# HG changeset patch
# User Maxim Dounin <mdounin@mdounin.ru>
# Date 1314778218 -14400
# Node ID 9aa0d263f2a7e49e3372a10da9c57eee6ad43535
# Parent  78fd926c306daa052bafd317782d1f4679521b4c
Keepalive: ssl connection handling.

Don't cache ssl connections if it uses the same pool as request (i.e. we
don't have experimental patches).  Properly close ssl connections if cached.

diff --git a/ngx_http_upstream_keepalive_module.c b/ngx_http_upstream_keepalive_module.c
--- a/ngx_http_upstream_keepalive_module.c
+++ b/ngx_http_upstream_keepalive_module.c
@@ -63,6 +63,8 @@ static void ngx_http_upstream_free_keepa
 
 static void ngx_http_upstream_keepalive_dummy_handler(ngx_event_t *ev);
 static void ngx_http_upstream_keepalive_close_handler(ngx_event_t *ev);
+static void ngx_http_upstream_keepalive_close(ngx_connection_t *c);
+
 
 #if (NGX_HTTP_SSL)
 static ngx_int_t ngx_http_upstream_keepalive_set_session(
@@ -239,6 +241,9 @@ ngx_http_upstream_get_keepalive_peer(ngx
         c->log = pc->log;
         c->read->log = pc->log;
         c->write->log = pc->log;
+#if (NGX_UPSTREAM_KEEPALIVE_PATCHED)
+        c->pool->log = pc->log;
+#endif
 
         pc->connection = c;
         pc->cached = 1;
@@ -277,6 +282,9 @@ ngx_http_upstream_get_keepalive_peer(ngx
             c->log = pc->log;
             c->read->log = pc->log;
             c->write->log = pc->log;
+#if (NGX_UPSTREAM_KEEPALIVE_PATCHED)
+            c->pool->log = pc->log;
+#endif
 
             pc->connection = c;
             pc->cached = 1;
@@ -351,6 +359,15 @@ ngx_http_upstream_free_keepalive_peer(ng
         goto invalid;
     }
 
+    /*
+     * to cache ssl connections separate pool for peer connection is
+     * required, which is only available with patches
+     */
+
+    if (c->ssl) {
+        goto invalid;
+    }
+
 #endif
 
     ngx_log_debug1(NGX_LOG_DEBUG_HTTP, pc->log, 0,
@@ -363,7 +380,7 @@ ngx_http_upstream_free_keepalive_peer(ng
 
         item = ngx_queue_data(q, ngx_http_upstream_keepalive_cache_t, queue);
 
-        ngx_close_connection(item->connection);
+        ngx_http_upstream_keepalive_close(item->connection);
 
     } else {
         q = ngx_queue_head(&kp->conf->free);
@@ -392,6 +409,9 @@ ngx_http_upstream_free_keepalive_peer(ng
     c->log = ngx_cycle->log;
     c->read->log = ngx_cycle->log;
     c->write->log = ngx_cycle->log;
+#if (NGX_UPSTREAM_KEEPALIVE_PATCHED)
+    c->pool->log = ngx_cycle->log;
+#endif
 
     item->socklen = pc->socklen;
     ngx_memcpy(&item->sockaddr, pc->sockaddr, pc->socklen);
@@ -446,12 +466,38 @@ close:
     item = c->data;
     conf = item->conf;
 
+    ngx_http_upstream_keepalive_close(c);
+
     ngx_queue_remove(&item->queue);
-    ngx_close_connection(item->connection);
     ngx_queue_insert_head(&conf->free, &item->queue);
 }
 
 
+static void
+ngx_http_upstream_keepalive_close(ngx_connection_t *c)
+{
+
+#if (NGX_HTTP_SSL)
+
+    if (c->ssl) {
+        c->ssl->no_wait_shutdown = 1;
+        c->ssl->no_send_shutdown = 1;
+
+        if (ngx_ssl_shutdown(c) == NGX_AGAIN) {
+            c->ssl->handler = ngx_http_upstream_keepalive_close;
+            return;
+        }
+    }
+
+#endif
+
+#if (NGX_UPSTREAM_KEEPALIVE_PATCHED)
+    ngx_destroy_pool(c->pool);
+#endif
+    ngx_close_connection(c);
+}
+
+
 #if (NGX_HTTP_SSL)
 
 static ngx_int_t