diff options
| author | Igor Sysoev <igor@sysoev.ru> | 2005-09-06 16:09:32 +0000 |
|---|---|---|
| committer | Igor Sysoev <igor@sysoev.ru> | 2005-09-06 16:09:32 +0000 |
| commit | ceb992921cee6f76d1752af2d388ee6a1d71e078 (patch) | |
| tree | 2b4916a12d02210134939b7fb388a270e76002fa /src/event/ngx_event_openssl.c | |
| parent | 5650106a09de8e8d876ed38fbff57b2161d910c4 (diff) | |
| download | nginx-release-0.1.44.tar.gz nginx-release-0.1.44.tar.bz2 | |
nginx-0.1.44-RELEASE importrelease-0.1.44
*) Feature: the IMAP/POP3 proxy supports SSL.
*) Feature: the "proxy_timeout" directive of the ngx_imap_proxy_module.
*) Feature: the "userid_mark" directive.
*) Feature: the $remote_user variable value is determined independently
of authorization use.
Diffstat (limited to '')
| -rw-r--r-- | src/event/ngx_event_openssl.c | 67 |
1 files changed, 51 insertions, 16 deletions
diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c index 1c0f1485d..4c7deb336 100644 --- a/src/event/ngx_event_openssl.c +++ b/src/event/ngx_event_openssl.c @@ -13,7 +13,6 @@ static ngx_int_t ngx_ssl_handle_recv(ngx_connection_t *c, int n); static void ngx_ssl_write_handler(ngx_event_t *wev); -static ssize_t ngx_ssl_write(ngx_connection_t *c, u_char *data, size_t size); static void ngx_ssl_read_handler(ngx_event_t *rev); @@ -209,8 +208,10 @@ ngx_ssl_handle_recv(ngx_connection_t *c, int n) } if (sslerr == SSL_ERROR_WANT_WRITE) { - ngx_log_error(NGX_LOG_ALERT, c->log, err, - "SSL wants to write%s", handshake); + + ngx_log_error(NGX_LOG_INFO, c->log, err, + "client does SSL %shandshake", + SSL_is_init_finished(c->ssl->ssl) ? "re" : ""); c->write->ready = 0; @@ -391,12 +392,11 @@ ngx_ssl_send_chain(ngx_connection_t *c, ngx_chain_t *in, off_t limit) } -static ssize_t +ssize_t ngx_ssl_write(ngx_connection_t *c, u_char *data, size_t size) { - int n, sslerr; - ngx_err_t err; - char *handshake; + int n, sslerr; + ngx_err_t err; ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL to write: %d", size); @@ -405,6 +405,47 @@ ngx_ssl_write(ngx_connection_t *c, u_char *data, size_t size) ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL_write: %d", n); if (n > 0) { + +#if (NGX_DEBUG) + + if (!c->ssl->handshaked && SSL_is_init_finished(c->ssl->ssl)) { + char buf[129], *s, *d; + SSL_CIPHER *cipher; + + c->ssl->handshaked = 1; + + cipher = SSL_get_current_cipher(c->ssl->ssl); + + if (cipher) { + SSL_CIPHER_description(cipher, &buf[1], 128); + + for (s = &buf[1], d = buf; *s; s++) { + if (*s == ' ' && *d == ' ') { + continue; + } + + if (*s == LF || *s == CR) { + continue; + } + + *++d = *s; + } + + if (*d != ' ') { + d++; + } + + *d = '\0'; + + ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, + "SSL cipher: \"%s\"", &buf[1]); + } else { + ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0, + "SSL no shared ciphers"); + } + } +#endif + if (c->ssl->saved_read_handler) { c->read->handler = c->ssl->saved_read_handler; @@ -440,15 +481,9 @@ ngx_ssl_write(ngx_connection_t *c, u_char *data, size_t size) if (sslerr == SSL_ERROR_WANT_READ) { - if (!SSL_is_init_finished(c->ssl->ssl)) { - handshake = " in SSL handshake"; - - } else { - handshake = ""; - } - - ngx_log_error(NGX_LOG_ALERT, c->log, err, - "SSL wants to read%s", handshake); + ngx_log_error(NGX_LOG_INFO, c->log, err, + "client does SSL %shandshake", + SSL_is_init_finished(c->ssl->ssl) ? "re" : ""); c->read->ready = 0; |