diff options
| author | Igor Sysoev <igor@sysoev.ru> | 2004-12-02 21:40:46 +0300 |
|---|---|---|
| committer | Igor Sysoev <igor@sysoev.ru> | 2004-12-02 21:40:46 +0300 |
| commit | 42b12b34fa74c15cfb1746d71cde949f3d5807ef (patch) | |
| tree | c44cd3f35d794e6e2be01d516e72737464f76fff /src/event/ngx_event_openssl.c | |
| parent | 4e7b11b02bd42ed284a5f006a13b0635fc33d556 (diff) | |
nginx-0.1.11-RELEASE importrelease-0.1.11
*) Feature: the worker_priority directive.
*) Change: both tcp_nopush and tcp_nodelay directives affect the
transferred response.
*) Bugfix: nginx did not call initgroups().
Thanks to Andrew Sitnikov and Andrei Nigmatulin.
*) Change: now the ngx_http_autoindex_module shows the file size in the
bytes.
*) Bugfix: the ngx_http_autoindex_module returned the 500 error if the
broken symlink was in a directory.
*) Bugfix: the files bigger than 4G could not be transferred using
sendfile.
*) Bugfix: if the backend was resolved to several backends and there
was an error while the response waiting then process may got caught
in an endless loop.
*) Bugfix: the worker process may exit with the "unknown cycle" message
when the /dev/poll method was used.
*) Bugfix: "close() channel failed" errors.
*) Bugfix: the autodetection of the "nobody" and "nogroup" groups.
*) Bugfix: the send_lowat directive did not work on Linux.
*) Bugfix: the segmentation fault occurred if there was no events
section in configuration.
*) Bugfix: nginx could not be built on OpenBSD.
*) Bugfix: the double slashes in "://" in the URI were converted to
":/".
Diffstat (limited to 'src/event/ngx_event_openssl.c')
| -rw-r--r-- | src/event/ngx_event_openssl.c | 151 |
1 files changed, 129 insertions, 22 deletions
diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c index 294f3b4ce..c0ec6adfe 100644 --- a/src/event/ngx_event_openssl.c +++ b/src/event/ngx_event_openssl.c @@ -9,7 +9,9 @@ #include <ngx_event.h> +static void ngx_ssl_write_handler(ngx_event_t *wev); static ssize_t ngx_ssl_write(ngx_connection_t *c, u_char *data, size_t size); +static void ngx_ssl_read_handler(ngx_event_t *rev); ngx_int_t ngx_ssl_init(ngx_log_t *log) @@ -69,6 +71,25 @@ ssize_t ngx_ssl_recv(ngx_connection_t *c, u_char *buf, size_t size) ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL_read: %d", n); if (n > 0) { + if (c->ssl->saved_write_handler) { + + c->write->event_handler = c->ssl->saved_write_handler; + c->ssl->saved_write_handler = NULL; + c->write->ready = 1; + + if (ngx_handle_write_event(c->write, 0) == NGX_ERROR) { + return NGX_ERROR; + } + + if (ngx_mutex_lock(ngx_posted_events_mutex) == NGX_ERROR) { + return NGX_ERROR; + } + + ngx_post_event(c->write); + + ngx_mutex_unlock(ngx_posted_events_mutex); + } + return n; } @@ -93,13 +114,27 @@ ssize_t ngx_ssl_recv(ngx_connection_t *c, u_char *buf, size_t size) if (sslerr == SSL_ERROR_WANT_WRITE) { ngx_log_error(NGX_LOG_ALERT, c->log, err, "SSL wants to write%s", handshake); - return NGX_ERROR; -#if 0 + + c->write->ready = 0; + + if (ngx_handle_write_event(c->write, 0) == NGX_ERROR) { + return NGX_ERROR; + } + + /* + * we do not set the timer because there is already the read event timer + */ + + if (c->ssl->saved_write_handler == NULL) { + c->ssl->saved_write_handler = c->write->event_handler; + c->write->event_handler = ngx_ssl_write_handler; + } + return NGX_AGAIN; -#endif } c->ssl->no_rcv_shut = 1; + c->ssl->no_send_shut = 1; if (sslerr == SSL_ERROR_ZERO_RETURN || ERR_peek_error() == 0) { ngx_log_error(NGX_LOG_INFO, c->log, err, @@ -115,9 +150,18 @@ ssize_t ngx_ssl_recv(ngx_connection_t *c, u_char *buf, size_t size) } +static void ngx_ssl_write_handler(ngx_event_t *wev) +{ + ngx_connection_t *c; + + c = wev->data; + c->read->event_handler(c->read); +} + + /* * OpenSSL has no SSL_writev() so we copy several bufs into our 16K buffer - * before SSL_write() call to decrease a SSL overhead. + * before the SSL_write() call to decrease a SSL overhead. * * Besides for protocols such as HTTP it is possible to always buffer * the output to decrease a SSL overhead some more. @@ -155,6 +199,14 @@ ngx_chain_t *ngx_ssl_send_chain(ngx_connection_t *c, ngx_chain_t *in, return in; } + + /* the maximum limit size is the maximum uint32_t value - the page size */ + + if (limit == 0 || limit > NGX_MAX_UINT32_VALUE - ngx_pagesize) { + limit = NGX_MAX_UINT32_VALUE - ngx_pagesize; + } + + send = 0; flush = (in == NULL) ? 1 : 0; @@ -252,6 +304,25 @@ static ssize_t ngx_ssl_write(ngx_connection_t *c, u_char *data, size_t size) ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL_write: %d", n); if (n > 0) { + if (c->ssl->saved_read_handler) { + + c->read->event_handler = c->ssl->saved_read_handler; + c->ssl->saved_read_handler = NULL; + c->read->ready = 1; + + if (ngx_handle_read_event(c->read, 0) == NGX_ERROR) { + return NGX_ERROR; + } + + if (ngx_mutex_lock(ngx_posted_events_mutex) == NGX_ERROR) { + return NGX_ERROR; + } + + ngx_post_event(c->read); + + ngx_mutex_unlock(ngx_posted_events_mutex); + } + return n; } @@ -277,13 +348,28 @@ static ssize_t ngx_ssl_write(ngx_connection_t *c, u_char *data, size_t size) ngx_log_error(NGX_LOG_ALERT, c->log, err, "SSL wants to read%s", handshake); - return NGX_ERROR; -#if 0 + + c->read->ready = 0; + + if (ngx_handle_read_event(c->read, 0) == NGX_ERROR) { + return NGX_ERROR; + } + + /* + * we do not set the timer because there is already + * the write event timer + */ + + if (c->ssl->saved_read_handler == NULL) { + c->ssl->saved_read_handler = c->read->event_handler; + c->read->event_handler = ngx_ssl_read_handler; + } + return NGX_AGAIN; -#endif } c->ssl->no_rcv_shut = 1; + c->ssl->no_send_shut = 1; ngx_ssl_error(NGX_LOG_ALERT, c->log, err, "SSL_write() failed"); @@ -291,21 +377,42 @@ static ssize_t ngx_ssl_write(ngx_connection_t *c, u_char *data, size_t size) } +static void ngx_ssl_read_handler(ngx_event_t *rev) +{ + ngx_connection_t *c; + + c = rev->data; + c->write->event_handler(c->write); +} + + ngx_int_t ngx_ssl_shutdown(ngx_connection_t *c) { - int n, sslerr; + int n, sslerr, mode; ngx_uint_t again; - if (c->timedout) { - SSL_set_shutdown(c->ssl->ssl, SSL_RECEIVED_SHUTDOWN|SSL_SENT_SHUTDOWN); + if (!c->ssl->shutdown_set) { - } else { - if (c->ssl->no_rcv_shut) { - SSL_set_shutdown(c->ssl->ssl, SSL_RECEIVED_SHUTDOWN); + /* it seems that SSL_set_shutdown() could be called once only */ + + if (c->read->timedout) { + mode = SSL_RECEIVED_SHUTDOWN|SSL_SENT_SHUTDOWN; + + } else { + mode = 0; + + if (c->ssl->no_rcv_shut) { + mode = SSL_RECEIVED_SHUTDOWN; + } + + if (c->ssl->no_send_shut) { + mode |= SSL_SENT_SHUTDOWN; + } } - if (c->ssl->no_send_shut) { - SSL_set_shutdown(c->ssl->ssl, SSL_SENT_SHUTDOWN); + if (mode) { + SSL_set_shutdown(c->ssl->ssl, mode); + c->ssl->shutdown_set = 1; } } @@ -319,17 +426,17 @@ ngx_int_t ngx_ssl_shutdown(ngx_connection_t *c) ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL_shutdown: %d", n); - if (n == 0) { - again = 1; - break; - } - - if (n == 1) { + if (n == 1 || (n == 0 && c->read->timedout)) { SSL_free(c->ssl->ssl); c->ssl = NULL; return NGX_OK; } + if (n == 0) { + again = 1; + break; + } + break; } @@ -342,7 +449,7 @@ ngx_int_t ngx_ssl_shutdown(ngx_connection_t *c) if (again || sslerr == SSL_ERROR_WANT_READ) { - ngx_add_timer(c->read, 10000); + ngx_add_timer(c->read, 30000); if (ngx_handle_read_event(c->read, 0) == NGX_ERROR) { return NGX_ERROR; |