_HEADER 16 #define NGX_HTTP_PARSE_INVALID_CL_HEADER 17 #define NGX_HTTP_PARSE_POST_WO_CL_HEADER 18 -#define NGX_HTTP_PARSE_INVALID_HOST 19 +#define NGX_HTTP_PARSE_HTTP_TO_HTTPS 19 +#define NGX_HTTP_PARSE_INVALID_HOST 20 #define NGX_HTTP_OK 200 @@ -217,6 +218,9 @@ struct ngx_http_request_s { ngx_connection_t *connection; + ngx_recv_pt recv; + ngx_send_chain_pt send_chain; + void **ctx; void **main_conf; void **srv_conf; @@ -292,6 +296,7 @@ struct ngx_http_request_s { /* can we use sendfile ? */ unsigned sendfile:1; + unsigned plain_http:1; unsigned chunked:1; unsigned header_only:1; unsigned keepalive:1;
--- a/src/http/ngx_http_write_filter.c +++ b/src/http/ngx_http_write_filter.c @@ -7,6 +7,9 @@ typedef struct { ngx_chain_t *out; + + /* unsigned flush:1; */ + ngx_uint_t flush; } ngx_http_write_filter_ctx_t; @@ -42,7 +45,6 @@ ngx_int_t ngx_http_write_filter(ngx_http int last; off_t size, flush, sent; ngx_chain_t *cl, *ln, **ll, *chain; - ngx_http_core_srv_conf_t *cscf; ngx_http_core_loc_conf_t *clcf; ngx_http_write_filter_ctx_t *ctx; @@ -114,7 +116,7 @@ ngx_int_t ngx_http_write_filter(ngx_http return NGX_AGAIN; } - if (size == 0) { + if (size == 0 && !ctx->flush) { if (!last) { ngx_log_error(NGX_LOG_ALERT, r->connection->log, 0, "the http output chain is empty"); @@ -124,11 +126,8 @@ ngx_int_t ngx_http_write_filter(ngx_http sent = r->connection->sent; - cscf = ngx_http_get_module_srv_conf(r, ngx_http_core_module); - - chain = cscf->send_chain(r->connection, ctx->out, - clcf->limit_rate ? clcf->limit_rate: - OFF_T_MAX_VALUE); + chain = r->send_chain(r->connection, ctx->out, + clcf->limit_rate ? clcf->limit_rate: OFF_T_MAX_VALUE); ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, "http write filter %X", chain); @@ -144,6 +143,12 @@ ngx_int_t ngx_http_write_filter(ngx_http return NGX_ERROR; } + if (chain == NGX_CHAIN_AGAIN) { + ctx->out = NULL; + ctx->flush = 1; + return NGX_AGAIN; + } + ctx->out = chain; if (chain == NULL) {
--- a/src/os/win32/ngx_os.h +++ b/src/os/win32/ngx_os.h @@ -21,13 +21,17 @@ #endif +typedef ssize_t (*ngx_recv_pt)(ngx_connection_t *c, u_char *buf, size_t size); +typedef ssize_t (*ngx_recv_chain_pt)(ngx_connection_t *c, ngx_chain_t *in); +typedef ssize_t (*ngx_send_pt)(ngx_connection_t *c, u_char *buf, size_t size); +typedef ngx_chain_t *(*ngx_send_chain_pt)(ngx_connection_t *c, ngx_chain_t *in, + off_t limit); typedef struct { - ssize_t (*recv)(ngx_connection_t *c, u_char *buf, size_t size); - ssize_t (*recv_chain)(ngx_connection_t *c, ngx_chain_t *in); - ssize_t (*send)(ngx_connection_t *c, u_char *buf, size_t size); - ngx_chain_t *(*send_chain)(ngx_connection_t *c, ngx_chain_t *in, - off_t limit); + ngx_recv_pt recv; + ngx_recv_chain_pt recv_chain; + ngx_send_pt send; + ngx_send_chain_pt send_chain; int flags; } ngx_os_io_t;