always use buffer, if connection is buffered,
this fixes OpenSSL "bad write retry" error, when
*) nginx passed a single buf greater than our buffer (say 32K) to OpenSSL,
*) OpenSSL returns SSL_ERROR_WANT_WRITE,
*) after some time nginx has to send a new data,
*) so there are at least two bufs nginx does pass them directly to OpenSSL,
*) but copies the first buf part to buffer, and sends the buffer to OpenSSL.
*) because the data length is lesser than it was in previous SSL_write():
16K < 32K, OpenSSL returns SSL_R_BAD_WRITE_RETRY.
SSL_CTX_set_options(ssl->ctx, ngx_ssl_protocols[protocols >> 1]);
}
- /*
- * we need this option because in ngx_ssl_send_chain()
- * we may switch to a buffered write and may copy leftover part of
- * previously unbuffered data to our internal buffer
- */
- SSL_CTX_set_mode(ssl->ctx, SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER);
-
SSL_CTX_set_read_ahead(ssl->ctx, 1);
return NGX_OK;
ssize_t send, size;
ngx_buf_t *buf;
- if (!c->ssl->buffer
- || (in && in->next == NULL && !(c->buffered & NGX_SSL_BUFFERED)))
- {
- /*
- * we avoid a buffer copy if
- * we do not need to buffer the output
- * or the incoming buf is a single and our buffer is empty
- */
+ if (!c->ssl->buffer) {
while (in) {
if (ngx_buf_special(in->buf)) {
projects / nginx.git / commitdiff