diff options
Diffstat (limited to 'src/nxt_openssl.c')
-rw-r--r-- | src/nxt_openssl.c | 44 |
1 files changed, 35 insertions, 9 deletions
diff --git a/src/nxt_openssl.c b/src/nxt_openssl.c index 441da54b..99dd2077 100644 --- a/src/nxt_openssl.c +++ b/src/nxt_openssl.c @@ -40,7 +40,7 @@ static void nxt_openssl_locks_free(void); #endif static nxt_int_t nxt_openssl_server_init(nxt_task_t *task, nxt_tls_conf_t *conf); -static nxt_uint_t nxt_openssl_chain_file(SSL_CTX *ctx, nxt_fd_t fd); +static nxt_int_t nxt_openssl_chain_file(SSL_CTX *ctx, nxt_fd_t fd); static void nxt_openssl_server_free(nxt_task_t *task, nxt_tls_conf_t *conf); static void nxt_openssl_conn_init(nxt_task_t *task, nxt_tls_conf_t *conf, nxt_conn_t *c); @@ -359,14 +359,14 @@ fail: } -static nxt_uint_t +static nxt_int_t nxt_openssl_chain_file(SSL_CTX *ctx, nxt_fd_t fd) { BIO *bio; X509 *cert, *ca; long reason; EVP_PKEY *key; - nxt_uint_t ret; + nxt_int_t ret; bio = BIO_new(BIO_s_fd()); if (bio == NULL) { @@ -503,13 +503,19 @@ fail: nxt_inline void -nxt_openssl_conn_free(nxt_task_t *task, nxt_openssl_conn_t *tls) +nxt_openssl_conn_free(nxt_task_t *task, nxt_conn_t *c) { + nxt_openssl_conn_t *tls; + nxt_debug(task, "openssl conn free"); - nxt_free(tls->buffer.start); + tls = c->u.tls; - SSL_free(tls->session); + if (tls != NULL) { + c->u.tls = NULL; + nxt_free(tls->buffer.start); + SSL_free(tls->session); + } } @@ -526,9 +532,20 @@ nxt_openssl_conn_handshake(nxt_task_t *task, void *obj, void *data) const nxt_conn_state_t *state; c = obj; + + nxt_debug(task, "openssl conn handshake fd:%d", c->socket.fd); + + if (c->socket.error != 0) { + return; + } + tls = c->u.tls; - nxt_debug(task, "openssl conn handshake: %d", tls->times); + if (tls == NULL) { + return; + } + + nxt_debug(task, "openssl conn handshake: %d times", tls->times); /* "tls->times == 1" is suitable to run SSL_do_handshake() in job. */ @@ -715,10 +732,19 @@ nxt_openssl_conn_io_shutdown(nxt_task_t *task, void *obj, void *data) c = obj; - nxt_debug(task, "openssl conn shutdown"); + nxt_debug(task, "openssl conn shutdown fd:%d", c->socket.fd); + + if (c->socket.error != 0) { + return; + } c->read_state = NULL; tls = c->u.tls; + + if (tls == NULL) { + return; + } + s = tls->session; if (s == NULL || !tls->handshake) { @@ -807,7 +833,7 @@ nxt_openssl_conn_io_shutdown(nxt_task_t *task, void *obj, void *data) done: - nxt_openssl_conn_free(task, tls); + nxt_openssl_conn_free(task, c); nxt_work_queue_add(c->write_work_queue, handler, task, c, data); } |