r1862, r1866, r1869, r1874 merge:
*) revert SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER, removed in r1852 *) fix bogus crit log message "SSL_shutdown() failed" introduced in r1852 *) pull all errors
This commit is contained in:
parent
73d987a411
commit
b811a5c388
|
@ -187,6 +187,13 @@ ngx_ssl_create(ngx_ssl_t *ssl, ngx_uint_t protocols, void *data)
|
|||
SSL_CTX_set_options(ssl->ctx, ngx_ssl_protocols[protocols >> 1]);
|
||||
}
|
||||
|
||||
/*
|
||||
* we need this option because in ngx_ssl_send_chain()
|
||||
* we may switch to a buffered write and may copy leftover part of
|
||||
* previously unbuffered data to our internal buffer
|
||||
*/
|
||||
SSL_CTX_set_mode(ssl->ctx, SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER);
|
||||
|
||||
SSL_CTX_set_read_ahead(ssl->ctx, 1);
|
||||
|
||||
return NGX_OK;
|
||||
|
@ -1000,17 +1007,14 @@ ngx_ssl_shutdown(ngx_connection_t *c)
|
|||
|
||||
/* SSL_shutdown() never return -1, on error it return 0 */
|
||||
|
||||
if (n != 1) {
|
||||
if (n != 1 && ERR_peek_error()) {
|
||||
sslerr = SSL_get_error(c->ssl->connection, n);
|
||||
|
||||
ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0,
|
||||
"SSL_get_error: %d", sslerr);
|
||||
}
|
||||
|
||||
if (n == 1
|
||||
|| sslerr == SSL_ERROR_ZERO_RETURN
|
||||
|| (sslerr == 0 && c->timedout))
|
||||
{
|
||||
if (n == 1 || sslerr == 0 || sslerr == SSL_ERROR_ZERO_RETURN) {
|
||||
SSL_free(c->ssl->connection);
|
||||
c->ssl = NULL;
|
||||
|
||||
|
@ -1113,18 +1117,21 @@ ngx_ssl_connection_error(ngx_connection_t *c, int sslerr, ngx_err_t err,
|
|||
static void
|
||||
ngx_ssl_clear_error(ngx_log_t *log)
|
||||
{
|
||||
if (ERR_peek_error()) {
|
||||
while (ERR_peek_error()) {
|
||||
ngx_ssl_error(NGX_LOG_ALERT, log, 0, "ignoring stale global SSL error");
|
||||
}
|
||||
|
||||
ERR_clear_error();
|
||||
}
|
||||
|
||||
|
||||
void ngx_cdecl
|
||||
ngx_ssl_error(ngx_uint_t level, ngx_log_t *log, ngx_err_t err, char *fmt, ...)
|
||||
{
|
||||
u_long n;
|
||||
va_list args;
|
||||
u_char errstr[NGX_MAX_CONF_ERRSTR], *p, *last;
|
||||
u_long n;
|
||||
va_list args;
|
||||
u_char *p, *last;
|
||||
u_char errstr[NGX_MAX_CONF_ERRSTR];
|
||||
|
||||
last = errstr + NGX_MAX_CONF_ERRSTR;
|
||||
|
||||
|
@ -1134,7 +1141,7 @@ ngx_ssl_error(ngx_uint_t level, ngx_log_t *log, ngx_err_t err, char *fmt, ...)
|
|||
|
||||
p = ngx_cpystrn(p, (u_char *) " (SSL:", last - p);
|
||||
|
||||
while (p < last) {
|
||||
for ( ;; ) {
|
||||
|
||||
n = ERR_get_error();
|
||||
|
||||
|
@ -1142,6 +1149,10 @@ ngx_ssl_error(ngx_uint_t level, ngx_log_t *log, ngx_err_t err, char *fmt, ...)
|
|||
break;
|
||||
}
|
||||
|
||||
if (p >= last) {
|
||||
continue;
|
||||
}
|
||||
|
||||
*p++ = ' ';
|
||||
|
||||
ERR_error_string_n(n, (char *) p, last - p);
|
||||
|
|
Loading…
Reference in New Issue