Mercurial > hg > nginx
annotate src/event/ngx_event_openssl.c @ 577:4d9ea73a627a release-0.3.10
nginx-0.3.10-RELEASE import
*) Change: the "valid_referers" directive and the "$invalid_referer"
variable were moved to the new ngx_http_referer_module from the
ngx_http_rewrite_module.
*) Change: the "$apache_bytes_sent" variable name was changed to
"$body_bytes_sent".
*) Feature: the "$sent_http_..." variables.
*) Feature: the "if" directive supports the "=" and "!=" operations.
*) Feature: the "proxy_pass" directive supports the HTTPS protocol.
*) Feature: the "proxy_set_body" directive.
*) Feature: the "post_action" directive.
*) Feature: the ngx_http_empty_gif_module.
*) Feature: the "worker_cpu_affinity" directive for Linux.
*) Bugfix: the "rewrite" directive did not unescape URI part in
redirect, now it is unescaped except the %00-%25 and %7F-%FF
characters.
*) Bugfix: nginx could not be built by the icc 9.0 compiler.
*) Bugfix: if the SSI was enabled for zero size static file, then the
chunked response was encoded incorrectly.
author | Igor Sysoev <igor@sysoev.ru> |
---|---|
date | Tue, 15 Nov 2005 13:30:52 +0000 |
parents | 458b6c3fea65 |
children | 4e296b7d25bf |
rev | line source |
---|---|
441
da8c5707af39
nginx-0.1.0-2004-09-28-12:34:51 import; set copyright and remove unused files
Igor Sysoev <igor@sysoev.ru>
parents:
399
diff
changeset
|
1 |
da8c5707af39
nginx-0.1.0-2004-09-28-12:34:51 import; set copyright and remove unused files
Igor Sysoev <igor@sysoev.ru>
parents:
399
diff
changeset
|
2 /* |
444
42d11f017717
nginx-0.1.0-2004-09-29-20:00:49 import; remove years from copyright
Igor Sysoev <igor@sysoev.ru>
parents:
441
diff
changeset
|
3 * Copyright (C) Igor Sysoev |
441
da8c5707af39
nginx-0.1.0-2004-09-28-12:34:51 import; set copyright and remove unused files
Igor Sysoev <igor@sysoev.ru>
parents:
399
diff
changeset
|
4 */ |
da8c5707af39
nginx-0.1.0-2004-09-28-12:34:51 import; set copyright and remove unused files
Igor Sysoev <igor@sysoev.ru>
parents:
399
diff
changeset
|
5 |
394
e7a68e14ccd3
nginx-0.0.7-2004-07-16-10:33:35 import
Igor Sysoev <igor@sysoev.ru>
parents:
393
diff
changeset
|
6 |
393
5659d773cfa8
nginx-0.0.7-2004-07-15-20:35:51 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
7 #include <ngx_config.h> |
5659d773cfa8
nginx-0.0.7-2004-07-15-20:35:51 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
8 #include <ngx_core.h> |
394
e7a68e14ccd3
nginx-0.0.7-2004-07-16-10:33:35 import
Igor Sysoev <igor@sysoev.ru>
parents:
393
diff
changeset
|
9 #include <ngx_event.h> |
393
5659d773cfa8
nginx-0.0.7-2004-07-15-20:35:51 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
10 |
541 | 11 |
12 typedef struct { | |
13 ngx_str_t engine; | |
14 } ngx_openssl_conf_t; | |
479 | 15 |
393
5659d773cfa8
nginx-0.0.7-2004-07-15-20:35:51 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
16 |
547 | 17 static void ngx_ssl_handshake_handler(ngx_event_t *ev); |
489 | 18 static ngx_int_t ngx_ssl_handle_recv(ngx_connection_t *c, int n); |
473 | 19 static void ngx_ssl_write_handler(ngx_event_t *wev); |
20 static void ngx_ssl_read_handler(ngx_event_t *rev); | |
577 | 21 static void ngx_ssl_shutdown_handler(ngx_event_t *ev); |
547 | 22 static void ngx_ssl_connection_error(ngx_connection_t *c, int sslerr, |
23 ngx_err_t err, char *text); | |
541 | 24 static void *ngx_openssl_create_conf(ngx_cycle_t *cycle); |
25 static char *ngx_openssl_init_conf(ngx_cycle_t *cycle, void *conf); | |
571 | 26 static void ngx_openssl_exit(ngx_cycle_t *cycle); |
541 | 27 |
28 #if !(NGX_SSL_ENGINE) | |
29 static char *ngx_openssl_noengine(ngx_conf_t *cf, ngx_command_t *cmd, | |
30 void *conf); | |
31 #endif | |
32 | |
33 | |
34 static ngx_command_t ngx_openssl_commands[] = { | |
35 | |
36 { ngx_string("ssl_engine"), | |
37 NGX_MAIN_CONF|NGX_DIRECT_CONF|NGX_CONF_TAKE1, | |
38 #if (NGX_SSL_ENGINE) | |
39 ngx_conf_set_str_slot, | |
40 #else | |
41 ngx_openssl_noengine, | |
42 #endif | |
43 0, | |
44 offsetof(ngx_openssl_conf_t, engine), | |
45 NULL }, | |
46 | |
47 ngx_null_command | |
48 }; | |
49 | |
50 | |
51 static ngx_core_module_t ngx_openssl_module_ctx = { | |
52 ngx_string("openssl"), | |
53 ngx_openssl_create_conf, | |
54 ngx_openssl_init_conf | |
577 | 55 }; |
541 | 56 |
57 | |
58 ngx_module_t ngx_openssl_module = { | |
59 NGX_MODULE_V1, | |
60 &ngx_openssl_module_ctx, /* module context */ | |
61 ngx_openssl_commands, /* module directives */ | |
62 NGX_CORE_MODULE, /* module type */ | |
63 NULL, /* init master */ | |
64 NULL, /* init module */ | |
65 NULL, /* init process */ | |
66 NULL, /* init thread */ | |
67 NULL, /* exit thread */ | |
68 NULL, /* exit process */ | |
571 | 69 ngx_openssl_exit, /* exit master */ |
541 | 70 NGX_MODULE_V1_PADDING |
547 | 71 }; |
72 | |
73 | |
74 static long ngx_ssl_protocols[] = { | |
75 SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3|SSL_OP_NO_TLSv1, | |
76 SSL_OP_NO_SSLv3|SSL_OP_NO_TLSv1, | |
77 SSL_OP_NO_SSLv2|SSL_OP_NO_TLSv1, | |
78 SSL_OP_NO_TLSv1, | |
79 SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3, | |
80 SSL_OP_NO_SSLv3, | |
81 SSL_OP_NO_SSLv2, | |
82 0, | |
83 }; | |
397
de797f3b4c27
nginx-0.0.7-2004-07-23-09:37:29 import
Igor Sysoev <igor@sysoev.ru>
parents:
396
diff
changeset
|
84 |
de797f3b4c27
nginx-0.0.7-2004-07-23-09:37:29 import
Igor Sysoev <igor@sysoev.ru>
parents:
396
diff
changeset
|
85 |
489 | 86 ngx_int_t |
87 ngx_ssl_init(ngx_log_t *log) | |
393
5659d773cfa8
nginx-0.0.7-2004-07-15-20:35:51 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
88 { |
5659d773cfa8
nginx-0.0.7-2004-07-15-20:35:51 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
89 SSL_library_init(); |
5659d773cfa8
nginx-0.0.7-2004-07-15-20:35:51 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
90 SSL_load_error_strings(); |
541 | 91 |
92 #if (NGX_SSL_ENGINE) | |
479 | 93 ENGINE_load_builtin_engines(); |
541 | 94 #endif |
393
5659d773cfa8
nginx-0.0.7-2004-07-15-20:35:51 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
95 |
5659d773cfa8
nginx-0.0.7-2004-07-15-20:35:51 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
96 return NGX_OK; |
5659d773cfa8
nginx-0.0.7-2004-07-15-20:35:51 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
97 } |
5659d773cfa8
nginx-0.0.7-2004-07-15-20:35:51 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
98 |
5659d773cfa8
nginx-0.0.7-2004-07-15-20:35:51 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
99 |
489 | 100 ngx_int_t |
547 | 101 ngx_ssl_create(ngx_ssl_t *ssl, ngx_uint_t protocols) |
102 { | |
577 | 103 ssl->ctx = SSL_CTX_new(SSLv23_method()); |
547 | 104 |
105 if (ssl->ctx == NULL) { | |
106 ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0, "SSL_CTX_new() failed"); | |
107 return NGX_ERROR; | |
108 } | |
109 | |
577 | 110 /* client side options */ |
111 | |
112 SSL_CTX_set_options(ssl->ctx, SSL_OP_MICROSOFT_SESS_ID_BUG); | |
113 SSL_CTX_set_options(ssl->ctx, SSL_OP_NETSCAPE_CHALLENGE_BUG); | |
114 SSL_CTX_set_options(ssl->ctx, SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG); | |
115 | |
116 /* server side options */ | |
563 | 117 |
118 SSL_CTX_set_options(ssl->ctx, SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG); | |
119 SSL_CTX_set_options(ssl->ctx, SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER); | |
120 | |
121 /* this option allow a potential SSL 2.0 rollback (CAN-2005-2969) */ | |
122 SSL_CTX_set_options(ssl->ctx, SSL_OP_MSIE_SSLV2_RSA_PADDING); | |
123 | |
124 SSL_CTX_set_options(ssl->ctx, SSL_OP_SSLEAY_080_CLIENT_DH_BUG); | |
125 SSL_CTX_set_options(ssl->ctx, SSL_OP_TLS_D5_BUG); | |
126 SSL_CTX_set_options(ssl->ctx, SSL_OP_TLS_BLOCK_PADDING_BUG); | |
127 | |
128 #ifdef SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS | |
129 SSL_CTX_set_options(ssl->ctx, SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS); | |
130 #endif | |
131 | |
547 | 132 |
133 if (ngx_ssl_protocols[protocols >> 1] != 0) { | |
134 SSL_CTX_set_options(ssl->ctx, ngx_ssl_protocols[protocols >> 1]); | |
135 } | |
136 | |
137 SSL_CTX_set_mode(ssl->ctx, SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER); | |
138 | |
139 SSL_CTX_set_read_ahead(ssl->ctx, 1); | |
140 | |
141 return NGX_OK; | |
142 } | |
143 | |
144 | |
145 ngx_int_t | |
563 | 146 ngx_ssl_certificate(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *cert, |
147 ngx_str_t *key) | |
547 | 148 { |
563 | 149 if (ngx_conf_full_name(cf->cycle, cert) == NGX_ERROR) { |
547 | 150 return NGX_ERROR; |
151 } | |
152 | |
563 | 153 if (SSL_CTX_use_certificate_chain_file(ssl->ctx, (char *) cert->data) |
547 | 154 == 0) |
155 { | |
156 ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0, | |
563 | 157 "SSL_CTX_use_certificate_chain_file(\"%s\") failed", |
158 cert->data); | |
159 return NGX_ERROR; | |
160 } | |
161 | |
162 if (ngx_conf_full_name(cf->cycle, key) == NGX_ERROR) { | |
163 return NGX_ERROR; | |
164 } | |
165 | |
166 if (SSL_CTX_use_PrivateKey_file(ssl->ctx, (char *) key->data, | |
167 SSL_FILETYPE_PEM) == 0) | |
168 { | |
169 ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0, | |
170 "SSL_CTX_use_PrivateKey_file(\"%s\") failed", key->data); | |
547 | 171 return NGX_ERROR; |
172 } | |
173 | |
174 return NGX_OK; | |
175 } | |
176 | |
177 | |
178 ngx_int_t | |
179 ngx_ssl_generate_rsa512_key(ngx_ssl_t *ssl) | |
180 { | |
559 | 181 if (SSL_CTX_need_tmp_RSA(ssl->ctx) == 0) { |
182 return NGX_OK; | |
183 } | |
184 | |
547 | 185 ssl->rsa512_key = RSA_generate_key(512, RSA_F4, NULL, NULL); |
186 | |
187 if (ssl->rsa512_key) { | |
188 SSL_CTX_set_tmp_rsa(ssl->ctx, ssl->rsa512_key); | |
189 return NGX_OK; | |
190 } | |
191 | |
192 ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0, "RSA_generate_key(512) failed"); | |
193 | |
194 return NGX_ERROR; | |
195 } | |
196 | |
197 | |
198 ngx_int_t | |
199 ngx_ssl_create_connection(ngx_ssl_t *ssl, ngx_connection_t *c, ngx_uint_t flags) | |
577 | 200 { |
547 | 201 ngx_ssl_connection_t *sc; |
393
5659d773cfa8
nginx-0.0.7-2004-07-15-20:35:51 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
202 |
547 | 203 sc = ngx_pcalloc(c->pool, sizeof(ngx_ssl_connection_t)); |
204 if (sc == NULL) { | |
393
5659d773cfa8
nginx-0.0.7-2004-07-15-20:35:51 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
205 return NGX_ERROR; |
5659d773cfa8
nginx-0.0.7-2004-07-15-20:35:51 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
206 } |
5659d773cfa8
nginx-0.0.7-2004-07-15-20:35:51 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
207 |
543 | 208 if (flags & NGX_SSL_BUFFER) { |
547 | 209 sc->buffer = 1; |
543 | 210 |
547 | 211 sc->buf = ngx_create_temp_buf(c->pool, NGX_SSL_BUFSIZE); |
212 if (sc->buf == NULL) { | |
543 | 213 return NGX_ERROR; |
214 } | |
397
de797f3b4c27
nginx-0.0.7-2004-07-23-09:37:29 import
Igor Sysoev <igor@sysoev.ru>
parents:
396
diff
changeset
|
215 } |
de797f3b4c27
nginx-0.0.7-2004-07-23-09:37:29 import
Igor Sysoev <igor@sysoev.ru>
parents:
396
diff
changeset
|
216 |
547 | 217 sc->connection = SSL_new(ssl->ctx); |
395
f8f0f1834266
nginx-0.0.7-2004-07-16-21:11:43 import
Igor Sysoev <igor@sysoev.ru>
parents:
394
diff
changeset
|
218 |
547 | 219 if (sc->connection == NULL) { |
395
f8f0f1834266
nginx-0.0.7-2004-07-16-21:11:43 import
Igor Sysoev <igor@sysoev.ru>
parents:
394
diff
changeset
|
220 ngx_ssl_error(NGX_LOG_ALERT, c->log, 0, "SSL_new() failed"); |
393
5659d773cfa8
nginx-0.0.7-2004-07-15-20:35:51 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
221 return NGX_ERROR; |
5659d773cfa8
nginx-0.0.7-2004-07-15-20:35:51 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
222 } |
5659d773cfa8
nginx-0.0.7-2004-07-15-20:35:51 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
223 |
547 | 224 if (SSL_set_fd(sc->connection, c->fd) == 0) { |
395
f8f0f1834266
nginx-0.0.7-2004-07-16-21:11:43 import
Igor Sysoev <igor@sysoev.ru>
parents:
394
diff
changeset
|
225 ngx_ssl_error(NGX_LOG_ALERT, c->log, 0, "SSL_set_fd() failed"); |
f8f0f1834266
nginx-0.0.7-2004-07-16-21:11:43 import
Igor Sysoev <igor@sysoev.ru>
parents:
394
diff
changeset
|
226 return NGX_ERROR; |
f8f0f1834266
nginx-0.0.7-2004-07-16-21:11:43 import
Igor Sysoev <igor@sysoev.ru>
parents:
394
diff
changeset
|
227 } |
f8f0f1834266
nginx-0.0.7-2004-07-16-21:11:43 import
Igor Sysoev <igor@sysoev.ru>
parents:
394
diff
changeset
|
228 |
577 | 229 if (flags & NGX_SSL_CLIENT) { |
230 SSL_set_connect_state(sc->connection); | |
231 | |
232 } else { | |
233 SSL_set_accept_state(sc->connection); | |
234 } | |
393
5659d773cfa8
nginx-0.0.7-2004-07-15-20:35:51 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
235 |
547 | 236 c->ssl = sc; |
393
5659d773cfa8
nginx-0.0.7-2004-07-15-20:35:51 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
237 |
5659d773cfa8
nginx-0.0.7-2004-07-15-20:35:51 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
238 return NGX_OK; |
5659d773cfa8
nginx-0.0.7-2004-07-15-20:35:51 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
239 } |
5659d773cfa8
nginx-0.0.7-2004-07-15-20:35:51 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
240 |
5659d773cfa8
nginx-0.0.7-2004-07-15-20:35:51 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
241 |
547 | 242 ngx_int_t |
577 | 243 ngx_ssl_set_session(ngx_connection_t *c, ngx_ssl_session_t *session) |
244 { | |
245 if (session) { | |
246 if (SSL_set_session(c->ssl->connection, session) == 0) { | |
247 ngx_ssl_error(NGX_LOG_ALERT, c->log, 0, "SSL_set_session() failed"); | |
248 return NGX_ERROR; | |
249 } | |
250 } | |
251 | |
252 return NGX_OK; | |
253 } | |
254 | |
255 | |
256 ngx_int_t | |
547 | 257 ngx_ssl_handshake(ngx_connection_t *c) |
258 { | |
259 int n, sslerr; | |
260 ngx_err_t err; | |
261 | |
262 n = SSL_do_handshake(c->ssl->connection); | |
263 | |
577 | 264 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL_do_handshake: %d", n); |
547 | 265 |
266 if (n == 1) { | |
267 | |
268 if (ngx_handle_read_event(c->read, 0) == NGX_ERROR) { | |
269 return NGX_ERROR; | |
270 } | |
271 | |
272 if (ngx_handle_write_event(c->write, 0) == NGX_ERROR) { | |
273 return NGX_ERROR; | |
274 } | |
275 | |
276 #if (NGX_DEBUG) | |
277 { | |
278 char buf[129], *s, *d; | |
279 SSL_CIPHER *cipher; | |
280 | |
281 cipher = SSL_get_current_cipher(c->ssl->connection); | |
282 | |
283 if (cipher) { | |
284 SSL_CIPHER_description(cipher, &buf[1], 128); | |
285 | |
286 for (s = &buf[1], d = buf; *s; s++) { | |
287 if (*s == ' ' && *d == ' ') { | |
288 continue; | |
289 } | |
290 | |
291 if (*s == LF || *s == CR) { | |
292 continue; | |
293 } | |
294 | |
295 *++d = *s; | |
296 } | |
297 | |
298 if (*d != ' ') { | |
299 d++; | |
300 } | |
301 | |
302 *d = '\0'; | |
303 | |
304 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, | |
305 "SSL: %s, cipher: \"%s\"", | |
577 | 306 SSL_get_version(c->ssl->connection), &buf[1]); |
547 | 307 |
308 if (SSL_session_reused(c->ssl->connection)) { | |
309 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, | |
310 "SSL reused session"); | |
311 } | |
312 | |
313 } else { | |
314 ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0, | |
577 | 315 "SSL no shared ciphers"); |
547 | 316 } |
317 } | |
318 #endif | |
319 | |
320 c->ssl->handshaked = 1; | |
321 | |
322 c->recv = ngx_ssl_recv; | |
323 c->send = ngx_ssl_write; | |
577 | 324 c->recv_chain = ngx_ssl_recv_chain; |
325 c->send_chain = ngx_ssl_send_chain; | |
547 | 326 |
327 return NGX_OK; | |
328 } | |
329 | |
330 sslerr = SSL_get_error(c->ssl->connection, n); | |
331 | |
332 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL_get_error: %d", sslerr); | |
333 | |
334 if (sslerr == SSL_ERROR_WANT_READ) { | |
335 c->read->ready = 0; | |
336 c->read->handler = ngx_ssl_handshake_handler; | |
337 | |
338 if (ngx_handle_read_event(c->read, 0) == NGX_ERROR) { | |
339 return NGX_ERROR; | |
340 } | |
341 | |
342 return NGX_AGAIN; | |
343 } | |
344 | |
345 if (sslerr == SSL_ERROR_WANT_WRITE) { | |
346 c->write->ready = 0; | |
347 c->write->handler = ngx_ssl_handshake_handler; | |
348 | |
349 if (ngx_handle_write_event(c->write, 0) == NGX_ERROR) { | |
350 return NGX_ERROR; | |
351 } | |
352 | |
353 return NGX_AGAIN; | |
354 } | |
355 | |
356 err = (sslerr == SSL_ERROR_SYSCALL) ? ngx_errno : 0; | |
357 | |
358 c->ssl->no_wait_shutdown = 1; | |
359 c->ssl->no_send_shutdown = 1; | |
360 | |
361 if (sslerr == SSL_ERROR_ZERO_RETURN || ERR_peek_error() == 0) { | |
362 ngx_log_error(NGX_LOG_INFO, c->log, err, | |
577 | 363 "peer closed connection in SSL handshake"); |
547 | 364 |
365 return NGX_ERROR; | |
366 } | |
367 | |
368 ngx_ssl_connection_error(c, sslerr, err, "SSL_do_handshake() failed"); | |
369 | |
370 return NGX_ERROR; | |
371 } | |
372 | |
373 | |
374 static void | |
375 ngx_ssl_handshake_handler(ngx_event_t *ev) | |
376 { | |
377 ngx_connection_t *c; | |
378 | |
379 c = ev->data; | |
380 | |
549 | 381 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, |
577 | 382 "SSL handshake handler: %d", ev->write); |
547 | 383 |
384 if (ngx_ssl_handshake(c) == NGX_AGAIN) { | |
385 return; | |
386 } | |
387 | |
388 c->ssl->handler(c); | |
389 } | |
390 | |
391 | |
489 | 392 ssize_t |
577 | 393 ngx_ssl_recv_chain(ngx_connection_t *c, ngx_chain_t *cl) |
394 { | |
395 ssize_t n, bytes; | |
396 ngx_buf_t *b; | |
397 | |
398 bytes = 0; | |
399 | |
400 while (cl) { | |
401 b = cl->buf; | |
402 | |
403 n = ngx_ssl_recv(c, b->last, b->end - b->last); | |
404 | |
405 if (n > 0) { | |
406 b->last += n; | |
407 bytes += n; | |
408 | |
409 if (b->last == b->end) { | |
410 cl = cl->next; | |
411 } | |
412 | |
413 continue; | |
414 } | |
415 | |
416 if (bytes) { | |
417 return bytes; | |
418 } | |
419 | |
420 return n; | |
421 } | |
422 | |
423 return bytes; | |
424 } | |
425 | |
426 | |
427 ssize_t | |
489 | 428 ngx_ssl_recv(ngx_connection_t *c, u_char *buf, size_t size) |
393
5659d773cfa8
nginx-0.0.7-2004-07-15-20:35:51 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
429 { |
489 | 430 int n, bytes; |
431 | |
432 if (c->ssl->last == NGX_ERROR) { | |
433 return NGX_ERROR; | |
434 } | |
435 | |
577 | 436 if (c->ssl->last == NGX_DONE) { |
437 return 0; | |
438 } | |
439 | |
489 | 440 bytes = 0; |
393
5659d773cfa8
nginx-0.0.7-2004-07-15-20:35:51 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
441 |
489 | 442 /* |
443 * SSL_read() may return data in parts, so try to read | |
444 * until SSL_read() would return no data | |
445 */ | |
446 | |
447 for ( ;; ) { | |
393
5659d773cfa8
nginx-0.0.7-2004-07-15-20:35:51 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
448 |
543 | 449 n = SSL_read(c->ssl->connection, buf, size); |
489 | 450 |
577 | 451 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL_read: %d", n); |
393
5659d773cfa8
nginx-0.0.7-2004-07-15-20:35:51 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
452 |
489 | 453 if (n > 0) { |
454 bytes += n; | |
455 } | |
456 | |
457 c->ssl->last = ngx_ssl_handle_recv(c, n); | |
458 | |
459 if (c->ssl->last != NGX_OK) { | |
479 | 460 |
489 | 461 if (bytes) { |
462 return bytes; | |
577 | 463 } |
489 | 464 |
577 | 465 if (c->ssl->last == NGX_DONE) { |
466 return 0; | |
479 | 467 } |
577 | 468 |
469 return c->ssl->last; | |
479 | 470 } |
471 | |
489 | 472 size -= n; |
473 | |
474 if (size == 0) { | |
475 return bytes; | |
476 } | |
477 | |
478 buf += n; | |
479 } | |
480 } | |
481 | |
482 | |
483 static ngx_int_t | |
484 ngx_ssl_handle_recv(ngx_connection_t *c, int n) | |
485 { | |
547 | 486 int sslerr; |
487 ngx_err_t err; | |
489 | 488 |
489 if (n > 0) { | |
479 | 490 |
473 | 491 if (c->ssl->saved_write_handler) { |
492 | |
509 | 493 c->write->handler = c->ssl->saved_write_handler; |
473 | 494 c->ssl->saved_write_handler = NULL; |
495 c->write->ready = 1; | |
496 | |
497 if (ngx_handle_write_event(c->write, 0) == NGX_ERROR) { | |
498 return NGX_ERROR; | |
499 } | |
500 | |
563 | 501 ngx_post_event(c->write, &ngx_posted_events); |
473 | 502 } |
503 | |
489 | 504 return NGX_OK; |
393
5659d773cfa8
nginx-0.0.7-2004-07-15-20:35:51 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
505 } |
5659d773cfa8
nginx-0.0.7-2004-07-15-20:35:51 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
506 |
543 | 507 sslerr = SSL_get_error(c->ssl->connection, n); |
395
f8f0f1834266
nginx-0.0.7-2004-07-16-21:11:43 import
Igor Sysoev <igor@sysoev.ru>
parents:
394
diff
changeset
|
508 |
396
6f3b20c1ac50
nginx-0.0.7-2004-07-18-23:11:20 import
Igor Sysoev <igor@sysoev.ru>
parents:
395
diff
changeset
|
509 err = (sslerr == SSL_ERROR_SYSCALL) ? ngx_errno : 0; |
393
5659d773cfa8
nginx-0.0.7-2004-07-15-20:35:51 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
510 |
396
6f3b20c1ac50
nginx-0.0.7-2004-07-18-23:11:20 import
Igor Sysoev <igor@sysoev.ru>
parents:
395
diff
changeset
|
511 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL_get_error: %d", sslerr); |
393
5659d773cfa8
nginx-0.0.7-2004-07-15-20:35:51 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
512 |
395
f8f0f1834266
nginx-0.0.7-2004-07-16-21:11:43 import
Igor Sysoev <igor@sysoev.ru>
parents:
394
diff
changeset
|
513 if (sslerr == SSL_ERROR_WANT_READ) { |
455 | 514 c->read->ready = 0; |
393
5659d773cfa8
nginx-0.0.7-2004-07-15-20:35:51 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
515 return NGX_AGAIN; |
5659d773cfa8
nginx-0.0.7-2004-07-15-20:35:51 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
516 } |
394
e7a68e14ccd3
nginx-0.0.7-2004-07-16-10:33:35 import
Igor Sysoev <igor@sysoev.ru>
parents:
393
diff
changeset
|
517 |
445
f26432a1935a
nginx-0.1.0-2004-09-30-10:38:49 import
Igor Sysoev <igor@sysoev.ru>
parents:
444
diff
changeset
|
518 if (sslerr == SSL_ERROR_WANT_WRITE) { |
539 | 519 |
547 | 520 ngx_log_error(NGX_LOG_INFO, c->log, 0, |
577 | 521 "peer started SSL renegotiation"); |
473 | 522 |
523 c->write->ready = 0; | |
524 | |
525 if (ngx_handle_write_event(c->write, 0) == NGX_ERROR) { | |
526 return NGX_ERROR; | |
527 } | |
528 | |
529 /* | |
530 * we do not set the timer because there is already the read event timer | |
531 */ | |
532 | |
533 if (c->ssl->saved_write_handler == NULL) { | |
509 | 534 c->ssl->saved_write_handler = c->write->handler; |
535 c->write->handler = ngx_ssl_write_handler; | |
473 | 536 } |
537 | |
393
5659d773cfa8
nginx-0.0.7-2004-07-15-20:35:51 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
538 return NGX_AGAIN; |
5659d773cfa8
nginx-0.0.7-2004-07-15-20:35:51 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
539 } |
5659d773cfa8
nginx-0.0.7-2004-07-15-20:35:51 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
540 |
547 | 541 c->ssl->no_wait_shutdown = 1; |
542 c->ssl->no_send_shutdown = 1; | |
396
6f3b20c1ac50
nginx-0.0.7-2004-07-18-23:11:20 import
Igor Sysoev <igor@sysoev.ru>
parents:
395
diff
changeset
|
543 |
395
f8f0f1834266
nginx-0.0.7-2004-07-16-21:11:43 import
Igor Sysoev <igor@sysoev.ru>
parents:
394
diff
changeset
|
544 if (sslerr == SSL_ERROR_ZERO_RETURN || ERR_peek_error() == 0) { |
577 | 545 ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0, |
546 "peer shutdown SSL cleanly"); | |
547 return NGX_DONE; | |
393
5659d773cfa8
nginx-0.0.7-2004-07-15-20:35:51 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
548 } |
5659d773cfa8
nginx-0.0.7-2004-07-15-20:35:51 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
549 |
547 | 550 ngx_ssl_connection_error(c, sslerr, err, "SSL_read() failed"); |
393
5659d773cfa8
nginx-0.0.7-2004-07-15-20:35:51 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
551 |
5659d773cfa8
nginx-0.0.7-2004-07-15-20:35:51 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
552 return NGX_ERROR; |
5659d773cfa8
nginx-0.0.7-2004-07-15-20:35:51 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
553 } |
5659d773cfa8
nginx-0.0.7-2004-07-15-20:35:51 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
554 |
5659d773cfa8
nginx-0.0.7-2004-07-15-20:35:51 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
555 |
489 | 556 static void |
557 ngx_ssl_write_handler(ngx_event_t *wev) | |
473 | 558 { |
559 ngx_connection_t *c; | |
560 | |
561 c = wev->data; | |
547 | 562 |
509 | 563 c->read->handler(c->read); |
473 | 564 } |
565 | |
566 | |
398
201b5f68b59f
nginx-0.0.7-2004-07-23-21:05:37 import
Igor Sysoev <igor@sysoev.ru>
parents:
397
diff
changeset
|
567 /* |
201b5f68b59f
nginx-0.0.7-2004-07-23-21:05:37 import
Igor Sysoev <igor@sysoev.ru>
parents:
397
diff
changeset
|
568 * OpenSSL has no SSL_writev() so we copy several bufs into our 16K buffer |
473 | 569 * before the SSL_write() call to decrease a SSL overhead. |
398
201b5f68b59f
nginx-0.0.7-2004-07-23-21:05:37 import
Igor Sysoev <igor@sysoev.ru>
parents:
397
diff
changeset
|
570 * |
201b5f68b59f
nginx-0.0.7-2004-07-23-21:05:37 import
Igor Sysoev <igor@sysoev.ru>
parents:
397
diff
changeset
|
571 * Besides for protocols such as HTTP it is possible to always buffer |
201b5f68b59f
nginx-0.0.7-2004-07-23-21:05:37 import
Igor Sysoev <igor@sysoev.ru>
parents:
397
diff
changeset
|
572 * the output to decrease a SSL overhead some more. |
201b5f68b59f
nginx-0.0.7-2004-07-23-21:05:37 import
Igor Sysoev <igor@sysoev.ru>
parents:
397
diff
changeset
|
573 */ |
201b5f68b59f
nginx-0.0.7-2004-07-23-21:05:37 import
Igor Sysoev <igor@sysoev.ru>
parents:
397
diff
changeset
|
574 |
489 | 575 ngx_chain_t * |
576 ngx_ssl_send_chain(ngx_connection_t *c, ngx_chain_t *in, off_t limit) | |
394
e7a68e14ccd3
nginx-0.0.7-2004-07-16-10:33:35 import
Igor Sysoev <igor@sysoev.ru>
parents:
393
diff
changeset
|
577 { |
397
de797f3b4c27
nginx-0.0.7-2004-07-23-09:37:29 import
Igor Sysoev <igor@sysoev.ru>
parents:
396
diff
changeset
|
578 int n; |
399
4e21d1291a14
nginx-0.0.7-2004-07-25-22:34:14 import
Igor Sysoev <igor@sysoev.ru>
parents:
398
diff
changeset
|
579 ngx_uint_t flush; |
397
de797f3b4c27
nginx-0.0.7-2004-07-23-09:37:29 import
Igor Sysoev <igor@sysoev.ru>
parents:
396
diff
changeset
|
580 ssize_t send, size; |
de797f3b4c27
nginx-0.0.7-2004-07-23-09:37:29 import
Igor Sysoev <igor@sysoev.ru>
parents:
396
diff
changeset
|
581 ngx_buf_t *buf; |
394
e7a68e14ccd3
nginx-0.0.7-2004-07-16-10:33:35 import
Igor Sysoev <igor@sysoev.ru>
parents:
393
diff
changeset
|
582 |
577 | 583 if (!c->ssl->buffer || (in && in->next == NULL && !c->buffered)) { |
395
f8f0f1834266
nginx-0.0.7-2004-07-16-21:11:43 import
Igor Sysoev <igor@sysoev.ru>
parents:
394
diff
changeset
|
584 |
397
de797f3b4c27
nginx-0.0.7-2004-07-23-09:37:29 import
Igor Sysoev <igor@sysoev.ru>
parents:
396
diff
changeset
|
585 /* |
577 | 586 * we avoid a buffer copy if |
587 * we do not need to buffer the output | |
588 * or the incoming buf is a single and our buffer is empty | |
397
de797f3b4c27
nginx-0.0.7-2004-07-23-09:37:29 import
Igor Sysoev <igor@sysoev.ru>
parents:
396
diff
changeset
|
589 */ |
395
f8f0f1834266
nginx-0.0.7-2004-07-16-21:11:43 import
Igor Sysoev <igor@sysoev.ru>
parents:
394
diff
changeset
|
590 |
577 | 591 while (in) { |
592 if (ngx_buf_special(in->buf)) { | |
593 in = in->next; | |
594 continue; | |
595 } | |
397
de797f3b4c27
nginx-0.0.7-2004-07-23-09:37:29 import
Igor Sysoev <igor@sysoev.ru>
parents:
396
diff
changeset
|
596 |
577 | 597 n = ngx_ssl_write(c, in->buf->pos, in->buf->last - in->buf->pos); |
598 | |
599 if (n == NGX_ERROR) { | |
600 return NGX_CHAIN_ERROR; | |
601 } | |
398
201b5f68b59f
nginx-0.0.7-2004-07-23-21:05:37 import
Igor Sysoev <igor@sysoev.ru>
parents:
397
diff
changeset
|
602 |
577 | 603 if (n == NGX_AGAIN) { |
604 c->buffered = 1; | |
605 return in; | |
606 } | |
607 | |
608 in->buf->pos += n; | |
609 | |
610 if (in->buf->pos == in->buf->last) { | |
611 in = in->next; | |
612 } | |
397
de797f3b4c27
nginx-0.0.7-2004-07-23-09:37:29 import
Igor Sysoev <igor@sysoev.ru>
parents:
396
diff
changeset
|
613 } |
395
f8f0f1834266
nginx-0.0.7-2004-07-16-21:11:43 import
Igor Sysoev <igor@sysoev.ru>
parents:
394
diff
changeset
|
614 |
397
de797f3b4c27
nginx-0.0.7-2004-07-23-09:37:29 import
Igor Sysoev <igor@sysoev.ru>
parents:
396
diff
changeset
|
615 return in; |
de797f3b4c27
nginx-0.0.7-2004-07-23-09:37:29 import
Igor Sysoev <igor@sysoev.ru>
parents:
396
diff
changeset
|
616 } |
395
f8f0f1834266
nginx-0.0.7-2004-07-16-21:11:43 import
Igor Sysoev <igor@sysoev.ru>
parents:
394
diff
changeset
|
617 |
473 | 618 |
619 /* the maximum limit size is the maximum uint32_t value - the page size */ | |
620 | |
621 if (limit == 0 || limit > NGX_MAX_UINT32_VALUE - ngx_pagesize) { | |
622 limit = NGX_MAX_UINT32_VALUE - ngx_pagesize; | |
623 } | |
624 | |
625 | |
577 | 626 buf = c->ssl->buf; |
397
de797f3b4c27
nginx-0.0.7-2004-07-23-09:37:29 import
Igor Sysoev <igor@sysoev.ru>
parents:
396
diff
changeset
|
627 send = 0; |
de797f3b4c27
nginx-0.0.7-2004-07-23-09:37:29 import
Igor Sysoev <igor@sysoev.ru>
parents:
396
diff
changeset
|
628 flush = (in == NULL) ? 1 : 0; |
395
f8f0f1834266
nginx-0.0.7-2004-07-16-21:11:43 import
Igor Sysoev <igor@sysoev.ru>
parents:
394
diff
changeset
|
629 |
397
de797f3b4c27
nginx-0.0.7-2004-07-23-09:37:29 import
Igor Sysoev <igor@sysoev.ru>
parents:
396
diff
changeset
|
630 for ( ;; ) { |
395
f8f0f1834266
nginx-0.0.7-2004-07-16-21:11:43 import
Igor Sysoev <igor@sysoev.ru>
parents:
394
diff
changeset
|
631 |
397
de797f3b4c27
nginx-0.0.7-2004-07-23-09:37:29 import
Igor Sysoev <igor@sysoev.ru>
parents:
396
diff
changeset
|
632 while (in && buf->last < buf->end) { |
de797f3b4c27
nginx-0.0.7-2004-07-23-09:37:29 import
Igor Sysoev <igor@sysoev.ru>
parents:
396
diff
changeset
|
633 if (in->buf->last_buf) { |
de797f3b4c27
nginx-0.0.7-2004-07-23-09:37:29 import
Igor Sysoev <igor@sysoev.ru>
parents:
396
diff
changeset
|
634 flush = 1; |
395
f8f0f1834266
nginx-0.0.7-2004-07-16-21:11:43 import
Igor Sysoev <igor@sysoev.ru>
parents:
394
diff
changeset
|
635 } |
f8f0f1834266
nginx-0.0.7-2004-07-16-21:11:43 import
Igor Sysoev <igor@sysoev.ru>
parents:
394
diff
changeset
|
636 |
397
de797f3b4c27
nginx-0.0.7-2004-07-23-09:37:29 import
Igor Sysoev <igor@sysoev.ru>
parents:
396
diff
changeset
|
637 if (ngx_buf_special(in->buf)) { |
398
201b5f68b59f
nginx-0.0.7-2004-07-23-21:05:37 import
Igor Sysoev <igor@sysoev.ru>
parents:
397
diff
changeset
|
638 in = in->next; |
397
de797f3b4c27
nginx-0.0.7-2004-07-23-09:37:29 import
Igor Sysoev <igor@sysoev.ru>
parents:
396
diff
changeset
|
639 continue; |
de797f3b4c27
nginx-0.0.7-2004-07-23-09:37:29 import
Igor Sysoev <igor@sysoev.ru>
parents:
396
diff
changeset
|
640 } |
de797f3b4c27
nginx-0.0.7-2004-07-23-09:37:29 import
Igor Sysoev <igor@sysoev.ru>
parents:
396
diff
changeset
|
641 |
de797f3b4c27
nginx-0.0.7-2004-07-23-09:37:29 import
Igor Sysoev <igor@sysoev.ru>
parents:
396
diff
changeset
|
642 size = in->buf->last - in->buf->pos; |
de797f3b4c27
nginx-0.0.7-2004-07-23-09:37:29 import
Igor Sysoev <igor@sysoev.ru>
parents:
396
diff
changeset
|
643 |
de797f3b4c27
nginx-0.0.7-2004-07-23-09:37:29 import
Igor Sysoev <igor@sysoev.ru>
parents:
396
diff
changeset
|
644 if (size > buf->end - buf->last) { |
de797f3b4c27
nginx-0.0.7-2004-07-23-09:37:29 import
Igor Sysoev <igor@sysoev.ru>
parents:
396
diff
changeset
|
645 size = buf->end - buf->last; |
de797f3b4c27
nginx-0.0.7-2004-07-23-09:37:29 import
Igor Sysoev <igor@sysoev.ru>
parents:
396
diff
changeset
|
646 } |
de797f3b4c27
nginx-0.0.7-2004-07-23-09:37:29 import
Igor Sysoev <igor@sysoev.ru>
parents:
396
diff
changeset
|
647 |
de797f3b4c27
nginx-0.0.7-2004-07-23-09:37:29 import
Igor Sysoev <igor@sysoev.ru>
parents:
396
diff
changeset
|
648 /* |
de797f3b4c27
nginx-0.0.7-2004-07-23-09:37:29 import
Igor Sysoev <igor@sysoev.ru>
parents:
396
diff
changeset
|
649 * TODO: the taking in->buf->flush into account can be |
398
201b5f68b59f
nginx-0.0.7-2004-07-23-21:05:37 import
Igor Sysoev <igor@sysoev.ru>
parents:
397
diff
changeset
|
650 * implemented using the limit on the higher level |
397
de797f3b4c27
nginx-0.0.7-2004-07-23-09:37:29 import
Igor Sysoev <igor@sysoev.ru>
parents:
396
diff
changeset
|
651 */ |
395
f8f0f1834266
nginx-0.0.7-2004-07-16-21:11:43 import
Igor Sysoev <igor@sysoev.ru>
parents:
394
diff
changeset
|
652 |
f8f0f1834266
nginx-0.0.7-2004-07-16-21:11:43 import
Igor Sysoev <igor@sysoev.ru>
parents:
394
diff
changeset
|
653 if (send + size > limit) { |
577 | 654 size = (ssize_t) (limit - send); |
397
de797f3b4c27
nginx-0.0.7-2004-07-23-09:37:29 import
Igor Sysoev <igor@sysoev.ru>
parents:
396
diff
changeset
|
655 flush = 1; |
395
f8f0f1834266
nginx-0.0.7-2004-07-16-21:11:43 import
Igor Sysoev <igor@sysoev.ru>
parents:
394
diff
changeset
|
656 } |
f8f0f1834266
nginx-0.0.7-2004-07-16-21:11:43 import
Igor Sysoev <igor@sysoev.ru>
parents:
394
diff
changeset
|
657 |
f8f0f1834266
nginx-0.0.7-2004-07-16-21:11:43 import
Igor Sysoev <igor@sysoev.ru>
parents:
394
diff
changeset
|
658 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, |
397
de797f3b4c27
nginx-0.0.7-2004-07-23-09:37:29 import
Igor Sysoev <igor@sysoev.ru>
parents:
396
diff
changeset
|
659 "SSL buf copy: %d", size); |
395
f8f0f1834266
nginx-0.0.7-2004-07-16-21:11:43 import
Igor Sysoev <igor@sysoev.ru>
parents:
394
diff
changeset
|
660 |
397
de797f3b4c27
nginx-0.0.7-2004-07-23-09:37:29 import
Igor Sysoev <igor@sysoev.ru>
parents:
396
diff
changeset
|
661 ngx_memcpy(buf->last, in->buf->pos, size); |
395
f8f0f1834266
nginx-0.0.7-2004-07-16-21:11:43 import
Igor Sysoev <igor@sysoev.ru>
parents:
394
diff
changeset
|
662 |
397
de797f3b4c27
nginx-0.0.7-2004-07-23-09:37:29 import
Igor Sysoev <igor@sysoev.ru>
parents:
396
diff
changeset
|
663 buf->last += size; |
395
f8f0f1834266
nginx-0.0.7-2004-07-16-21:11:43 import
Igor Sysoev <igor@sysoev.ru>
parents:
394
diff
changeset
|
664 |
397
de797f3b4c27
nginx-0.0.7-2004-07-23-09:37:29 import
Igor Sysoev <igor@sysoev.ru>
parents:
396
diff
changeset
|
665 in->buf->pos += size; |
577 | 666 |
397
de797f3b4c27
nginx-0.0.7-2004-07-23-09:37:29 import
Igor Sysoev <igor@sysoev.ru>
parents:
396
diff
changeset
|
667 if (in->buf->pos == in->buf->last) { |
de797f3b4c27
nginx-0.0.7-2004-07-23-09:37:29 import
Igor Sysoev <igor@sysoev.ru>
parents:
396
diff
changeset
|
668 in = in->next; |
395
f8f0f1834266
nginx-0.0.7-2004-07-16-21:11:43 import
Igor Sysoev <igor@sysoev.ru>
parents:
394
diff
changeset
|
669 } |
f8f0f1834266
nginx-0.0.7-2004-07-16-21:11:43 import
Igor Sysoev <igor@sysoev.ru>
parents:
394
diff
changeset
|
670 } |
f8f0f1834266
nginx-0.0.7-2004-07-16-21:11:43 import
Igor Sysoev <igor@sysoev.ru>
parents:
394
diff
changeset
|
671 |
397
de797f3b4c27
nginx-0.0.7-2004-07-23-09:37:29 import
Igor Sysoev <igor@sysoev.ru>
parents:
396
diff
changeset
|
672 size = buf->last - buf->pos; |
de797f3b4c27
nginx-0.0.7-2004-07-23-09:37:29 import
Igor Sysoev <igor@sysoev.ru>
parents:
396
diff
changeset
|
673 |
398
201b5f68b59f
nginx-0.0.7-2004-07-23-21:05:37 import
Igor Sysoev <igor@sysoev.ru>
parents:
397
diff
changeset
|
674 if (!flush && buf->last < buf->end && c->ssl->buffer) { |
201b5f68b59f
nginx-0.0.7-2004-07-23-21:05:37 import
Igor Sysoev <igor@sysoev.ru>
parents:
397
diff
changeset
|
675 break; |
201b5f68b59f
nginx-0.0.7-2004-07-23-21:05:37 import
Igor Sysoev <igor@sysoev.ru>
parents:
397
diff
changeset
|
676 } |
397
de797f3b4c27
nginx-0.0.7-2004-07-23-09:37:29 import
Igor Sysoev <igor@sysoev.ru>
parents:
396
diff
changeset
|
677 |
398
201b5f68b59f
nginx-0.0.7-2004-07-23-21:05:37 import
Igor Sysoev <igor@sysoev.ru>
parents:
397
diff
changeset
|
678 n = ngx_ssl_write(c, buf->pos, size); |
201b5f68b59f
nginx-0.0.7-2004-07-23-21:05:37 import
Igor Sysoev <igor@sysoev.ru>
parents:
397
diff
changeset
|
679 |
201b5f68b59f
nginx-0.0.7-2004-07-23-21:05:37 import
Igor Sysoev <igor@sysoev.ru>
parents:
397
diff
changeset
|
680 if (n == NGX_ERROR) { |
201b5f68b59f
nginx-0.0.7-2004-07-23-21:05:37 import
Igor Sysoev <igor@sysoev.ru>
parents:
397
diff
changeset
|
681 return NGX_CHAIN_ERROR; |
397
de797f3b4c27
nginx-0.0.7-2004-07-23-09:37:29 import
Igor Sysoev <igor@sysoev.ru>
parents:
396
diff
changeset
|
682 } |
de797f3b4c27
nginx-0.0.7-2004-07-23-09:37:29 import
Igor Sysoev <igor@sysoev.ru>
parents:
396
diff
changeset
|
683 |
511 | 684 if (n == NGX_AGAIN) { |
685 c->buffered = 1; | |
686 return in; | |
397
de797f3b4c27
nginx-0.0.7-2004-07-23-09:37:29 import
Igor Sysoev <igor@sysoev.ru>
parents:
396
diff
changeset
|
687 } |
de797f3b4c27
nginx-0.0.7-2004-07-23-09:37:29 import
Igor Sysoev <igor@sysoev.ru>
parents:
396
diff
changeset
|
688 |
de797f3b4c27
nginx-0.0.7-2004-07-23-09:37:29 import
Igor Sysoev <igor@sysoev.ru>
parents:
396
diff
changeset
|
689 buf->pos += n; |
de797f3b4c27
nginx-0.0.7-2004-07-23-09:37:29 import
Igor Sysoev <igor@sysoev.ru>
parents:
396
diff
changeset
|
690 send += n; |
de797f3b4c27
nginx-0.0.7-2004-07-23-09:37:29 import
Igor Sysoev <igor@sysoev.ru>
parents:
396
diff
changeset
|
691 c->sent += n; |
de797f3b4c27
nginx-0.0.7-2004-07-23-09:37:29 import
Igor Sysoev <igor@sysoev.ru>
parents:
396
diff
changeset
|
692 |
de797f3b4c27
nginx-0.0.7-2004-07-23-09:37:29 import
Igor Sysoev <igor@sysoev.ru>
parents:
396
diff
changeset
|
693 if (n < size) { |
de797f3b4c27
nginx-0.0.7-2004-07-23-09:37:29 import
Igor Sysoev <igor@sysoev.ru>
parents:
396
diff
changeset
|
694 break; |
395
f8f0f1834266
nginx-0.0.7-2004-07-16-21:11:43 import
Igor Sysoev <igor@sysoev.ru>
parents:
394
diff
changeset
|
695 } |
f8f0f1834266
nginx-0.0.7-2004-07-16-21:11:43 import
Igor Sysoev <igor@sysoev.ru>
parents:
394
diff
changeset
|
696 |
f8f0f1834266
nginx-0.0.7-2004-07-16-21:11:43 import
Igor Sysoev <igor@sysoev.ru>
parents:
394
diff
changeset
|
697 if (buf->pos == buf->last) { |
397
de797f3b4c27
nginx-0.0.7-2004-07-23-09:37:29 import
Igor Sysoev <igor@sysoev.ru>
parents:
396
diff
changeset
|
698 buf->pos = buf->start; |
de797f3b4c27
nginx-0.0.7-2004-07-23-09:37:29 import
Igor Sysoev <igor@sysoev.ru>
parents:
396
diff
changeset
|
699 buf->last = buf->start; |
de797f3b4c27
nginx-0.0.7-2004-07-23-09:37:29 import
Igor Sysoev <igor@sysoev.ru>
parents:
396
diff
changeset
|
700 } |
395
f8f0f1834266
nginx-0.0.7-2004-07-16-21:11:43 import
Igor Sysoev <igor@sysoev.ru>
parents:
394
diff
changeset
|
701 |
397
de797f3b4c27
nginx-0.0.7-2004-07-23-09:37:29 import
Igor Sysoev <igor@sysoev.ru>
parents:
396
diff
changeset
|
702 if (in == NULL || send == limit) { |
de797f3b4c27
nginx-0.0.7-2004-07-23-09:37:29 import
Igor Sysoev <igor@sysoev.ru>
parents:
396
diff
changeset
|
703 break; |
395
f8f0f1834266
nginx-0.0.7-2004-07-16-21:11:43 import
Igor Sysoev <igor@sysoev.ru>
parents:
394
diff
changeset
|
704 } |
f8f0f1834266
nginx-0.0.7-2004-07-16-21:11:43 import
Igor Sysoev <igor@sysoev.ru>
parents:
394
diff
changeset
|
705 } |
f8f0f1834266
nginx-0.0.7-2004-07-16-21:11:43 import
Igor Sysoev <igor@sysoev.ru>
parents:
394
diff
changeset
|
706 |
399
4e21d1291a14
nginx-0.0.7-2004-07-25-22:34:14 import
Igor Sysoev <igor@sysoev.ru>
parents:
398
diff
changeset
|
707 c->buffered = (buf->pos < buf->last) ? 1 : 0; |
397
de797f3b4c27
nginx-0.0.7-2004-07-23-09:37:29 import
Igor Sysoev <igor@sysoev.ru>
parents:
396
diff
changeset
|
708 |
399
4e21d1291a14
nginx-0.0.7-2004-07-25-22:34:14 import
Igor Sysoev <igor@sysoev.ru>
parents:
398
diff
changeset
|
709 return in; |
397
de797f3b4c27
nginx-0.0.7-2004-07-23-09:37:29 import
Igor Sysoev <igor@sysoev.ru>
parents:
396
diff
changeset
|
710 } |
de797f3b4c27
nginx-0.0.7-2004-07-23-09:37:29 import
Igor Sysoev <igor@sysoev.ru>
parents:
396
diff
changeset
|
711 |
de797f3b4c27
nginx-0.0.7-2004-07-23-09:37:29 import
Igor Sysoev <igor@sysoev.ru>
parents:
396
diff
changeset
|
712 |
539 | 713 ssize_t |
489 | 714 ngx_ssl_write(ngx_connection_t *c, u_char *data, size_t size) |
397
de797f3b4c27
nginx-0.0.7-2004-07-23-09:37:29 import
Igor Sysoev <igor@sysoev.ru>
parents:
396
diff
changeset
|
715 { |
547 | 716 int n, sslerr; |
717 ngx_err_t err; | |
397
de797f3b4c27
nginx-0.0.7-2004-07-23-09:37:29 import
Igor Sysoev <igor@sysoev.ru>
parents:
396
diff
changeset
|
718 |
de797f3b4c27
nginx-0.0.7-2004-07-23-09:37:29 import
Igor Sysoev <igor@sysoev.ru>
parents:
396
diff
changeset
|
719 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL to write: %d", size); |
de797f3b4c27
nginx-0.0.7-2004-07-23-09:37:29 import
Igor Sysoev <igor@sysoev.ru>
parents:
396
diff
changeset
|
720 |
543 | 721 n = SSL_write(c->ssl->connection, data, size); |
397
de797f3b4c27
nginx-0.0.7-2004-07-23-09:37:29 import
Igor Sysoev <igor@sysoev.ru>
parents:
396
diff
changeset
|
722 |
de797f3b4c27
nginx-0.0.7-2004-07-23-09:37:29 import
Igor Sysoev <igor@sysoev.ru>
parents:
396
diff
changeset
|
723 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL_write: %d", n); |
de797f3b4c27
nginx-0.0.7-2004-07-23-09:37:29 import
Igor Sysoev <igor@sysoev.ru>
parents:
396
diff
changeset
|
724 |
de797f3b4c27
nginx-0.0.7-2004-07-23-09:37:29 import
Igor Sysoev <igor@sysoev.ru>
parents:
396
diff
changeset
|
725 if (n > 0) { |
539 | 726 |
473 | 727 if (c->ssl->saved_read_handler) { |
728 | |
509 | 729 c->read->handler = c->ssl->saved_read_handler; |
473 | 730 c->ssl->saved_read_handler = NULL; |
731 c->read->ready = 1; | |
732 | |
733 if (ngx_handle_read_event(c->read, 0) == NGX_ERROR) { | |
734 return NGX_ERROR; | |
735 } | |
736 | |
563 | 737 ngx_post_event(c->read, &ngx_posted_events); |
473 | 738 } |
739 | |
397
de797f3b4c27
nginx-0.0.7-2004-07-23-09:37:29 import
Igor Sysoev <igor@sysoev.ru>
parents:
396
diff
changeset
|
740 return n; |
de797f3b4c27
nginx-0.0.7-2004-07-23-09:37:29 import
Igor Sysoev <igor@sysoev.ru>
parents:
396
diff
changeset
|
741 } |
de797f3b4c27
nginx-0.0.7-2004-07-23-09:37:29 import
Igor Sysoev <igor@sysoev.ru>
parents:
396
diff
changeset
|
742 |
543 | 743 sslerr = SSL_get_error(c->ssl->connection, n); |
397
de797f3b4c27
nginx-0.0.7-2004-07-23-09:37:29 import
Igor Sysoev <igor@sysoev.ru>
parents:
396
diff
changeset
|
744 |
de797f3b4c27
nginx-0.0.7-2004-07-23-09:37:29 import
Igor Sysoev <igor@sysoev.ru>
parents:
396
diff
changeset
|
745 err = (sslerr == SSL_ERROR_SYSCALL) ? ngx_errno : 0; |
de797f3b4c27
nginx-0.0.7-2004-07-23-09:37:29 import
Igor Sysoev <igor@sysoev.ru>
parents:
396
diff
changeset
|
746 |
de797f3b4c27
nginx-0.0.7-2004-07-23-09:37:29 import
Igor Sysoev <igor@sysoev.ru>
parents:
396
diff
changeset
|
747 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL_get_error: %d", sslerr); |
de797f3b4c27
nginx-0.0.7-2004-07-23-09:37:29 import
Igor Sysoev <igor@sysoev.ru>
parents:
396
diff
changeset
|
748 |
de797f3b4c27
nginx-0.0.7-2004-07-23-09:37:29 import
Igor Sysoev <igor@sysoev.ru>
parents:
396
diff
changeset
|
749 if (sslerr == SSL_ERROR_WANT_WRITE) { |
de797f3b4c27
nginx-0.0.7-2004-07-23-09:37:29 import
Igor Sysoev <igor@sysoev.ru>
parents:
396
diff
changeset
|
750 c->write->ready = 0; |
de797f3b4c27
nginx-0.0.7-2004-07-23-09:37:29 import
Igor Sysoev <igor@sysoev.ru>
parents:
396
diff
changeset
|
751 return NGX_AGAIN; |
de797f3b4c27
nginx-0.0.7-2004-07-23-09:37:29 import
Igor Sysoev <igor@sysoev.ru>
parents:
396
diff
changeset
|
752 } |
de797f3b4c27
nginx-0.0.7-2004-07-23-09:37:29 import
Igor Sysoev <igor@sysoev.ru>
parents:
396
diff
changeset
|
753 |
445
f26432a1935a
nginx-0.1.0-2004-09-30-10:38:49 import
Igor Sysoev <igor@sysoev.ru>
parents:
444
diff
changeset
|
754 if (sslerr == SSL_ERROR_WANT_READ) { |
452 | 755 |
547 | 756 ngx_log_error(NGX_LOG_INFO, c->log, 0, |
577 | 757 "peer started SSL renegotiation"); |
473 | 758 |
759 c->read->ready = 0; | |
760 | |
761 if (ngx_handle_read_event(c->read, 0) == NGX_ERROR) { | |
762 return NGX_ERROR; | |
763 } | |
764 | |
765 /* | |
766 * we do not set the timer because there is already | |
767 * the write event timer | |
768 */ | |
769 | |
770 if (c->ssl->saved_read_handler == NULL) { | |
509 | 771 c->ssl->saved_read_handler = c->read->handler; |
772 c->read->handler = ngx_ssl_read_handler; | |
473 | 773 } |
774 | |
397
de797f3b4c27
nginx-0.0.7-2004-07-23-09:37:29 import
Igor Sysoev <igor@sysoev.ru>
parents:
396
diff
changeset
|
775 return NGX_AGAIN; |
de797f3b4c27
nginx-0.0.7-2004-07-23-09:37:29 import
Igor Sysoev <igor@sysoev.ru>
parents:
396
diff
changeset
|
776 } |
395
f8f0f1834266
nginx-0.0.7-2004-07-16-21:11:43 import
Igor Sysoev <igor@sysoev.ru>
parents:
394
diff
changeset
|
777 |
547 | 778 c->ssl->no_wait_shutdown = 1; |
779 c->ssl->no_send_shutdown = 1; | |
543 | 780 |
547 | 781 ngx_ssl_connection_error(c, sslerr, err, "SSL_write() failed"); |
394
e7a68e14ccd3
nginx-0.0.7-2004-07-16-10:33:35 import
Igor Sysoev <igor@sysoev.ru>
parents:
393
diff
changeset
|
782 |
397
de797f3b4c27
nginx-0.0.7-2004-07-23-09:37:29 import
Igor Sysoev <igor@sysoev.ru>
parents:
396
diff
changeset
|
783 return NGX_ERROR; |
394
e7a68e14ccd3
nginx-0.0.7-2004-07-16-10:33:35 import
Igor Sysoev <igor@sysoev.ru>
parents:
393
diff
changeset
|
784 } |
e7a68e14ccd3
nginx-0.0.7-2004-07-16-10:33:35 import
Igor Sysoev <igor@sysoev.ru>
parents:
393
diff
changeset
|
785 |
e7a68e14ccd3
nginx-0.0.7-2004-07-16-10:33:35 import
Igor Sysoev <igor@sysoev.ru>
parents:
393
diff
changeset
|
786 |
489 | 787 static void |
788 ngx_ssl_read_handler(ngx_event_t *rev) | |
473 | 789 { |
790 ngx_connection_t *c; | |
791 | |
792 c = rev->data; | |
547 | 793 |
509 | 794 c->write->handler(c->write); |
473 | 795 } |
796 | |
797 | |
489 | 798 ngx_int_t |
799 ngx_ssl_shutdown(ngx_connection_t *c) | |
394
e7a68e14ccd3
nginx-0.0.7-2004-07-16-10:33:35 import
Igor Sysoev <igor@sysoev.ru>
parents:
393
diff
changeset
|
800 { |
473 | 801 int n, sslerr, mode; |
394
e7a68e14ccd3
nginx-0.0.7-2004-07-16-10:33:35 import
Igor Sysoev <igor@sysoev.ru>
parents:
393
diff
changeset
|
802 ngx_uint_t again; |
e7a68e14ccd3
nginx-0.0.7-2004-07-16-10:33:35 import
Igor Sysoev <igor@sysoev.ru>
parents:
393
diff
changeset
|
803 |
577 | 804 if (c->timedout) { |
547 | 805 mode = SSL_RECEIVED_SHUTDOWN|SSL_SENT_SHUTDOWN; |
396
6f3b20c1ac50
nginx-0.0.7-2004-07-18-23:11:20 import
Igor Sysoev <igor@sysoev.ru>
parents:
395
diff
changeset
|
806 |
547 | 807 } else { |
808 mode = SSL_get_shutdown(c->ssl->connection); | |
473 | 809 |
547 | 810 if (c->ssl->no_wait_shutdown) { |
811 mode |= SSL_RECEIVED_SHUTDOWN; | |
396
6f3b20c1ac50
nginx-0.0.7-2004-07-18-23:11:20 import
Igor Sysoev <igor@sysoev.ru>
parents:
395
diff
changeset
|
812 } |
6f3b20c1ac50
nginx-0.0.7-2004-07-18-23:11:20 import
Igor Sysoev <igor@sysoev.ru>
parents:
395
diff
changeset
|
813 |
547 | 814 if (c->ssl->no_send_shutdown) { |
815 mode |= SSL_SENT_SHUTDOWN; | |
396
6f3b20c1ac50
nginx-0.0.7-2004-07-18-23:11:20 import
Igor Sysoev <igor@sysoev.ru>
parents:
395
diff
changeset
|
816 } |
394
e7a68e14ccd3
nginx-0.0.7-2004-07-16-10:33:35 import
Igor Sysoev <igor@sysoev.ru>
parents:
393
diff
changeset
|
817 } |
e7a68e14ccd3
nginx-0.0.7-2004-07-16-10:33:35 import
Igor Sysoev <igor@sysoev.ru>
parents:
393
diff
changeset
|
818 |
547 | 819 SSL_set_shutdown(c->ssl->connection, mode); |
820 | |
394
e7a68e14ccd3
nginx-0.0.7-2004-07-16-10:33:35 import
Igor Sysoev <igor@sysoev.ru>
parents:
393
diff
changeset
|
821 again = 0; |
461 | 822 #if (NGX_SUPPRESS_WARN) |
823 sslerr = 0; | |
824 #endif | |
394
e7a68e14ccd3
nginx-0.0.7-2004-07-16-10:33:35 import
Igor Sysoev <igor@sysoev.ru>
parents:
393
diff
changeset
|
825 |
e7a68e14ccd3
nginx-0.0.7-2004-07-16-10:33:35 import
Igor Sysoev <igor@sysoev.ru>
parents:
393
diff
changeset
|
826 for ( ;; ) { |
543 | 827 n = SSL_shutdown(c->ssl->connection); |
394
e7a68e14ccd3
nginx-0.0.7-2004-07-16-10:33:35 import
Igor Sysoev <igor@sysoev.ru>
parents:
393
diff
changeset
|
828 |
e7a68e14ccd3
nginx-0.0.7-2004-07-16-10:33:35 import
Igor Sysoev <igor@sysoev.ru>
parents:
393
diff
changeset
|
829 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL_shutdown: %d", n); |
e7a68e14ccd3
nginx-0.0.7-2004-07-16-10:33:35 import
Igor Sysoev <igor@sysoev.ru>
parents:
393
diff
changeset
|
830 |
577 | 831 if (n == 1 || (n == 0 && c->timedout)) { |
543 | 832 SSL_free(c->ssl->connection); |
473 | 833 c->ssl = NULL; |
543 | 834 |
473 | 835 return NGX_OK; |
836 } | |
837 | |
394
e7a68e14ccd3
nginx-0.0.7-2004-07-16-10:33:35 import
Igor Sysoev <igor@sysoev.ru>
parents:
393
diff
changeset
|
838 if (n == 0) { |
e7a68e14ccd3
nginx-0.0.7-2004-07-16-10:33:35 import
Igor Sysoev <igor@sysoev.ru>
parents:
393
diff
changeset
|
839 again = 1; |
e7a68e14ccd3
nginx-0.0.7-2004-07-16-10:33:35 import
Igor Sysoev <igor@sysoev.ru>
parents:
393
diff
changeset
|
840 break; |
e7a68e14ccd3
nginx-0.0.7-2004-07-16-10:33:35 import
Igor Sysoev <igor@sysoev.ru>
parents:
393
diff
changeset
|
841 } |
e7a68e14ccd3
nginx-0.0.7-2004-07-16-10:33:35 import
Igor Sysoev <igor@sysoev.ru>
parents:
393
diff
changeset
|
842 |
e7a68e14ccd3
nginx-0.0.7-2004-07-16-10:33:35 import
Igor Sysoev <igor@sysoev.ru>
parents:
393
diff
changeset
|
843 break; |
e7a68e14ccd3
nginx-0.0.7-2004-07-16-10:33:35 import
Igor Sysoev <igor@sysoev.ru>
parents:
393
diff
changeset
|
844 } |
e7a68e14ccd3
nginx-0.0.7-2004-07-16-10:33:35 import
Igor Sysoev <igor@sysoev.ru>
parents:
393
diff
changeset
|
845 |
e7a68e14ccd3
nginx-0.0.7-2004-07-16-10:33:35 import
Igor Sysoev <igor@sysoev.ru>
parents:
393
diff
changeset
|
846 if (!again) { |
543 | 847 sslerr = SSL_get_error(c->ssl->connection, n); |
394
e7a68e14ccd3
nginx-0.0.7-2004-07-16-10:33:35 import
Igor Sysoev <igor@sysoev.ru>
parents:
393
diff
changeset
|
848 |
396
6f3b20c1ac50
nginx-0.0.7-2004-07-18-23:11:20 import
Igor Sysoev <igor@sysoev.ru>
parents:
395
diff
changeset
|
849 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, |
6f3b20c1ac50
nginx-0.0.7-2004-07-18-23:11:20 import
Igor Sysoev <igor@sysoev.ru>
parents:
395
diff
changeset
|
850 "SSL_get_error: %d", sslerr); |
394
e7a68e14ccd3
nginx-0.0.7-2004-07-16-10:33:35 import
Igor Sysoev <igor@sysoev.ru>
parents:
393
diff
changeset
|
851 } |
e7a68e14ccd3
nginx-0.0.7-2004-07-16-10:33:35 import
Igor Sysoev <igor@sysoev.ru>
parents:
393
diff
changeset
|
852 |
396
6f3b20c1ac50
nginx-0.0.7-2004-07-18-23:11:20 import
Igor Sysoev <igor@sysoev.ru>
parents:
395
diff
changeset
|
853 if (again || sslerr == SSL_ERROR_WANT_READ) { |
394
e7a68e14ccd3
nginx-0.0.7-2004-07-16-10:33:35 import
Igor Sysoev <igor@sysoev.ru>
parents:
393
diff
changeset
|
854 |
473 | 855 ngx_add_timer(c->read, 30000); |
394
e7a68e14ccd3
nginx-0.0.7-2004-07-16-10:33:35 import
Igor Sysoev <igor@sysoev.ru>
parents:
393
diff
changeset
|
856 |
577 | 857 c->read->handler = ngx_ssl_shutdown_handler; |
858 | |
394
e7a68e14ccd3
nginx-0.0.7-2004-07-16-10:33:35 import
Igor Sysoev <igor@sysoev.ru>
parents:
393
diff
changeset
|
859 if (ngx_handle_read_event(c->read, 0) == NGX_ERROR) { |
e7a68e14ccd3
nginx-0.0.7-2004-07-16-10:33:35 import
Igor Sysoev <igor@sysoev.ru>
parents:
393
diff
changeset
|
860 return NGX_ERROR; |
e7a68e14ccd3
nginx-0.0.7-2004-07-16-10:33:35 import
Igor Sysoev <igor@sysoev.ru>
parents:
393
diff
changeset
|
861 } |
e7a68e14ccd3
nginx-0.0.7-2004-07-16-10:33:35 import
Igor Sysoev <igor@sysoev.ru>
parents:
393
diff
changeset
|
862 |
e7a68e14ccd3
nginx-0.0.7-2004-07-16-10:33:35 import
Igor Sysoev <igor@sysoev.ru>
parents:
393
diff
changeset
|
863 return NGX_AGAIN; |
e7a68e14ccd3
nginx-0.0.7-2004-07-16-10:33:35 import
Igor Sysoev <igor@sysoev.ru>
parents:
393
diff
changeset
|
864 } |
e7a68e14ccd3
nginx-0.0.7-2004-07-16-10:33:35 import
Igor Sysoev <igor@sysoev.ru>
parents:
393
diff
changeset
|
865 |
396
6f3b20c1ac50
nginx-0.0.7-2004-07-18-23:11:20 import
Igor Sysoev <igor@sysoev.ru>
parents:
395
diff
changeset
|
866 if (sslerr == SSL_ERROR_WANT_WRITE) { |
394
e7a68e14ccd3
nginx-0.0.7-2004-07-16-10:33:35 import
Igor Sysoev <igor@sysoev.ru>
parents:
393
diff
changeset
|
867 |
577 | 868 c->write->handler = ngx_ssl_shutdown_handler; |
869 | |
394
e7a68e14ccd3
nginx-0.0.7-2004-07-16-10:33:35 import
Igor Sysoev <igor@sysoev.ru>
parents:
393
diff
changeset
|
870 if (ngx_handle_write_event(c->write, 0) == NGX_ERROR) { |
e7a68e14ccd3
nginx-0.0.7-2004-07-16-10:33:35 import
Igor Sysoev <igor@sysoev.ru>
parents:
393
diff
changeset
|
871 return NGX_ERROR; |
e7a68e14ccd3
nginx-0.0.7-2004-07-16-10:33:35 import
Igor Sysoev <igor@sysoev.ru>
parents:
393
diff
changeset
|
872 } |
e7a68e14ccd3
nginx-0.0.7-2004-07-16-10:33:35 import
Igor Sysoev <igor@sysoev.ru>
parents:
393
diff
changeset
|
873 |
e7a68e14ccd3
nginx-0.0.7-2004-07-16-10:33:35 import
Igor Sysoev <igor@sysoev.ru>
parents:
393
diff
changeset
|
874 return NGX_AGAIN; |
e7a68e14ccd3
nginx-0.0.7-2004-07-16-10:33:35 import
Igor Sysoev <igor@sysoev.ru>
parents:
393
diff
changeset
|
875 } |
e7a68e14ccd3
nginx-0.0.7-2004-07-16-10:33:35 import
Igor Sysoev <igor@sysoev.ru>
parents:
393
diff
changeset
|
876 |
395
f8f0f1834266
nginx-0.0.7-2004-07-16-21:11:43 import
Igor Sysoev <igor@sysoev.ru>
parents:
394
diff
changeset
|
877 ngx_ssl_error(NGX_LOG_ALERT, c->log, 0, "SSL_shutdown() failed"); |
394
e7a68e14ccd3
nginx-0.0.7-2004-07-16-10:33:35 import
Igor Sysoev <igor@sysoev.ru>
parents:
393
diff
changeset
|
878 |
543 | 879 SSL_free(c->ssl->connection); |
880 c->ssl = NULL; | |
881 | |
394
e7a68e14ccd3
nginx-0.0.7-2004-07-16-10:33:35 import
Igor Sysoev <igor@sysoev.ru>
parents:
393
diff
changeset
|
882 return NGX_ERROR; |
e7a68e14ccd3
nginx-0.0.7-2004-07-16-10:33:35 import
Igor Sysoev <igor@sysoev.ru>
parents:
393
diff
changeset
|
883 } |
e7a68e14ccd3
nginx-0.0.7-2004-07-16-10:33:35 import
Igor Sysoev <igor@sysoev.ru>
parents:
393
diff
changeset
|
884 |
e7a68e14ccd3
nginx-0.0.7-2004-07-16-10:33:35 import
Igor Sysoev <igor@sysoev.ru>
parents:
393
diff
changeset
|
885 |
547 | 886 static void |
577 | 887 ngx_ssl_shutdown_handler(ngx_event_t *ev) |
888 { | |
889 ngx_connection_t *c; | |
890 ngx_connection_handler_pt handler; | |
891 | |
892 c = ev->data; | |
893 handler = c->ssl->handler; | |
894 | |
895 if (ev->timedout) { | |
896 c->timedout = 1; | |
897 } | |
898 | |
899 ngx_log_debug0(NGX_LOG_DEBUG_HTTP, ev->log, 0, "SSL shutdown handler"); | |
900 | |
901 if (ngx_ssl_shutdown(c) == NGX_AGAIN) { | |
902 return; | |
903 } | |
904 | |
905 handler(c); | |
906 } | |
907 | |
908 | |
909 static void | |
547 | 910 ngx_ssl_connection_error(ngx_connection_t *c, int sslerr, ngx_err_t err, |
911 char *text) | |
912 { | |
913 ngx_uint_t level; | |
914 | |
915 level = NGX_LOG_CRIT; | |
916 | |
917 if (sslerr == SSL_ERROR_SYSCALL) { | |
918 | |
919 if (err == NGX_ECONNRESET | |
920 || err == NGX_EPIPE | |
921 || err == NGX_ENOTCONN | |
922 || err == NGX_ECONNREFUSED | |
923 || err == NGX_EHOSTUNREACH) | |
924 { | |
925 switch (c->log_error) { | |
926 | |
927 case NGX_ERROR_IGNORE_ECONNRESET: | |
928 case NGX_ERROR_INFO: | |
929 level = NGX_LOG_INFO; | |
930 break; | |
931 | |
932 case NGX_ERROR_ERR: | |
933 level = NGX_LOG_ERR; | |
934 break; | |
935 | |
936 default: | |
937 break; | |
938 } | |
939 } | |
940 } | |
941 | |
942 ngx_ssl_error(level, c->log, err, text); | |
943 } | |
944 | |
945 | |
489 | 946 void |
947 ngx_ssl_error(ngx_uint_t level, ngx_log_t *log, ngx_err_t err, char *fmt, ...) | |
577 | 948 { |
547 | 949 u_long n; |
950 va_list args; | |
461 | 951 u_char errstr[NGX_MAX_CONF_ERRSTR], *p, *last; |
952 | |
953 last = errstr + NGX_MAX_CONF_ERRSTR; | |
393
5659d773cfa8
nginx-0.0.7-2004-07-15-20:35:51 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
954 |
5659d773cfa8
nginx-0.0.7-2004-07-15-20:35:51 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
955 va_start(args, fmt); |
461 | 956 p = ngx_vsnprintf(errstr, sizeof(errstr) - 1, fmt, args); |
393
5659d773cfa8
nginx-0.0.7-2004-07-15-20:35:51 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
957 va_end(args); |
5659d773cfa8
nginx-0.0.7-2004-07-15-20:35:51 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
958 |
547 | 959 p = ngx_cpystrn(p, (u_char *) " (SSL:", last - p); |
960 | |
961 while (p < last && (n = ERR_get_error())) { | |
962 | |
963 *p++ = ' '; | |
393
5659d773cfa8
nginx-0.0.7-2004-07-15-20:35:51 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
964 |
547 | 965 ERR_error_string_n(n, (char *) p, last - p); |
966 | |
967 while (p < last && *p) { | |
968 p++; | |
969 } | |
970 } | |
393
5659d773cfa8
nginx-0.0.7-2004-07-15-20:35:51 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
971 |
395
f8f0f1834266
nginx-0.0.7-2004-07-16-21:11:43 import
Igor Sysoev <igor@sysoev.ru>
parents:
394
diff
changeset
|
972 ngx_log_error(level, log, err, "%s)", errstr); |
393
5659d773cfa8
nginx-0.0.7-2004-07-15-20:35:51 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
973 } |
509 | 974 |
975 | |
976 void | |
977 ngx_ssl_cleanup_ctx(void *data) | |
978 { | |
547 | 979 ngx_ssl_t *ssl = data; |
509 | 980 |
559 | 981 if (ssl->rsa512_key) { |
982 RSA_free(ssl->rsa512_key); | |
983 } | |
984 | |
547 | 985 SSL_CTX_free(ssl->ctx); |
509 | 986 } |
541 | 987 |
988 | |
989 static void * | |
990 ngx_openssl_create_conf(ngx_cycle_t *cycle) | |
991 { | |
992 ngx_openssl_conf_t *oscf; | |
577 | 993 |
541 | 994 oscf = ngx_pcalloc(cycle->pool, sizeof(ngx_openssl_conf_t)); |
995 if (oscf == NULL) { | |
996 return NGX_CONF_ERROR; | |
997 } | |
577 | 998 |
541 | 999 /* |
1000 * set by ngx_pcalloc(): | |
577 | 1001 * |
541 | 1002 * oscf->engine.len = 0; |
1003 * oscf->engine.data = NULL; | |
577 | 1004 */ |
541 | 1005 |
1006 return oscf; | |
1007 } | |
1008 | |
1009 | |
1010 static char * | |
1011 ngx_openssl_init_conf(ngx_cycle_t *cycle, void *conf) | |
1012 { | |
1013 #if (NGX_SSL_ENGINE) | |
1014 ngx_openssl_conf_t *oscf = conf; | |
571 | 1015 |
541 | 1016 ENGINE *engine; |
1017 | |
1018 if (oscf->engine.len == 0) { | |
1019 return NGX_CONF_OK; | |
1020 } | |
577 | 1021 |
541 | 1022 engine = ENGINE_by_id((const char *) oscf->engine.data); |
1023 | |
1024 if (engine == NULL) { | |
1025 ngx_ssl_error(NGX_LOG_WARN, cycle->log, 0, | |
1026 "ENGINE_by_id(\"%V\") failed", &oscf->engine); | |
1027 return NGX_CONF_ERROR; | |
1028 } | |
1029 | |
1030 if (ENGINE_set_default(engine, ENGINE_METHOD_ALL) == 0) { | |
1031 ngx_ssl_error(NGX_LOG_WARN, cycle->log, 0, | |
1032 "ENGINE_set_default(\"%V\", ENGINE_METHOD_ALL) failed", | |
1033 &oscf->engine); | |
1034 return NGX_CONF_ERROR; | |
1035 } | |
1036 | |
1037 ENGINE_free(engine); | |
1038 | |
1039 #endif | |
1040 | |
1041 return NGX_CONF_OK; | |
1042 } | |
1043 | |
1044 | |
1045 #if !(NGX_SSL_ENGINE) | |
1046 | |
1047 static char * | |
1048 ngx_openssl_noengine(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) | |
1049 { | |
1050 ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, | |
563 | 1051 "\"ssl_engine\" directive is available only in " |
1052 "OpenSSL 0.9.7 and higher,"); | |
541 | 1053 |
1054 return NGX_CONF_ERROR; | |
1055 } | |
1056 | |
1057 #endif | |
571 | 1058 |
1059 | |
1060 static void | |
1061 ngx_openssl_exit(ngx_cycle_t *cycle) | |
1062 { | |
1063 #if (NGX_SSL_ENGINE) | |
1064 ENGINE_cleanup(); | |
1065 #endif | |
1066 } |