nginx-0.0.7-2004-07-09-11:12:14 import

diff --git a/src/http/modules/ngx_http_ssl_filter.c b/src/http/modules/ngx_http_ssl_filter.c
index c9f21db324b9a4469ecfc7ea2f417f97af5cda8d..b39fc38d57b83b8451729bface965d4952c529db 100644 (file)
--- a/src/http/modules/ngx_http_ssl_filter.c
+++ b/src/http/modules/ngx_http_ssl_filter.c
@@ -111,8 +111,30 @@ ngx_int_t ngx_http_ssl_read(ngx_http_request_t *r)
                 return NGX_AGAIN;
             }
 
+            if (rc == SSL_ERROR_ZERO_RETURN) {
+                ngx_log_error(NGX_LOG_INFO, r->connection->log, 0,
+                               "client closed connection while SSL handshake");
+
+                ngx_http_ssl_close_request(ctx->ssl, SSL_RECEIVED_SHUTDOWN);
+
+                return NGX_ERROR;
+            }
+
+            if (ERR_GET_REASON(ERR_peek_error()) == SSL_R_HTTP_REQUEST) {
+                ngx_log_error(NGX_LOG_ERR, r->connection->log, 0,
+                               "client sent HTTP request to HTTPS port");
+
+                ngx_http_ssl_close_request(ctx->ssl,
+                                      SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN);
+
+                return NGX_OK;
+            }
+
             ngx_http_ssl_error(NGX_LOG_ALERT, r->connection->log, rc,
                                "SSL_accept() failed");
+
+            ngx_http_ssl_close_request(ctx->ssl, SSL_RECEIVED_SHUTDOWN);
+
             return NGX_ERROR;
         }
 
@@ -174,6 +196,14 @@ static ngx_http_ssl_ctx_t *ngx_http_ssl_create_ctx(ngx_http_request_t *r)
 }
 
 
+void ngx_http_ssl_close_request(SSL *ssl, int mode)
+{
+    SSL_set_shutdown(ssl, mode);
+    SSL_smart_shutdown(ssl);
+    SSL_free(ssl);
+}
+
+
 static void ngx_http_ssl_error(ngx_uint_t level, ngx_log_t *log, int err,
                                char *fmt, ...)
 {

diff --git a/src/http/modules/ngx_http_ssl_filter.h b/src/http/modules/ngx_http_ssl_filter.h
index 26704b5c373e58d00e326f92ef1bb3d82c3c5e68..c6dbe53e96dcdb49f389fae78dc166ee7988fdf3 100644 (file)
--- a/src/http/modules/ngx_http_ssl_filter.h
+++ b/src/http/modules/ngx_http_ssl_filter.h
@@ -6,8 +6,11 @@
 #include <ngx_core.h>
 #include <ngx_http.h>
 
+#include <openssl/ssl.h>
+
 
 ngx_int_t ngx_http_ssl_read(ngx_http_request_t *r);
+void ngx_http_ssl_close_request(SSL *ssl, int mode);
 
 
 #endif /* _NGX_HTTP_SSL_FILTER_H_INCLUDED_ */

diff --git a/src/http/ngx_http_request.h b/src/http/ngx_http_request.h
index 3ffecc81214370992ebcaa4808f46df64e24f0b6..7abd57f80665549c73b9ed969ff61009190b0216 100644 (file)
--- a/src/http/ngx_http_request.h
+++ b/src/http/ngx_http_request.h
@@ -54,7 +54,13 @@
 
 /* Our own HTTP codes */
 
-#define NGX_HTTP_NGX_CODES                 NGX_HTTP_INVALID_HOST
+#define NGX_HTTP_NGX_CODES                 NGX_HTTP_TO_HTTPS
+
+/*
+ * We use the special code for the plain HTTP requests that are sent to
+ * HTTPS port to distinguish it from 4XX in an error page redirection 
+ */
+#define NGX_HTTP_TO_HTTPS                  497
 
 /*
  * We use the special code for the requests with invalid host name

diff --git a/src/http/ngx_http_special_response.c b/src/http/ngx_http_special_response.c
index 70a6bb84d1a4899c9ba82a43650b34ed81ae159d..dd7e55484f4bfabc854cfd1b2ebeb1b9af19122c 100644 (file)
--- a/src/http/ngx_http_special_response.c
+++ b/src/http/ngx_http_special_response.c
@@ -102,6 +102,14 @@ static char error_416_page[] =
 ;
 
 
+static char error_497_page[] =
+"<html>" CRLF
+"<head><title>The plain HTTP request was sent to HTTPS port</title></head>" CRLF
+"<body bgcolor=\"white\">" CRLF
+"<center><h1>The plain HTTP request was sent to HTTPS por</h1></center>" CRLF
+;
+
+
 static char error_500_page[] =
 "<html>" CRLF
 "<head><title>500 Internal Server Error</title></head>" CRLF
@@ -166,8 +174,9 @@ static ngx_str_t error_pages[] = {
     ngx_null_string,             /* 415 */
     ngx_string(error_416_page),
 
-    ngx_string(error_404_page),  /* 498 */
-    ngx_null_string,             /* 499 */
+    ngx_string(error_400_page),  /* 497, http to https */
+    ngx_string(error_404_page),  /* 498, invalid host name */
+    ngx_null_string,             /* 499, client closed connection */
 
     ngx_string(error_500_page),
     ngx_string(error_501_page),
@@ -199,6 +208,7 @@ ngx_int_t ngx_http_special_response_handler(ngx_http_request_t *r, int error)
             case NGX_HTTP_BAD_REQUEST:
             case NGX_HTTP_REQUEST_ENTITY_TOO_LARGE:
             case NGX_HTTP_REQUEST_URI_TOO_LARGE:
+            case NGX_HTTP_TO_HTTPS:
             case NGX_HTTP_INTERNAL_SERVER_ERROR:
                 r->keepalive = 0;
         }
@@ -207,6 +217,7 @@ ngx_int_t ngx_http_special_response_handler(ngx_http_request_t *r, int error)
     if (r->lingering_close == 1) {
         switch (error) {
             case NGX_HTTP_BAD_REQUEST:
+            case NGX_HTTP_TO_HTTPS:
                 r->lingering_close = 0;
         }
     }
@@ -241,6 +252,11 @@ ngx_int_t ngx_http_special_response_handler(ngx_http_request_t *r, int error)
         err = error - NGX_HTTP_NGX_CODES + 3 + 17;
 
         switch (error) {
+            case NGX_HTTP_TO_HTTPS:
+                r->headers_out.status = NGX_HTTP_BAD_REQUEST;
+                error = NGX_HTTP_BAD_REQUEST;
+                break;
+
             case NGX_HTTP_INVALID_HOST:
                 r->headers_out.status = NGX_HTTP_NOT_FOUND;
                 error = NGX_HTTP_NOT_FOUND;