[nginx] SSL: set events ready flags after handshake.

Maxim Dounin mdounin at mdounin.ru
Tue Aug 3 17:51:48 UTC 2021


details:   https://hg.nginx.org/nginx/rev/573bd30e46b4
branches:  
changeset: 7891:573bd30e46b4
user:      Maxim Dounin <mdounin at mdounin.ru>
date:      Tue Aug 03 20:50:30 2021 +0300
description:
SSL: set events ready flags after handshake.

The c->read->ready and c->write->ready flags might be reset during
the handshake, and not set again if the handshake was finished on
the other event.  At the same time, some data might be read from
the socket during the handshake, so missing c->read->ready flag might
result in a connection hang, for example, when waiting for an SMTP
greeting (which was already received during the handshake).

Found by Sergey Kandaurov.

diffstat:

 src/event/ngx_event_openssl.c |  6 ++++++
 1 files changed, 6 insertions(+), 0 deletions(-)

diffs (23 lines):

diff -r 1563bbcdb90c -r 573bd30e46b4 src/event/ngx_event_openssl.c
--- a/src/event/ngx_event_openssl.c	Tue Aug 03 20:50:08 2021 +0300
+++ b/src/event/ngx_event_openssl.c	Tue Aug 03 20:50:30 2021 +0300
@@ -1740,6 +1740,9 @@ ngx_ssl_handshake(ngx_connection_t *c)
         c->recv_chain = ngx_ssl_recv_chain;
         c->send_chain = ngx_ssl_send_chain;
 
+        c->read->ready = 1;
+        c->write->ready = 1;
+
 #ifndef SSL_OP_NO_RENEGOTIATION
 #if OPENSSL_VERSION_NUMBER < 0x10100000L
 #ifdef SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS
@@ -1885,6 +1888,9 @@ ngx_ssl_try_early_data(ngx_connection_t 
         c->recv_chain = ngx_ssl_recv_chain;
         c->send_chain = ngx_ssl_send_chain;
 
+        c->read->ready = 1;
+        c->write->ready = 1;
+
         rc = ngx_ssl_ocsp_validate(c);
 
         if (rc == NGX_ERROR) {


More information about the nginx-devel mailing list