xref: /unit/src/nxt_openssl.c (revision 1818:fa6569d00fe4)
1 
2 /*
3  * Copyright (C) Igor Sysoev
4  * Copyright (C) NGINX, Inc.
5  */
6 
7 #include <nxt_main.h>
8 #include <openssl/ssl.h>
9 #include <openssl/conf.h>
10 #include <openssl/err.h>
11 #include <openssl/rand.h>
12 
13 
14 typedef struct {
15     SSL            *session;
16     nxt_conn_t     *conn;
17 
18     int            ssl_error;
19     uint8_t        times;      /* 2 bits */
20     uint8_t        handshake;  /* 1 bit  */
21 
22     nxt_buf_mem_t  buffer;
23 } nxt_openssl_conn_t;
24 
25 
26 typedef enum {
27     NXT_OPENSSL_HANDSHAKE = 0,
28     NXT_OPENSSL_READ,
29     NXT_OPENSSL_WRITE,
30     NXT_OPENSSL_SHUTDOWN,
31 } nxt_openssl_io_t;
32 
33 
34 static nxt_int_t nxt_openssl_library_init(nxt_task_t *task);
35 static void nxt_openssl_library_free(nxt_task_t *task);
36 #if OPENSSL_VERSION_NUMBER < 0x10100004L
37 static nxt_int_t nxt_openssl_locks_init(void);
38 static void nxt_openssl_lock(int mode, int type, const char *file, int line);
39 static unsigned long nxt_openssl_thread_id(void);
40 static void nxt_openssl_locks_free(void);
41 #endif
42 static nxt_int_t nxt_openssl_server_init(nxt_task_t *task,
43     nxt_tls_conf_t *conf);
44 static nxt_int_t nxt_openssl_chain_file(SSL_CTX *ctx, nxt_fd_t fd);
45 static void nxt_openssl_server_free(nxt_task_t *task, nxt_tls_conf_t *conf);
46 static void nxt_openssl_conn_init(nxt_task_t *task, nxt_tls_conf_t *conf,
47     nxt_conn_t *c);
48 static void nxt_openssl_conn_handshake(nxt_task_t *task, void *obj, void *data);
49 static ssize_t nxt_openssl_conn_io_recvbuf(nxt_conn_t *c, nxt_buf_t *b);
50 static ssize_t nxt_openssl_conn_io_sendbuf(nxt_task_t *task, nxt_sendbuf_t *sb);
51 static ssize_t nxt_openssl_conn_io_send(nxt_task_t *task, nxt_sendbuf_t *sb,
52     void *buf, size_t size);
53 static void nxt_openssl_conn_io_shutdown(nxt_task_t *task, void *obj,
54     void *data);
55 static nxt_int_t nxt_openssl_conn_test_error(nxt_task_t *task, nxt_conn_t *c,
56     int ret, nxt_err_t sys_err, nxt_openssl_io_t io);
57 static void nxt_cdecl nxt_openssl_conn_error(nxt_task_t *task,
58     nxt_err_t err, const char *fmt, ...);
59 static nxt_uint_t nxt_openssl_log_error_level(nxt_err_t err);
60 
61 
62 const nxt_tls_lib_t  nxt_openssl_lib = {
63     .library_init = nxt_openssl_library_init,
64     .library_free = nxt_openssl_library_free,
65 
66     .server_init = nxt_openssl_server_init,
67     .server_free = nxt_openssl_server_free,
68 };
69 
70 
71 static nxt_conn_io_t  nxt_openssl_conn_io = {
72     .read = nxt_conn_io_read,
73     .recvbuf = nxt_openssl_conn_io_recvbuf,
74 
75     .write = nxt_conn_io_write,
76     .sendbuf = nxt_openssl_conn_io_sendbuf,
77 
78     .shutdown = nxt_openssl_conn_io_shutdown,
79 };
80 
81 
82 static long  nxt_openssl_version;
83 static int   nxt_openssl_connection_index;
84 
85 
86 static nxt_int_t
87 nxt_openssl_library_init(nxt_task_t *task)
88 {
89     int  index;
90 
91     if (nxt_fast_path(nxt_openssl_version != 0)) {
92         return NXT_OK;
93     }
94 
95 #if OPENSSL_VERSION_NUMBER >= 0x10100003L
96 
97     OPENSSL_init_ssl(OPENSSL_INIT_LOAD_CONFIG, NULL);
98 
99 #else
100     {
101         nxt_int_t  ret;
102 
103         SSL_load_error_strings();
104 
105         OPENSSL_config(NULL);
106 
107         /*
108          * SSL_library_init(3):
109          *
110          *   SSL_library_init() always returns "1",
111          *   so it is safe to discard the return value.
112          */
113         (void) SSL_library_init();
114 
115         ret = nxt_openssl_locks_init();
116         if (nxt_slow_path(ret != NXT_OK)) {
117             return ret;
118         }
119     }
120 
121 #endif
122 
123     nxt_openssl_version = SSLeay();
124 
125     nxt_log(task, NXT_LOG_INFO, "%s, %xl",
126             SSLeay_version(SSLEAY_VERSION), nxt_openssl_version);
127 
128 #ifndef SSL_OP_NO_COMPRESSION
129     {
130         /*
131          * Disable gzip compression in OpenSSL prior to 1.0.0
132          * version, this saves about 522K per connection.
133          */
134         int                 n;
135         STACK_OF(SSL_COMP)  *ssl_comp_methods;
136 
137         ssl_comp_methods = SSL_COMP_get_compression_methods();
138 
139         for (n = sk_SSL_COMP_num(ssl_comp_methods); n != 0; n--) {
140             (void) sk_SSL_COMP_pop(ssl_comp_methods);
141         }
142     }
143 #endif
144 
145     index = SSL_get_ex_new_index(0, NULL, NULL, NULL, NULL);
146 
147     if (index == -1) {
148         nxt_openssl_log_error(task, NXT_LOG_ALERT,
149                               "SSL_get_ex_new_index() failed");
150         return NXT_ERROR;
151     }
152 
153     nxt_openssl_connection_index = index;
154 
155     return NXT_OK;
156 }
157 
158 
159 #if OPENSSL_VERSION_NUMBER >= 0x10100003L
160 
161 static void
162 nxt_openssl_library_free(nxt_task_t *task)
163 {
164 }
165 
166 #else
167 
168 static nxt_thread_mutex_t  *nxt_openssl_locks;
169 
170 static nxt_int_t
171 nxt_openssl_locks_init(void)
172 {
173     int        i, n;
174     nxt_int_t  ret;
175 
176     n = CRYPTO_num_locks();
177 
178     nxt_openssl_locks = OPENSSL_malloc(n * sizeof(nxt_thread_mutex_t));
179     if (nxt_slow_path(nxt_openssl_locks == NULL)) {
180         return NXT_ERROR;
181     }
182 
183     for (i = 0; i < n; i++) {
184         ret = nxt_thread_mutex_create(&nxt_openssl_locks[i]);
185         if (nxt_slow_path(ret != NXT_OK)) {
186             return ret;
187         }
188     }
189 
190     CRYPTO_set_locking_callback(nxt_openssl_lock);
191 
192     CRYPTO_set_id_callback(nxt_openssl_thread_id);
193 
194     return NXT_OK;
195 }
196 
197 
198 static void
199 nxt_openssl_lock(int mode, int type, const char *file, int line)
200 {
201     nxt_thread_mutex_t  *lock;
202 
203     lock = &nxt_openssl_locks[type];
204 
205     if ((mode & CRYPTO_LOCK) != 0) {
206         (void) nxt_thread_mutex_lock(lock);
207 
208     } else {
209         (void) nxt_thread_mutex_unlock(lock);
210     }
211 }
212 
213 
214 static u_long
215 nxt_openssl_thread_id(void)
216 {
217     return (u_long) nxt_thread_handle();
218 }
219 
220 
221 static void
222 nxt_openssl_library_free(nxt_task_t *task)
223 {
224     nxt_openssl_locks_free();
225 }
226 
227 
228 static void
229 nxt_openssl_locks_free(void)
230 {
231     int  i, n;
232 
233     n = CRYPTO_num_locks();
234 
235     CRYPTO_set_locking_callback(NULL);
236 
237     for (i = 0; i < n; i++) {
238         nxt_thread_mutex_destroy(&nxt_openssl_locks[i]);
239     }
240 
241     OPENSSL_free(nxt_openssl_locks);
242 }
243 
244 #endif
245 
246 
247 static nxt_int_t
248 nxt_openssl_server_init(nxt_task_t *task, nxt_tls_conf_t *conf)
249 {
250     SSL_CTX              *ctx;
251     nxt_fd_t             fd;
252     const char           *ciphers, *ca_certificate;
253     STACK_OF(X509_NAME)  *list;
254 
255     ctx = SSL_CTX_new(SSLv23_server_method());
256     if (ctx == NULL) {
257         nxt_openssl_log_error(task, NXT_LOG_ALERT, "SSL_CTX_new() failed");
258         return NXT_ERROR;
259     }
260 
261     conf->ctx = ctx;
262     conf->conn_init = nxt_openssl_conn_init;
263 
264 #ifdef SSL_OP_NO_RENEGOTIATION
265     /* Renegration is not currently supported. */
266     SSL_CTX_set_options(ctx, SSL_OP_NO_RENEGOTIATION);
267 #endif
268 
269 #ifdef SSL_OP_NO_COMPRESSION
270     /*
271      * Disable gzip compression in OpenSSL 1.0.0,
272      * this saves about 522K per connection.
273      */
274     SSL_CTX_set_options(ctx, SSL_OP_NO_COMPRESSION);
275 #endif
276 
277 #ifdef SSL_MODE_RELEASE_BUFFERS
278 
279     if (nxt_openssl_version >= 10001078) {
280         /*
281          * Allow to release read and write buffers in OpenSSL 1.0.0,
282          * this saves about 34K per idle connection.  It is not safe
283          * before OpenSSL 1.0.1h (CVE-2010-5298).
284          */
285         SSL_CTX_set_mode(ctx, SSL_MODE_RELEASE_BUFFERS);
286     }
287 
288 #endif
289 
290     fd = conf->chain_file;
291 
292     if (nxt_openssl_chain_file(ctx, fd) != NXT_OK) {
293         nxt_openssl_log_error(task, NXT_LOG_ALERT,
294                               "nxt_openssl_chain_file() failed");
295         goto fail;
296     }
297 /*
298     key = conf->certificate_key;
299 
300     if (SSL_CTX_use_PrivateKey_file(ctx, key, SSL_FILETYPE_PEM) == 0) {
301         nxt_openssl_log_error(task, NXT_LOG_ALERT,
302                               "SSL_CTX_use_PrivateKey_file(\"%s\") failed",
303                               key);
304         goto fail;
305     }
306 */
307     ciphers = (conf->ciphers != NULL) ? conf->ciphers : "HIGH:!aNULL:!MD5";
308 
309     if (SSL_CTX_set_cipher_list(ctx, ciphers) == 0) {
310         nxt_openssl_log_error(task, NXT_LOG_ALERT,
311                               "SSL_CTX_set_cipher_list(\"%s\") failed",
312                               ciphers);
313         goto fail;
314     }
315 
316     SSL_CTX_set_options(ctx, SSL_OP_CIPHER_SERVER_PREFERENCE);
317 
318     if (conf->ca_certificate != NULL) {
319 
320         /* TODO: verify callback */
321         SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, NULL);
322 
323         /* TODO: verify depth */
324         SSL_CTX_set_verify_depth(ctx, 1);
325 
326         ca_certificate = conf->ca_certificate;
327 
328         if (SSL_CTX_load_verify_locations(ctx, ca_certificate, NULL) == 0) {
329             nxt_openssl_log_error(task, NXT_LOG_ALERT,
330                               "SSL_CTX_load_verify_locations(\"%s\") failed",
331                               ca_certificate);
332             goto fail;
333         }
334 
335         list = SSL_load_client_CA_file(ca_certificate);
336 
337         if (list == NULL) {
338             nxt_openssl_log_error(task, NXT_LOG_ALERT,
339                               "SSL_load_client_CA_file(\"%s\") failed",
340                               ca_certificate);
341             goto fail;
342         }
343 
344         /*
345          * SSL_load_client_CA_file() in OpenSSL prior to 0.9.7h and
346          * 0.9.8 versions always leaves an error in the error queue.
347          */
348         ERR_clear_error();
349 
350         SSL_CTX_set_client_CA_list(ctx, list);
351     }
352 
353     return NXT_OK;
354 
355 fail:
356 
357     SSL_CTX_free(ctx);
358 
359 #if (OPENSSL_VERSION_NUMBER >= 0x1010100fL \
360      && OPENSSL_VERSION_NUMBER < 0x1010101fL)
361     RAND_keep_random_devices_open(0);
362 #endif
363 
364     return NXT_ERROR;
365 }
366 
367 
368 static nxt_int_t
369 nxt_openssl_chain_file(SSL_CTX *ctx, nxt_fd_t fd)
370 {
371     BIO            *bio;
372     X509           *cert, *ca;
373     long           reason;
374     EVP_PKEY       *key;
375     nxt_int_t      ret;
376 
377     bio = BIO_new(BIO_s_fd());
378     if (bio == NULL) {
379         return NXT_ERROR;
380     }
381 
382     BIO_set_fd(bio, fd, BIO_CLOSE);
383 
384     ret = NXT_ERROR;
385 
386     cert = PEM_read_bio_X509_AUX(bio, NULL, NULL, NULL);
387     if (cert == NULL) {
388         goto end;
389     }
390 
391     if (SSL_CTX_use_certificate(ctx, cert) != 1) {
392         goto end;
393     }
394 
395     for ( ;; ) {
396         ca = PEM_read_bio_X509(bio, NULL, NULL, NULL);
397 
398         if (ca == NULL) {
399             reason = ERR_GET_REASON(ERR_peek_last_error());
400             if (reason != PEM_R_NO_START_LINE) {
401                 goto end;
402             }
403 
404             ERR_clear_error();
405             break;
406         }
407 
408         /*
409          * Note that ca isn't freed if it was successfully added to the chain,
410          * while the main certificate needs a X509_free() call, since
411          * its reference count is increased by SSL_CTX_use_certificate().
412          */
413 #ifdef SSL_CTX_add0_chain_cert
414         if (SSL_CTX_add0_chain_cert(ctx, ca) != 1) {
415 #else
416         if (SSL_CTX_add_extra_chain_cert(ctx, ca) != 1) {
417 #endif
418             X509_free(ca);
419             goto end;
420         }
421     }
422 
423     if (BIO_reset(bio) != 0) {
424         goto end;
425     }
426 
427     key = PEM_read_bio_PrivateKey(bio, NULL, NULL, NULL);
428     if (key == NULL) {
429         goto end;
430     }
431 
432     if (SSL_CTX_use_PrivateKey(ctx, key) == 1) {
433         ret = NXT_OK;
434     }
435 
436     EVP_PKEY_free(key);
437 
438 end:
439 
440     X509_free(cert);
441     BIO_free(bio);
442 
443     return ret;
444 }
445 
446 
447 static void
448 nxt_openssl_server_free(nxt_task_t *task, nxt_tls_conf_t *conf)
449 {
450     SSL_CTX_free(conf->ctx);
451 
452 #if (OPENSSL_VERSION_NUMBER >= 0x1010100fL \
453      && OPENSSL_VERSION_NUMBER < 0x1010101fL)
454     RAND_keep_random_devices_open(0);
455 #endif
456 }
457 
458 
459 static void
460 nxt_openssl_conn_init(nxt_task_t *task, nxt_tls_conf_t *conf, nxt_conn_t *c)
461 {
462     int                 ret;
463     SSL                 *s;
464     SSL_CTX             *ctx;
465     nxt_openssl_conn_t  *tls;
466 
467     nxt_log_debug(c->socket.log, "openssl conn init");
468 
469     tls = nxt_mp_zget(c->mem_pool, sizeof(nxt_openssl_conn_t));
470     if (tls == NULL) {
471         goto fail;
472     }
473 
474     c->u.tls = tls;
475     nxt_buf_mem_set_size(&tls->buffer, conf->buffer_size);
476 
477     ctx = conf->ctx;
478 
479     s = SSL_new(ctx);
480     if (s == NULL) {
481         nxt_openssl_log_error(task, NXT_LOG_ALERT, "SSL_new() failed");
482         goto fail;
483     }
484 
485     tls->session = s;
486     tls->conn = c;
487 
488     ret = SSL_set_fd(s, c->socket.fd);
489 
490     if (ret == 0) {
491         nxt_openssl_log_error(task, NXT_LOG_ALERT, "SSL_set_fd(%d) failed",
492                               c->socket.fd);
493         goto fail;
494     }
495 
496     SSL_set_accept_state(s);
497 
498     if (SSL_set_ex_data(s, nxt_openssl_connection_index, c) == 0) {
499         nxt_openssl_log_error(task, NXT_LOG_ALERT, "SSL_set_ex_data() failed");
500         goto fail;
501     }
502 
503     c->io = &nxt_openssl_conn_io;
504     c->sendfile = NXT_CONN_SENDFILE_OFF;
505 
506     nxt_openssl_conn_handshake(task, c, c->socket.data);
507     return;
508 
509 fail:
510 
511     nxt_work_queue_add(c->read_work_queue, c->read_state->error_handler,
512                        task, c, c->socket.data);
513 }
514 
515 
516 nxt_inline void
517 nxt_openssl_conn_free(nxt_task_t *task, nxt_conn_t *c)
518 {
519     nxt_openssl_conn_t  *tls;
520 
521     nxt_debug(task, "openssl conn free");
522 
523     tls = c->u.tls;
524 
525     if (tls != NULL) {
526         c->u.tls = NULL;
527         nxt_free(tls->buffer.start);
528         SSL_free(tls->session);
529     }
530 }
531 
532 
533 static void
534 nxt_openssl_conn_handshake(nxt_task_t *task, void *obj, void *data)
535 {
536     int                     ret;
537     nxt_int_t               n;
538     nxt_err_t               err;
539     nxt_conn_t              *c;
540     nxt_work_queue_t        *wq;
541     nxt_work_handler_t      handler;
542     nxt_openssl_conn_t      *tls;
543     const nxt_conn_state_t  *state;
544 
545     c = obj;
546 
547     nxt_debug(task, "openssl conn handshake fd:%d", c->socket.fd);
548 
549     if (c->socket.error != 0) {
550         return;
551     }
552 
553     tls = c->u.tls;
554 
555     if (tls == NULL) {
556         return;
557     }
558 
559     nxt_debug(task, "openssl conn handshake: %d times", tls->times);
560 
561     /* "tls->times == 1" is suitable to run SSL_do_handshake() in job. */
562 
563     ret = SSL_do_handshake(tls->session);
564 
565     err = (ret <= 0) ? nxt_socket_errno : 0;
566 
567     nxt_thread_time_debug_update(task->thread);
568 
569     nxt_debug(task, "SSL_do_handshake(%d): %d err:%d", c->socket.fd, ret, err);
570 
571     state = (c->read_state != NULL) ? c->read_state : c->write_state;
572 
573     if (ret > 0) {
574         /* ret == 1, the handshake was successfully completed. */
575         tls->handshake = 1;
576 
577         if (c->read_state != NULL) {
578             if (state->io_read_handler != NULL || c->read != NULL) {
579                 nxt_conn_read(task->thread->engine, c);
580                 return;
581             }
582 
583         } else {
584             if (c->write != NULL) {
585                 nxt_conn_write(task->thread->engine, c);
586                 return;
587             }
588         }
589 
590         handler = state->ready_handler;
591 
592     } else {
593         c->socket.read_handler = nxt_openssl_conn_handshake;
594         c->socket.write_handler = nxt_openssl_conn_handshake;
595 
596         n = nxt_openssl_conn_test_error(task, c, ret, err,
597                                         NXT_OPENSSL_HANDSHAKE);
598         switch (n) {
599 
600         case NXT_AGAIN:
601             if (tls->ssl_error == SSL_ERROR_WANT_READ && tls->times < 2) {
602                 tls->times++;
603             }
604 
605             return;
606 
607         case 0:
608             handler = state->close_handler;
609             break;
610 
611         default:
612         case NXT_ERROR:
613             nxt_openssl_conn_error(task, err, "SSL_do_handshake(%d) failed",
614                                    c->socket.fd);
615 
616             handler = state->error_handler;
617             break;
618         }
619     }
620 
621     wq = (c->read_state != NULL) ? c->read_work_queue : c->write_work_queue;
622 
623     nxt_work_queue_add(wq, handler, task, c, data);
624 }
625 
626 
627 static ssize_t
628 nxt_openssl_conn_io_recvbuf(nxt_conn_t *c, nxt_buf_t *b)
629 {
630     int                 ret;
631     size_t              size;
632     nxt_int_t           n;
633     nxt_err_t           err;
634     nxt_openssl_conn_t  *tls;
635 
636     tls = c->u.tls;
637     size = b->mem.end - b->mem.free;
638 
639     ret = SSL_read(tls->session, b->mem.free, size);
640 
641     err = (ret <= 0) ? nxt_socket_errno : 0;
642 
643     nxt_debug(c->socket.task, "SSL_read(%d, %p, %uz): %d err:%d",
644               c->socket.fd, b->mem.free, size, ret, err);
645 
646     if (ret > 0) {
647         return ret;
648     }
649 
650     n = nxt_openssl_conn_test_error(c->socket.task, c, ret, err,
651                                     NXT_OPENSSL_READ);
652     if (n == NXT_ERROR) {
653         nxt_openssl_conn_error(c->socket.task, err,
654                                "SSL_read(%d, %p, %uz) failed",
655                                c->socket.fd, b->mem.free, size);
656     }
657 
658     return n;
659 }
660 
661 
662 static ssize_t
663 nxt_openssl_conn_io_sendbuf(nxt_task_t *task, nxt_sendbuf_t *sb)
664 {
665     nxt_uint_t    niov;
666     struct iovec  iov;
667 
668     niov = nxt_sendbuf_mem_coalesce0(task, sb, &iov, 1);
669 
670     if (niov == 0 && sb->sync) {
671         return 0;
672     }
673 
674     return nxt_openssl_conn_io_send(task, sb, iov.iov_base, iov.iov_len);
675 }
676 
677 
678 static ssize_t
679 nxt_openssl_conn_io_send(nxt_task_t *task, nxt_sendbuf_t *sb, void *buf,
680     size_t size)
681 {
682     int                 ret;
683     nxt_err_t           err;
684     nxt_int_t           n;
685     nxt_conn_t          *c;
686     nxt_openssl_conn_t  *tls;
687 
688     tls = sb->tls;
689 
690     ret = SSL_write(tls->session, buf, size);
691 
692     err = (ret <= 0) ? nxt_socket_errno : 0;
693 
694     nxt_debug(task, "SSL_write(%d, %p, %uz): %d err:%d",
695               sb->socket, buf, size, ret, err);
696 
697     if (ret > 0) {
698         return ret;
699     }
700 
701     c = tls->conn;
702     c->socket.write_ready = sb->ready;
703 
704     n = nxt_openssl_conn_test_error(task, c, ret, err, NXT_OPENSSL_WRITE);
705 
706     sb->ready = c->socket.write_ready;
707 
708     if (n == NXT_ERROR) {
709         sb->error = c->socket.error;
710         nxt_openssl_conn_error(task, err, "SSL_write(%d, %p, %uz) failed",
711                                sb->socket, buf, size);
712     }
713 
714     return n;
715 }
716 
717 
718 static void
719 nxt_openssl_conn_io_shutdown(nxt_task_t *task, void *obj, void *data)
720 {
721     int                 ret, mode;
722     SSL                 *s;
723     nxt_err_t           err;
724     nxt_int_t           n;
725     nxt_bool_t          quiet, once;
726     nxt_conn_t          *c;
727     nxt_openssl_conn_t  *tls;
728     nxt_work_handler_t  handler;
729 
730     c = obj;
731 
732     nxt_debug(task, "openssl conn shutdown fd:%d", c->socket.fd);
733 
734     c->read_state = NULL;
735     tls = c->u.tls;
736 
737     if (tls == NULL) {
738         return;
739     }
740 
741     s = tls->session;
742 
743     if (s == NULL || !tls->handshake) {
744         handler = c->write_state->ready_handler;
745         goto done;
746     }
747 
748     mode = SSL_get_shutdown(s);
749 
750     if (c->socket.timedout || c->socket.error != 0) {
751         quiet = 1;
752 
753     } else if (c->socket.closed && !(mode & SSL_RECEIVED_SHUTDOWN)) {
754         quiet = 1;
755 
756     } else {
757         quiet = 0;
758     }
759 
760     SSL_set_quiet_shutdown(s, quiet);
761 
762     once = 1;
763 
764     for ( ;; ) {
765         SSL_set_shutdown(s, mode);
766 
767         ret = SSL_shutdown(s);
768 
769         err = (ret <= 0) ? nxt_socket_errno : 0;
770 
771         nxt_debug(task, "SSL_shutdown(%d, %d, %b): %d err:%d",
772                   c->socket.fd, mode, quiet, ret, err);
773 
774         if (ret > 0) {
775             /* ret == 1, the shutdown was successfully completed. */
776             handler = c->write_state->ready_handler;
777             goto done;
778         }
779 
780         if (ret == 0) {
781             /*
782              * If SSL_shutdown() returns 0 then it should be called
783              * again.  The second SSL_shutdown() call should return
784              * -1/SSL_ERROR_WANT_READ or -1/SSL_ERROR_WANT_WRITE.
785              * OpenSSL prior to 0.9.8m version however never returns
786              * -1 at all.  Fortunately, OpenSSL preserves internally
787              * correct status available via SSL_get_error(-1).
788              */
789             if (once) {
790                 once = 0;
791                 mode = SSL_get_shutdown(s);
792                 continue;
793             }
794 
795             ret = -1;
796         }
797 
798         /* ret == -1 */
799 
800         break;
801     }
802 
803     c->socket.read_handler = nxt_openssl_conn_io_shutdown;
804     c->socket.write_handler = nxt_openssl_conn_io_shutdown;
805     c->socket.error_handler = c->write_state->error_handler;
806 
807     n = nxt_openssl_conn_test_error(task, c, ret, err, NXT_OPENSSL_SHUTDOWN);
808 
809     switch (n) {
810 
811     case 0:
812         handler = c->write_state->close_handler;
813         break;
814 
815     case NXT_AGAIN:
816         nxt_timer_add(task->thread->engine, &c->read_timer, 5000);
817         return;
818 
819     default:
820     case NXT_ERROR:
821         nxt_openssl_conn_error(task, err, "SSL_shutdown(%d) failed",
822                                c->socket.fd);
823         handler = c->write_state->error_handler;
824     }
825 
826 done:
827 
828     nxt_openssl_conn_free(task, c);
829 
830     nxt_work_queue_add(c->write_work_queue, handler, task, c, data);
831 }
832 
833 
834 static nxt_int_t
835 nxt_openssl_conn_test_error(nxt_task_t *task, nxt_conn_t *c, int ret,
836     nxt_err_t sys_err, nxt_openssl_io_t io)
837 {
838     u_long              lib_err;
839     nxt_openssl_conn_t  *tls;
840 
841     tls = c->u.tls;
842 
843     tls->ssl_error = SSL_get_error(tls->session, ret);
844 
845     nxt_debug(task, "SSL_get_error(): %d", tls->ssl_error);
846 
847     switch (tls->ssl_error) {
848 
849     case SSL_ERROR_WANT_READ:
850         c->socket.read_ready = 0;
851 
852         if (io != NXT_OPENSSL_READ) {
853             nxt_fd_event_block_write(task->thread->engine, &c->socket);
854 
855             if (nxt_fd_event_is_disabled(c->socket.read)) {
856                 nxt_fd_event_enable_read(task->thread->engine, &c->socket);
857             }
858         }
859 
860         return NXT_AGAIN;
861 
862     case SSL_ERROR_WANT_WRITE:
863         c->socket.write_ready = 0;
864 
865         if (io != NXT_OPENSSL_WRITE) {
866             nxt_fd_event_block_read(task->thread->engine, &c->socket);
867 
868             if (nxt_fd_event_is_disabled(c->socket.write)) {
869                 nxt_fd_event_enable_write(task->thread->engine, &c->socket);
870             }
871         }
872 
873         return NXT_AGAIN;
874 
875     case SSL_ERROR_SYSCALL:
876         lib_err = ERR_peek_error();
877 
878         nxt_debug(task, "ERR_peek_error(): %l", lib_err);
879 
880         if (sys_err != 0 || lib_err != 0) {
881             c->socket.error = sys_err;
882             return NXT_ERROR;
883         }
884 
885         /* A connection was just closed. */
886         c->socket.closed = 1;
887         return 0;
888 
889     case SSL_ERROR_ZERO_RETURN:
890         /* A "close notify" alert. */
891         return 0;
892 
893     default: /* SSL_ERROR_SSL, etc. */
894         c->socket.error = 1000;  /* Nonexistent errno code. */
895         return NXT_ERROR;
896     }
897 }
898 
899 
900 static void nxt_cdecl
901 nxt_openssl_conn_error(nxt_task_t *task, nxt_err_t err, const char *fmt, ...)
902 {
903     u_char      *p, *end;
904     va_list     args;
905     nxt_uint_t  level;
906     u_char      msg[NXT_MAX_ERROR_STR];
907 
908     level = nxt_openssl_log_error_level(err);
909 
910     if (nxt_log_level_enough(task->log, level)) {
911 
912         end = msg + sizeof(msg);
913 
914         va_start(args, fmt);
915         p = nxt_vsprintf(msg, end, fmt, args);
916         va_end(args);
917 
918         if (err != 0) {
919             p = nxt_sprintf(p, end, " %E", err);
920         }
921 
922         p = nxt_openssl_copy_error(p, end);
923 
924         nxt_log(task, level, "%*s", p - msg, msg);
925 
926     } else {
927         ERR_clear_error();
928     }
929 }
930 
931 
932 static nxt_uint_t
933 nxt_openssl_log_error_level(nxt_err_t err)
934 {
935     switch (ERR_GET_REASON(ERR_peek_error())) {
936 
937     case 0:
938         return nxt_socket_error_level(err);
939 
940     case SSL_R_BAD_CHANGE_CIPHER_SPEC:                    /*  103 */
941     case SSL_R_BLOCK_CIPHER_PAD_IS_WRONG:                 /*  129 */
942     case SSL_R_DIGEST_CHECK_FAILED:                       /*  149 */
943     case SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST:             /*  151 */
944     case SSL_R_EXCESSIVE_MESSAGE_SIZE:                    /*  152 */
945     case SSL_R_LENGTH_MISMATCH:                           /*  159 */
946 #ifdef SSL_R_NO_CIPHERS_PASSED
947     case SSL_R_NO_CIPHERS_PASSED:                         /*  182 */
948 #endif
949     case SSL_R_NO_CIPHERS_SPECIFIED:                      /*  183 */
950     case SSL_R_NO_COMPRESSION_SPECIFIED:                  /*  187 */
951     case SSL_R_NO_SHARED_CIPHER:                          /*  193 */
952     case SSL_R_RECORD_LENGTH_MISMATCH:                    /*  213 */
953 #ifdef SSL_R_PARSE_TLSEXT
954     case SSL_R_PARSE_TLSEXT:                              /*  227 */
955 #endif
956     case SSL_R_UNEXPECTED_MESSAGE:                        /*  244 */
957     case SSL_R_UNEXPECTED_RECORD:                         /*  245 */
958     case SSL_R_UNKNOWN_ALERT_TYPE:                        /*  246 */
959     case SSL_R_UNKNOWN_PROTOCOL:                          /*  252 */
960     case SSL_R_WRONG_VERSION_NUMBER:                      /*  267 */
961     case SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC:       /*  281 */
962 #ifdef SSL_R_RENEGOTIATE_EXT_TOO_LONG
963     case SSL_R_RENEGOTIATE_EXT_TOO_LONG:                  /*  335 */
964     case SSL_R_RENEGOTIATION_ENCODING_ERR:                /*  336 */
965     case SSL_R_RENEGOTIATION_MISMATCH:                    /*  337 */
966 #endif
967 #ifdef SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED
968     case SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED:      /*  338 */
969 #endif
970 #ifdef SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING
971     case SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING:          /*  345 */
972 #endif
973     case 1000:/* SSL_R_SSLV3_ALERT_CLOSE_NOTIFY */
974     case SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE:            /* 1010 */
975     case SSL_R_SSLV3_ALERT_BAD_RECORD_MAC:                /* 1020 */
976     case SSL_R_TLSV1_ALERT_DECRYPTION_FAILED:             /* 1021 */
977     case SSL_R_TLSV1_ALERT_RECORD_OVERFLOW:               /* 1022 */
978     case SSL_R_SSLV3_ALERT_DECOMPRESSION_FAILURE:         /* 1030 */
979     case SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE:             /* 1040 */
980     case SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER:             /* 1047 */
981         break;
982 
983     case SSL_R_SSLV3_ALERT_NO_CERTIFICATE:                /* 1041 */
984     case SSL_R_SSLV3_ALERT_BAD_CERTIFICATE:               /* 1042 */
985     case SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE:       /* 1043 */
986     case SSL_R_SSLV3_ALERT_CERTIFICATE_REVOKED:           /* 1044 */
987     case SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED:           /* 1045 */
988     case SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN:           /* 1046 */
989     case SSL_R_TLSV1_ALERT_UNKNOWN_CA:                    /* 1048 */
990     case SSL_R_TLSV1_ALERT_ACCESS_DENIED:                 /* 1049 */
991     case SSL_R_TLSV1_ALERT_DECODE_ERROR:                  /* 1050 */
992     case SSL_R_TLSV1_ALERT_DECRYPT_ERROR:                 /* 1051 */
993     case SSL_R_TLSV1_ALERT_EXPORT_RESTRICTION:            /* 1060 */
994     case SSL_R_TLSV1_ALERT_PROTOCOL_VERSION:              /* 1070 */
995     case SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY:         /* 1071 */
996     case SSL_R_TLSV1_ALERT_INTERNAL_ERROR:                /* 1080 */
997     case SSL_R_TLSV1_ALERT_USER_CANCELLED:                /* 1090 */
998     case SSL_R_TLSV1_ALERT_NO_RENEGOTIATION:              /* 1100 */
999         return NXT_LOG_ERR;
1000 
1001     default:
1002         return NXT_LOG_ALERT;
1003     }
1004 
1005     return NXT_LOG_INFO;
1006 }
1007 
1008 
1009 void nxt_cdecl
1010 nxt_openssl_log_error(nxt_task_t *task, nxt_uint_t level, const char *fmt, ...)
1011 {
1012     u_char   *p, *end;
1013     va_list  args;
1014     u_char   msg[NXT_MAX_ERROR_STR];
1015 
1016     end = msg + sizeof(msg);
1017 
1018     va_start(args, fmt);
1019     p = nxt_vsprintf(msg, end, fmt, args);
1020     va_end(args);
1021 
1022     p = nxt_openssl_copy_error(p, end);
1023 
1024     nxt_log(task, level, "%*s", p - msg, msg);
1025 }
1026 
1027 
1028 u_char *
1029 nxt_openssl_copy_error(u_char *p, u_char *end)
1030 {
1031     int         flags;
1032     u_long      err;
1033     nxt_bool_t  clear;
1034     const char  *data, *delimiter;
1035 
1036     err = ERR_peek_error();
1037     if (err == 0) {
1038         return p;
1039     }
1040 
1041     /* Log the most relevant error message ... */
1042     data = ERR_reason_error_string(err);
1043 
1044     p = nxt_sprintf(p, end, " (%d: %s) (OpenSSL: ", ERR_GET_REASON(err), data);
1045 
1046     /*
1047      * ... followed by all queued cumbersome OpenSSL error messages
1048      * and drain the error queue.
1049      */
1050     delimiter = "";
1051     clear = 0;
1052 
1053     for ( ;; ) {
1054         err = ERR_get_error_line_data(NULL, NULL, &data, &flags);
1055         if (err == 0) {
1056             break;
1057         }
1058 
1059         p = nxt_sprintf(p, end, "%s", delimiter);
1060 
1061         ERR_error_string_n(err, (char *) p, end - p);
1062 
1063         while (p < end && *p != '\0') {
1064             p++;
1065         }
1066 
1067         if ((flags & ERR_TXT_STRING) != 0) {
1068             p = nxt_sprintf(p, end, ":%s", data);
1069         }
1070 
1071         clear |= ((flags & ERR_TXT_MALLOCED) != 0);
1072 
1073         delimiter = "; ";
1074     }
1075 
1076     /* Deallocate additional data. */
1077 
1078     if (clear) {
1079         ERR_clear_error();
1080     }
1081 
1082     if (p < end) {
1083         *p++ = ')';
1084     }
1085 
1086     return p;
1087 }
1088