Welcome! Log In Create A New Profile

Advanced

[nginx] SSL: set events ready flags after handshake.

Maxim Dounin
November 16, 2021 09:52AM
details: https://hg.nginx.org/nginx/rev/9b72da2b5b57
branches: stable-1.20
changeset: 7958:9b72da2b5b57
user: Maxim Dounin <mdounin@mdounin.ru>
date: Tue Aug 03 20:50:30 2021 +0300
description:
SSL: set events ready flags after handshake.

The c->read->ready and c->write->ready flags might be reset during
the handshake, and not set again if the handshake was finished on
the other event. At the same time, some data might be read from
the socket during the handshake, so missing c->read->ready flag might
result in a connection hang, for example, when waiting for an SMTP
greeting (which was already received during the handshake).

Found by Sergey Kandaurov.

diffstat:

src/event/ngx_event_openssl.c | 6 ++++++
1 files changed, 6 insertions(+), 0 deletions(-)

diffs (23 lines):

diff -r f5732fa038ad -r 9b72da2b5b57 src/event/ngx_event_openssl.c
--- a/src/event/ngx_event_openssl.c Thu Jun 17 11:43:55 2021 +0300
+++ b/src/event/ngx_event_openssl.c Tue Aug 03 20:50:30 2021 +0300
@@ -1740,6 +1740,9 @@ ngx_ssl_handshake(ngx_connection_t *c)
c->recv_chain = ngx_ssl_recv_chain;
c->send_chain = ngx_ssl_send_chain;

+ c->read->ready = 1;
+ c->write->ready = 1;
+
#ifndef SSL_OP_NO_RENEGOTIATION
#if OPENSSL_VERSION_NUMBER < 0x10100000L
#ifdef SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS
@@ -1885,6 +1888,9 @@ ngx_ssl_try_early_data(ngx_connection_t
c->recv_chain = ngx_ssl_recv_chain;
c->send_chain = ngx_ssl_send_chain;

+ c->read->ready = 1;
+ c->write->ready = 1;
+
rc = ngx_ssl_ocsp_validate(c);

if (rc == NGX_ERROR) {
_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel
Subject Author Views Posted

[nginx] SSL: set events ready flags after handshake.

Maxim Dounin 66 November 16, 2021 09:52AM



Sorry, you do not have permission to post/reply in this forum.

Online Users

Guests: 69
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready