aboutsummaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorMaxim Dounin <mdounin@mdounin.ru>2021-08-03 20:50:30 +0300
committerMaxim Dounin <mdounin@mdounin.ru>2021-08-03 20:50:30 +0300
commit15769c3918578dfa601303afa40d7acf9c36e4d9 (patch)
treea76ebc6efae5f6f4952a31b6c012a5c5ad1a79d0 /src
parentf8394db6fe9c73858032bd202bf0809d459a2f2f (diff)
downloadnginx-15769c3918578dfa601303afa40d7acf9c36e4d9.tar.gz
nginx-15769c3918578dfa601303afa40d7acf9c36e4d9.zip
SSL: set events ready flags after handshake.
The c->read->ready and c->write->ready flags might be reset during the handshake, and not set again if the handshake was finished on the other event. At the same time, some data might be read from the socket during the handshake, so missing c->read->ready flag might result in a connection hang, for example, when waiting for an SMTP greeting (which was already received during the handshake). Found by Sergey Kandaurov.
Diffstat (limited to 'src')
-rw-r--r--src/event/ngx_event_openssl.c6
1 files changed, 6 insertions, 0 deletions
diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c
index 396cc22b3..60cc35876 100644
--- a/src/event/ngx_event_openssl.c
+++ b/src/event/ngx_event_openssl.c
@@ -1740,6 +1740,9 @@ ngx_ssl_handshake(ngx_connection_t *c)
c->recv_chain = ngx_ssl_recv_chain;
c->send_chain = ngx_ssl_send_chain;
+ c->read->ready = 1;
+ c->write->ready = 1;
+
#ifndef SSL_OP_NO_RENEGOTIATION
#if OPENSSL_VERSION_NUMBER < 0x10100000L
#ifdef SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS
@@ -1885,6 +1888,9 @@ ngx_ssl_try_early_data(ngx_connection_t *c)
c->recv_chain = ngx_ssl_recv_chain;
c->send_chain = ngx_ssl_send_chain;
+ c->read->ready = 1;
+ c->write->ready = 1;
+
rc = ngx_ssl_ocsp_validate(c);
if (rc == NGX_ERROR) {
generated by cgit v1.2.3 (git 2.25.1) at 2025-07-19 15:13:36 +0000