> On 27 Sep 2021, at 17:18, Maxim Dounin <mdounin@mdounin.ru> wrote:
>
> # HG changeset patch
> # User Maxim Dounin <mdounin@mdounin.ru>
> # Date 1632717779 -10800
> # Mon Sep 27 07:42:59 2021 +0300
> # Node ID ff514bf17f7f2257dcf036c5c973b74672cefa9a
> # Parent 8f0fd60c33c106fba5f1ce3cafe990f15fcccc0c
> SSL: SSL_sendfile() support with kernel TLS.
>
> Requires OpenSSL 3.0 compiled with "enable-ktls" option. Further, KTLS
> needs to be enabled in kernel, and in OpenSSL, either via OpenSSL
> configuration file or with "ssl_conf_command Options KTLS;" in nginx
> configuration.
>
> On FreeBSD, kernel TLS is available starting with FreeBSD 13.0, and
> can be enabled with "sysctl kern.ipc.tls.enable=1" and "kldload ktls_ocf".
>
> On Linux, kernel TLS is available starting with kernel 4.13 (at least 5.2
> is recommended), and needs kernel compiled with CONFIG_TLS=y (with
> CONFIG_TLS=m, which is used at least on Ubuntu 21.04 by default,
> the tls module needs to be loaded with "modprobe tls").
>
> diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c
[..]
> @@ -2882,6 +2937,150 @@ ngx_ssl_write_early(ngx_connection_t *c,
> #endif
>
>
> +static ssize_t
> +ngx_ssl_sendfile(ngx_connection_t *c, ngx_buf_t *file, size_t size)
> +{
> +#ifdef BIO_get_ktls_send
> +
> + int sslerr;
> + ssize_t n;
> + ngx_err_t err;
> +
> + ngx_ssl_clear_error(c->log);
> +
> + ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0,
> + "SSL to sendfile: @%O %uz",
> + file->file_pos, size);
> +
> + ngx_set_errno(0);
> +
> + n = SSL_sendfile(c->ssl->connection, file->file->fd, file->file_pos,
> + size, 0);
> +
> + ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL_sendfile: %d", n);
> +
Hello,
looks like a wrong format specifier slipped through review.
Patch to address this:
# HG changeset patch
# User Sergey Kandaurov <pluknet@nginx.com>
# Date 1669241969 -14400
# Thu Nov 24 02:19:29 2022 +0400
# Node ID 66ad8bd4b9e4347bda8fe64423632ded19093db2
# Parent 75bfb3a97ca3d6292fb7877b89bb46720c15da80
SSL: fixed debug logging of SSL_sendfile() return value.
diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c
--- a/src/event/ngx_event_openssl.c
+++ b/src/event/ngx_event_openssl.c
@@ -3020,7 +3020,7 @@ ngx_ssl_sendfile(ngx_connection_t *c, ng
n = SSL_sendfile(c->ssl->connection, file->file->fd, file->file_pos,
size, flags);
- ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL_sendfile: %d", n);
+ ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL_sendfile: %z", n);
if (n > 0) {
> [..]
--
Sergey Kandaurov
_______________________________________________
nginx-devel mailing list -- nginx-devel@nginx.org
To unsubscribe send an email to nginx-devel-leave@nginx.org
