From ff9bed64da495b6c234bcfa4dcf18932730e58e7 Mon Sep 17 00:00:00 2001 From: Valentin Bartenev Date: Tue, 13 Nov 2018 18:43:39 +0300 Subject: Fixed nxt_openssl_chain_file() return type. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This closes #182 issue on GitHub. Thanks to 洪志道 (Hong Zhi Dao). --- src/nxt_openssl.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'src/nxt_openssl.c') diff --git a/src/nxt_openssl.c b/src/nxt_openssl.c index 441da54b..401de2de 100644 --- a/src/nxt_openssl.c +++ b/src/nxt_openssl.c @@ -40,7 +40,7 @@ static void nxt_openssl_locks_free(void); #endif static nxt_int_t nxt_openssl_server_init(nxt_task_t *task, nxt_tls_conf_t *conf); -static nxt_uint_t nxt_openssl_chain_file(SSL_CTX *ctx, nxt_fd_t fd); +static nxt_int_t nxt_openssl_chain_file(SSL_CTX *ctx, nxt_fd_t fd); static void nxt_openssl_server_free(nxt_task_t *task, nxt_tls_conf_t *conf); static void nxt_openssl_conn_init(nxt_task_t *task, nxt_tls_conf_t *conf, nxt_conn_t *c); @@ -359,14 +359,14 @@ fail: } -static nxt_uint_t +static nxt_int_t nxt_openssl_chain_file(SSL_CTX *ctx, nxt_fd_t fd) { BIO *bio; X509 *cert, *ca; long reason; EVP_PKEY *key; - nxt_uint_t ret; + nxt_int_t ret; bio = BIO_new(BIO_s_fd()); if (bio == NULL) { -- cgit From 92ddc15a84d50306b3d1e22387dd0373994968af Mon Sep 17 00:00:00 2001 From: Igor Sysoev Date: Tue, 13 Nov 2018 19:04:48 +0300 Subject: Checking error states in I/O handlers. --- src/nxt_openssl.c | 38 ++++++++++++++++++++++++++++++++------ 1 file changed, 32 insertions(+), 6 deletions(-) (limited to 'src/nxt_openssl.c') diff --git a/src/nxt_openssl.c b/src/nxt_openssl.c index 401de2de..99dd2077 100644 --- a/src/nxt_openssl.c +++ b/src/nxt_openssl.c @@ -503,13 +503,19 @@ fail: nxt_inline void -nxt_openssl_conn_free(nxt_task_t *task, nxt_openssl_conn_t *tls) +nxt_openssl_conn_free(nxt_task_t *task, nxt_conn_t *c) { + nxt_openssl_conn_t *tls; + nxt_debug(task, "openssl conn free"); - nxt_free(tls->buffer.start); + tls = c->u.tls; - SSL_free(tls->session); + if (tls != NULL) { + c->u.tls = NULL; + nxt_free(tls->buffer.start); + SSL_free(tls->session); + } } @@ -526,9 +532,20 @@ nxt_openssl_conn_handshake(nxt_task_t *task, void *obj, void *data) const nxt_conn_state_t *state; c = obj; + + nxt_debug(task, "openssl conn handshake fd:%d", c->socket.fd); + + if (c->socket.error != 0) { + return; + } + tls = c->u.tls; - nxt_debug(task, "openssl conn handshake: %d", tls->times); + if (tls == NULL) { + return; + } + + nxt_debug(task, "openssl conn handshake: %d times", tls->times); /* "tls->times == 1" is suitable to run SSL_do_handshake() in job. */ @@ -715,10 +732,19 @@ nxt_openssl_conn_io_shutdown(nxt_task_t *task, void *obj, void *data) c = obj; - nxt_debug(task, "openssl conn shutdown"); + nxt_debug(task, "openssl conn shutdown fd:%d", c->socket.fd); + + if (c->socket.error != 0) { + return; + } c->read_state = NULL; tls = c->u.tls; + + if (tls == NULL) { + return; + } + s = tls->session; if (s == NULL || !tls->handshake) { @@ -807,7 +833,7 @@ nxt_openssl_conn_io_shutdown(nxt_task_t *task, void *obj, void *data) done: - nxt_openssl_conn_free(task, tls); + nxt_openssl_conn_free(task, c); nxt_work_queue_add(c->write_work_queue, handler, task, c, data); } -- cgit