diff options
Diffstat (limited to 'src/http/modules')
| -rw-r--r-- | src/http/modules/ngx_http_ssl_filter.c | 30 | ||||
| -rw-r--r-- | src/http/modules/ngx_http_ssl_filter.h | 3 |
2 files changed, 33 insertions, 0 deletions
diff --git a/src/http/modules/ngx_http_ssl_filter.c b/src/http/modules/ngx_http_ssl_filter.c index c9f21db32..b39fc38d5 100644 --- a/src/http/modules/ngx_http_ssl_filter.c +++ b/src/http/modules/ngx_http_ssl_filter.c @@ -111,8 +111,30 @@ ngx_int_t ngx_http_ssl_read(ngx_http_request_t *r) return NGX_AGAIN; } + if (rc == SSL_ERROR_ZERO_RETURN) { + ngx_log_error(NGX_LOG_INFO, r->connection->log, 0, + "client closed connection while SSL handshake"); + + ngx_http_ssl_close_request(ctx->ssl, SSL_RECEIVED_SHUTDOWN); + + return NGX_ERROR; + } + + if (ERR_GET_REASON(ERR_peek_error()) == SSL_R_HTTP_REQUEST) { + ngx_log_error(NGX_LOG_ERR, r->connection->log, 0, + "client sent HTTP request to HTTPS port"); + + ngx_http_ssl_close_request(ctx->ssl, + SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN); + + return NGX_OK; + } + ngx_http_ssl_error(NGX_LOG_ALERT, r->connection->log, rc, "SSL_accept() failed"); + + ngx_http_ssl_close_request(ctx->ssl, SSL_RECEIVED_SHUTDOWN); + return NGX_ERROR; } @@ -174,6 +196,14 @@ static ngx_http_ssl_ctx_t *ngx_http_ssl_create_ctx(ngx_http_request_t *r) } +void ngx_http_ssl_close_request(SSL *ssl, int mode) +{ + SSL_set_shutdown(ssl, mode); + SSL_smart_shutdown(ssl); + SSL_free(ssl); +} + + static void ngx_http_ssl_error(ngx_uint_t level, ngx_log_t *log, int err, char *fmt, ...) { diff --git a/src/http/modules/ngx_http_ssl_filter.h b/src/http/modules/ngx_http_ssl_filter.h index 26704b5c3..c6dbe53e9 100644 --- a/src/http/modules/ngx_http_ssl_filter.h +++ b/src/http/modules/ngx_http_ssl_filter.h @@ -6,8 +6,11 @@ #include <ngx_core.h> #include <ngx_http.h> +#include <openssl/ssl.h> + ngx_int_t ngx_http_ssl_read(ngx_http_request_t *r); +void ngx_http_ssl_close_request(SSL *ssl, int mode); #endif /* _NGX_HTTP_SSL_FILTER_H_INCLUDED_ */ |