nginx and ssl problem
Igor Sysoev
is at rambler-co.ru
Tue Jul 24 19:07:28 MSD 2007
On Tue, Jul 24, 2007 at 02:18:33PM +0300, Pavel wrote:
> В Nginx временами умирает SSL. Что в тот момнет в логе сейчас к
> сожалению не могу сказать.
Попробуйте патч. Несмотря на имя, для 0.5.26 должен подойти.
--
Игорь Сысоев
http://sysoev.ru
-------------- next part --------------
Index: src/http/ngx_http_upstream.c
===================================================================
--- src/http/ngx_http_upstream.c (revision 602)
+++ src/http/ngx_http_upstream.c (working copy)
@@ -657,7 +657,7 @@
c->sendfile = 0;
u->output.sendfile = 0;
- if (ngx_ssl_set_session(c, u->peer.ssl_session) != NGX_OK) {
+ if (u->peer.set_session(&u->peer, u->peer.data) != NGX_OK) {
ngx_http_upstream_finalize_request(r, u,
NGX_HTTP_INTERNAL_SERVER_ERROR);
return;
Index: src/http/ngx_http_upstream_round_robin.c
===================================================================
--- src/http/ngx_http_upstream_round_robin.c (revision 602)
+++ src/http/ngx_http_upstream_round_robin.c (working copy)
@@ -152,7 +152,10 @@
r->upstream->peer.free = ngx_http_upstream_free_round_robin_peer;
r->upstream->peer.tries = rrp->peers->number;
#if (NGX_HTTP_SSL)
- r->upstream->peer.save_session = ngx_http_upstream_save_round_robin_peer;
+ r->upstream->peer.set_session =
+ ngx_http_upstream_set_round_robin_peer_session;
+ r->upstream->peer.save_session =
+ ngx_http_upstream_save_round_robin_peer_session;
#endif
return NGX_OK;
@@ -328,9 +331,6 @@
pc->sockaddr = peer->sockaddr;
pc->socklen = peer->socklen;
pc->name = &peer->name;
-#if (NGX_SSL)
- pc->ssl_session = peer->ssl_session;
-#endif
/* ngx_unlock_mutex(rrp->peers->mutex); */
@@ -408,29 +408,70 @@
#if (NGX_HTTP_SSL)
-void
-ngx_http_upstream_save_round_robin_peer(ngx_peer_connection_t *pc, void *data)
+ngx_int_t
+ngx_http_upstream_set_round_robin_peer_session(ngx_peer_connection_t *pc,
+ void *data)
{
ngx_http_upstream_rr_peer_data_t *rrp = data;
+ ngx_int_t rc;
ngx_ssl_session_t *ssl_session;
ngx_http_upstream_rr_peer_t *peer;
+ peer = &rrp->peers->peer[rrp->current];
+
+ /* ngx_lock_mutex(rrp->peers->mutex); */
+
+ ssl_session = peer->ssl_session;
+
+ rc = ngx_ssl_set_session(pc->connection, ssl_session);
+
+ ngx_log_debug2(NGX_LOG_DEBUG_HTTP, pc->log, 0,
+ "set session: %p:%d",
+ ssl_session, ssl_session ? ssl_session->references : 0);
+
+ /* ngx_unlock_mutex(rrp->peers->mutex); */
+
+ return rc;
+}
+
+
+void
+ngx_http_upstream_save_round_robin_peer_session(ngx_peer_connection_t *pc,
+ void *data)
+{
+ ngx_http_upstream_rr_peer_data_t *rrp = data;
+
+ ngx_ssl_session_t *old_ssl_session, *ssl_session;
+ ngx_http_upstream_rr_peer_t *peer;
+
ssl_session = ngx_ssl_get_session(pc->connection);
if (ssl_session == NULL) {
return;
}
+ ngx_log_debug2(NGX_LOG_DEBUG_HTTP, pc->log, 0,
+ "save session: %p:%d", ssl_session, ssl_session->references);
+
peer = &rrp->peers->peer[rrp->current];
/* ngx_lock_mutex(rrp->peers->mutex); */
+
+ old_ssl_session = peer->ssl_session;
peer->ssl_session = ssl_session;
+
/* ngx_unlock_mutex(rrp->peers->mutex); */
- if (pc->ssl_session) {
+ if (old_ssl_session) {
+
+ ngx_log_debug2(NGX_LOG_DEBUG_HTTP, pc->log, 0,
+ "old session: %p:%d",
+ old_ssl_session, old_ssl_session->references);
+
/* TODO: may block */
- ngx_ssl_free_session(pc->ssl_session);
+
+ ngx_ssl_free_session(old_ssl_session);
}
}
Index: src/http/ngx_http_upstream_round_robin.h
===================================================================
--- src/http/ngx_http_upstream_round_robin.h (revision 602)
+++ src/http/ngx_http_upstream_round_robin.h (working copy)
@@ -30,7 +30,7 @@
ngx_uint_t down; /* unsigned down:1; */
#if (NGX_SSL)
- ngx_ssl_session_t *ssl_session;
+ ngx_ssl_session_t *ssl_session; /* local to a process */
#endif
} ngx_http_upstream_rr_peer_t;
@@ -68,8 +68,11 @@
void *data, ngx_uint_t state);
#if (NGX_HTTP_SSL)
-void ngx_http_upstream_save_round_robin_peer(ngx_peer_connection_t *pc,
+ngx_int_t
+ ngx_http_upstream_set_round_robin_peer_session(ngx_peer_connection_t *pc,
void *data);
+void ngx_http_upstream_save_round_robin_peer_session(ngx_peer_connection_t *pc,
+ void *data);
#endif
Index: src/http/modules/ngx_http_upstream_ip_hash_module.c
===================================================================
--- src/http/modules/ngx_http_upstream_ip_hash_module.c (revision 602)
+++ src/http/modules/ngx_http_upstream_ip_hash_module.c (working copy)
@@ -198,9 +198,6 @@
pc->sockaddr = peer->sockaddr;
pc->socklen = peer->socklen;
pc->name = &peer->name;
-#if (NGX_SSL)
- pc->ssl_session = peer->ssl_session;
-#endif
/* ngx_unlock_mutex(iphp->rrp.peers->mutex); */
Index: src/event/ngx_event_connect.h
===================================================================
--- src/event/ngx_event_connect.h (revision 602)
+++ src/event/ngx_event_connect.h (working copy)
@@ -13,50 +13,56 @@
#include <ngx_event.h>
-#define NGX_PEER_KEEPALIVE 1
-#define NGX_PEER_NEXT 2
-#define NGX_PEER_FAILED 4
+#define NGX_PEER_KEEPALIVE 1
+#define NGX_PEER_NEXT 2
+#define NGX_PEER_FAILED 4
typedef struct ngx_peer_connection_s ngx_peer_connection_t;
typedef ngx_int_t (*ngx_event_get_peer_pt)(ngx_peer_connection_t *pc,
void *data);
-#if (NGX_SSL)
-typedef void (*ngx_event_save_peer_pt)(ngx_peer_connection_t *pc, void *data);
-#endif
typedef void (*ngx_event_free_peer_pt)(ngx_peer_connection_t *pc, void *data,
ngx_uint_t state);
+#if (NGX_SSL)
+typedef ngx_int_t (*ngx_event_set_peer_session_pt)(ngx_peer_connection_t *pc,
+ void *data);
+typedef void (*ngx_event_save_peer_session_pt)(ngx_peer_connection_t *pc,
+ void *data);
+#endif
+
struct ngx_peer_connection_s {
- ngx_connection_t *connection;
+ ngx_connection_t *connection;
- struct sockaddr *sockaddr;
- socklen_t socklen;
- ngx_str_t *name;
+ struct sockaddr *sockaddr;
+ socklen_t socklen;
+ ngx_str_t *name;
- ngx_uint_t tries;
+ ngx_uint_t tries;
- ngx_event_get_peer_pt get;
- ngx_event_free_peer_pt free;
- void *data;
+ ngx_event_get_peer_pt get;
+ ngx_event_free_peer_pt free;
+ void *data;
#if (NGX_SSL)
- ngx_ssl_session_t *ssl_session;
- ngx_event_save_peer_pt save_session;
+ ngx_event_set_peer_session_pt set_session;
+ ngx_event_save_peer_session_pt save_session;
#endif
#if (NGX_THREADS)
- ngx_atomic_t *lock;
+ ngx_atomic_t *lock;
#endif
- int rcvbuf;
+ int rcvbuf;
- ngx_log_t *log;
+ ngx_log_t *log;
- unsigned cached:1;
- unsigned log_error:2; /* ngx_connection_log_error_e */
+ unsigned cached:1;
+
+ /* ngx_connection_log_error_e */
+ unsigned log_error:2;
};
More information about the nginx-ru
mailing list