nginx-0.0.7-2004-07-09-11:12:14 import

author: Igor Sysoev <igor@sysoev.ru> 2004-07-09 07:12:14 +0000
committer: Igor Sysoev <igor@sysoev.ru> 2004-07-09 07:12:14 +0000
commit: e739eb7281e782ad944671002e51d0ba562c732c (patch)
tree: 72dbed5562b57b1c7be3a92e0b1516a15aac624c
parent: 755694565542b227c6966e8ba78425c84cf6e009 (diff)
download: nginx-e739eb7281e782ad944671002e51d0ba562c732c.tar.gz
nginx-e739eb7281e782ad944671002e51d0ba562c732c.zip
4 files changed, 58 insertions, 3 deletions
diff --git a/src/http/modules/ngx_http_ssl_filter.c b/src/http/modules/ngx_http_ssl_filter.c
index c9f21db32..b39fc38d5 100644
--- a/src/http/modules/ngx_http_ssl_filter.c
+++ b/src/http/modules/ngx_http_ssl_filter.c
@@ -111,8 +111,30 @@ ngx_int_t ngx_http_ssl_read(ngx_http_request_t *r)
                 return NGX_AGAIN;
             }
 
+            if (rc == SSL_ERROR_ZERO_RETURN) {
+                ngx_log_error(NGX_LOG_INFO, r->connection->log, 0,
+                               "client closed connection while SSL handshake");
+
+                ngx_http_ssl_close_request(ctx->ssl, SSL_RECEIVED_SHUTDOWN);
+
+                return NGX_ERROR;
+            }
+
+            if (ERR_GET_REASON(ERR_peek_error()) == SSL_R_HTTP_REQUEST) {
+                ngx_log_error(NGX_LOG_ERR, r->connection->log, 0,
+                               "client sent HTTP request to HTTPS port");
+
+                ngx_http_ssl_close_request(ctx->ssl,
+                                      SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN);
+
+                return NGX_OK;
+            }
+
             ngx_http_ssl_error(NGX_LOG_ALERT, r->connection->log, rc,
                                "SSL_accept() failed");
+
+            ngx_http_ssl_close_request(ctx->ssl, SSL_RECEIVED_SHUTDOWN);
+
             return NGX_ERROR;
         }
 
@@ -174,6 +196,14 @@ static ngx_http_ssl_ctx_t *ngx_http_ssl_create_ctx(ngx_http_request_t *r)
 }
 
 
+void ngx_http_ssl_close_request(SSL *ssl, int mode)
+{
+    SSL_set_shutdown(ssl, mode);
+    SSL_smart_shutdown(ssl);
+    SSL_free(ssl);
+}
+
+
 static void ngx_http_ssl_error(ngx_uint_t level, ngx_log_t *log, int err,
                                char *fmt, ...)
 {
diff --git a/src/http/modules/ngx_http_ssl_filter.h b/src/http/modules/ngx_http_ssl_filter.h
index 26704b5c3..c6dbe53e9 100644
--- a/src/http/modules/ngx_http_ssl_filter.h
+++ b/src/http/modules/ngx_http_ssl_filter.h
@@ -6,8 +6,11 @@
 #include <ngx_core.h>
 #include <ngx_http.h>
 
+#include <openssl/ssl.h>
+
 
 ngx_int_t ngx_http_ssl_read(ngx_http_request_t *r);
+void ngx_http_ssl_close_request(SSL *ssl, int mode);
 
 
 #endif /* _NGX_HTTP_SSL_FILTER_H_INCLUDED_ */
diff --git a/src/http/ngx_http_request.h b/src/http/ngx_http_request.h
index 3ffecc812..7abd57f80 100644
--- a/src/http/ngx_http_request.h
+++ b/src/http/ngx_http_request.h
@@ -54,7 +54,13 @@
 
 /* Our own HTTP codes */
 
-#define NGX_HTTP_NGX_CODES                 NGX_HTTP_INVALID_HOST
+#define NGX_HTTP_NGX_CODES                 NGX_HTTP_TO_HTTPS
+
+/*
+ * We use the special code for the plain HTTP requests that are sent to
+ * HTTPS port to distinguish it from 4XX in an error page redirection 
+ */
+#define NGX_HTTP_TO_HTTPS                  497
 
 /*
  * We use the special code for the requests with invalid host name
diff --git a/src/http/ngx_http_special_response.c b/src/http/ngx_http_special_response.c
index 70a6bb84d..dd7e55484 100644
--- a/src/http/ngx_http_special_response.c
+++ b/src/http/ngx_http_special_response.c
@@ -102,6 +102,14 @@ static char error_416_page[] =
 ;
 
 
+static char error_497_page[] =
+"<html>" CRLF
+"<head><title>The plain HTTP request was sent to HTTPS port</title></head>" CRLF
+"<body bgcolor=\"white\">" CRLF
+"<center><h1>The plain HTTP request was sent to HTTPS por</h1></center>" CRLF
+;
+
+
 static char error_500_page[] =
 "<html>" CRLF
 "<head><title>500 Internal Server Error</title></head>" CRLF
@@ -166,8 +174,9 @@ static ngx_str_t error_pages[] = {
     ngx_null_string,             /* 415 */
     ngx_string(error_416_page),
 
-    ngx_string(error_404_page),  /* 498 */
-    ngx_null_string,             /* 499 */
+    ngx_string(error_400_page),  /* 497, http to https */
+    ngx_string(error_404_page),  /* 498, invalid host name */
+    ngx_null_string,             /* 499, client closed connection */
 
     ngx_string(error_500_page),
     ngx_string(error_501_page),
@@ -199,6 +208,7 @@ ngx_int_t ngx_http_special_response_handler(ngx_http_request_t *r, int error)
             case NGX_HTTP_BAD_REQUEST:
             case NGX_HTTP_REQUEST_ENTITY_TOO_LARGE:
             case NGX_HTTP_REQUEST_URI_TOO_LARGE:
+            case NGX_HTTP_TO_HTTPS:
             case NGX_HTTP_INTERNAL_SERVER_ERROR:
                 r->keepalive = 0;
         }
@@ -207,6 +217,7 @@ ngx_int_t ngx_http_special_response_handler(ngx_http_request_t *r, int error)
     if (r->lingering_close == 1) {
         switch (error) {
             case NGX_HTTP_BAD_REQUEST:
+            case NGX_HTTP_TO_HTTPS:
                 r->lingering_close = 0;
         }
     }
@@ -241,6 +252,11 @@ ngx_int_t ngx_http_special_response_handler(ngx_http_request_t *r, int error)
         err = error - NGX_HTTP_NGX_CODES + 3 + 17;
 
         switch (error) {
+            case NGX_HTTP_TO_HTTPS:
+                r->headers_out.status = NGX_HTTP_BAD_REQUEST;
+                error = NGX_HTTP_BAD_REQUEST;
+                break;
+
             case NGX_HTTP_INVALID_HOST:
                 r->headers_out.status = NGX_HTTP_NOT_FOUND;
                 error = NGX_HTTP_NOT_FOUND;
author	Igor Sysoev <igor@sysoev.ru>	2004-07-09 07:12:14 +0000
committer	Igor Sysoev <igor@sysoev.ru>	2004-07-09 07:12:14 +0000
commit	e739eb7281e782ad944671002e51d0ba562c732c (patch)
tree	72dbed5562b57b1c7be3a92e0b1516a15aac624c
parent	755694565542b227c6966e8ba78425c84cf6e009 (diff)
download	nginx-e739eb7281e782ad944671002e51d0ba562c732c.tar.gz nginx-e739eb7281e782ad944671002e51d0ba562c732c.zip