Klaus Demo nginx / a862c46
always use buffer, if connection is buffered, this fixes OpenSSL "bad write retry" error, when *) nginx passed a single buf greater than our buffer (say 32K) to OpenSSL, *) OpenSSL returns SSL_ERROR_WANT_WRITE, *) after some time nginx has to send a new data, *) so there are at least two bufs nginx does pass them directly to OpenSSL, *) but copies the first buf part to buffer, and sends the buffer to OpenSSL. *) because the data length is lesser than it was in previous SSL_write(): 16K < 32K, OpenSSL returns SSL_R_BAD_WRITE_RETRY. Igor Sysoev 13 years ago
1 changed file(s) with 1 addition(s) and 15 deletion(s). Raw diff Collapse all Expand all
187187 SSL_CTX_set_options(ssl->ctx, ngx_ssl_protocols[protocols >> 1]);
188188 }
189189
190 /*
191 * we need this option because in ngx_ssl_send_chain()
192 * we may switch to a buffered write and may copy leftover part of
193 * previously unbuffered data to our internal buffer
194 */
195 SSL_CTX_set_mode(ssl->ctx, SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER);
196
197190 SSL_CTX_set_read_ahead(ssl->ctx, 1);
198191
199192 return NGX_OK;
859852 ssize_t send, size;
860853 ngx_buf_t *buf;
861854
862 if (!c->ssl->buffer
863 || (in && in->next == NULL && !(c->buffered & NGX_SSL_BUFFERED)))
864 {
865 /*
866 * we avoid a buffer copy if
867 * we do not need to buffer the output
868 * or the incoming buf is a single and our buffer is empty
869 */
855 if (!c->ssl->buffer) {
870856
871857 while (in) {
872858 if (ngx_buf_special(in->buf)) {