summaryrefslogtreecommitdiffhomepage
path: root/src/nxt_openssl.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/nxt_openssl.c')
-rw-r--r--src/nxt_openssl.c44
1 files changed, 35 insertions, 9 deletions
diff --git a/src/nxt_openssl.c b/src/nxt_openssl.c
index 441da54b..99dd2077 100644
--- a/src/nxt_openssl.c
+++ b/src/nxt_openssl.c
@@ -40,7 +40,7 @@ static void nxt_openssl_locks_free(void);
#endif
static nxt_int_t nxt_openssl_server_init(nxt_task_t *task,
nxt_tls_conf_t *conf);
-static nxt_uint_t nxt_openssl_chain_file(SSL_CTX *ctx, nxt_fd_t fd);
+static nxt_int_t nxt_openssl_chain_file(SSL_CTX *ctx, nxt_fd_t fd);
static void nxt_openssl_server_free(nxt_task_t *task, nxt_tls_conf_t *conf);
static void nxt_openssl_conn_init(nxt_task_t *task, nxt_tls_conf_t *conf,
nxt_conn_t *c);
@@ -359,14 +359,14 @@ fail:
}
-static nxt_uint_t
+static nxt_int_t
nxt_openssl_chain_file(SSL_CTX *ctx, nxt_fd_t fd)
{
BIO *bio;
X509 *cert, *ca;
long reason;
EVP_PKEY *key;
- nxt_uint_t ret;
+ nxt_int_t ret;
bio = BIO_new(BIO_s_fd());
if (bio == NULL) {
@@ -503,13 +503,19 @@ fail:
nxt_inline void
-nxt_openssl_conn_free(nxt_task_t *task, nxt_openssl_conn_t *tls)
+nxt_openssl_conn_free(nxt_task_t *task, nxt_conn_t *c)
{
+ nxt_openssl_conn_t *tls;
+
nxt_debug(task, "openssl conn free");
- nxt_free(tls->buffer.start);
+ tls = c->u.tls;
- SSL_free(tls->session);
+ if (tls != NULL) {
+ c->u.tls = NULL;
+ nxt_free(tls->buffer.start);
+ SSL_free(tls->session);
+ }
}
@@ -526,9 +532,20 @@ nxt_openssl_conn_handshake(nxt_task_t *task, void *obj, void *data)
const nxt_conn_state_t *state;
c = obj;
+
+ nxt_debug(task, "openssl conn handshake fd:%d", c->socket.fd);
+
+ if (c->socket.error != 0) {
+ return;
+ }
+
tls = c->u.tls;
- nxt_debug(task, "openssl conn handshake: %d", tls->times);
+ if (tls == NULL) {
+ return;
+ }
+
+ nxt_debug(task, "openssl conn handshake: %d times", tls->times);
/* "tls->times == 1" is suitable to run SSL_do_handshake() in job. */
@@ -715,10 +732,19 @@ nxt_openssl_conn_io_shutdown(nxt_task_t *task, void *obj, void *data)
c = obj;
- nxt_debug(task, "openssl conn shutdown");
+ nxt_debug(task, "openssl conn shutdown fd:%d", c->socket.fd);
+
+ if (c->socket.error != 0) {
+ return;
+ }
c->read_state = NULL;
tls = c->u.tls;
+
+ if (tls == NULL) {
+ return;
+ }
+
s = tls->session;
if (s == NULL || !tls->handshake) {
@@ -807,7 +833,7 @@ nxt_openssl_conn_io_shutdown(nxt_task_t *task, void *obj, void *data)
done:
- nxt_openssl_conn_free(task, tls);
+ nxt_openssl_conn_free(task, c);
nxt_work_queue_add(c->write_work_queue, handler, task, c, data);
}