static void
ngx_stream_ssl_init_connection(ngx_ssl_t *ssl, ngx_connection_t *c)
{
ngx_stream_session_t *s;
ngx_stream_ssl_conf_t *sslcf;
if (ngx_ssl_create_connection(ssl, c, 0) == NGX_ERROR) {
ngx_stream_close_connection(c);
return;
}
if (ngx_ssl_handshake(c) == NGX_AGAIN) {
s = c->data;
sslcf = ngx_stream_get_module_srv_conf(s, ngx_stream_ssl_module);
ngx_add_timer(c->read, sslcf->handshake_timeout, NGX_FUNC_LINE);
c->ssl->handler = ngx_stream_ssl_handshake_handler;
return;
}
ngx_stream_ssl_handshake_handler(c);
}
static void
ngx_mail_ssl_init_connection(ngx_ssl_t *ssl, ngx_connection_t *c)
{
ngx_mail_session_t *s;
ngx_mail_core_srv_conf_t *cscf;
if (ngx_ssl_create_connection(ssl, c, 0) == NGX_ERROR) {
ngx_mail_close_connection(c);
return;
}
if (ngx_ssl_handshake(c) == NGX_AGAIN) {
s = c->data;
cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module);
ngx_add_timer(c->read, cscf->timeout);
c->ssl->handler = ngx_mail_ssl_handshake_handler;
return;
}
ngx_mail_ssl_handshake_handler(c);
}
static ngx_int_t
ngx_stream_ssl_init_connection(ngx_ssl_t *ssl, ngx_connection_t *c)
{
ngx_int_t rc;
ngx_stream_session_t *s;
ngx_stream_ssl_conf_t *sslcf;
s = c->data;
if (ngx_ssl_create_connection(ssl, c, 0) == NGX_ERROR) {
return NGX_ERROR;
}
rc = ngx_ssl_handshake(c);
if (rc == NGX_ERROR) {
return NGX_ERROR;
}
if (rc == NGX_AGAIN) {
sslcf = ngx_stream_get_module_srv_conf(s, ngx_stream_ssl_module);
ngx_add_timer(c->read, sslcf->handshake_timeout);
c->ssl->handler = ngx_stream_ssl_handshake_handler;
return NGX_AGAIN;
}
/* rc == NGX_OK */
return NGX_OK;
}
static void
ngx_stream_proxy_ssl_init_connection(ngx_stream_session_t *s)
{
ngx_int_t rc;
ngx_connection_t *pc;
ngx_stream_upstream_t *u;
ngx_stream_proxy_srv_conf_t *pscf;
u = s->upstream;
pc = u->peer.connection;
pscf = ngx_stream_get_module_srv_conf(s, ngx_stream_proxy_module);
if (ngx_ssl_create_connection(pscf->ssl, pc, NGX_SSL_BUFFER|NGX_SSL_CLIENT)
!= NGX_OK)
{
ngx_stream_proxy_finalize(s, NGX_ERROR);
return;
}
if (pscf->ssl_server_name || pscf->ssl_verify) {
if (ngx_stream_proxy_ssl_name(s) != NGX_OK) {
ngx_stream_proxy_finalize(s, NGX_ERROR);
return;
}
}
if (pscf->ssl_session_reuse) {
if (u->peer.set_session(&u->peer, u->peer.data) != NGX_OK) {
ngx_stream_proxy_finalize(s, NGX_ERROR);
return;
}
}
s->connection->log->action = "SSL handshaking to upstream";
rc = ngx_ssl_handshake(pc);
if (rc == NGX_AGAIN) {
if (!pc->write->timer_set) {
ngx_add_timer(pc->write, pscf->connect_timeout);
}
pc->ssl->handler = ngx_stream_proxy_ssl_handshake;
return;
}
ngx_stream_proxy_ssl_handshake(pc);
}
static void
ngx_rtmp_ssl_handshake_handler(ngx_connection_t *c)
{
ngx_rtmp_session_t *s;
ngx_event_t *rev;
ngx_int_t rc;
s = c->data;
if (c->ssl->handshaked) {
ngx_rtmp_handshake(s);
return;
}
if (c->read->timedout) {
ngx_log_error(NGX_LOG_INFO, c->log, NGX_ETIMEDOUT, "SSL handshake timed out");
ngx_rtmp_finalize_session(s);
return;
}
if (c->read->error || c->write->error || c->error) {
ngx_log_error(NGX_LOG_INFO, c->log, 0, "SSL handshake failed: c%d w%d r%d",
c->error, c->write->error, c->read->error);
ngx_rtmp_finalize_session(s);
return;
}
rc = ngx_ssl_handshake(c);
if (rc == NGX_AGAIN) {
rev = c->read;
if (!rev->timer_set) {
ngx_add_timer(rev, s->timeout);
}
c->ssl->handler = ngx_rtmp_ssl_handshake_handler;
return;
}
if (rc == NGX_OK) {
ngx_rtmp_handshake(s);
return;
}
ngx_rtmp_finalize_session(s);
return;
}
static void
ngx_ssl_handshake_handler(ngx_event_t *ev)
{
ngx_connection_t *c;
c = ev->data;
ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0,
"SSL handshake handler: %d", ev->write);
if (ev->timedout) {
c->ssl->handler(c);
return;
}
if (ngx_ssl_handshake(c) == NGX_AGAIN) {
return;
}
c->ssl->handler(c);
}
void
ngx_mail_ssl_init_connection(ngx_ssl_t *ssl, ngx_connection_t *c, ngx_int_t dir)
{
ngx_mail_session_t *s;
ngx_mail_core_srv_conf_t *cscf;
s = c->data;
if (dir == NGX_MAIL_SECURE_DIR_IN) {
if (ngx_ssl_create_connection(ssl, c, 0) == NGX_ERROR) {
ngx_mail_close_connection(c);
return;
}
} else {
if (ngx_ssl_create_connection(ssl, c, NGX_SSL_BUFFER|NGX_SSL_CLIENT)
== NGX_ERROR) {
ngx_mail_proxy_internal_server_error(s);
return;
}
}
if (ngx_ssl_handshake(c) == NGX_AGAIN) {
cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module);
/* expected that for upstream, one is set already */
if (dir == NGX_MAIL_SECURE_DIR_IN)
ngx_add_timer(c->read, cscf->timeout);
c->ssl->handler = ngx_mail_ssl_handshake_handler;
return;
}
ngx_mail_ssl_handshake_handler(c);
}
