diff --git a/auto/modules b/auto/modules index d2e2b01bc..6a5becd10 100644 --- a/auto/modules +++ b/auto/modules @@ -60,19 +60,6 @@ HTTP_FILTER_MODULES="$HTTP_WRITE_FILTER_MODULE \ $HTTP_CHUNKED_FILTER_MODULE \ $HTTP_RANGE_HEADER_FILTER_MODULE" -if [ $HTTP_SSL = YES ]; then - HTTP_FILTER_MODULES="$HTTP_FILTER_MODULES $HTTP_SSL_FILTER_MODULE" - HTTP_DEPS="$HTTP_DEPS $HTTP_SSL_DEPS" - HTTP_SRCS="$HTTP_SRCS $HTTP_SSL_SRCS" - - # STUB: move to auto/libs/ssl after md5 - have=NGX_HTTP_SSL . auto/have - have=NGX_OPENSSL . auto/have - CORE_DEPS="$CORE_DEPS $OPENSSL_DEPS" - CORE_SRCS="$CORE_SRCS $OPENSSL_SRCS" - CORE_LIBS="$CORE_LIBS -lssl -lcrypto" -fi - if [ $HTTP_GZIP = YES ]; then have=NGX_HTTP_GZIP . auto/have USE_ZLIB=YES @@ -113,6 +100,19 @@ if [ $HTTP_REWRITE = YES -a $USE_PCRE != DISABLED ]; then HTTP_SRCS="$HTTP_SRCS $HTTP_REWRITE_SRCS" fi +if [ $HTTP_SSL = YES ]; then + HTTP_MODULES="$HTTP_MODULES $HTTP_SSL_MODULE" + HTTP_DEPS="$HTTP_DEPS $HTTP_SSL_DEPS" + HTTP_SRCS="$HTTP_SRCS $HTTP_SSL_SRCS" + + # STUB: move to auto/libs/ssl after md5 + have=NGX_HTTP_SSL . auto/have + have=NGX_OPENSSL . auto/have + CORE_DEPS="$CORE_DEPS $OPENSSL_DEPS" + CORE_SRCS="$CORE_SRCS $OPENSSL_SRCS" + CORE_LIBS="$CORE_LIBS -lssl -lcrypto" +fi + if [ $HTTP_PROXY = YES ]; then have=NGX_HTTP_PROXY . auto/have USE_MD5=YES diff --git a/auto/sources b/auto/sources index 7c8b7b33f..6b66e51b1 100644 --- a/auto/sources +++ b/auto/sources @@ -253,11 +253,6 @@ HTTP_GZIP_FILTER_MODULE=ngx_http_gzip_filter_module HTTP_GZIP_SRCS=src/http/modules/ngx_http_gzip_filter.c -HTTP_SSL_FILTER_MODULE=ngx_http_ssl_filter_module -HTTP_SSL_DEPS=src/http/modules/ngx_http_ssl_filter.h -HTTP_SSL_SRCS=src/http/modules/ngx_http_ssl_filter.c - - HTTP_SSI_FILTER_MODULE=ngx_http_ssi_filter_module HTTP_SSI_SRCS=src/http/modules/ngx_http_ssi_filter.c @@ -274,6 +269,11 @@ HTTP_REWRITE_MODULE=ngx_http_rewrite_module HTTP_REWRITE_SRCS=src/http/modules/ngx_http_rewrite_handler.c +HTTP_SSL_MODULE=ngx_http_ssl_module +HTTP_SSL_DEPS=src/http/modules/ngx_http_ssl_module.h +HTTP_SSL_SRCS=src/http/modules/ngx_http_ssl_module.c + + HTTP_PROXY_MODULE=ngx_http_proxy_module HTTP_PROXY_INCS="src/http/modules/proxy" HTTP_PROXY_DEPS=src/http/modules/proxy/ngx_http_proxy_handler.h diff --git a/src/core/ngx_buf.h b/src/core/ngx_buf.h index 1927ed415..feaad4c96 100644 --- a/src/core/ngx_buf.h +++ b/src/core/ngx_buf.h @@ -132,6 +132,7 @@ typedef struct { #define NGX_CHAIN_ERROR (ngx_chain_t *) NGX_ERROR +#define NGX_CHAIN_AGAIN (ngx_chain_t *) NGX_AGAIN #define ngx_buf_in_memory(b) (b->temporary || b->memory || b->mmap) diff --git a/src/core/ngx_core.h b/src/core/ngx_core.h index 575717f10..4c2712cfa 100644 --- a/src/core/ngx_core.h +++ b/src/core/ngx_core.h @@ -14,6 +14,9 @@ typedef struct ngx_file_s ngx_file_t; typedef struct ngx_event_s ngx_event_t; typedef struct ngx_connection_s ngx_connection_t; +typedef void (*ngx_event_handler_pt)(ngx_event_t *ev); + + #define NGX_OK 0 #define NGX_ERROR -1 diff --git a/src/core/ngx_output_chain.c b/src/core/ngx_output_chain.c index aea6219da..02d780f37 100644 --- a/src/core/ngx_output_chain.c +++ b/src/core/ngx_output_chain.c @@ -274,7 +274,7 @@ ngx_int_t ngx_chain_writer(void *data, ngx_chain_t *in) ngx_log_debug1(NGX_LOG_DEBUG_CORE, ctx->connection->log, 0, "WRITER0: %X", ctx->out); - ctx->out = ngx_write_chain(ctx->connection, ctx->out, ctx->limit); + ctx->out = ngx_send_chain(ctx->connection, ctx->out, ctx->limit); ngx_log_debug1(NGX_LOG_DEBUG_CORE, ctx->connection->log, 0, "WRITER1: %X", ctx->out); diff --git a/src/event/ngx_event.h b/src/event/ngx_event.h index 935151d73..b4933daf8 100644 --- a/src/event/ngx_event.h +++ b/src/event/ngx_event.h @@ -6,9 +6,6 @@ #include -typedef void (*ngx_event_handler_pt)(ngx_event_t *ev); - - #define NGX_INVALID_INDEX 0xd0d0d0d0 @@ -391,7 +388,7 @@ extern ngx_event_actions_t ngx_event_actions; #define ngx_recv ngx_io.recv #define ngx_recv_chain ngx_io.recv_chain -#define ngx_write_chain ngx_io.send_chain +#define ngx_send_chain ngx_io.send_chain diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c index 4f523cfb4..89ef7031c 100644 --- a/src/event/ngx_event_openssl.c +++ b/src/event/ngx_event_openssl.c @@ -13,23 +13,34 @@ ngx_int_t ngx_ssl_init(ngx_log_t *log) } -ngx_int_t ngx_ssl_create_session(ngx_ssl_ctx_t *ssl_ctx, ngx_connection_t *c) +ngx_int_t ngx_ssl_create_session(ngx_ssl_ctx_t *ssl_ctx, ngx_connection_t *c, + ngx_uint_t flags) { ngx_ssl_t *ssl; - ssl = SSL_new(ssl_ctx); - - if (ssl == NULL) { - ngx_ssl_error(NGX_LOG_ALERT, c->log, "SSL_new() failed"); + if (!(ssl = ngx_pcalloc(c->pool, sizeof(ngx_ssl_t)))) { return NGX_ERROR; } - if (SSL_set_fd(ssl, c->fd) == 0) { - ngx_ssl_error(NGX_LOG_ALERT, c->log, "SSL_set_fd() failed"); + if (flags & NGX_SSL_BUFFER) { + if (!(ssl->buf = ngx_create_temp_buf(c->pool, NGX_SSL_BUFSIZE))) { + return NGX_ERROR; + } + } + + ssl->ssl = SSL_new(ssl_ctx); + + if (ssl->ssl == NULL) { + ngx_ssl_error(NGX_LOG_ALERT, c->log, 0, "SSL_new() failed"); return NGX_ERROR; } - SSL_set_accept_state(ssl); + if (SSL_set_fd(ssl->ssl, c->fd) == 0) { + ngx_ssl_error(NGX_LOG_ALERT, c->log, 0, "SSL_set_fd() failed"); + return NGX_ERROR; + } + + SSL_set_accept_state(ssl->ssl); c->ssl = ssl; @@ -39,10 +50,11 @@ ngx_int_t ngx_ssl_create_session(ngx_ssl_ctx_t *ssl_ctx, ngx_connection_t *c) ngx_int_t ngx_ssl_recv(ngx_connection_t *c, u_char *buf, size_t size) { - int n; + int n, sslerr; + ngx_err_t err; char *handshake; - n = SSL_read(c->ssl, buf, size); + n = SSL_read(c->ssl->ssl, buf, size); ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL_read: %d", n); @@ -50,48 +62,42 @@ ngx_int_t ngx_ssl_recv(ngx_connection_t *c, u_char *buf, size_t size) return n; } - n = SSL_get_error(c->ssl, n); + sslerr = SSL_get_error(c->ssl->ssl, n); - ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL_get_error: %d", n); + ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL_get_error: %d", sslerr); - if (n == SSL_ERROR_WANT_READ) { + err = (sslerr == SSL_ERROR_SYSCALL) ? ngx_errno : 0; + + if (sslerr == SSL_ERROR_WANT_READ) { return NGX_AGAIN; } #if 0 - if (n == SSL_ERROR_WANT_WRITE) { + if (sslerr == SSL_ERROR_WANT_WRITE) { return NGX_AGAIN; } #endif - if (!SSL_is_init_finished(c->ssl)) { + if (!SSL_is_init_finished(c->ssl->ssl)) { handshake = "in SSL handshake"; } else { handshake = ""; } - if (n == SSL_ERROR_ZERO_RETURN) { - ngx_log_error(NGX_LOG_INFO, c->log, 0, + if (sslerr == SSL_ERROR_ZERO_RETURN || ERR_peek_error() == 0) { + ngx_log_error(NGX_LOG_INFO, c->log, err, "client closed connection%s", handshake); - SSL_set_shutdown(c->ssl, SSL_RECEIVED_SHUTDOWN); + SSL_set_shutdown(c->ssl->ssl, SSL_RECEIVED_SHUTDOWN); return NGX_ERROR; } - if (ERR_GET_REASON(ERR_peek_error()) == SSL_R_HTTP_REQUEST) { - ngx_log_error(NGX_LOG_ERR, c->log, 0, - "client sent plain HTTP request to HTTPS port"); + ngx_ssl_error(NGX_LOG_ALERT, c->log, err, + "SSL_read() failed%s", handshake); - SSL_set_shutdown(c->ssl, SSL_RECEIVED_SHUTDOWN|SSL_SENT_SHUTDOWN); - - return NGX_SSL_HTTP_ERROR; - } - - ngx_ssl_error(NGX_LOG_ALERT, c->log, "SSL_read() failed%s", handshake); - - SSL_set_shutdown(c->ssl, SSL_RECEIVED_SHUTDOWN); + SSL_set_shutdown(c->ssl->ssl, SSL_RECEIVED_SHUTDOWN); return NGX_ERROR; } @@ -100,11 +106,112 @@ ngx_int_t ngx_ssl_recv(ngx_connection_t *c, u_char *buf, size_t size) ngx_chain_t *ngx_ssl_send_chain(ngx_connection_t *c, ngx_chain_t *in, off_t limit) { - int n; - ssize_t send, size; + int n; + ssize_t send, size; + ngx_buf_t *buf; send = 0; + buf = c->ssl->buf; + +#if 0 + + if (buf) { + + for ( ;; ) { + + for ( /* void */ ; in && buf->last < buf->end; in = in->next) { + if (ngx_buf_special(in->buf)) { + continue; + } + + size = in->buf->last - in->buf->pos; + + if (size > buf->end - buf->last) { + size = buf->end - buf->last; + } + + ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, + "SSL buf copy: %d", size); + + ngx_memcpy(buf->last, in->buf->pos, size); + + buf->last += size; + in->buf->pos += size; + } + + size = buf->last - buf->pos; + + if (send + size > limit) { + size = limit - send; + } + + ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, + "SSL to write: %d", size); + + n = SSL_write(c->ssl->ssl, buf->pos, size); + + ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, + "SSL_write: %d", n); + + if (n > 0) { + buf->pos += n; + send += n; + + if (n < size) { + break; + } + + if (send < limit) { + if (buf->pos == buf->last) { + buf->pos = buf->start; + buf->last = buf->start; + } + + if (in == NULL) { + break; + } + + continue; + } + } + + n = SSL_get_error(c->ssl->ssl, n); + + ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, + "SSL_get_error: %d", n); + + if (n == SSL_ERROR_WANT_WRITE) { + break; + } + +#if 0 + if (n == SSL_ERROR_WANT_READ) { + break; + } +#endif + + ngx_ssl_error(NGX_LOG_ALERT, c->log, "SSL_write() failed"); + + return NGX_CHAIN_ERROR; + } + + if (in) { + c->write->ready = 0; + return in; + } + + if (buf->pos == buf->last) { + return NULL; + + } else { + c->write->ready = 0; + return NGX_CHAIN_AGAIN; + } + } + +#endif + for (/* void */; in; in = in->next) { if (ngx_buf_special(in->buf)) { continue; @@ -119,7 +226,7 @@ ngx_chain_t *ngx_ssl_send_chain(ngx_connection_t *c, ngx_chain_t *in, ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL to write: %d", size); - n = SSL_write(c->ssl, in->buf->pos, size); + n = SSL_write(c->ssl->ssl, in->buf->pos, size); ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL_write: %d", n); @@ -139,7 +246,7 @@ ngx_chain_t *ngx_ssl_send_chain(ngx_connection_t *c, ngx_chain_t *in, return in; } - n = SSL_get_error(c->ssl, n); + n = SSL_get_error(c->ssl->ssl, n); ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL_get_error: %d", n); @@ -154,7 +261,7 @@ ngx_chain_t *ngx_ssl_send_chain(ngx_connection_t *c, ngx_chain_t *in, } #endif - ngx_ssl_error(NGX_LOG_ALERT, c->log, "SSL_write() failed"); + ngx_ssl_error(NGX_LOG_ALERT, c->log, 0, "SSL_write() failed"); return NGX_CHAIN_ERROR; } @@ -176,13 +283,13 @@ ngx_int_t ngx_ssl_shutdown(ngx_connection_t *c) #endif #if 0 - SSL_set_shutdown(c->ssl, SSL_RECEIVED_SHUTDOWN); + SSL_set_shutdown(c->ssl->ssl, SSL_RECEIVED_SHUTDOWN); #endif again = 0; for ( ;; ) { - n = SSL_shutdown(c->ssl); + n = SSL_shutdown(c->ssl->ssl); ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL_shutdown: %d", n); @@ -192,7 +299,7 @@ ngx_int_t ngx_ssl_shutdown(ngx_connection_t *c) } if (n == 1) { - SSL_free(c->ssl); + SSL_free(c->ssl->ssl); c->ssl = NULL; return NGX_OK; } @@ -201,7 +308,7 @@ ngx_int_t ngx_ssl_shutdown(ngx_connection_t *c) } if (!again) { - n = SSL_get_error(c->ssl, n); + n = SSL_get_error(c->ssl->ssl, n); ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL_get_error: %d", n); } @@ -226,17 +333,18 @@ ngx_int_t ngx_ssl_shutdown(ngx_connection_t *c) return NGX_AGAIN; } - ngx_ssl_error(NGX_LOG_ALERT, c->log, "SSL_shutdown() failed"); + ngx_ssl_error(NGX_LOG_ALERT, c->log, 0, "SSL_shutdown() failed"); return NGX_ERROR; } -void ngx_ssl_error(ngx_uint_t level, ngx_log_t *log, char *fmt, ...) +void ngx_ssl_error(ngx_uint_t level, ngx_log_t *log, ngx_err_t err, + char *fmt, ...) { - int len; - char errstr[NGX_MAX_CONF_ERRSTR]; - va_list args; + int len; + char errstr[NGX_MAX_CONF_ERRSTR]; + va_list args; va_start(args, fmt); len = ngx_vsnprintf(errstr, sizeof(errstr) - 1, fmt, args); @@ -252,5 +360,5 @@ void ngx_ssl_error(ngx_uint_t level, ngx_log_t *log, char *fmt, ...) ERR_error_string_n(ERR_get_error(), errstr + len, sizeof(errstr) - len - 1); - ngx_log_error(level, log, 0, "%s)", errstr); + ngx_log_error(level, log, err, "%s)", errstr); } diff --git a/src/event/ngx_event_openssl.h b/src/event/ngx_event_openssl.h index 5674328dc..7d098f6d6 100644 --- a/src/event/ngx_event_openssl.h +++ b/src/event/ngx_event_openssl.h @@ -9,20 +9,31 @@ #include -typedef SSL ngx_ssl_t; +typedef struct { + SSL *ssl; + ngx_buf_t *buf; + ngx_event_handler_pt saved_handler; +} ngx_ssl_t; + + typedef SSL_CTX ngx_ssl_ctx_t; -#define NGX_SSL_HTTP_ERROR -10 +#define NGX_SSL_BUFFER 1 + + +#define NGX_SSL_BUFSIZE 16384 ngx_int_t ngx_ssl_init(ngx_log_t *log); -ngx_int_t ngx_ssl_create_session(ngx_ssl_ctx_t *ctx, ngx_connection_t *c); +ngx_int_t ngx_ssl_create_session(ngx_ssl_ctx_t *ctx, ngx_connection_t *c, + ngx_uint_t flags); ngx_int_t ngx_ssl_recv(ngx_connection_t *c, u_char *buf, size_t size); ngx_chain_t *ngx_ssl_send_chain(ngx_connection_t *c, ngx_chain_t *in, off_t limit); ngx_int_t ngx_ssl_shutdown(ngx_connection_t *c); -void ngx_ssl_error(ngx_uint_t level, ngx_log_t *log, char *fmt, ...); +void ngx_ssl_error(ngx_uint_t level, ngx_log_t *log, ngx_err_t err, + char *fmt, ...); #endif /* _NGX_EVENT_OPENSSL_H_INCLUDED_ */ diff --git a/src/http/modules/ngx_http_ssl_filter.c b/src/http/modules/ngx_http_ssl_module.c similarity index 85% rename from src/http/modules/ngx_http_ssl_filter.c rename to src/http/modules/ngx_http_ssl_module.c index 1d370be2d..3a8b863a2 100644 --- a/src/http/modules/ngx_http_ssl_filter.c +++ b/src/http/modules/ngx_http_ssl_module.c @@ -11,10 +11,9 @@ static void *ngx_http_ssl_create_srv_conf(ngx_conf_t *cf); static char *ngx_http_ssl_merge_srv_conf(ngx_conf_t *cf, void *parent, void *child); -static ngx_int_t ngx_http_ssl_init_process(ngx_cycle_t *cycle); -static ngx_command_t ngx_http_charset_filter_commands[] = { +static ngx_command_t ngx_http_ssl_commands[] = { { ngx_string("ssl"), NGX_HTTP_SRV_CONF|NGX_CONF_FLAG, @@ -41,7 +40,7 @@ static ngx_command_t ngx_http_charset_filter_commands[] = { }; -static ngx_http_module_t ngx_http_ssl_filter_module_ctx = { +static ngx_http_module_t ngx_http_ssl_module_ctx = { NULL, /* pre conf */ NULL, /* create main configuration */ @@ -55,13 +54,13 @@ static ngx_http_module_t ngx_http_ssl_filter_module_ctx = { }; -ngx_module_t ngx_http_ssl_filter_module = { +ngx_module_t ngx_http_ssl_module = { NGX_MODULE, - &ngx_http_ssl_filter_module_ctx, /* module context */ - ngx_http_charset_filter_commands, /* module directives */ + &ngx_http_ssl_module_ctx, /* module context */ + ngx_http_ssl_commands, /* module directives */ NGX_HTTP_MODULE, /* module type */ NULL, /* init module */ - ngx_http_ssl_init_process /* init process */ + NULL /* init process */ }; @@ -102,13 +101,13 @@ static char *ngx_http_ssl_merge_srv_conf(ngx_conf_t *cf, conf->ssl_ctx = SSL_CTX_new(SSLv23_server_method()); if (conf->ssl_ctx == NULL) { - ngx_ssl_error(NGX_LOG_EMERG, cf->log, "SSL_CTX_new() failed"); + ngx_ssl_error(NGX_LOG_EMERG, cf->log, 0, "SSL_CTX_new() failed"); return NGX_CONF_ERROR; } if (SSL_CTX_use_certificate_file(conf->ssl_ctx, conf->certificate.data, SSL_FILETYPE_PEM) == 0) { - ngx_ssl_error(NGX_LOG_EMERG, cf->log, + ngx_ssl_error(NGX_LOG_EMERG, cf->log, 0, "SSL_CTX_use_certificate_file(\"%s\") failed", conf->certificate.data); return NGX_CONF_ERROR; @@ -116,7 +115,7 @@ static char *ngx_http_ssl_merge_srv_conf(ngx_conf_t *cf, if (SSL_CTX_use_PrivateKey_file(conf->ssl_ctx, conf->certificate_key.data, SSL_FILETYPE_PEM) == 0) { - ngx_ssl_error(NGX_LOG_EMERG, cf->log, + ngx_ssl_error(NGX_LOG_EMERG, cf->log, 0, "SSL_CTX_use_PrivateKey_file(\"%s\") failed", conf->certificate_key.data); return NGX_CONF_ERROR; @@ -126,6 +125,8 @@ static char *ngx_http_ssl_merge_srv_conf(ngx_conf_t *cf, } +#if 0 + static ngx_int_t ngx_http_ssl_init_process(ngx_cycle_t *cycle) { ngx_uint_t i; @@ -138,7 +139,7 @@ static ngx_int_t ngx_http_ssl_init_process(ngx_cycle_t *cycle) cscfp = cmcf->servers.elts; for (i = 0; i < cmcf->servers.nelts; i++) { - sscf = cscfp[i]->ctx->srv_conf[ngx_http_ssl_filter_module.ctx_index]; + sscf = cscfp[i]->ctx->srv_conf[ngx_http_ssl_module.ctx_index]; if (sscf->enable) { cscfp[i]->recv = ngx_ssl_recv; @@ -148,3 +149,5 @@ static ngx_int_t ngx_http_ssl_init_process(ngx_cycle_t *cycle) return NGX_OK; } + +#endif diff --git a/src/http/modules/ngx_http_ssl_filter.h b/src/http/modules/ngx_http_ssl_module.h similarity index 76% rename from src/http/modules/ngx_http_ssl_filter.h rename to src/http/modules/ngx_http_ssl_module.h index a42ee9135..2bb1fe1fe 100644 --- a/src/http/modules/ngx_http_ssl_filter.h +++ b/src/http/modules/ngx_http_ssl_module.h @@ -1,5 +1,5 @@ -#ifndef _NGX_HTTP_SSL_FILTER_H_INCLUDED_ -#define _NGX_HTTP_SSL_FILTER_H_INCLUDED_ +#ifndef _NGX_HTTP_SSL_H_INCLUDED_ +#define _NGX_HTTP_SSL_H_INCLUDED_ #include @@ -24,7 +24,7 @@ ngx_chain_t *ngx_http_ssl_write(ngx_connection_t *c, ngx_chain_t *in, void ngx_http_ssl_close_connection(SSL *ssl, ngx_log_t *log); -extern ngx_module_t ngx_http_ssl_filter_module; +extern ngx_module_t ngx_http_ssl_module; -#endif /* _NGX_HTTP_SSL_FILTER_H_INCLUDED_ */ +#endif /* _NGX_HTTP_SSL_H_INCLUDED_ */ diff --git a/src/http/modules/proxy/ngx_http_proxy_handler.h b/src/http/modules/proxy/ngx_http_proxy_handler.h index c89e971dc..fa8698231 100644 --- a/src/http/modules/proxy/ngx_http_proxy_handler.h +++ b/src/http/modules/proxy/ngx_http_proxy_handler.h @@ -203,7 +203,7 @@ typedef struct { } ngx_http_proxy_log_ctx_t; -#define NGX_HTTP_PROXY_PARSE_NO_HEADER 20 +#define NGX_HTTP_PROXY_PARSE_NO_HEADER 30 #define NGX_HTTP_PROXY_FT_ERROR 0x02 diff --git a/src/http/ngx_http.h b/src/http/ngx_http.h index 44edd1529..145082fa0 100644 --- a/src/http/ngx_http.h +++ b/src/http/ngx_http.h @@ -21,8 +21,8 @@ typedef struct ngx_http_cleanup_s ngx_http_cleanup_t; #include #include -#if (NGX_OPENSSL) -#include +#if (NGX_HTTP_SSL) +#include #endif diff --git a/src/http/ngx_http_config.h b/src/http/ngx_http_config.h index 647566aab..d2fb8a9ff 100644 --- a/src/http/ngx_http_config.h +++ b/src/http/ngx_http_config.h @@ -45,8 +45,11 @@ typedef struct { #define ngx_http_conf_get_module_main_conf(cf, module) \ ((ngx_http_conf_ctx_t *) cf->ctx)->main_conf[module.ctx_index] -#define ngx_http_conf_get_module_srv_conf(cf, module) \ - ngx_http_conf_get_module_srv_conf_could_not_be_implemented() +/* + * ngx_http_conf_get_module_srv_conf() and ngx_http_conf_get_module_loc_conf() + * could not be correctly implemented because at the merge phase cf->ctx + * points to http{}'s ctx + */ #define ngx_http_cycle_get_module_main_conf(cycle, module) \ ((ngx_http_conf_ctx_t *) \ diff --git a/src/http/ngx_http_core_module.c b/src/http/ngx_http_core_module.c index dc6e8736b..911a5aaeb 100644 --- a/src/http/ngx_http_core_module.c +++ b/src/http/ngx_http_core_module.c @@ -18,7 +18,6 @@ static void *ngx_http_core_create_loc_conf(ngx_conf_t *cf); static char *ngx_http_core_merge_loc_conf(ngx_conf_t *cf, void *parent, void *child); -static ngx_int_t ngx_http_core_init_process(ngx_cycle_t *cycle); static char *ngx_server_block(ngx_conf_t *cf, ngx_command_t *cmd, void *dummy); static int ngx_cmp_locations(const void *first, const void *second); static char *ngx_location_block(ngx_conf_t *cf, ngx_command_t *cmd, @@ -304,7 +303,7 @@ ngx_module_t ngx_http_core_module = { ngx_http_core_commands, /* module directives */ NGX_HTTP_MODULE, /* module type */ NULL, /* init module */ - ngx_http_core_init_process /* init process */ + NULL /* init process */ }; @@ -822,6 +821,8 @@ int ngx_http_delay_handler(ngx_http_request_t *r) #endif +#if 0 + static ngx_int_t ngx_http_core_init_process(ngx_cycle_t *cycle) { ngx_uint_t i; @@ -853,6 +854,8 @@ static ngx_int_t ngx_http_core_init_process(ngx_cycle_t *cycle) return NGX_OK; } +#endif + static char *ngx_server_block(ngx_conf_t *cf, ngx_command_t *cmd, void *dummy) { diff --git a/src/http/ngx_http_core_module.h b/src/http/ngx_http_core_module.h index 98e020b1f..b71979b57 100644 --- a/src/http/ngx_http_core_module.h +++ b/src/http/ngx_http_core_module.h @@ -47,9 +47,6 @@ typedef struct { typedef struct { - ngx_recv_pt recv; - ngx_send_chain_pt send_chain; - /* * array of ngx_http_core_loc_conf_t, used in the translation handler * and in the merge phase diff --git a/src/http/ngx_http_request.c b/src/http/ngx_http_request.c index 302b92497..e1463bafd 100644 --- a/src/http/ngx_http_request.c +++ b/src/http/ngx_http_request.c @@ -6,6 +6,9 @@ static void ngx_http_init_request(ngx_event_t *ev); +#if (NGX_HTTP_SSL) +static void ngx_http_check_ssl_handshake(ngx_event_t *rev); +#endif static void ngx_http_process_request_line(ngx_event_t *rev); static void ngx_http_process_request_headers(ngx_event_t *rev); static ssize_t ngx_http_read_request_header(ngx_http_request_t *r); @@ -40,6 +43,7 @@ static char *client_header_errors[] = { "client %s sent HTTP/1.1 request without \"Host\" header, URL: %s", "client %s sent invalid \"Content-Length\" header, URL: %s", "client %s sent POST method without \"Content-Length\" header, URL: %s", + "client %s sent plain HTTP request to HTTPS port, URL: %s", "client %s sent invalid \"Host\" header \"%s\", URL: %s" }; @@ -232,16 +236,24 @@ static void ngx_http_init_request(ngx_event_t *rev) r->srv_conf = cscf->ctx->srv_conf; r->loc_conf = cscf->ctx->loc_conf; + rev->event_handler = ngx_http_process_request_line; + + r->recv = ngx_recv; + r->send_chain = ngx_send_chain; + #if (NGX_HTTP_SSL) - sscf = ngx_http_get_module_srv_conf(r, ngx_http_ssl_filter_module); + sscf = ngx_http_get_module_srv_conf(r, ngx_http_ssl_module); if (sscf->enable) { - if (ngx_ssl_create_session(sscf->ssl_ctx, c) == NGX_ERROR) { + if (ngx_ssl_create_session(sscf->ssl_ctx, c, NGX_SSL_BUFFER) + == NGX_ERROR) + { ngx_http_close_connection(c); return; } r->filter_need_in_memory = 1; + rev->event_handler = ngx_http_check_ssl_handshake; } #endif @@ -321,10 +333,58 @@ static void ngx_http_init_request(ngx_event_t *rev) r->http_state = NGX_HTTP_READING_REQUEST_STATE; + rev->event_handler(rev); +} + + +#if (NGX_HTTP_SSL) + +static void ngx_http_check_ssl_handshake(ngx_event_t *rev) +{ + int n; + u_char buf[1]; + ngx_connection_t *c; + ngx_http_request_t *r; + + c = rev->data; + r = c->data; + + ngx_log_debug0(NGX_LOG_DEBUG_HTTP, rev->log, 0, + "http check ssl handshake"); + + if (rev->timedout) { + ngx_http_client_error(r, 0, NGX_HTTP_REQUEST_TIME_OUT); + return; + } + + n = recv(c->fd, buf, 1, MSG_PEEK); + + if (n == -1 && ngx_socket_errno == NGX_EAGAIN) { + return; + } + + if (n == 1) { + if (buf[0] == 0x80 /* SSLv2 */ || buf[0] == 0x16 /* SSLv3/TLSv1 */) { + ngx_log_debug1(NGX_LOG_DEBUG_HTTP, rev->log, 0, + "https ssl handshake: 0x%X", buf[0]); + + r->recv = ngx_ssl_recv; + r->send_chain = ngx_ssl_send_chain; + + } else { + ngx_log_debug0(NGX_LOG_DEBUG_HTTP, rev->log, 0, + "plain http"); + + r->plain_http = 1; + } + } + rev->event_handler = ngx_http_process_request_line; ngx_http_process_request_line(rev); } +#endif + static void ngx_http_process_request_line(ngx_event_t *rev) { @@ -832,13 +892,12 @@ static ssize_t ngx_http_read_request_header(ngx_http_request_t *r) return NGX_AGAIN; } - cscf = ngx_http_get_module_srv_conf(r, ngx_http_core_module); - - n = cscf->recv(r->connection, r->header_in->last, - r->header_in->end - r->header_in->last); + n = r->recv(r->connection, r->header_in->last, + r->header_in->end - r->header_in->last); if (n == NGX_AGAIN) { if (!r->header_timeout_set) { + cscf = ngx_http_get_module_srv_conf(r, ngx_http_core_module); ngx_add_timer(rev, cscf->client_header_timeout); r->header_timeout_set = 1; } @@ -939,6 +998,10 @@ static ngx_int_t ngx_http_process_request_header(ngx_http_request_t *r) return NGX_HTTP_PARSE_POST_WO_CL_HEADER; } + if (r->plain_http) { + return NGX_HTTP_PARSE_HTTP_TO_HTTPS; + } + if (r->headers_in.connection) { if (r->headers_in.connection->value.len == 5 && ngx_strcasecmp(r->headers_in.connection->value.data, "close") @@ -1873,7 +1936,9 @@ static void ngx_http_client_error(ngx_http_request_t *r, r->connection->log->handler = NULL; if (ctx->url) { - if (client_error == NGX_HTTP_PARSE_INVALID_HOST) { + switch (client_error) { + + case NGX_HTTP_PARSE_INVALID_HOST: ngx_log_error(NGX_LOG_ERR, r->connection->log, 0, client_header_errors[client_error - NGX_HTTP_CLIENT_ERROR], ctx->client, r->headers_in.host->value.data, ctx->url); @@ -1888,7 +1953,14 @@ static void ngx_http_client_error(ngx_http_request_t *r, return; } - } else { + break; + + case NGX_HTTP_PARSE_HTTP_TO_HTTPS: + error = NGX_HTTP_TO_HTTPS; + + /* fall through */ + + default: ngx_log_error(NGX_LOG_ERR, r->connection->log, 0, client_header_errors[client_error - NGX_HTTP_CLIENT_ERROR], ctx->client, ctx->url); diff --git a/src/http/ngx_http_request.h b/src/http/ngx_http_request.h index 7abd57f80..a80e0a57d 100644 --- a/src/http/ngx_http_request.h +++ b/src/http/ngx_http_request.h @@ -31,7 +31,8 @@ #define NGX_HTTP_PARSE_NO_HOST_HEADER 16 #define NGX_HTTP_PARSE_INVALID_CL_HEADER 17 #define NGX_HTTP_PARSE_POST_WO_CL_HEADER 18 -#define NGX_HTTP_PARSE_INVALID_HOST 19 +#define NGX_HTTP_PARSE_HTTP_TO_HTTPS 19 +#define NGX_HTTP_PARSE_INVALID_HOST 20 #define NGX_HTTP_OK 200 @@ -217,6 +218,9 @@ struct ngx_http_request_s { ngx_connection_t *connection; + ngx_recv_pt recv; + ngx_send_chain_pt send_chain; + void **ctx; void **main_conf; void **srv_conf; @@ -292,6 +296,7 @@ struct ngx_http_request_s { /* can we use sendfile ? */ unsigned sendfile:1; + unsigned plain_http:1; unsigned chunked:1; unsigned header_only:1; unsigned keepalive:1; diff --git a/src/http/ngx_http_write_filter.c b/src/http/ngx_http_write_filter.c index 5d45f37e5..8b1447a44 100644 --- a/src/http/ngx_http_write_filter.c +++ b/src/http/ngx_http_write_filter.c @@ -7,6 +7,9 @@ typedef struct { ngx_chain_t *out; + + /* unsigned flush:1; */ + ngx_uint_t flush; } ngx_http_write_filter_ctx_t; @@ -42,7 +45,6 @@ ngx_int_t ngx_http_write_filter(ngx_http_request_t *r, ngx_chain_t *in) int last; off_t size, flush, sent; ngx_chain_t *cl, *ln, **ll, *chain; - ngx_http_core_srv_conf_t *cscf; ngx_http_core_loc_conf_t *clcf; ngx_http_write_filter_ctx_t *ctx; @@ -114,7 +116,7 @@ ngx_int_t ngx_http_write_filter(ngx_http_request_t *r, ngx_chain_t *in) return NGX_AGAIN; } - if (size == 0) { + if (size == 0 && !ctx->flush) { if (!last) { ngx_log_error(NGX_LOG_ALERT, r->connection->log, 0, "the http output chain is empty"); @@ -124,11 +126,8 @@ ngx_int_t ngx_http_write_filter(ngx_http_request_t *r, ngx_chain_t *in) sent = r->connection->sent; - cscf = ngx_http_get_module_srv_conf(r, ngx_http_core_module); - - chain = cscf->send_chain(r->connection, ctx->out, - clcf->limit_rate ? clcf->limit_rate: - OFF_T_MAX_VALUE); + chain = r->send_chain(r->connection, ctx->out, + clcf->limit_rate ? clcf->limit_rate: OFF_T_MAX_VALUE); ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, "http write filter %X", chain); @@ -144,6 +143,12 @@ ngx_int_t ngx_http_write_filter(ngx_http_request_t *r, ngx_chain_t *in) return NGX_ERROR; } + if (chain == NGX_CHAIN_AGAIN) { + ctx->out = NULL; + ctx->flush = 1; + return NGX_AGAIN; + } + ctx->out = chain; if (chain == NULL) { diff --git a/src/os/win32/ngx_os.h b/src/os/win32/ngx_os.h index 84b81a1c4..a9ce3ff62 100644 --- a/src/os/win32/ngx_os.h +++ b/src/os/win32/ngx_os.h @@ -21,13 +21,17 @@ #endif +typedef ssize_t (*ngx_recv_pt)(ngx_connection_t *c, u_char *buf, size_t size); +typedef ssize_t (*ngx_recv_chain_pt)(ngx_connection_t *c, ngx_chain_t *in); +typedef ssize_t (*ngx_send_pt)(ngx_connection_t *c, u_char *buf, size_t size); +typedef ngx_chain_t *(*ngx_send_chain_pt)(ngx_connection_t *c, ngx_chain_t *in, + off_t limit); typedef struct { - ssize_t (*recv)(ngx_connection_t *c, u_char *buf, size_t size); - ssize_t (*recv_chain)(ngx_connection_t *c, ngx_chain_t *in); - ssize_t (*send)(ngx_connection_t *c, u_char *buf, size_t size); - ngx_chain_t *(*send_chain)(ngx_connection_t *c, ngx_chain_t *in, - off_t limit); + ngx_recv_pt recv; + ngx_recv_chain_pt recv_chain; + ngx_send_pt send; + ngx_send_chain_pt send_chain; int flags; } ngx_os_io_t;