bugfix: support yielding in 'certificate_by_lua_*' when 'ssl_early_data' is on.

Signed-off-by: Thibault Charbonnier <thibaultcha@me.com>
pull/514/head
spacewander 5 years ago committed by Thibault Charbonnier
parent 2e480157a3
commit 34918a30c3

@ -14,9 +14,9 @@ Here we added support for such usage in NGINX 3rd-party modules
connections. connections.
diff -r 78b4e10b4367 -r 449f0461859c src/event/ngx_event_openssl.c diff -r 78b4e10b4367 -r 449f0461859c src/event/ngx_event_openssl.c
--- a/src/event/ngx_event_openssl.c Thu Dec 17 16:39:15 2015 +0300 --- a/src/event/ngx_event_openssl.c Thu Dec 17 16:39:15 2015 +0300
+++ b/src/event/ngx_event_openssl.c Sat Jan 02 11:14:44 2016 -0800 +++ b/src/event/ngx_event_openssl.c Sat Jan 02 11:14:44 2016 -0800
@@ -1210,6 +1210,23 @@ @@ -1445,6 +1445,23 @@ ngx_ssl_handshake(ngx_connection_t *c)
return NGX_AGAIN; return NGX_AGAIN;
} }
@ -39,4 +39,26 @@ diff -r 78b4e10b4367 -r 449f0461859c src/event/ngx_event_openssl.c
+ +
err = (sslerr == SSL_ERROR_SYSCALL) ? ngx_errno : 0; err = (sslerr == SSL_ERROR_SYSCALL) ? ngx_errno : 0;
c->ssl->no_wait_shutdown = 1;
@@ -1558,6 +1575,21 @@ ngx_ssl_try_early_data(ngx_connection_t *c)
return NGX_AGAIN;
}
+ if (sslerr == SSL_ERROR_WANT_X509_LOOKUP) {
+ c->read->handler = ngx_ssl_handshake_handler;
+ c->write->handler = ngx_ssl_handshake_handler;
+
+ if (ngx_handle_read_event(c->read, 0) != NGX_OK) {
+ return NGX_ERROR;
+ }
+
+ if (ngx_handle_write_event(c->write, 0) != NGX_OK) {
+ return NGX_ERROR;
+ }
+
+ return NGX_AGAIN;
+ }
+
err = (sslerr == SSL_ERROR_SYSCALL) ? ngx_errno : 0;
c->ssl->no_wait_shutdown = 1; c->ssl->no_wait_shutdown = 1;

Loading…
Cancel
Save