r1862, r1866, r1869, r1874 merge:

*) revert SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER, removed in r1852 *) fix bogus crit log message "SSL_shutdown() failed" introduced in r1852 *) pull all errors
2008-05-04 09:47:59 +00:00 · 2008-05-04 09:47:59 +00:00 · b811a5c388
parent 73d987a411
commit b811a5c388
1 changed files with 21 additions and 10 deletions
--- a/src/event/ngx_event_openssl.c
+++ b/src/event/ngx_event_openssl.c
@ -187,6 +187,13 @@ ngx_ssl_create(ngx_ssl_t *ssl, ngx_uint_t protocols, void *data)
        SSL_CTX_set_options(ssl->ctx, ngx_ssl_protocols[protocols >> 1]);
    }

+    /*
+     * we need this option because in ngx_ssl_send_chain()
+     * we may switch to a buffered write and may copy leftover part of
+     * previously unbuffered data to our internal buffer
+     */
+    SSL_CTX_set_mode(ssl->ctx, SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER);
+
    SSL_CTX_set_read_ahead(ssl->ctx, 1);

    return NGX_OK;
@ -1000,17 +1007,14 @@ ngx_ssl_shutdown(ngx_connection_t *c)

    /* SSL_shutdown() never return -1, on error it return 0 */

-    if (n != 1) {
+    if (n != 1 && ERR_peek_error()) {
        sslerr = SSL_get_error(c->ssl->connection, n);

        ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0,
                       "SSL_get_error: %d", sslerr);
    }

-    if (n == 1
-        || sslerr == SSL_ERROR_ZERO_RETURN
-        || (sslerr == 0 && c->timedout))
-    {
+    if (n == 1 || sslerr == 0 || sslerr == SSL_ERROR_ZERO_RETURN) {
        SSL_free(c->ssl->connection);
        c->ssl = NULL;

@ -1113,18 +1117,21 @@ ngx_ssl_connection_error(ngx_connection_t *c, int sslerr, ngx_err_t err,
 static void
 ngx_ssl_clear_error(ngx_log_t *log)
 {
-    if (ERR_peek_error()) {
+    while (ERR_peek_error()) {
        ngx_ssl_error(NGX_LOG_ALERT, log, 0, "ignoring stale global SSL error");
    }
+
+    ERR_clear_error();
 }


 void ngx_cdecl
 ngx_ssl_error(ngx_uint_t level, ngx_log_t *log, ngx_err_t err, char *fmt, ...)
 {
-    u_long   n;
-    va_list  args;
-    u_char   errstr[NGX_MAX_CONF_ERRSTR], *p, *last;
+    u_long    n;
+    va_list   args;
+    u_char   *p, *last;
+    u_char    errstr[NGX_MAX_CONF_ERRSTR];

    last = errstr + NGX_MAX_CONF_ERRSTR;

@ -1134,7 +1141,7 @@ ngx_ssl_error(ngx_uint_t level, ngx_log_t *log, ngx_err_t err, char *fmt, ...)

    p = ngx_cpystrn(p, (u_char *) " (SSL:", last - p);

-    while (p < last) {
+    for ( ;; ) {

        n = ERR_get_error();

@ -1142,6 +1149,10 @@ ngx_ssl_error(ngx_uint_t level, ngx_log_t *log, ngx_err_t err, char *fmt, ...)
            break;
        }

+        if (p >= last) {
+            continue;
+        }
+
        *p++ = ' ';

        ERR_error_string_n(n, (char *) p, last - p);