From 3d87cb964c1388b41552c08358987df320943386 Mon Sep 17 00:00:00 2001 From: Igor Sysoev Date: Thu, 20 Nov 2008 17:20:15 +0000 Subject: r2281 merge: always use buffer, if connection is buffered, this fixes OpenSSL "bad write retry" error, when *) nginx passed a single buf greater than our buffer (say 32K) to OpenSSL, *) OpenSSL returns SSL_ERROR_WANT_WRITE, *) after some time nginx has to send a new data, *) so there are at least two bufs nginx does pass them directly to OpenSSL, *) but copies the first buf part to buffer, and sends the buffer to OpenSSL. *) because the data length is lesser than it was in previous SSL_write(): 16K < 32K, OpenSSL returns SSL_R_BAD_WRITE_RETRY. --- src/event/ngx_event_openssl.c | 16 +--------------- 1 file changed, 1 insertion(+), 15 deletions(-) diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c index 98f9a4d95..79b94144b 100644 --- a/src/event/ngx_event_openssl.c +++ b/src/event/ngx_event_openssl.c @@ -187,13 +187,6 @@ ngx_ssl_create(ngx_ssl_t *ssl, ngx_uint_t protocols, void *data) SSL_CTX_set_options(ssl->ctx, ngx_ssl_protocols[protocols >> 1]); } - /* - * we need this option because in ngx_ssl_send_chain() - * we may switch to a buffered write and may copy leftover part of - * previously unbuffered data to our internal buffer - */ - SSL_CTX_set_mode(ssl->ctx, SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER); - SSL_CTX_set_read_ahead(ssl->ctx, 1); return NGX_OK; @@ -776,14 +769,7 @@ ngx_ssl_send_chain(ngx_connection_t *c, ngx_chain_t *in, off_t limit) ssize_t send, size; ngx_buf_t *buf; - if (!c->ssl->buffer - || (in && in->next == NULL && !(c->buffered & NGX_SSL_BUFFERED))) - { - /* - * we avoid a buffer copy if - * we do not need to buffer the output - * or the incoming buf is a single and our buffer is empty - */ + if (!c->ssl->buffer) { while (in) { if (ngx_buf_special(in->buf)) { -- cgit