diff options
| author | Igor Sysoev <igor@sysoev.ru> | 2005-11-15 16:30:52 +0300 |
|---|---|---|
| committer | Igor Sysoev <igor@sysoev.ru> | 2005-11-15 16:30:52 +0300 |
| commit | 0e5dc5cff692f532f0ccb2655ab196995f4233e0 (patch) | |
| tree | f56f40e788077b9820ebb45f3e0739fabb7be421 /src/event | |
| parent | 2a7f83eceda87e520f36bbfb16b82b8c2d6606d7 (diff) | |
nginx-0.3.10-RELEASE importrelease-0.3.10
*) Change: the "valid_referers" directive and the "$invalid_referer"
variable were moved to the new ngx_http_referer_module from the
ngx_http_rewrite_module.
*) Change: the "$apache_bytes_sent" variable name was changed to
"$body_bytes_sent".
*) Feature: the "$sent_http_..." variables.
*) Feature: the "if" directive supports the "=" and "!=" operations.
*) Feature: the "proxy_pass" directive supports the HTTPS protocol.
*) Feature: the "proxy_set_body" directive.
*) Feature: the "post_action" directive.
*) Feature: the ngx_http_empty_gif_module.
*) Feature: the "worker_cpu_affinity" directive for Linux.
*) Bugfix: the "rewrite" directive did not unescape URI part in
redirect, now it is unescaped except the %00-%25 and %7F-%FF
characters.
*) Bugfix: nginx could not be built by the icc 9.0 compiler.
*) Bugfix: if the SSI was enabled for zero size static file, then the
chunked response was encoded incorrectly.
Diffstat (limited to 'src/event')
| -rw-r--r-- | src/event/modules/ngx_devpoll_module.c | 8 | ||||
| -rw-r--r-- | src/event/modules/ngx_epoll_module.c | 8 | ||||
| -rw-r--r-- | src/event/modules/ngx_iocp_module.c | 4 | ||||
| -rw-r--r-- | src/event/modules/ngx_poll_module.c | 8 | ||||
| -rw-r--r-- | src/event/modules/ngx_rtsig_module.c | 4 | ||||
| -rw-r--r-- | src/event/modules/ngx_select_module.c | 8 | ||||
| -rw-r--r-- | src/event/ngx_event.c | 16 | ||||
| -rw-r--r-- | src/event/ngx_event_accept.c | 3 | ||||
| -rw-r--r-- | src/event/ngx_event_acceptex.c | 1 | ||||
| -rw-r--r-- | src/event/ngx_event_connect.c | 9 | ||||
| -rw-r--r-- | src/event/ngx_event_connect.h | 4 | ||||
| -rw-r--r-- | src/event/ngx_event_openssl.c | 197 | ||||
| -rw-r--r-- | src/event/ngx_event_openssl.h | 10 | ||||
| -rw-r--r-- | src/event/ngx_event_pipe.c | 38 |
14 files changed, 223 insertions, 95 deletions
diff --git a/src/event/modules/ngx_devpoll_module.c b/src/event/modules/ngx_devpoll_module.c index 7238e5bcb..b149bfedd 100644 --- a/src/event/modules/ngx_devpoll_module.c +++ b/src/event/modules/ngx_devpoll_module.c @@ -374,10 +374,10 @@ ngx_devpoll_process_events(ngx_cycle_t *cycle, ngx_msec_t timer, ngx_event_timer_alarm = 0; return NGX_OK; } - + level = NGX_LOG_INFO; - - } else { + + } else { level = NGX_LOG_ALERT; } @@ -434,7 +434,7 @@ ngx_devpoll_process_events(ngx_cycle_t *cycle, ngx_msec_t timer, /* * if the error events were returned without POLLIN or POLLOUT, * then add these flags to handle the events at least in one - * active handler + * active handler */ revents |= POLLIN|POLLOUT; diff --git a/src/event/modules/ngx_epoll_module.c b/src/event/modules/ngx_epoll_module.c index 7364d7d00..d866ffd48 100644 --- a/src/event/modules/ngx_epoll_module.c +++ b/src/event/modules/ngx_epoll_module.c @@ -418,10 +418,10 @@ ngx_epoll_process_events(ngx_cycle_t *cycle, ngx_msec_t timer, ngx_uint_t flags) ngx_event_timer_alarm = 0; return NGX_OK; } - + level = NGX_LOG_INFO; - - } else { + + } else { level = NGX_LOG_ALERT; } @@ -471,7 +471,7 @@ ngx_epoll_process_events(ngx_cycle_t *cycle, ngx_msec_t timer, ngx_uint_t flags) ngx_log_debug3(NGX_LOG_DEBUG_EVENT, log, 0, "epoll: fd:%d ev:%04XD d:%p", - c->fd, revents, event_list[i].data); + c->fd, revents, event_list[i].data.ptr); if (revents & (EPOLLERR|EPOLLHUP)) { ngx_log_debug2(NGX_LOG_DEBUG_EVENT, log, 0, diff --git a/src/event/modules/ngx_iocp_module.c b/src/event/modules/ngx_iocp_module.c index b7b1c62bc..eea3892c4 100644 --- a/src/event/modules/ngx_iocp_module.c +++ b/src/event/modules/ngx_iocp_module.c @@ -254,7 +254,7 @@ ngx_int_t ngx_iocp_process_events(ngx_cycle_t *cycle, ngx_msec_t timer, } delta = ngx_current_msec; - + if (flags & NGX_UPDATE_TIME) { ngx_time_update(0, 0); } @@ -306,7 +306,7 @@ ngx_int_t ngx_iocp_process_events(ngx_cycle_t *cycle, ngx_msec_t timer, */ ngx_log_debug1(NGX_LOG_DEBUG_EVENT, cycle->log, err, - "iocp: aborted event %p", ev); + "iocp: aborted event %p", ev); return NGX_OK; } diff --git a/src/event/modules/ngx_poll_module.c b/src/event/modules/ngx_poll_module.c index ffd6ace8a..cb9c90d20 100644 --- a/src/event/modules/ngx_poll_module.c +++ b/src/event/modules/ngx_poll_module.c @@ -280,10 +280,10 @@ ngx_poll_process_events(ngx_cycle_t *cycle, ngx_msec_t timer, ngx_uint_t flags) ngx_event_timer_alarm = 0; return NGX_OK; } - + level = NGX_LOG_INFO; - - } else { + + } else { level = NGX_LOG_ALERT; } @@ -388,7 +388,7 @@ ngx_poll_process_events(ngx_cycle_t *cycle, ngx_msec_t timer, ngx_uint_t flags) queue = (ngx_event_t **) (ev->accept ? &ngx_posted_accept_events: &ngx_posted_events); - ngx_locked_post_event(ev, queue); + ngx_locked_post_event(ev, queue); } if (revents & POLLOUT) { diff --git a/src/event/modules/ngx_rtsig_module.c b/src/event/modules/ngx_rtsig_module.c index a3891e8d4..603cd883f 100644 --- a/src/event/modules/ngx_rtsig_module.c +++ b/src/event/modules/ngx_rtsig_module.c @@ -327,7 +327,7 @@ ngx_rtsig_process_events(ngx_cycle_t *cycle, ngx_msec_t timer, ngx_uint_t flags) if (timer != NGX_TIMER_INFINITE) { return NGX_AGAIN; } - + ngx_log_error(NGX_LOG_ALERT, cycle->log, err, "sigtimedwait() returned EAGAIN without timeout"); return NGX_ERROR; @@ -390,7 +390,7 @@ ngx_rtsig_process_events(ngx_cycle_t *cycle, ngx_msec_t timer, ngx_uint_t flags) ngx_locked_post_event(rev, queue); - } else { + } else { rev->handler(rev); } } diff --git a/src/event/modules/ngx_select_module.c b/src/event/modules/ngx_select_module.c index 57f6f0500..feceb9878 100644 --- a/src/event/modules/ngx_select_module.c +++ b/src/event/modules/ngx_select_module.c @@ -353,10 +353,10 @@ ngx_select_process_events(ngx_cycle_t *cycle, ngx_msec_t timer, ngx_event_timer_alarm = 0; return NGX_OK; } - + level = NGX_LOG_INFO; - - } else { + + } else { level = NGX_LOG_ALERT; } @@ -405,7 +405,7 @@ ngx_select_process_events(ngx_cycle_t *cycle, ngx_msec_t timer, queue = (ngx_event_t **) (ev->accept ? &ngx_posted_accept_events: &ngx_posted_events); - ngx_locked_post_event(ev, queue); + ngx_locked_post_event(ev, queue); nready++; } diff --git a/src/event/ngx_event.c b/src/event/ngx_event.c index 51471998a..a347e1c3d 100644 --- a/src/event/ngx_event.c +++ b/src/event/ngx_event.c @@ -87,12 +87,12 @@ static ngx_command_t ngx_events_commands[] = { ngx_null_command }; - + static ngx_core_module_t ngx_events_module_ctx = { ngx_string("events"), NULL, NULL -}; +}; ngx_module_t ngx_events_module = { @@ -280,7 +280,7 @@ ngx_int_t ngx_handle_read_event(ngx_event_t *rev, u_int flags) { if (ngx_event_flags & NGX_USE_CLEAR_EVENT) { - + /* kqueue, epoll */ if (!rev->active && !rev->ready) { @@ -290,7 +290,7 @@ ngx_handle_read_event(ngx_event_t *rev, u_int flags) return NGX_ERROR; } } - + return NGX_OK; } else if (ngx_event_flags & NGX_USE_LEVEL_EVENT) { @@ -328,7 +328,7 @@ ngx_handle_read_event(ngx_event_t *rev, u_int flags) return NGX_ERROR; } } - + return NGX_OK; } @@ -401,7 +401,7 @@ ngx_handle_write_event(ngx_event_t *wev, size_t lowat) return NGX_ERROR; } } - + return NGX_OK; } @@ -613,7 +613,7 @@ ngx_event_process_init(ngx_cycle_t *cycle) if (setitimer(ITIMER_REAL, &itv, NULL) == -1) { ngx_log_error(NGX_LOG_ALERT, cycle->log, ngx_errno, "setitimer() failed"); - } + } } if (ngx_event_flags & NGX_USE_FD_EVENT) { @@ -809,7 +809,7 @@ ngx_send_lowat(ngx_connection_t *c, size_t lowat) } #endif - + if (lowat == 0 || c->sndlowat) { return NGX_OK; } diff --git a/src/event/ngx_event_accept.c b/src/event/ngx_event_accept.c index f1745c15a..fb43af432 100644 --- a/src/event/ngx_event_accept.c +++ b/src/event/ngx_event_accept.c @@ -142,6 +142,7 @@ ngx_event_accept(ngx_event_t *ev) c->recv = ngx_recv; c->send = ngx_send; + c->recv_chain = ngx_recv_chain; c->send_chain = ngx_send_chain; c->log = log; @@ -206,7 +207,7 @@ ngx_event_accept(ngx_event_t *ev) ngx_close_accepted_connection(c); return; } - + c->addr_text.len = ngx_sock_ntop(ls->family, c->sockaddr, c->addr_text.data, ls->addr_text_max_len); diff --git a/src/event/ngx_event_acceptex.c b/src/event/ngx_event_acceptex.c index 956a3f111..9b40c42ed 100644 --- a/src/event/ngx_event_acceptex.c +++ b/src/event/ngx_event_acceptex.c @@ -153,6 +153,7 @@ ngx_event_post_acceptex(ngx_listening_t *ls, ngx_uint_t n) c->recv = ngx_recv; c->send = ngx_send; + c->recv_chain = ngx_recv_chain; c->send_chain = ngx_send_chain; c->unexpected_eof = 1; diff --git a/src/event/ngx_event_connect.c b/src/event/ngx_event_connect.c index b20d16d4b..34ee2525f 100644 --- a/src/event/ngx_event_connect.c +++ b/src/event/ngx_event_connect.c @@ -173,6 +173,7 @@ ngx_event_connect_peer(ngx_peer_connection_t *pc) c->recv = ngx_recv; c->send = ngx_send; + c->recv_chain = ngx_recv_chain; c->send_chain = ngx_send_chain; c->log_error = pc->log_error; @@ -212,7 +213,7 @@ ngx_event_connect_peer(ngx_peer_connection_t *pc) if (ngx_add_conn(c) == NGX_ERROR) { return NGX_ERROR; } - } + } ngx_log_debug3(NGX_LOG_DEBUG_EVENT, pc->log, 0, "connect to %V, fd:%d #%d", &peer->name, s, c->number); @@ -246,7 +247,7 @@ ngx_event_connect_peer(ngx_peer_connection_t *pc) return NGX_AGAIN; } - + ngx_log_debug0(NGX_LOG_DEBUG_EVENT, pc->log, 0, "connected"); wev->ready = 1; @@ -270,10 +271,10 @@ ngx_event_connect_peer(ngx_peer_connection_t *pc) /* * FreeBSD's aio allows to post an operation on non-connected socket. * NT does not support it. - * + * * TODO: check in Win32, etc. As workaround we can use NGX_ONESHOT_EVENT */ - + rev->ready = 1; wev->ready = 1; diff --git a/src/event/ngx_event_connect.h b/src/event/ngx_event_connect.h index 2339bad56..f23c02fd2 100644 --- a/src/event/ngx_event_connect.h +++ b/src/event/ngx_event_connect.h @@ -27,6 +27,10 @@ typedef struct { ngx_uint_t max_fails; time_t fail_timeout; + +#if (NGX_SSL) + ngx_ssl_session_t *ssl_session; +#endif } ngx_peer_t; diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c index 49e260ac5..7efb713e2 100644 --- a/src/event/ngx_event_openssl.c +++ b/src/event/ngx_event_openssl.c @@ -18,6 +18,7 @@ static void ngx_ssl_handshake_handler(ngx_event_t *ev); static ngx_int_t ngx_ssl_handle_recv(ngx_connection_t *c, int n); static void ngx_ssl_write_handler(ngx_event_t *wev); static void ngx_ssl_read_handler(ngx_event_t *rev); +static void ngx_ssl_shutdown_handler(ngx_event_t *ev); static void ngx_ssl_connection_error(ngx_connection_t *c, int sslerr, ngx_err_t err, char *text); static void *ngx_openssl_create_conf(ngx_cycle_t *cycle); @@ -51,7 +52,7 @@ static ngx_core_module_t ngx_openssl_module_ctx = { ngx_string("openssl"), ngx_openssl_create_conf, ngx_openssl_init_conf -}; +}; ngx_module_t ngx_openssl_module = { @@ -99,19 +100,20 @@ ngx_ssl_init(ngx_log_t *log) ngx_int_t ngx_ssl_create(ngx_ssl_t *ssl, ngx_uint_t protocols) { - ssl->ctx = SSL_CTX_new(SSLv23_server_method()); + ssl->ctx = SSL_CTX_new(SSLv23_method()); if (ssl->ctx == NULL) { ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0, "SSL_CTX_new() failed"); return NGX_ERROR; } - /* - * these options are needed on client side only: - * SSL_OP_MICROSOFT_SESS_ID_BUG - * SSL_OP_NETSCAPE_CHALLENGE_BUG - * SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG - */ + /* client side options */ + + SSL_CTX_set_options(ssl->ctx, SSL_OP_MICROSOFT_SESS_ID_BUG); + SSL_CTX_set_options(ssl->ctx, SSL_OP_NETSCAPE_CHALLENGE_BUG); + SSL_CTX_set_options(ssl->ctx, SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG); + + /* server side options */ SSL_CTX_set_options(ssl->ctx, SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG); SSL_CTX_set_options(ssl->ctx, SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER); @@ -195,7 +197,7 @@ ngx_ssl_generate_rsa512_key(ngx_ssl_t *ssl) ngx_int_t ngx_ssl_create_connection(ngx_ssl_t *ssl, ngx_connection_t *c, ngx_uint_t flags) -{ +{ ngx_ssl_connection_t *sc; sc = ngx_pcalloc(c->pool, sizeof(ngx_ssl_connection_t)); @@ -224,7 +226,12 @@ ngx_ssl_create_connection(ngx_ssl_t *ssl, ngx_connection_t *c, ngx_uint_t flags) return NGX_ERROR; } - SSL_set_accept_state(sc->connection); + if (flags & NGX_SSL_CLIENT) { + SSL_set_connect_state(sc->connection); + + } else { + SSL_set_accept_state(sc->connection); + } c->ssl = sc; @@ -233,6 +240,20 @@ ngx_ssl_create_connection(ngx_ssl_t *ssl, ngx_connection_t *c, ngx_uint_t flags) ngx_int_t +ngx_ssl_set_session(ngx_connection_t *c, ngx_ssl_session_t *session) +{ + if (session) { + if (SSL_set_session(c->ssl->connection, session) == 0) { + ngx_ssl_error(NGX_LOG_ALERT, c->log, 0, "SSL_set_session() failed"); + return NGX_ERROR; + } + } + + return NGX_OK; +} + + +ngx_int_t ngx_ssl_handshake(ngx_connection_t *c) { int n, sslerr; @@ -240,7 +261,7 @@ ngx_ssl_handshake(ngx_connection_t *c) n = SSL_do_handshake(c->ssl->connection); - ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL_do_handshake: %d", n); + ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL_do_handshake: %d", n); if (n == 1) { @@ -282,7 +303,7 @@ ngx_ssl_handshake(ngx_connection_t *c) ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL: %s, cipher: \"%s\"", - SSL_get_version(c->ssl->connection), &buf[1]); + SSL_get_version(c->ssl->connection), &buf[1]); if (SSL_session_reused(c->ssl->connection)) { ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, @@ -291,7 +312,7 @@ ngx_ssl_handshake(ngx_connection_t *c) } else { ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0, - "SSL no shared ciphers"); + "SSL no shared ciphers"); } } #endif @@ -300,7 +321,8 @@ ngx_ssl_handshake(ngx_connection_t *c) c->recv = ngx_ssl_recv; c->send = ngx_ssl_write; - c->send_chain = ngx_ssl_send_chain; + c->recv_chain = ngx_ssl_recv_chain; + c->send_chain = ngx_ssl_send_chain; return NGX_OK; } @@ -338,7 +360,7 @@ ngx_ssl_handshake(ngx_connection_t *c) if (sslerr == SSL_ERROR_ZERO_RETURN || ERR_peek_error() == 0) { ngx_log_error(NGX_LOG_INFO, c->log, err, - "client closed connection in SSL handshake"); + "peer closed connection in SSL handshake"); return NGX_ERROR; } @@ -357,7 +379,7 @@ ngx_ssl_handshake_handler(ngx_event_t *ev) c = ev->data; ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, - "ssl handshake handler: %d", ev->write); + "SSL handshake handler: %d", ev->write); if (ngx_ssl_handshake(c) == NGX_AGAIN) { return; @@ -368,6 +390,41 @@ ngx_ssl_handshake_handler(ngx_event_t *ev) ssize_t +ngx_ssl_recv_chain(ngx_connection_t *c, ngx_chain_t *cl) +{ + ssize_t n, bytes; + ngx_buf_t *b; + + bytes = 0; + + while (cl) { + b = cl->buf; + + n = ngx_ssl_recv(c, b->last, b->end - b->last); + + if (n > 0) { + b->last += n; + bytes += n; + + if (b->last == b->end) { + cl = cl->next; + } + + continue; + } + + if (bytes) { + return bytes; + } + + return n; + } + + return bytes; +} + + +ssize_t ngx_ssl_recv(ngx_connection_t *c, u_char *buf, size_t size) { int n, bytes; @@ -376,6 +433,10 @@ ngx_ssl_recv(ngx_connection_t *c, u_char *buf, size_t size) return NGX_ERROR; } + if (c->ssl->last == NGX_DONE) { + return 0; + } + bytes = 0; /* @@ -387,7 +448,7 @@ ngx_ssl_recv(ngx_connection_t *c, u_char *buf, size_t size) n = SSL_read(c->ssl->connection, buf, size); - ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL_read: %d", n); + ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL_read: %d", n); if (n > 0) { bytes += n; @@ -399,10 +460,13 @@ ngx_ssl_recv(ngx_connection_t *c, u_char *buf, size_t size) if (bytes) { return bytes; + } - } else { - return c->ssl->last; + if (c->ssl->last == NGX_DONE) { + return 0; } + + return c->ssl->last; } size -= n; @@ -454,7 +518,7 @@ ngx_ssl_handle_recv(ngx_connection_t *c, int n) if (sslerr == SSL_ERROR_WANT_WRITE) { ngx_log_error(NGX_LOG_INFO, c->log, 0, - "client started SSL renegotiation"); + "peer started SSL renegotiation"); c->write->ready = 0; @@ -478,9 +542,9 @@ ngx_ssl_handle_recv(ngx_connection_t *c, int n) c->ssl->no_send_shutdown = 1; if (sslerr == SSL_ERROR_ZERO_RETURN || ERR_peek_error() == 0) { - ngx_log_error(NGX_LOG_INFO, c->log, err, "client closed connection"); - - return NGX_ERROR; + ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0, + "peer shutdown SSL cleanly"); + return NGX_DONE; } ngx_ssl_connection_error(c, sslerr, err, "SSL_read() failed"); @@ -516,27 +580,37 @@ ngx_ssl_send_chain(ngx_connection_t *c, ngx_chain_t *in, off_t limit) ssize_t send, size; ngx_buf_t *buf; - buf = c->ssl->buf; - - if (in && in->next == NULL && !c->buffered && !c->ssl->buffer) { + if (!c->ssl->buffer || (in && in->next == NULL && !c->buffered)) { /* - * we avoid a buffer copy if the incoming buf is a single, - * our buffer is empty, and we do not need to buffer the output + * we avoid a buffer copy if + * we do not need to buffer the output + * or the incoming buf is a single and our buffer is empty */ - n = ngx_ssl_write(c, in->buf->pos, in->buf->last - in->buf->pos); + while (in) { + if (ngx_buf_special(in->buf)) { + in = in->next; + continue; + } - if (n == NGX_ERROR) { - return NGX_CHAIN_ERROR; - } + n = ngx_ssl_write(c, in->buf->pos, in->buf->last - in->buf->pos); - if (n == NGX_AGAIN) { - c->buffered = 1; - return in; - } + if (n == NGX_ERROR) { + return NGX_CHAIN_ERROR; + } + + if (n == NGX_AGAIN) { + c->buffered = 1; + return in; + } - in->buf->pos += n; + in->buf->pos += n; + + if (in->buf->pos == in->buf->last) { + in = in->next; + } + } return in; } @@ -549,6 +623,7 @@ ngx_ssl_send_chain(ngx_connection_t *c, ngx_chain_t *in, off_t limit) } + buf = c->ssl->buf; send = 0; flush = (in == NULL) ? 1 : 0; @@ -576,7 +651,7 @@ ngx_ssl_send_chain(ngx_connection_t *c, ngx_chain_t *in, off_t limit) */ if (send + size > limit) { - size = limit - send; + size = (ssize_t) (limit - send); flush = 1; } @@ -588,6 +663,7 @@ ngx_ssl_send_chain(ngx_connection_t *c, ngx_chain_t *in, off_t limit) buf->last += size; in->buf->pos += size; + if (in->buf->pos == in->buf->last) { in = in->next; } @@ -678,7 +754,7 @@ ngx_ssl_write(ngx_connection_t *c, u_char *data, size_t size) if (sslerr == SSL_ERROR_WANT_READ) { ngx_log_error(NGX_LOG_INFO, c->log, 0, - "client started SSL renegotiation"); + "peer started SSL renegotiation"); c->read->ready = 0; @@ -725,7 +801,7 @@ ngx_ssl_shutdown(ngx_connection_t *c) int n, sslerr, mode; ngx_uint_t again; - if (c->read->timedout) { + if (c->timedout) { mode = SSL_RECEIVED_SHUTDOWN|SSL_SENT_SHUTDOWN; } else { @@ -752,7 +828,7 @@ ngx_ssl_shutdown(ngx_connection_t *c) ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL_shutdown: %d", n); - if (n == 1 || (n == 0 && c->read->timedout)) { + if (n == 1 || (n == 0 && c->timedout)) { SSL_free(c->ssl->connection); c->ssl = NULL; @@ -778,6 +854,8 @@ ngx_ssl_shutdown(ngx_connection_t *c) ngx_add_timer(c->read, 30000); + c->read->handler = ngx_ssl_shutdown_handler; + if (ngx_handle_read_event(c->read, 0) == NGX_ERROR) { return NGX_ERROR; } @@ -787,6 +865,8 @@ ngx_ssl_shutdown(ngx_connection_t *c) if (sslerr == SSL_ERROR_WANT_WRITE) { + c->write->handler = ngx_ssl_shutdown_handler; + if (ngx_handle_write_event(c->write, 0) == NGX_ERROR) { return NGX_ERROR; } @@ -804,6 +884,29 @@ ngx_ssl_shutdown(ngx_connection_t *c) static void +ngx_ssl_shutdown_handler(ngx_event_t *ev) +{ + ngx_connection_t *c; + ngx_connection_handler_pt handler; + + c = ev->data; + handler = c->ssl->handler; + + if (ev->timedout) { + c->timedout = 1; + } + + ngx_log_debug0(NGX_LOG_DEBUG_HTTP, ev->log, 0, "SSL shutdown handler"); + + if (ngx_ssl_shutdown(c) == NGX_AGAIN) { + return; + } + + handler(c); +} + + +static void ngx_ssl_connection_error(ngx_connection_t *c, int sslerr, ngx_err_t err, char *text) { @@ -842,7 +945,7 @@ ngx_ssl_connection_error(ngx_connection_t *c, int sslerr, ngx_err_t err, void ngx_ssl_error(ngx_uint_t level, ngx_log_t *log, ngx_err_t err, char *fmt, ...) -{ +{ u_long n; va_list args; u_char errstr[NGX_MAX_CONF_ERRSTR], *p, *last; @@ -887,18 +990,18 @@ static void * ngx_openssl_create_conf(ngx_cycle_t *cycle) { ngx_openssl_conf_t *oscf; - + oscf = ngx_pcalloc(cycle->pool, sizeof(ngx_openssl_conf_t)); if (oscf == NULL) { return NGX_CONF_ERROR; } - + /* * set by ngx_pcalloc(): - * + * * oscf->engine.len = 0; * oscf->engine.data = NULL; - */ + */ return oscf; } @@ -915,7 +1018,7 @@ ngx_openssl_init_conf(ngx_cycle_t *cycle, void *conf) if (oscf->engine.len == 0) { return NGX_CONF_OK; } - + engine = ENGINE_by_id((const char *) oscf->engine.data); if (engine == NULL) { diff --git a/src/event/ngx_event_openssl.h b/src/event/ngx_event_openssl.h index 6e81cdfa9..63cb33397 100644 --- a/src/event/ngx_event_openssl.h +++ b/src/event/ngx_event_openssl.h @@ -46,12 +46,16 @@ typedef struct { } ngx_ssl_connection_t; +#define ngx_ssl_session_t SSL_SESSION + + #define NGX_SSL_SSLv2 2 #define NGX_SSL_SSLv3 4 #define NGX_SSL_TLSv1 8 #define NGX_SSL_BUFFER 1 +#define NGX_SSL_CLIENT 2 #define NGX_SSL_BUFSIZE 16384 @@ -63,9 +67,15 @@ ngx_int_t ngx_ssl_certificate(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_int_t ngx_ssl_generate_rsa512_key(ngx_ssl_t *ssl); ngx_int_t ngx_ssl_create_connection(ngx_ssl_t *ssl, ngx_connection_t *c, ngx_uint_t flags); + +ngx_int_t ngx_ssl_set_session(ngx_connection_t *c, ngx_ssl_session_t *session); +#define ngx_ssl_get_session(c) SSL_get1_session(c->ssl->connection) +#define ngx_ssl_free_session SSL_SESSION_free + ngx_int_t ngx_ssl_handshake(ngx_connection_t *c); ssize_t ngx_ssl_recv(ngx_connection_t *c, u_char *buf, size_t size); ssize_t ngx_ssl_write(ngx_connection_t *c, u_char *data, size_t size); +ssize_t ngx_ssl_recv_chain(ngx_connection_t *c, ngx_chain_t *cl); ngx_chain_t *ngx_ssl_send_chain(ngx_connection_t *c, ngx_chain_t *in, off_t limit); ngx_int_t ngx_ssl_shutdown(ngx_connection_t *c); diff --git a/src/event/ngx_event_pipe.c b/src/event/ngx_event_pipe.c index 74cfac2d1..9970ed328 100644 --- a/src/event/ngx_event_pipe.c +++ b/src/event/ngx_event_pipe.c @@ -20,7 +20,8 @@ static ngx_inline void ngx_event_pipe_free_shadow_raw_buf(ngx_chain_t **free, static ngx_int_t ngx_event_pipe_drain_chains(ngx_event_pipe_t *p); -ngx_int_t ngx_event_pipe(ngx_event_pipe_t *p, int do_write) +ngx_int_t +ngx_event_pipe(ngx_event_pipe_t *p, int do_write) { u_int flags; ngx_event_t *rev, *wev; @@ -79,7 +80,8 @@ ngx_int_t ngx_event_pipe(ngx_event_pipe_t *p, int do_write) } -static ngx_int_t ngx_event_pipe_read_upstream(ngx_event_pipe_t *p) +static ngx_int_t +ngx_event_pipe_read_upstream(ngx_event_pipe_t *p) { ssize_t n, size; ngx_int_t rc; @@ -123,7 +125,7 @@ static ngx_int_t ngx_event_pipe_read_upstream(ngx_event_pipe_t *p) /* * kqueue notifies about the end of file or a pending error. * This test allows not to allocate a buf on these conditions - * and not to call ngx_recv_chain(). + * and not to call c->recv_chain(). */ if (p->upstream->read->available == 0 @@ -221,7 +223,7 @@ static ngx_int_t ngx_event_pipe_read_upstream(ngx_event_pipe_t *p) && p->upstream->read->ready) { if (ngx_del_event(p->upstream->read, NGX_READ_EVENT, 0) - == NGX_ERROR) + == NGX_ERROR) { return NGX_ABORT; } @@ -246,11 +248,11 @@ static ngx_int_t ngx_event_pipe_read_upstream(ngx_event_pipe_t *p) ngx_log_debug0(NGX_LOG_DEBUG_EVENT, p->log, 0, "no pipe bufs to read in"); - + break; } - n = ngx_recv_chain(p->upstream, chain); + n = p->upstream->recv_chain(p->upstream, chain); ngx_log_debug1(NGX_LOG_DEBUG_EVENT, p->log, 0, "pipe recv chain: %z", n); @@ -382,7 +384,7 @@ static ngx_int_t ngx_event_pipe_read_upstream(ngx_event_pipe_t *p) if (p->free_bufs) { for (cl = p->free_raw_bufs; cl; cl = cl->next) { if (cl->buf->shadow == NULL) { - ngx_pfree(p->pool, cl->buf->start); + ngx_pfree(p->pool, cl->buf->start); } } } @@ -398,7 +400,8 @@ static ngx_int_t ngx_event_pipe_read_upstream(ngx_event_pipe_t *p) } -static ngx_int_t ngx_event_pipe_write_to_downstream(ngx_event_pipe_t *p) +static ngx_int_t +ngx_event_pipe_write_to_downstream(ngx_event_pipe_t *p) { size_t bsize; ngx_uint_t flush; @@ -578,7 +581,8 @@ static ngx_int_t ngx_event_pipe_write_to_downstream(ngx_event_pipe_t *p) } -static ngx_int_t ngx_event_pipe_write_chain_to_temp_file(ngx_event_pipe_t *p) +static ngx_int_t +ngx_event_pipe_write_chain_to_temp_file(ngx_event_pipe_t *p) { ssize_t size, bsize; ngx_buf_t *b; @@ -704,7 +708,8 @@ static ngx_int_t ngx_event_pipe_write_chain_to_temp_file(ngx_event_pipe_t *p) /* the copy input filter */ -ngx_int_t ngx_event_pipe_copy_input_filter(ngx_event_pipe_t *p, ngx_buf_t *buf) +ngx_int_t +ngx_event_pipe_copy_input_filter(ngx_event_pipe_t *p, ngx_buf_t *buf) { ngx_buf_t *b; ngx_chain_t *cl; @@ -754,7 +759,8 @@ ngx_int_t ngx_event_pipe_copy_input_filter(ngx_event_pipe_t *p, ngx_buf_t *buf) } -static ngx_inline void ngx_event_pipe_remove_shadow_links(ngx_buf_t *buf) +static ngx_inline void +ngx_event_pipe_remove_shadow_links(ngx_buf_t *buf) { ngx_buf_t *b, *next; @@ -784,8 +790,8 @@ static ngx_inline void ngx_event_pipe_remove_shadow_links(ngx_buf_t *buf) } -static ngx_inline void ngx_event_pipe_free_shadow_raw_buf(ngx_chain_t **free, - ngx_buf_t *buf) +static ngx_inline void +ngx_event_pipe_free_shadow_raw_buf(ngx_chain_t **free, ngx_buf_t *buf) { ngx_buf_t *s; ngx_chain_t *cl, **ll; @@ -813,7 +819,8 @@ static ngx_inline void ngx_event_pipe_free_shadow_raw_buf(ngx_chain_t **free, } -ngx_int_t ngx_event_pipe_add_free_buf(ngx_event_pipe_t *p, ngx_buf_t *b) +ngx_int_t +ngx_event_pipe_add_free_buf(ngx_event_pipe_t *p, ngx_buf_t *b) { ngx_chain_t *cl; @@ -854,7 +861,8 @@ ngx_int_t ngx_event_pipe_add_free_buf(ngx_event_pipe_t *p, ngx_buf_t *b) } -static ngx_int_t ngx_event_pipe_drain_chains(ngx_event_pipe_t *p) +static ngx_int_t +ngx_event_pipe_drain_chains(ngx_event_pipe_t *p) { ngx_chain_t *cl, *tl; |