Hello!

On Thu, Jun 18, 2015 at 03:39:27AM -0700, Piotr Sikora wrote:

> # HG changeset patch
> # User Piotr Sikora <piotr@cloudflare.com>
> # Date 1434623800 25200
> # Thu Jun 18 03:36:40 2015 -0700
> # Node ID cda1075a9536257e510b452df084e4cc396ab25d
> # Parent c3ec43580a48114dfd28186f43e773fcfe211337
> SSL: mark connections as non-reusable before SSL handshake.
>
> Previously, connections were marked as non-reusable after SSL handshake
> returned NGX_AGAIN. This meant that SSL callbacks that were using nginx
> connections could drain the connection on which SSL handshake was being
> performed on.
>
> Signed-off-by: Piotr Sikora <piotr@cloudflare.com>
>
> diff -r c3ec43580a48 -r cda1075a9536 src/http/ngx_http_request.c
> --- a/src/http/ngx_http_request.c Wed Jun 17 17:57:34 2015 +0300
> +++ b/src/http/ngx_http_request.c Thu Jun 18 03:36:40 2015 -0700
> @@ -715,6 +715,8 @@ ngx_http_ssl_handshake(ngx_event_t *rev)
> return;
> }
>
> + ngx_reusable_connection(c, 0);
> +
> rc = ngx_ssl_handshake(c);
>
> if (rc == NGX_AGAIN) {
> @@ -723,8 +725,6 @@ ngx_http_ssl_handshake(ngx_event_t *rev)
> ngx_add_timer(rev, c->listening->post_accept_timeout);
> }
>
> - ngx_reusable_connection(c, 0);
> -
> c->ssl->handler = ngx_http_ssl_handshake_handler;
> return;
> }

As far as I understand, this change isn't useable with an
unmodified nginx (and introduces some minor pessimization in an
unlikely case when first ngx_ssl_handshake() will not return
NGX_AGAIN).

--
Maxim Dounin
http://nginx.org/

_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel