always use buffer, if connection is buffered,
this fixes OpenSSL "bad write retry" error, when
*) nginx passed a single buf greater than our buffer (say 32K) to OpenSSL,
*) OpenSSL returns SSL_ERROR_WANT_WRITE,
*) after some time nginx has to send a new data,
*) so there are at least two bufs nginx does pass them directly to OpenSSL,
*) but copies the first buf part to buffer, and sends the buffer to OpenSSL.
*) because the data length is lesser than it was in previous SSL_write():
16K < 32K, OpenSSL returns SSL_R_BAD_WRITE_RETRY.
Igor Sysoev
13 years ago
| 187 | 187 | SSL_CTX_set_options(ssl->ctx, ngx_ssl_protocols[protocols >> 1]); |
| 188 | 188 | } |
| 189 | 189 | |
| 190 | /* | |
| 191 | * we need this option because in ngx_ssl_send_chain() | |
| 192 | * we may switch to a buffered write and may copy leftover part of | |
| 193 | * previously unbuffered data to our internal buffer | |
| 194 | */ | |
| 195 | SSL_CTX_set_mode(ssl->ctx, SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER); | |
| 196 | ||
| 197 | 190 | SSL_CTX_set_read_ahead(ssl->ctx, 1); |
| 198 | 191 | |
| 199 | 192 | return NGX_OK; |
| 859 | 852 | ssize_t send, size; |
| 860 | 853 | ngx_buf_t *buf; |
| 861 | 854 | |
| 862 | if (!c->ssl->buffer | |
| 863 | || (in && in->next == NULL && !(c->buffered & NGX_SSL_BUFFERED))) | |
| 864 | { | |
| 865 | /* | |
| 866 | * we avoid a buffer copy if | |
| 867 | * we do not need to buffer the output | |
| 868 | * or the incoming buf is a single and our buffer is empty | |
| 869 | */ | |
| 855 | if (!c->ssl->buffer) { | |
| 870 | 856 | |
| 871 | 857 | while (in) { |
| 872 | 858 | if (ngx_buf_special(in->buf)) { |