nginx-0.6.26

Igor Sysoev is at rambler-co.ru
Mon Feb 11 21:27:57 MSK 2008


On Mon, Feb 11, 2008 at 07:38:47PM +0300, Kostya Alexandrov wrote:

> А те же траблы с SSL но в 0.5 не смотрел?

Патч.

> Может 0.6 уже можно как стабильную использовать?

Можно.


-- 
Игорь Сысоев
http://sysoev.ru
-------------- next part --------------
Index: src/event/ngx_event_openssl.c
===================================================================
--- src/event/ngx_event_openssl.c	(revision 1184)
+++ src/event/ngx_event_openssl.c	(revision 1185)
@@ -1037,17 +1037,14 @@
 
     /* SSL_shutdown() never returns -1, on error it returns 0 */
 
-    if (n != 1) {
+    if (n != 1 && ERR_peek_error()) {
         sslerr = SSL_get_error(c->ssl->connection, n);
 
         ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0,
                        "SSL_get_error: %d", sslerr);
     }
 
-    if (n == 1
-        || sslerr == SSL_ERROR_ZERO_RETURN
-        || (sslerr == 0 && c->timedout))
-    {
+    if (n == 1 || sslerr == 0 || sslerr == SSL_ERROR_ZERO_RETURN) {
         SSL_free(c->ssl->connection);
         c->ssl = NULL;
 
Index: src/event/ngx_event_openssl.c
===================================================================
--- src/event/ngx_event_openssl.c	(revision 1192)
+++ src/event/ngx_event_openssl.c	(revision 1193)
@@ -187,6 +187,13 @@
         SSL_CTX_set_options(ssl->ctx, ngx_ssl_protocols[protocols >> 1]);
     }
 
+    /*
+     * we need this option because in ngx_ssl_send_chain()
+     * we may switch to a buffered write and may copy leftover part of
+     * previously unbuffered data to our internal buffer
+     */
+    SSL_CTX_set_mode(ssl->ctx, SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER);
+
     SSL_CTX_set_read_ahead(ssl->ctx, 1);
 
     return NGX_OK;


More information about the nginx-ru mailing list