nginx-0.0.7-2004-07-09-11:12:14 import

author: Igor Sysoev <igor@sysoev.ru> 2004-07-09 07:12:14 +0000
committer: Igor Sysoev <igor@sysoev.ru> 2004-07-09 07:12:14 +0000
commit: e739eb7281e782ad944671002e51d0ba562c732c (patch)
tree: 72dbed5562b57b1c7be3a92e0b1516a15aac624c /src/http/modules
parent: 755694565542b227c6966e8ba78425c84cf6e009 (diff)
download: nginx-e739eb7281e782ad944671002e51d0ba562c732c.tar.gz
nginx-e739eb7281e782ad944671002e51d0ba562c732c.tar.bz2
2 files changed, 33 insertions, 0 deletions
diff --git a/src/http/modules/ngx_http_ssl_filter.c b/src/http/modules/ngx_http_ssl_filter.c
index c9f21db32..b39fc38d5 100644
--- a/src/http/modules/ngx_http_ssl_filter.c
+++ b/src/http/modules/ngx_http_ssl_filter.c
@@ -111,8 +111,30 @@ ngx_int_t ngx_http_ssl_read(ngx_http_request_t *r)
                 return NGX_AGAIN;
             }
 
+            if (rc == SSL_ERROR_ZERO_RETURN) {
+                ngx_log_error(NGX_LOG_INFO, r->connection->log, 0,
+                               "client closed connection while SSL handshake");
+
+                ngx_http_ssl_close_request(ctx->ssl, SSL_RECEIVED_SHUTDOWN);
+
+                return NGX_ERROR;
+            }
+
+            if (ERR_GET_REASON(ERR_peek_error()) == SSL_R_HTTP_REQUEST) {
+                ngx_log_error(NGX_LOG_ERR, r->connection->log, 0,
+                               "client sent HTTP request to HTTPS port");
+
+                ngx_http_ssl_close_request(ctx->ssl,
+                                      SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN);
+
+                return NGX_OK;
+            }
+
             ngx_http_ssl_error(NGX_LOG_ALERT, r->connection->log, rc,
                                "SSL_accept() failed");
+
+            ngx_http_ssl_close_request(ctx->ssl, SSL_RECEIVED_SHUTDOWN);
+
             return NGX_ERROR;
         }
 
@@ -174,6 +196,14 @@ static ngx_http_ssl_ctx_t *ngx_http_ssl_create_ctx(ngx_http_request_t *r)
 }
 
 
+void ngx_http_ssl_close_request(SSL *ssl, int mode)
+{
+    SSL_set_shutdown(ssl, mode);
+    SSL_smart_shutdown(ssl);
+    SSL_free(ssl);
+}
+
+
 static void ngx_http_ssl_error(ngx_uint_t level, ngx_log_t *log, int err,
                                char *fmt, ...)
 {
diff --git a/src/http/modules/ngx_http_ssl_filter.h b/src/http/modules/ngx_http_ssl_filter.h
index 26704b5c3..c6dbe53e9 100644
--- a/src/http/modules/ngx_http_ssl_filter.h
+++ b/src/http/modules/ngx_http_ssl_filter.h
@@ -6,8 +6,11 @@
 #include <ngx_core.h>
 #include <ngx_http.h>
 
+#include <openssl/ssl.h>
+
 
 ngx_int_t ngx_http_ssl_read(ngx_http_request_t *r);
+void ngx_http_ssl_close_request(SSL *ssl, int mode);
 
 
 #endif /* _NGX_HTTP_SSL_FILTER_H_INCLUDED_ */
author	Igor Sysoev <igor@sysoev.ru>	2004-07-09 07:12:14 +0000
committer	Igor Sysoev <igor@sysoev.ru>	2004-07-09 07:12:14 +0000
commit	e739eb7281e782ad944671002e51d0ba562c732c (patch)
tree	72dbed5562b57b1c7be3a92e0b1516a15aac624c /src/http/modules
parent	755694565542b227c6966e8ba78425c84cf6e009 (diff)
download	nginx-e739eb7281e782ad944671002e51d0ba562c732c.tar.gz nginx-e739eb7281e782ad944671002e51d0ba562c732c.tar.bz2