SSL_CTX_set_options(ssl->ctx, ngx_ssl_protocols[protocols >> 1]);
}
+ /*
+ * we need this option because in ngx_ssl_send_chain()
+ * we may switch to a buffered write and may copy leftover part of
+ * previously unbuffered data to our internal buffer
+ */
+ SSL_CTX_set_mode(ssl->ctx, SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER);
+
SSL_CTX_set_read_ahead(ssl->ctx, 1);
return NGX_OK;
/* SSL_shutdown() never return -1, on error it return 0 */
- if (n != 1) {
+ if (n != 1 && ERR_peek_error()) {
sslerr = SSL_get_error(c->ssl->connection, n);
ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0,
"SSL_get_error: %d", sslerr);
}
- if (n == 1
- || sslerr == SSL_ERROR_ZERO_RETURN
- || (sslerr == 0 && c->timedout))
- {
+ if (n == 1 || sslerr == 0 || sslerr == SSL_ERROR_ZERO_RETURN) {
SSL_free(c->ssl->connection);
c->ssl = NULL;
static void
ngx_ssl_clear_error(ngx_log_t *log)
{
- if (ERR_peek_error()) {
+ while (ERR_peek_error()) {
ngx_ssl_error(NGX_LOG_ALERT, log, 0, "ignoring stale global SSL error");
}
+
+ ERR_clear_error();
}
void ngx_cdecl
ngx_ssl_error(ngx_uint_t level, ngx_log_t *log, ngx_err_t err, char *fmt, ...)
{
- u_long n;
- va_list args;
- u_char errstr[NGX_MAX_CONF_ERRSTR], *p, *last;
+ u_long n;
+ va_list args;
+ u_char *p, *last;
+ u_char errstr[NGX_MAX_CONF_ERRSTR];
last = errstr + NGX_MAX_CONF_ERRSTR;
p = ngx_cpystrn(p, (u_char *) " (SSL:", last - p);
- while (p < last) {
+ for ( ;; ) {
n = ERR_get_error();
break;
}
+ if (p >= last) {
+ continue;
+ }
+
*p++ = ' ';
ERR_error_string_n(n, (char *) p, last - p);
projects / nginx.git / commitdiff