Hey Maxim,

> As far as I understand, this change isn't useable with an
> unmodified nginx

It is, since nginx modules are free to install those SSL callbacks
(for example: ngx_lua's ssl_certificate_by_lua).

> (and introduces some minor pessimization in an
> unlikely case when first ngx_ssl_handshake() will not return
> NGX_AGAIN).

Since SSL/TLS handshake requires at least 1 RTT (even in case of
session resumption), the only case in which ngx_ssl_handshake()
wouldn't return NGX_AGAIN is when the handshake failed based on
ClientHello (no shared ciphers, inappropriate fallback, etc.), in
which case the connection will be closed and
ngx_reusable_connection(c, 0) will be called from
ngx_close_connection() anyway.

Calling ngx_reusable_connection(c, 0) twice is basically a no-op, so I
don't really consider this a pessimization.

Best regards,
Piotr Sikora

_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel