[PATCH] SSL: mark connections as non-reusable before SSL handshake

Maxim Dounin mdounin at mdounin.ru
Sun Jun 21 13:25:31 UTC 2015


Hello!

On Thu, Jun 18, 2015 at 03:39:27AM -0700, Piotr Sikora wrote:

> # HG changeset patch
> # User Piotr Sikora <piotr at cloudflare.com>
> # Date 1434623800 25200
> #      Thu Jun 18 03:36:40 2015 -0700
> # Node ID cda1075a9536257e510b452df084e4cc396ab25d
> # Parent  c3ec43580a48114dfd28186f43e773fcfe211337
> SSL: mark connections as non-reusable before SSL handshake.
> 
> Previously, connections were marked as non-reusable after SSL handshake
> returned NGX_AGAIN. This meant that SSL callbacks that were using nginx
> connections could drain the connection on which SSL handshake was being
> performed on.
> 
> Signed-off-by: Piotr Sikora <piotr at cloudflare.com>
> 
> diff -r c3ec43580a48 -r cda1075a9536 src/http/ngx_http_request.c
> --- a/src/http/ngx_http_request.c	Wed Jun 17 17:57:34 2015 +0300
> +++ b/src/http/ngx_http_request.c	Thu Jun 18 03:36:40 2015 -0700
> @@ -715,6 +715,8 @@ ngx_http_ssl_handshake(ngx_event_t *rev)
>                  return;
>              }
>  
> +            ngx_reusable_connection(c, 0);
> +
>              rc = ngx_ssl_handshake(c);
>  
>              if (rc == NGX_AGAIN) {
> @@ -723,8 +725,6 @@ ngx_http_ssl_handshake(ngx_event_t *rev)
>                      ngx_add_timer(rev, c->listening->post_accept_timeout);
>                  }
>  
> -                ngx_reusable_connection(c, 0);
> -
>                  c->ssl->handler = ngx_http_ssl_handshake_handler;
>                  return;
>              }

As far as I understand, this change isn't useable with an 
unmodified nginx (and introduces some minor pessimization in an 
unlikely case when first ngx_ssl_handshake() will not return 
NGX_AGAIN).

-- 
Maxim Dounin
http://nginx.org/



More information about the nginx-devel mailing list