ПРОЕКТЫ 


  АРХИВ 


Apache-Talk @lexa.ru 

Inet-Admins @info.east.ru 

Filmscanners @halftone.co.uk 

Security-alerts @yandex-team.ru 

nginx-ru @sysoev.ru 


  СТАТЬИ 


  ПЕРСОНАЛЬНОЕ 


  ПРОГРАММЫ 



ПИШИТЕ
ПИСЬМА












     АРХИВ :: nginx-ru
Nginx-ru mailing list archive (nginx-ru@sysoev.ru)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: nginx-0.6.26



On Mon, Feb 11, 2008 at 07:38:47PM +0300, Kostya Alexandrov wrote:

> А те же траблы с SSL но в 0.5 не смотрел?

Патч.

> Может 0.6 уже можно как стабильную использовать?

Можно.


-- 
Игорь Сысоев
http://sysoev.ru
Index: src/event/ngx_event_openssl.c
===================================================================
--- src/event/ngx_event_openssl.c       (revision 1184)
+++ src/event/ngx_event_openssl.c       (revision 1185)
@@ -1037,17 +1037,14 @@
 
     /* SSL_shutdown() never returns -1, on error it returns 0 */
 
-    if (n != 1) {
+    if (n != 1 && ERR_peek_error()) {
         sslerr = SSL_get_error(c->ssl->connection, n);
 
         ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0,
                        "SSL_get_error: %d", sslerr);
     }
 
-    if (n == 1
-        || sslerr == SSL_ERROR_ZERO_RETURN
-        || (sslerr == 0 && c->timedout))
-    {
+    if (n == 1 || sslerr == 0 || sslerr == SSL_ERROR_ZERO_RETURN) {
         SSL_free(c->ssl->connection);
         c->ssl = NULL;
 
Index: src/event/ngx_event_openssl.c
===================================================================
--- src/event/ngx_event_openssl.c       (revision 1192)
+++ src/event/ngx_event_openssl.c       (revision 1193)
@@ -187,6 +187,13 @@
         SSL_CTX_set_options(ssl->ctx, ngx_ssl_protocols[protocols >> 1]);
     }
 
+    /*
+     * we need this option because in ngx_ssl_send_chain()
+     * we may switch to a buffered write and may copy leftover part of
+     * previously unbuffered data to our internal buffer
+     */
+    SSL_CTX_set_mode(ssl->ctx, SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER);
+
     SSL_CTX_set_read_ahead(ssl->ctx, 1);
 
     return NGX_OK;


 




Copyright © Lexa Software, 1996-2009.