mirror/nginx
1
0
Fork 0
mirror of https://github.com/nginx/nginx.git synced 2025-07-25 22:56:59 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

r1862, r1866, r1869, r1874 merge:

Browse Source 
*) revert SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER, removed in r1852
*) fix bogus crit log message "SSL_shutdown() failed" introduced in r1852
*) pull all errors
This commit is contained in:
Igor Sysoev 2008-05-04 09:47:59 +00:00
parent dbfc1e7564
commit 45519cb5f4
1 changed files with 21 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
src/event/ngx_event_openssl.c
View File

@ -187,6 +187,13 @@ ngx_ssl_create(ngx_ssl_t *ssl, ngx_uint_t protocols, void *data)
SSL_CTX_set_options(ssl->ctx, ngx_ssl_protocols[protocols >> 1]); SSL_CTX_set_options(ssl->ctx, ngx_ssl_protocols[protocols >> 1]);
} }
/*
* we need this option because in ngx_ssl_send_chain()
* we may switch to a buffered write and may copy leftover part of
* previously unbuffered data to our internal buffer
*/
SSL_CTX_set_mode(ssl->ctx, SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER);
SSL_CTX_set_read_ahead(ssl->ctx, 1); SSL_CTX_set_read_ahead(ssl->ctx, 1);
return NGX_OK; return NGX_OK;
@ -1000,17 +1007,14 @@ ngx_ssl_shutdown(ngx_connection_t *c)
/* SSL_shutdown() never return -1, on error it return 0 */ /* SSL_shutdown() never return -1, on error it return 0 */
if (n != 1) { if (n != 1 && ERR_peek_error()) {
sslerr = SSL_get_error(c->ssl->connection, n); sslerr = SSL_get_error(c->ssl->connection, n);
ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0,
"SSL_get_error: %d", sslerr); "SSL_get_error: %d", sslerr);
} }
if (n == 1 if (n == 1 || sslerr == 0 || sslerr == SSL_ERROR_ZERO_RETURN) {
|| sslerr == SSL_ERROR_ZERO_RETURN
|| (sslerr == 0 && c->timedout))
{
SSL_free(c->ssl->connection); SSL_free(c->ssl->connection);
c->ssl = NULL; c->ssl = NULL;
@ -1113,18 +1117,21 @@ ngx_ssl_connection_error(ngx_connection_t *c, int sslerr, ngx_err_t err,
static void static void
ngx_ssl_clear_error(ngx_log_t *log) ngx_ssl_clear_error(ngx_log_t *log)
{ {
if (ERR_peek_error()) { while (ERR_peek_error()) {
ngx_ssl_error(NGX_LOG_ALERT, log, 0, "ignoring stale global SSL error"); ngx_ssl_error(NGX_LOG_ALERT, log, 0, "ignoring stale global SSL error");
} }
ERR_clear_error();
} }
void ngx_cdecl void ngx_cdecl
ngx_ssl_error(ngx_uint_t level, ngx_log_t *log, ngx_err_t err, char *fmt, ...) ngx_ssl_error(ngx_uint_t level, ngx_log_t *log, ngx_err_t err, char *fmt, ...)
{ {
u_long n; u_long n;
va_list args; va_list args;
u_char errstr[NGX_MAX_CONF_ERRSTR], *p, *last; u_char *p, *last;
u_char errstr[NGX_MAX_CONF_ERRSTR];
last = errstr + NGX_MAX_CONF_ERRSTR; last = errstr + NGX_MAX_CONF_ERRSTR;
@ -1134,7 +1141,7 @@ ngx_ssl_error(ngx_uint_t level, ngx_log_t *log, ngx_err_t err, char *fmt, ...)
p = ngx_cpystrn(p, (u_char *) " (SSL:", last - p); p = ngx_cpystrn(p, (u_char *) " (SSL:", last - p);
while (p < last) { for ( ;; ) {
n = ERR_get_error(); n = ERR_get_error();
@ -1142,6 +1149,10 @@ ngx_ssl_error(ngx_uint_t level, ngx_log_t *log, ngx_err_t err, char *fmt, ...)
break; break;
} }
if (p >= last) {
continue;
}
*p++ = ' '; *p++ = ' ';
ERR_error_string_n(n, (char *) p, last - p); ERR_error_string_n(n, (char *) p, last - p);