nginx-0.6.26
Igor Sysoev
is at rambler-co.ru
Mon Feb 11 21:27:57 MSK 2008
On Mon, Feb 11, 2008 at 07:38:47PM +0300, Kostya Alexandrov wrote:
> А те же траблы с SSL но в 0.5 не смотрел?
Патч.
> Может 0.6 уже можно как стабильную использовать?
Можно.
--
Игорь Сысоев
http://sysoev.ru
-------------- next part --------------
Index: src/event/ngx_event_openssl.c
===================================================================
--- src/event/ngx_event_openssl.c (revision 1184)
+++ src/event/ngx_event_openssl.c (revision 1185)
@@ -1037,17 +1037,14 @@
/* SSL_shutdown() never returns -1, on error it returns 0 */
- if (n != 1) {
+ if (n != 1 && ERR_peek_error()) {
sslerr = SSL_get_error(c->ssl->connection, n);
ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0,
"SSL_get_error: %d", sslerr);
}
- if (n == 1
- || sslerr == SSL_ERROR_ZERO_RETURN
- || (sslerr == 0 && c->timedout))
- {
+ if (n == 1 || sslerr == 0 || sslerr == SSL_ERROR_ZERO_RETURN) {
SSL_free(c->ssl->connection);
c->ssl = NULL;
Index: src/event/ngx_event_openssl.c
===================================================================
--- src/event/ngx_event_openssl.c (revision 1192)
+++ src/event/ngx_event_openssl.c (revision 1193)
@@ -187,6 +187,13 @@
SSL_CTX_set_options(ssl->ctx, ngx_ssl_protocols[protocols >> 1]);
}
+ /*
+ * we need this option because in ngx_ssl_send_chain()
+ * we may switch to a buffered write and may copy leftover part of
+ * previously unbuffered data to our internal buffer
+ */
+ SSL_CTX_set_mode(ssl->ctx, SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER);
+
SSL_CTX_set_read_ahead(ssl->ctx, 1);
return NGX_OK;
More information about the nginx-ru
mailing list