summaryrefslogtreecommitdiffhomepage
diff options
context:
space:
mode:
authorMaxim Dounin <mdounin@mdounin.ru>2021-08-03 20:50:30 +0300
committerMaxim Dounin <mdounin@mdounin.ru>2021-08-03 20:50:30 +0300
commit15769c3918578dfa601303afa40d7acf9c36e4d9 (patch)
treea76ebc6efae5f6f4952a31b6c012a5c5ad1a79d0
parentf8394db6fe9c73858032bd202bf0809d459a2f2f (diff)
downloadnginx-15769c3918578dfa601303afa40d7acf9c36e4d9.tar.gz
nginx-15769c3918578dfa601303afa40d7acf9c36e4d9.tar.bz2
SSL: set events ready flags after handshake.
The c->read->ready and c->write->ready flags might be reset during the handshake, and not set again if the handshake was finished on the other event. At the same time, some data might be read from the socket during the handshake, so missing c->read->ready flag might result in a connection hang, for example, when waiting for an SMTP greeting (which was already received during the handshake). Found by Sergey Kandaurov.
Diffstat
-rw-r--r--src/event/ngx_event_openssl.c6
1 files changed, 6 insertions, 0 deletions
diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c
index 396cc22b3..60cc35876 100644
--- a/src/event/ngx_event_openssl.c
+++ b/src/event/ngx_event_openssl.c
@@ -1740,6 +1740,9 @@ ngx_ssl_handshake(ngx_connection_t *c)
c->recv_chain = ngx_ssl_recv_chain;
c->send_chain = ngx_ssl_send_chain;
+ c->read->ready = 1;
+ c->write->ready = 1;
+
#ifndef SSL_OP_NO_RENEGOTIATION
#if OPENSSL_VERSION_NUMBER < 0x10100000L
#ifdef SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS
@@ -1885,6 +1888,9 @@ ngx_ssl_try_early_data(ngx_connection_t *c)
c->recv_chain = ngx_ssl_recv_chain;
c->send_chain = ngx_ssl_send_chain;
+ c->read->ready = 1;
+ c->write->ready = 1;
+
rc = ngx_ssl_ocsp_validate(c);
if (rc == NGX_ERROR) {
generated by cgit (git 2.34.1) at 2025-12-06 06:40:21 +0000