]> git.kaiwu.me - nginx.git/commitdiff
projects / nginx.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 278be04)
SSL: corrected SSL_ERROR_WANT_WRITE / SSL_ERROR_WANT_READ logging.
authorMaxim Dounin <mdounin@mdounin.ru>
Mon, 10 Sep 2018 15:57:19 +0000 (18:57 +0300)
committerMaxim Dounin <mdounin@mdounin.ru>
Mon, 10 Sep 2018 15:57:19 +0000 (18:57 +0300)
While SSL_read() most likely to return SSL_ERROR_WANT_WRITE (and SSL_write()
accordingly SSL_ERROR_WANT_READ) during an SSL renegotiation, it is
not necessary mean that a renegotiation was started.  In particular,
it can never happen during a renegotiation or can happen multiple times
during a renegotiation.

Because of the above, misleading "peer started SSL renegotiation" info
messages were replaced with "SSL_read: want write" and "SSL_write: want read"
debug ones.

Additionally, "SSL write handler" and "SSL read handler" are now logged
by the SSL write and read handlers, to make it easier to understand that
temporary SSL handlers are called instead of normal handlers.

src/event/ngx_event_openssl.c patch | blob | history

diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c
index cca4609f90a2cdf16dfbae5bcd15c120e6cf6ca6..c9cae89d2fc33e5d26460ad141a4426c07ec9fb9 100644 (file)
--- a/src/event/ngx_event_openssl.c
+++ b/src/event/ngx_event_openssl.c
@@ -1681,8 +1681,8 @@ ngx_ssl_handle_recv(ngx_connection_t *c, int n)
 
     if (sslerr == SSL_ERROR_WANT_WRITE) {
 
-        ngx_log_error(NGX_LOG_INFO, c->log, 0,
-                      "peer started SSL renegotiation");
+        ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0,
+                       "SSL_read: want write");
 
         c->write->ready = 0;
 
@@ -1724,6 +1724,8 @@ ngx_ssl_write_handler(ngx_event_t *wev)
 
     c = wev->data;
 
+    ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL write handler");
+
     c->read->handler(c->read);
 }
 
@@ -1938,8 +1940,8 @@ ngx_ssl_write(ngx_connection_t *c, u_char *data, size_t size)
 
     if (sslerr == SSL_ERROR_WANT_READ) {
 
-        ngx_log_error(NGX_LOG_INFO, c->log, 0,
-                      "peer started SSL renegotiation");
+        ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0,
+                       "SSL_write: want read");
 
         c->read->ready = 0;
 
@@ -1977,6 +1979,8 @@ ngx_ssl_read_handler(ngx_event_t *rev)
 
     c = rev->data;
 
+    ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL read handler");
+
     c->write->handler(c->write);
 }
 
nginx upstream