static void
ngx_stream_proxy_connect_handler(ngx_event_t *ev)
{
ngx_connection_t *c;
ngx_stream_session_t *s;
c = ev->data;
s = c->data;
if (ev->timedout) {
ngx_log_error(NGX_LOG_ERR, c->log, NGX_ETIMEDOUT, "upstream timed out");
ngx_stream_proxy_next_upstream(s);
return;
}
ngx_del_timer(c->write);
ngx_log_debug0(NGX_LOG_DEBUG_STREAM, c->log, 0,
"stream proxy connect upstream");
if (ngx_stream_proxy_test_connect(c) != NGX_OK) {
ngx_stream_proxy_next_upstream(s);
return;
}
ngx_stream_proxy_init_upstream(s);
}
static void
ngx_stream_proxy_connect(ngx_stream_session_t *s)
{
ngx_int_t rc;
ngx_connection_t *c, *pc;
ngx_stream_upstream_t *u;
ngx_stream_proxy_srv_conf_t *pscf;
c = s->connection;
c->log->action = "connecting to upstream";
u = s->upstream;
rc = ngx_event_connect_peer(&u->peer);
ngx_log_debug1(NGX_LOG_DEBUG_STREAM, c->log, 0, "proxy connect: %i", rc);
pscf = ngx_stream_get_module_srv_conf(s, ngx_stream_proxy_module);
if (rc == NGX_ERROR) {
ngx_stream_proxy_finalize(s, NGX_ERROR);
return;
}
if (rc == NGX_BUSY) {
ngx_log_error(NGX_LOG_ERR, c->log, 0, "no live upstreams");
ngx_stream_proxy_finalize(s, NGX_DECLINED);
return;
}
if (rc == NGX_DECLINED) {
ngx_stream_proxy_next_upstream(s);
return;
}
/* rc == NGX_OK || rc == NGX_AGAIN || rc == NGX_DONE */
pc = u->peer.connection;
pc->data = s;
pc->log = c->log;
pc->pool = c->pool;
pc->read->log = c->log;
pc->write->log = c->log;
if (rc != NGX_AGAIN)
{
ngx_stream_proxy_init_upstream(s);
return;
}
pc->read->handler = ngx_stream_proxy_connect_handler;
pc->write->handler = ngx_stream_proxy_connect_handler;
ngx_add_timer(pc->write, pscf->connect_timeout);
}
static void
ngx_stream_proxy_ssl_handshake(ngx_connection_t *pc)
{
long rc;
ngx_stream_session_t *s;
ngx_stream_upstream_t *u;
ngx_stream_proxy_srv_conf_t *pscf;
s = pc->data;
pscf = ngx_stream_get_module_srv_conf(s, ngx_stream_proxy_module);
if (pc->ssl->handshaked) {
if (pscf->ssl_verify) {
rc = SSL_get_verify_result(pc->ssl->connection);
if (rc != X509_V_OK) {
ngx_log_error(NGX_LOG_ERR, pc->log, 0,
"upstream SSL certificate verify error: (%l:%s)",
rc, X509_verify_cert_error_string(rc));
goto failed;
}
u = s->upstream;
if (ngx_ssl_check_host(pc, &u->ssl_name) != NGX_OK) {
ngx_log_error(NGX_LOG_ERR, pc->log, 0,
"upstream SSL certificate does not match \"%V\"",
&u->ssl_name);
goto failed;
}
}
if (pscf->ssl_session_reuse) {
u = s->upstream;
u->peer.save_session(&u->peer, u->peer.data);
}
if (pc->write->timer_set) {
ngx_del_timer(pc->write);
}
ngx_stream_proxy_init_upstream(s);
return;
}
failed:
ngx_stream_proxy_next_upstream(s);
}