diff options
| author | Maxim Dounin <mdounin@mdounin.ru> | 2018-09-10 18:57:19 +0300 |
|---|---|---|
| committer | Maxim Dounin <mdounin@mdounin.ru> | 2018-09-10 18:57:19 +0300 |
| commit | c2f90de0c56866bb4ef0630f89cee7904e687fba (patch) | |
| tree | 3027a59a2b01bd6df3acc74ca086496c45ae672d /src | |
| parent | 278be041ddbd91c28b496ca01213c47cbc96d958 (diff) | |
| download | nginx-c2f90de0c56866bb4ef0630f89cee7904e687fba.tar.gz nginx-c2f90de0c56866bb4ef0630f89cee7904e687fba.zip | |
SSL: corrected SSL_ERROR_WANT_WRITE / SSL_ERROR_WANT_READ logging.
While SSL_read() most likely to return SSL_ERROR_WANT_WRITE (and SSL_write()
accordingly SSL_ERROR_WANT_READ) during an SSL renegotiation, it is
not necessary mean that a renegotiation was started. In particular,
it can never happen during a renegotiation or can happen multiple times
during a renegotiation.
Because of the above, misleading "peer started SSL renegotiation" info
messages were replaced with "SSL_read: want write" and "SSL_write: want read"
debug ones.
Additionally, "SSL write handler" and "SSL read handler" are now logged
by the SSL write and read handlers, to make it easier to understand that
temporary SSL handlers are called instead of normal handlers.
Diffstat (limited to 'src')
| -rw-r--r-- | src/event/ngx_event_openssl.c | 12 |
1 files changed, 8 insertions, 4 deletions
diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c index cca4609f9..c9cae89d2 100644 --- a/src/event/ngx_event_openssl.c +++ b/src/event/ngx_event_openssl.c @@ -1681,8 +1681,8 @@ ngx_ssl_handle_recv(ngx_connection_t *c, int n) if (sslerr == SSL_ERROR_WANT_WRITE) { - ngx_log_error(NGX_LOG_INFO, c->log, 0, - "peer started SSL renegotiation"); + ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0, + "SSL_read: want write"); c->write->ready = 0; @@ -1724,6 +1724,8 @@ ngx_ssl_write_handler(ngx_event_t *wev) c = wev->data; + ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL write handler"); + c->read->handler(c->read); } @@ -1938,8 +1940,8 @@ ngx_ssl_write(ngx_connection_t *c, u_char *data, size_t size) if (sslerr == SSL_ERROR_WANT_READ) { - ngx_log_error(NGX_LOG_INFO, c->log, 0, - "peer started SSL renegotiation"); + ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0, + "SSL_write: want read"); c->read->ready = 0; @@ -1977,6 +1979,8 @@ ngx_ssl_read_handler(ngx_event_t *rev) c = rev->data; + ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL read handler"); + c->write->handler(c->write); } |