vendor/nginx/src/event/ngx_event_openssl.c in nginxtra-1.2.6.8 vs vendor/nginx/src/event/ngx_event_openssl.c in nginxtra-1.2.7.8
- old
+ new
@@ -526,14 +526,14 @@
ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0,
"Unable to create curve \"%s\"", name->data);
return NGX_ERROR;
}
- SSL_CTX_set_tmp_ecdh(ssl->ctx, ecdh);
-
SSL_CTX_set_options(ssl->ctx, SSL_OP_SINGLE_ECDH_USE);
+ SSL_CTX_set_tmp_ecdh(ssl->ctx, ecdh);
+
EC_KEY_free(ecdh);
#endif
#endif
return NGX_OK;
@@ -691,18 +691,26 @@
if (ngx_handle_read_event(c->read, 0) != NGX_OK) {
return NGX_ERROR;
}
+ if (ngx_handle_write_event(c->write, 0) != NGX_OK) {
+ return NGX_ERROR;
+ }
+
return NGX_AGAIN;
}
if (sslerr == SSL_ERROR_WANT_WRITE) {
c->write->ready = 0;
c->read->handler = ngx_ssl_handshake_handler;
c->write->handler = ngx_ssl_handshake_handler;
+ if (ngx_handle_read_event(c->read, 0) != NGX_OK) {
+ return NGX_ERROR;
+ }
+
if (ngx_handle_write_event(c->write, 0) != NGX_OK) {
return NGX_ERROR;
}
return NGX_AGAIN;
@@ -1051,12 +1059,12 @@
buf->pos = buf->start;
buf->last = buf->start;
buf->end = buf->start + NGX_SSL_BUFSIZE;
}
- send = 0;
- flush = (in == NULL) ? 1 : 0;
+ send = buf->last - buf->pos;
+ flush = (in == NULL) ? 1 : buf->flush;
for ( ;; ) {
while (in && buf->last < buf->end && send < limit) {
if (in->buf->last_buf || in->buf->flush) {
@@ -1074,11 +1082,10 @@
size = buf->end - buf->last;
}
if (send + size > limit) {
size = (ssize_t) (limit - send);
- flush = 1;
}
ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0,
"SSL buf copy: %d", size);
@@ -1091,42 +1098,49 @@
if (in->buf->pos == in->buf->last) {
in = in->next;
}
}
+ if (!flush && send < limit && buf->last < buf->end) {
+ break;
+ }
+
size = buf->last - buf->pos;
- if (!flush && buf->last < buf->end && c->ssl->buffer) {
- break;
+ if (size == 0) {
+ buf->flush = 0;
+ c->buffered &= ~NGX_SSL_BUFFERED;
+ return in;
}
n = ngx_ssl_write(c, buf->pos, size);
if (n == NGX_ERROR) {
return NGX_CHAIN_ERROR;
}
if (n == NGX_AGAIN) {
- c->buffered |= NGX_SSL_BUFFERED;
- return in;
+ break;
}
buf->pos += n;
c->sent += n;
if (n < size) {
break;
}
- if (buf->pos == buf->last) {
- buf->pos = buf->start;
- buf->last = buf->start;
- }
+ flush = 0;
+ buf->pos = buf->start;
+ buf->last = buf->start;
+
if (in == NULL || send == limit) {
break;
}
}
+
+ buf->flush = flush;
if (buf->pos < buf->last) {
c->buffered |= NGX_SSL_BUFFERED;
} else {