diff options
Diffstat (limited to 'src/network_openssl.c')
| -rw-r--r-- | src/network_openssl.c | 136 |
1 files changed, 58 insertions, 78 deletions
diff --git a/src/network_openssl.c b/src/network_openssl.c index 7bed710..b6a1b2f 100644 --- a/src/network_openssl.c +++ b/src/network_openssl.c @@ -1,12 +1,6 @@ #include "network_backends.h" #ifdef USE_OPENSSL - -#include "network.h" -#include "fdevent.h" -#include "log.h" -#include "stat_cache.h" - #include <sys/types.h> #include <sys/socket.h> #include <sys/stat.h> @@ -24,16 +18,22 @@ #include <stdlib.h> #include <assert.h> -# include <openssl/ssl.h> -# include <openssl/err.h> +#include "network.h" +#include "fdevent.h" +#include "log.h" +#include "stat_cache.h" + +# include <openssl/ssl.h> +# include <openssl/err.h> -int network_write_chunkqueue_openssl(server *srv, connection *con, SSL *ssl, chunkqueue *cq, off_t max_bytes) { +int network_write_chunkqueue_openssl(server *srv, connection *con, SSL *ssl, chunkqueue *cq) { int ssl_r; chunk *c; + size_t chunks_written = 0; /* this is a 64k sendbuffer * - * it has to stay at the same location all the time to satisfy the needs + * it has to stay at the same location all the time to satisfy the needs * of SSL_write to pass the SAME parameter in case of a _WANT_WRITE * * the buffer is allocated once, is NOT realloced and is NOT freed at shutdown @@ -43,14 +43,14 @@ int network_write_chunkqueue_openssl(server *srv, connection *con, SSL *ssl, chu * In reality we would like to use mmap() but we don't have a guarantee that * we get the same mmap() address for each call. On openbsd the mmap() address * even randomized. - * That means either we keep the mmap() open or we do a read() into a - * constant buffer + * That means either we keep the mmap() open or we do a read() into a + * constant buffer * */ #define LOCAL_SEND_BUFSIZE (64 * 1024) static char *local_send_buffer = NULL; /* the remote side closed the connection before without shutdown request - * - IE + * - IE * - wget * if keep-alive is disabled */ @@ -58,43 +58,34 @@ int network_write_chunkqueue_openssl(server *srv, connection *con, SSL *ssl, chu SSL_set_shutdown(ssl, SSL_RECEIVED_SHUTDOWN); } - for(c = cq->first; (max_bytes > 0) && (NULL != c); c = c->next) { + for(c = cq->first; c; c = c->next) { int chunk_finished = 0; - + switch(c->type) { case MEM_CHUNK: { char * offset; - off_t toSend; + size_t toSend; ssize_t r; - - if (c->mem->used == 0 || c->mem->used == 1) { + + if (c->mem->used == 0) { chunk_finished = 1; break; } - + offset = c->mem->ptr + c->offset; toSend = c->mem->used - 1 - c->offset; - if (toSend > max_bytes) toSend = max_bytes; - + /** * SSL_write man-page - * + * * WARNING * When an SSL_write() operation has to be repeated because of * SSL_ERROR_WANT_READ or SSL_ERROR_WANT_WRITE, it must be * repeated with the same arguments. - * + * */ - - ERR_clear_error(); - r = SSL_write(ssl, offset, toSend); - - if (con->renegotiations > 1 && con->conf.ssl_disable_client_renegotiation) { - log_error_write(srv, __FILE__, __LINE__, "s", "SSL: renegotiation initiated by client"); - return -1; - } - - if (r <= 0) { + + if ((r = SSL_write(ssl, offset, toSend)) <= 0) { unsigned long err; switch ((ssl_r = SSL_get_error(ssl, r))) { @@ -104,7 +95,7 @@ int network_write_chunkqueue_openssl(server *srv, connection *con, SSL *ssl, chu /* perhaps we have error waiting in our error-queue */ if (0 != (err = ERR_get_error())) { do { - log_error_write(srv, __FILE__, __LINE__, "sdds", "SSL:", + log_error_write(srv, __FILE__, __LINE__, "sdds", "SSL:", ssl_r, r, ERR_error_string(err, NULL)); } while((err = ERR_get_error())); @@ -112,47 +103,45 @@ int network_write_chunkqueue_openssl(server *srv, connection *con, SSL *ssl, chu /* no, but we have errno */ switch(errno) { case EPIPE: - case ECONNRESET: return -2; default: - log_error_write(srv, __FILE__, __LINE__, "sddds", "SSL:", + log_error_write(srv, __FILE__, __LINE__, "sddds", "SSL:", ssl_r, r, errno, strerror(errno)); break; } } else { /* neither error-queue nor errno ? */ - log_error_write(srv, __FILE__, __LINE__, "sddds", "SSL (error):", + log_error_write(srv, __FILE__, __LINE__, "sddds", "SSL (error):", ssl_r, r, errno, strerror(errno)); } - + return -1; case SSL_ERROR_ZERO_RETURN: /* clean shutdown on the remote side */ - + if (r == 0) return -2; - + /* fall through */ default: while((err = ERR_get_error())) { - log_error_write(srv, __FILE__, __LINE__, "sdds", "SSL:", + log_error_write(srv, __FILE__, __LINE__, "sdds", "SSL:", ssl_r, r, ERR_error_string(err, NULL)); } - + return -1; } } else { c->offset += r; cq->bytes_out += r; - max_bytes -= r; } - + if (c->offset == (off_t)c->mem->used - 1) { chunk_finished = 1; } - + break; } case FILE_CHUNK: { @@ -161,7 +150,7 @@ int network_write_chunkqueue_openssl(server *srv, connection *con, SSL *ssl, chu stat_cache_entry *sce = NULL; int ifd; int write_wait = 0; - + if (HANDLER_ERROR == stat_cache_get_entry(srv, con, c->file.name, &sce)) { log_error_write(srv, __FILE__, __LINE__, "sb", strerror(errno), c->file.name); @@ -175,14 +164,13 @@ int network_write_chunkqueue_openssl(server *srv, connection *con, SSL *ssl, chu do { off_t offset = c->file.start + c->offset; - off_t toSend = c->file.length - c->offset; - if (toSend > max_bytes) toSend = max_bytes; + off_t toSend = c->file.length - c->offset; if (toSend > LOCAL_SEND_BUFSIZE) toSend = LOCAL_SEND_BUFSIZE; - + if (-1 == (ifd = open(c->file.name->ptr, O_RDONLY))) { log_error_write(srv, __FILE__, __LINE__, "ss", "open failed:", strerror(errno)); - + return -1; } @@ -195,18 +183,10 @@ int network_write_chunkqueue_openssl(server *srv, connection *con, SSL *ssl, chu } s = local_send_buffer; - + close(ifd); - - ERR_clear_error(); - r = SSL_write(ssl, s, toSend); - - if (con->renegotiations > 1 && con->conf.ssl_disable_client_renegotiation) { - log_error_write(srv, __FILE__, __LINE__, "s", "SSL: renegotiation initiated by client"); - return -1; - } - - if (r <= 0) { + + if ((r = SSL_write(ssl, s, toSend)) <= 0) { unsigned long err; switch ((ssl_r = SSL_get_error(ssl, r))) { @@ -217,7 +197,7 @@ int network_write_chunkqueue_openssl(server *srv, connection *con, SSL *ssl, chu /* perhaps we have error waiting in our error-queue */ if (0 != (err = ERR_get_error())) { do { - log_error_write(srv, __FILE__, __LINE__, "sdds", "SSL:", + log_error_write(srv, __FILE__, __LINE__, "sdds", "SSL:", ssl_r, r, ERR_error_string(err, NULL)); } while((err = ERR_get_error())); @@ -225,64 +205,64 @@ int network_write_chunkqueue_openssl(server *srv, connection *con, SSL *ssl, chu /* no, but we have errno */ switch(errno) { case EPIPE: - case ECONNRESET: return -2; default: - log_error_write(srv, __FILE__, __LINE__, "sddds", "SSL:", + log_error_write(srv, __FILE__, __LINE__, "sddds", "SSL:", ssl_r, r, errno, strerror(errno)); break; } } else { /* neither error-queue nor errno ? */ - log_error_write(srv, __FILE__, __LINE__, "sddds", "SSL (error):", + log_error_write(srv, __FILE__, __LINE__, "sddds", "SSL (error):", ssl_r, r, errno, strerror(errno)); } - + return -1; case SSL_ERROR_ZERO_RETURN: /* clean shutdown on the remote side */ - + if (r == 0) return -2; - + /* fall thourgh */ default: while((err = ERR_get_error())) { - log_error_write(srv, __FILE__, __LINE__, "sdds", "SSL:", + log_error_write(srv, __FILE__, __LINE__, "sdds", "SSL:", ssl_r, r, ERR_error_string(err, NULL)); } - + return -1; } } else { c->offset += r; cq->bytes_out += r; - max_bytes -= r; } - + if (c->offset == c->file.length) { chunk_finished = 1; } - } while (!chunk_finished && !write_wait && max_bytes > 0); - + } while(!chunk_finished && !write_wait); + break; } default: log_error_write(srv, __FILE__, __LINE__, "s", "type not known"); - + return -1; } - + if (!chunk_finished) { /* not finished yet */ - + break; } + + chunks_written++; } - return 0; + return chunks_written; } #endif |