mirror of
https://github.com/nginx/nginx.git
synced 2024-12-25 08:21:13 -06:00
always use buffer, if connection is buffered,
this fixes OpenSSL "bad write retry" error, when *) nginx passed a single buf greater than our buffer (say 32K) to OpenSSL, *) OpenSSL returns SSL_ERROR_WANT_WRITE, *) after some time nginx has to send a new data, *) so there are at least two bufs nginx does pass them directly to OpenSSL, *) but copies the first buf part to buffer, and sends the buffer to OpenSSL. *) because the data length is lesser than it was in previous SSL_write(): 16K < 32K, OpenSSL returns SSL_R_BAD_WRITE_RETRY.
This commit is contained in:
parent
0c689b7498
commit
a862c46ffa
@ -188,13 +188,6 @@ ngx_ssl_create(ngx_ssl_t *ssl, ngx_uint_t protocols, void *data)
|
||||
SSL_CTX_set_options(ssl->ctx, ngx_ssl_protocols[protocols >> 1]);
|
||||
}
|
||||
|
||||
/*
|
||||
* we need this option because in ngx_ssl_send_chain()
|
||||
* we may switch to a buffered write and may copy leftover part of
|
||||
* previously unbuffered data to our internal buffer
|
||||
*/
|
||||
SSL_CTX_set_mode(ssl->ctx, SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER);
|
||||
|
||||
SSL_CTX_set_read_ahead(ssl->ctx, 1);
|
||||
|
||||
return NGX_OK;
|
||||
@ -860,14 +853,7 @@ ngx_ssl_send_chain(ngx_connection_t *c, ngx_chain_t *in, off_t limit)
|
||||
ssize_t send, size;
|
||||
ngx_buf_t *buf;
|
||||
|
||||
if (!c->ssl->buffer
|
||||
|| (in && in->next == NULL && !(c->buffered & NGX_SSL_BUFFERED)))
|
||||
{
|
||||
/*
|
||||
* we avoid a buffer copy if
|
||||
* we do not need to buffer the output
|
||||
* or the incoming buf is a single and our buffer is empty
|
||||
*/
|
||||
if (!c->ssl->buffer) {
|
||||
|
||||
while (in) {
|
||||
if (ngx_buf_special(in->buf)) {
|
||||
|
Loading…
Reference in New Issue
Block a user