xref: /unit/src/nxt_openssl.c (revision 1828:c548e46fe516)
1 
2 /*
3  * Copyright (C) Igor Sysoev
4  * Copyright (C) NGINX, Inc.
5  */
6 
7 #include <nxt_main.h>
8 #include <openssl/ssl.h>
9 #include <openssl/conf.h>
10 #include <openssl/err.h>
11 #include <openssl/rand.h>
12 #include <openssl/x509v3.h>
13 
14 
15 typedef struct {
16     SSL             *session;
17     nxt_conn_t      *conn;
18 
19     int             ssl_error;
20     uint8_t         times;      /* 2 bits */
21     uint8_t         handshake;  /* 1 bit  */
22 
23     nxt_tls_conf_t  *conf;
24     nxt_buf_mem_t   buffer;
25 } nxt_openssl_conn_t;
26 
27 
28 typedef enum {
29     NXT_OPENSSL_HANDSHAKE = 0,
30     NXT_OPENSSL_READ,
31     NXT_OPENSSL_WRITE,
32     NXT_OPENSSL_SHUTDOWN,
33 } nxt_openssl_io_t;
34 
35 
36 static nxt_int_t nxt_openssl_library_init(nxt_task_t *task);
37 static void nxt_openssl_library_free(nxt_task_t *task);
38 #if OPENSSL_VERSION_NUMBER < 0x10100004L
39 static nxt_int_t nxt_openssl_locks_init(void);
40 static void nxt_openssl_lock(int mode, int type, const char *file, int line);
41 static unsigned long nxt_openssl_thread_id(void);
42 static void nxt_openssl_locks_free(void);
43 #endif
44 static nxt_int_t nxt_openssl_server_init(nxt_task_t *task,
45     nxt_tls_conf_t *conf, nxt_mp_t *mp, nxt_bool_t last);
46 static nxt_int_t nxt_openssl_chain_file(nxt_task_t *task, SSL_CTX *ctx,
47     nxt_tls_conf_t *conf, nxt_mp_t *mp, nxt_bool_t single);
48 static nxt_uint_t nxt_openssl_cert_get_names(nxt_task_t *task, X509 *cert,
49     nxt_tls_conf_t *conf, nxt_mp_t *mp);
50 static nxt_int_t nxt_openssl_bundle_hash_test(nxt_lvlhsh_query_t *lhq,
51     void *data);
52 static nxt_int_t nxt_openssl_bundle_hash_insert(nxt_task_t *task,
53     nxt_lvlhsh_t *lvlhsh, nxt_tls_bundle_hash_item_t *item, nxt_mp_t * mp);
54 static nxt_int_t nxt_openssl_servername(SSL *s, int *ad, void *arg);
55 static nxt_tls_bundle_conf_t *nxt_openssl_find_ctx(nxt_tls_conf_t *conf,
56     nxt_str_t *sn);
57 static void nxt_openssl_server_free(nxt_task_t *task, nxt_tls_conf_t *conf);
58 static void nxt_openssl_conn_init(nxt_task_t *task, nxt_tls_conf_t *conf,
59     nxt_conn_t *c);
60 static void nxt_openssl_conn_handshake(nxt_task_t *task, void *obj, void *data);
61 static ssize_t nxt_openssl_conn_io_recvbuf(nxt_conn_t *c, nxt_buf_t *b);
62 static ssize_t nxt_openssl_conn_io_sendbuf(nxt_task_t *task, nxt_sendbuf_t *sb);
63 static ssize_t nxt_openssl_conn_io_send(nxt_task_t *task, nxt_sendbuf_t *sb,
64     void *buf, size_t size);
65 static void nxt_openssl_conn_io_shutdown(nxt_task_t *task, void *obj,
66     void *data);
67 static nxt_int_t nxt_openssl_conn_test_error(nxt_task_t *task, nxt_conn_t *c,
68     int ret, nxt_err_t sys_err, nxt_openssl_io_t io);
69 static void nxt_cdecl nxt_openssl_conn_error(nxt_task_t *task,
70     nxt_err_t err, const char *fmt, ...);
71 static nxt_uint_t nxt_openssl_log_error_level(nxt_err_t err);
72 
73 
74 const nxt_tls_lib_t  nxt_openssl_lib = {
75     .library_init = nxt_openssl_library_init,
76     .library_free = nxt_openssl_library_free,
77 
78     .server_init = nxt_openssl_server_init,
79     .server_free = nxt_openssl_server_free,
80 };
81 
82 
83 static nxt_conn_io_t  nxt_openssl_conn_io = {
84     .read = nxt_conn_io_read,
85     .recvbuf = nxt_openssl_conn_io_recvbuf,
86 
87     .write = nxt_conn_io_write,
88     .sendbuf = nxt_openssl_conn_io_sendbuf,
89 
90     .shutdown = nxt_openssl_conn_io_shutdown,
91 };
92 
93 
94 static long  nxt_openssl_version;
95 static int   nxt_openssl_connection_index;
96 
97 
98 static nxt_int_t
99 nxt_openssl_library_init(nxt_task_t *task)
100 {
101     int  index;
102 
103     if (nxt_fast_path(nxt_openssl_version != 0)) {
104         return NXT_OK;
105     }
106 
107 #if OPENSSL_VERSION_NUMBER >= 0x10100003L
108 
109     OPENSSL_init_ssl(OPENSSL_INIT_LOAD_CONFIG, NULL);
110 
111 #else
112     {
113         nxt_int_t  ret;
114 
115         SSL_load_error_strings();
116 
117         OPENSSL_config(NULL);
118 
119         /*
120          * SSL_library_init(3):
121          *
122          *   SSL_library_init() always returns "1",
123          *   so it is safe to discard the return value.
124          */
125         (void) SSL_library_init();
126 
127         ret = nxt_openssl_locks_init();
128         if (nxt_slow_path(ret != NXT_OK)) {
129             return ret;
130         }
131     }
132 
133 #endif
134 
135     nxt_openssl_version = SSLeay();
136 
137     nxt_log(task, NXT_LOG_INFO, "%s, %xl",
138             SSLeay_version(SSLEAY_VERSION), nxt_openssl_version);
139 
140 #ifndef SSL_OP_NO_COMPRESSION
141     {
142         /*
143          * Disable gzip compression in OpenSSL prior to 1.0.0
144          * version, this saves about 522K per connection.
145          */
146         int                 n;
147         STACK_OF(SSL_COMP)  *ssl_comp_methods;
148 
149         ssl_comp_methods = SSL_COMP_get_compression_methods();
150 
151         for (n = sk_SSL_COMP_num(ssl_comp_methods); n != 0; n--) {
152             (void) sk_SSL_COMP_pop(ssl_comp_methods);
153         }
154     }
155 #endif
156 
157     index = SSL_get_ex_new_index(0, NULL, NULL, NULL, NULL);
158 
159     if (index == -1) {
160         nxt_openssl_log_error(task, NXT_LOG_ALERT,
161                               "SSL_get_ex_new_index() failed");
162         return NXT_ERROR;
163     }
164 
165     nxt_openssl_connection_index = index;
166 
167     return NXT_OK;
168 }
169 
170 
171 #if OPENSSL_VERSION_NUMBER >= 0x10100003L
172 
173 static void
174 nxt_openssl_library_free(nxt_task_t *task)
175 {
176 }
177 
178 #else
179 
180 static nxt_thread_mutex_t  *nxt_openssl_locks;
181 
182 static nxt_int_t
183 nxt_openssl_locks_init(void)
184 {
185     int        i, n;
186     nxt_int_t  ret;
187 
188     n = CRYPTO_num_locks();
189 
190     nxt_openssl_locks = OPENSSL_malloc(n * sizeof(nxt_thread_mutex_t));
191     if (nxt_slow_path(nxt_openssl_locks == NULL)) {
192         return NXT_ERROR;
193     }
194 
195     for (i = 0; i < n; i++) {
196         ret = nxt_thread_mutex_create(&nxt_openssl_locks[i]);
197         if (nxt_slow_path(ret != NXT_OK)) {
198             return ret;
199         }
200     }
201 
202     CRYPTO_set_locking_callback(nxt_openssl_lock);
203 
204     CRYPTO_set_id_callback(nxt_openssl_thread_id);
205 
206     return NXT_OK;
207 }
208 
209 
210 static void
211 nxt_openssl_lock(int mode, int type, const char *file, int line)
212 {
213     nxt_thread_mutex_t  *lock;
214 
215     lock = &nxt_openssl_locks[type];
216 
217     if ((mode & CRYPTO_LOCK) != 0) {
218         (void) nxt_thread_mutex_lock(lock);
219 
220     } else {
221         (void) nxt_thread_mutex_unlock(lock);
222     }
223 }
224 
225 
226 static u_long
227 nxt_openssl_thread_id(void)
228 {
229     return (u_long) nxt_thread_handle();
230 }
231 
232 
233 static void
234 nxt_openssl_library_free(nxt_task_t *task)
235 {
236     nxt_openssl_locks_free();
237 }
238 
239 
240 static void
241 nxt_openssl_locks_free(void)
242 {
243     int  i, n;
244 
245     n = CRYPTO_num_locks();
246 
247     CRYPTO_set_locking_callback(NULL);
248 
249     for (i = 0; i < n; i++) {
250         nxt_thread_mutex_destroy(&nxt_openssl_locks[i]);
251     }
252 
253     OPENSSL_free(nxt_openssl_locks);
254 }
255 
256 #endif
257 
258 
259 static nxt_int_t
260 nxt_openssl_server_init(nxt_task_t *task, nxt_tls_conf_t *conf,
261     nxt_mp_t *mp, nxt_bool_t last)
262 {
263     SSL_CTX                *ctx;
264     const char             *ciphers, *ca_certificate;
265     STACK_OF(X509_NAME)    *list;
266     nxt_tls_bundle_conf_t  *bundle;
267 
268     ctx = SSL_CTX_new(SSLv23_server_method());
269     if (ctx == NULL) {
270         nxt_openssl_log_error(task, NXT_LOG_ALERT, "SSL_CTX_new() failed");
271         return NXT_ERROR;
272     }
273 
274     bundle = conf->bundle;
275     nxt_assert(bundle != NULL);
276 
277     bundle->ctx = ctx;
278 
279 #ifdef SSL_OP_NO_RENEGOTIATION
280     /* Renegration is not currently supported. */
281     SSL_CTX_set_options(ctx, SSL_OP_NO_RENEGOTIATION);
282 #endif
283 
284 #ifdef SSL_OP_NO_COMPRESSION
285     /*
286      * Disable gzip compression in OpenSSL 1.0.0,
287      * this saves about 522K per connection.
288      */
289     SSL_CTX_set_options(ctx, SSL_OP_NO_COMPRESSION);
290 #endif
291 
292 #ifdef SSL_MODE_RELEASE_BUFFERS
293 
294     if (nxt_openssl_version >= 10001078) {
295         /*
296          * Allow to release read and write buffers in OpenSSL 1.0.0,
297          * this saves about 34K per idle connection.  It is not safe
298          * before OpenSSL 1.0.1h (CVE-2010-5298).
299          */
300         SSL_CTX_set_mode(ctx, SSL_MODE_RELEASE_BUFFERS);
301     }
302 
303 #endif
304 
305     if (nxt_openssl_chain_file(task, ctx, conf, mp,
306                                last && bundle->next == NULL)
307         != NXT_OK)
308     {
309         goto fail;
310     }
311 /*
312     key = conf->certificate_key;
313 
314     if (SSL_CTX_use_PrivateKey_file(ctx, key, SSL_FILETYPE_PEM) == 0) {
315         nxt_openssl_log_error(task, NXT_LOG_ALERT,
316                               "SSL_CTX_use_PrivateKey_file(\"%s\") failed",
317                               key);
318         goto fail;
319     }
320 */
321     ciphers = (conf->ciphers != NULL) ? conf->ciphers : "HIGH:!aNULL:!MD5";
322 
323     if (SSL_CTX_set_cipher_list(ctx, ciphers) == 0) {
324         nxt_openssl_log_error(task, NXT_LOG_ALERT,
325                               "SSL_CTX_set_cipher_list(\"%s\") failed",
326                               ciphers);
327         goto fail;
328     }
329 
330     SSL_CTX_set_options(ctx, SSL_OP_CIPHER_SERVER_PREFERENCE);
331 
332     if (conf->ca_certificate != NULL) {
333 
334         /* TODO: verify callback */
335         SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, NULL);
336 
337         /* TODO: verify depth */
338         SSL_CTX_set_verify_depth(ctx, 1);
339 
340         ca_certificate = conf->ca_certificate;
341 
342         if (SSL_CTX_load_verify_locations(ctx, ca_certificate, NULL) == 0) {
343             nxt_openssl_log_error(task, NXT_LOG_ALERT,
344                               "SSL_CTX_load_verify_locations(\"%s\") failed",
345                               ca_certificate);
346             goto fail;
347         }
348 
349         list = SSL_load_client_CA_file(ca_certificate);
350 
351         if (list == NULL) {
352             nxt_openssl_log_error(task, NXT_LOG_ALERT,
353                               "SSL_load_client_CA_file(\"%s\") failed",
354                               ca_certificate);
355             goto fail;
356         }
357 
358         /*
359          * SSL_load_client_CA_file() in OpenSSL prior to 0.9.7h and
360          * 0.9.8 versions always leaves an error in the error queue.
361          */
362         ERR_clear_error();
363 
364         SSL_CTX_set_client_CA_list(ctx, list);
365     }
366 
367     if (last) {
368         conf->conn_init = nxt_openssl_conn_init;
369 
370         if (bundle->next != NULL) {
371             SSL_CTX_set_tlsext_servername_callback(ctx, nxt_openssl_servername);
372         }
373     }
374 
375     return NXT_OK;
376 
377 fail:
378 
379     SSL_CTX_free(ctx);
380 
381 #if (OPENSSL_VERSION_NUMBER >= 0x1010100fL \
382      && OPENSSL_VERSION_NUMBER < 0x1010101fL)
383     RAND_keep_random_devices_open(0);
384 #endif
385 
386     return NXT_ERROR;
387 }
388 
389 
390 static nxt_int_t
391 nxt_openssl_chain_file(nxt_task_t *task, SSL_CTX *ctx, nxt_tls_conf_t *conf,
392     nxt_mp_t *mp, nxt_bool_t single)
393 {
394     BIO                    *bio;
395     X509                   *cert, *ca;
396     long                   reason;
397     EVP_PKEY               *key;
398     nxt_int_t              ret;
399     nxt_tls_bundle_conf_t  *bundle;
400 
401     ret = NXT_ERROR;
402     cert = NULL;
403 
404     bio = BIO_new(BIO_s_fd());
405     if (bio == NULL) {
406         goto end;
407     }
408 
409     bundle = conf->bundle;
410 
411     BIO_set_fd(bio, bundle->chain_file, BIO_CLOSE);
412 
413     cert = PEM_read_bio_X509_AUX(bio, NULL, NULL, NULL);
414     if (cert == NULL) {
415         goto end;
416     }
417 
418     if (SSL_CTX_use_certificate(ctx, cert) != 1) {
419         goto end;
420     }
421 
422     if (!single && nxt_openssl_cert_get_names(task, cert, conf, mp) != NXT_OK) {
423         goto clean;
424     }
425 
426     for ( ;; ) {
427         ca = PEM_read_bio_X509(bio, NULL, NULL, NULL);
428 
429         if (ca == NULL) {
430             reason = ERR_GET_REASON(ERR_peek_last_error());
431             if (reason != PEM_R_NO_START_LINE) {
432                 goto end;
433             }
434 
435             ERR_clear_error();
436             break;
437         }
438 
439         /*
440          * Note that ca isn't freed if it was successfully added to the chain,
441          * while the main certificate needs a X509_free() call, since
442          * its reference count is increased by SSL_CTX_use_certificate().
443          */
444 #ifdef SSL_CTX_add0_chain_cert
445         if (SSL_CTX_add0_chain_cert(ctx, ca) != 1) {
446 #else
447         if (SSL_CTX_add_extra_chain_cert(ctx, ca) != 1) {
448 #endif
449             X509_free(ca);
450             goto end;
451         }
452     }
453 
454     if (BIO_reset(bio) != 0) {
455         goto end;
456     }
457 
458     key = PEM_read_bio_PrivateKey(bio, NULL, NULL, NULL);
459     if (key == NULL) {
460         goto end;
461     }
462 
463     if (SSL_CTX_use_PrivateKey(ctx, key) == 1) {
464         ret = NXT_OK;
465     }
466 
467     EVP_PKEY_free(key);
468 
469 end:
470 
471     if (ret != NXT_OK) {
472         nxt_openssl_log_error(task, NXT_LOG_ALERT,
473                               "nxt_openssl_chain_file() failed");
474     }
475 
476 clean:
477 
478     BIO_free(bio);
479     X509_free(cert);
480 
481     return ret;
482 }
483 
484 
485 static nxt_uint_t
486 nxt_openssl_cert_get_names(nxt_task_t *task, X509 *cert, nxt_tls_conf_t *conf,
487     nxt_mp_t *mp)
488 {
489     int                         len;
490     nxt_str_t                   domain, str;
491     X509_NAME                   *x509_name;
492     nxt_uint_t                  i, n;
493     GENERAL_NAME                *name;
494     nxt_tls_bundle_conf_t       *bundle;
495     STACK_OF(GENERAL_NAME)      *alt_names;
496     nxt_tls_bundle_hash_item_t  *item;
497 
498     bundle = conf->bundle;
499 
500     alt_names = X509_get_ext_d2i(cert, NID_subject_alt_name, NULL, NULL);
501 
502     if (alt_names != NULL) {
503         n = sk_GENERAL_NAME_num(alt_names);
504 
505         for (i = 0; i != n; i++) {
506             name = sk_GENERAL_NAME_value(alt_names, i);
507 
508             if (name->type != GEN_DNS) {
509                 continue;
510             }
511 
512             str.length = ASN1_STRING_length(name->d.dNSName);
513 #if OPENSSL_VERSION_NUMBER > 0x10100000L
514             str.start = (u_char *) ASN1_STRING_get0_data(name->d.dNSName);
515 #else
516             str.start = ASN1_STRING_data(name->d.dNSName);
517 #endif
518 
519             domain.start = nxt_mp_nget(mp, str.length);
520             if (nxt_slow_path(domain.start == NULL)) {
521                 goto fail;
522             }
523 
524             domain.length = str.length;
525             nxt_memcpy_lowcase(domain.start, str.start, str.length);
526 
527             item = nxt_mp_get(mp, sizeof(nxt_tls_bundle_hash_item_t));
528             if (nxt_slow_path(item == NULL)) {
529                 goto fail;
530             }
531 
532             item->name = domain;
533             item->bundle = bundle;
534 
535             if (nxt_openssl_bundle_hash_insert(task, &conf->bundle_hash,
536                                                item, mp)
537                 == NXT_ERROR)
538             {
539                 goto fail;
540             }
541         }
542 
543         sk_GENERAL_NAME_pop_free(alt_names, GENERAL_NAME_free);
544 
545     } else {
546         x509_name = X509_get_subject_name(cert);
547         len = X509_NAME_get_text_by_NID(x509_name, NID_commonName,
548                                         NULL, 0);
549         if (len <= 0) {
550             nxt_log(task, NXT_LOG_WARN, "certificate \"%V\" has neither "
551                     "Subject Alternative Name nor Common Name", bundle->name);
552             return NXT_OK;
553         }
554 
555         domain.start = nxt_mp_nget(mp, len + 1);
556         if (nxt_slow_path(domain.start == NULL)) {
557             return NXT_ERROR;
558         }
559 
560         domain.length = X509_NAME_get_text_by_NID(x509_name, NID_commonName,
561                                                   (char *) domain.start,
562                                                   len + 1);
563         nxt_memcpy_lowcase(domain.start, domain.start, domain.length);
564 
565         item = nxt_mp_get(mp, sizeof(nxt_tls_bundle_hash_item_t));
566         if (nxt_slow_path(item == NULL)) {
567             return NXT_ERROR;
568         }
569 
570         item->name = domain;
571         item->bundle = bundle;
572 
573         if (nxt_openssl_bundle_hash_insert(task, &conf->bundle_hash, item,
574                                            mp)
575             == NXT_ERROR)
576         {
577             return NXT_ERROR;
578         }
579     }
580 
581     return NXT_OK;
582 
583 fail:
584 
585     sk_GENERAL_NAME_pop_free(alt_names, GENERAL_NAME_free);
586 
587     return NXT_ERROR;
588 }
589 
590 
591 static const nxt_lvlhsh_proto_t  nxt_openssl_bundle_hash_proto
592     nxt_aligned(64) =
593 {
594     NXT_LVLHSH_DEFAULT,
595     nxt_openssl_bundle_hash_test,
596     nxt_mp_lvlhsh_alloc,
597     nxt_mp_lvlhsh_free,
598 };
599 
600 
601 static nxt_int_t
602 nxt_openssl_bundle_hash_test(nxt_lvlhsh_query_t *lhq, void *data)
603 {
604     nxt_tls_bundle_hash_item_t  *item;
605 
606     item = data;
607 
608     return nxt_strstr_eq(&lhq->key, &item->name) ? NXT_OK : NXT_DECLINED;
609 }
610 
611 
612 static nxt_int_t
613 nxt_openssl_bundle_hash_insert(nxt_task_t *task, nxt_lvlhsh_t *lvlhsh,
614     nxt_tls_bundle_hash_item_t *item, nxt_mp_t *mp)
615 {
616     nxt_str_t                   str;
617     nxt_int_t                   ret;
618     nxt_lvlhsh_query_t          lhq;
619     nxt_tls_bundle_hash_item_t  *old;
620 
621     str = item->name;
622 
623     if (item->name.start[0] == '*') {
624         item->name.start++;
625         item->name.length--;
626 
627         if (item->name.length == 0 || item->name.start[0] != '.') {
628             nxt_log(task, NXT_LOG_WARN, "ignored invalid name \"%V\" "
629                     "in certificate \"%V\": missing \".\" "
630                     "after wildcard symbol", &str, item->bundle->name);
631             return NXT_OK;
632         }
633     }
634 
635     lhq.pool = mp;
636     lhq.key = item->name;
637     lhq.value = item;
638     lhq.proto = &nxt_openssl_bundle_hash_proto;
639     lhq.replace = 0;
640     lhq.key_hash = nxt_murmur_hash2(item->name.start, item->name.length);
641 
642     ret = nxt_lvlhsh_insert(lvlhsh, &lhq);
643     if (nxt_fast_path(ret == NXT_OK)) {
644         nxt_debug(task, "name \"%V\" for certificate \"%V\" is inserted",
645                   &str, item->bundle->name);
646         return NXT_OK;
647     }
648 
649     if (nxt_fast_path(ret == NXT_DECLINED)) {
650         old = lhq.value;
651         if (old->bundle != item->bundle) {
652             nxt_log(task, NXT_LOG_WARN, "ignored duplicate name \"%V\" "
653                     "in certificate \"%V\", identical name appears in \"%V\"",
654                     &str, old->bundle->name, item->bundle->name);
655 
656             old->bundle = item->bundle;
657         }
658 
659         return NXT_OK;
660     }
661 
662     return NXT_ERROR;
663 }
664 
665 
666 static nxt_int_t
667 nxt_openssl_servername(SSL *s, int *ad, void *arg)
668 {
669     nxt_str_t              str;
670     nxt_uint_t             i;
671     nxt_conn_t             *c;
672     const char             *servername;
673     nxt_tls_conf_t         *conf;
674     nxt_openssl_conn_t     *tls;
675     nxt_tls_bundle_conf_t  *bundle;
676 
677     c = SSL_get_ex_data(s, nxt_openssl_connection_index);
678 
679     if (nxt_slow_path(c == NULL)) {
680         nxt_thread_log_alert("SSL_get_ex_data() failed");
681         return SSL_TLSEXT_ERR_ALERT_FATAL;
682     }
683 
684     servername = SSL_get_servername(s, TLSEXT_NAMETYPE_host_name);
685     if (nxt_slow_path(servername == NULL)) {
686         nxt_log(c->socket.task, NXT_LOG_ALERT, "SSL_get_servername() returned "
687                                                "NULL in server name callback");
688         return SSL_TLSEXT_ERR_ALERT_FATAL;
689     }
690 
691     str.length = nxt_strlen(servername);
692     if (str.length == 0) {
693         nxt_debug(c->socket.task, "client sent zero-length server name");
694         goto done;
695     }
696 
697     if (servername[0] == '.') {
698         nxt_debug(c->socket.task, "ignored the server name \"%s\": "
699                                   "leading \".\"", servername);
700         goto done;
701     }
702 
703     nxt_debug(c->socket.task, "tls with servername \"%s\"", servername);
704 
705     str.start = nxt_mp_nget(c->mem_pool, str.length);
706     if (nxt_slow_path(str.start == NULL)) {
707         return SSL_TLSEXT_ERR_ALERT_FATAL;
708     }
709 
710     nxt_memcpy_lowcase(str.start, (const u_char *) servername, str.length);
711 
712     tls = c->u.tls;
713     conf = tls->conf;
714 
715     bundle = nxt_openssl_find_ctx(conf, &str);
716 
717     if (bundle == NULL) {
718         for (i = 1; i < str.length; i++) {
719             if (str.start[i] == '.') {
720                 str.start += i;
721                 str.length -= i;
722 
723                 bundle = nxt_openssl_find_ctx(conf, &str);
724                 break;
725             }
726         }
727     }
728 
729     if (bundle != NULL) {
730         nxt_debug(c->socket.task, "new tls context found for \"%V\": \"%V\" "
731                                   "(old: \"%V\")", &str, bundle->name,
732                                   conf->bundle->name);
733 
734         if (bundle != conf->bundle) {
735             if (SSL_set_SSL_CTX(s, bundle->ctx) == NULL) {
736                 nxt_openssl_log_error(c->socket.task, NXT_LOG_ALERT,
737                                       "SSL_set_SSL_CTX() failed");
738 
739                 return SSL_TLSEXT_ERR_ALERT_FATAL;
740             }
741         }
742     }
743 
744 done:
745 
746     return SSL_TLSEXT_ERR_OK;
747 }
748 
749 
750 static nxt_tls_bundle_conf_t *
751 nxt_openssl_find_ctx(nxt_tls_conf_t *conf, nxt_str_t *sn)
752 {
753     nxt_int_t                   ret;
754     nxt_lvlhsh_query_t          lhq;
755     nxt_tls_bundle_hash_item_t  *item;
756 
757     lhq.key_hash = nxt_murmur_hash2(sn->start, sn->length);
758     lhq.key = *sn;
759     lhq.proto = &nxt_openssl_bundle_hash_proto;
760 
761     ret = nxt_lvlhsh_find(&conf->bundle_hash, &lhq);
762     if (ret != NXT_OK) {
763         return NULL;
764     }
765 
766     item = lhq.value;
767 
768     return item->bundle;
769 }
770 
771 
772 static void
773 nxt_openssl_server_free(nxt_task_t *task, nxt_tls_conf_t *conf)
774 {
775     nxt_tls_bundle_conf_t  *bundle;
776 
777     bundle = conf->bundle;
778     nxt_assert(bundle != NULL);
779 
780     do {
781         SSL_CTX_free(bundle->ctx);
782         bundle = bundle->next;
783     } while (bundle != NULL);
784 
785 #if (OPENSSL_VERSION_NUMBER >= 0x1010100fL \
786      && OPENSSL_VERSION_NUMBER < 0x1010101fL)
787     RAND_keep_random_devices_open(0);
788 #endif
789 }
790 
791 
792 static void
793 nxt_openssl_conn_init(nxt_task_t *task, nxt_tls_conf_t *conf, nxt_conn_t *c)
794 {
795     int                 ret;
796     SSL                 *s;
797     SSL_CTX             *ctx;
798     nxt_openssl_conn_t  *tls;
799 
800     nxt_log_debug(c->socket.log, "openssl conn init");
801 
802     tls = nxt_mp_zget(c->mem_pool, sizeof(nxt_openssl_conn_t));
803     if (tls == NULL) {
804         goto fail;
805     }
806 
807     c->u.tls = tls;
808     nxt_buf_mem_set_size(&tls->buffer, conf->buffer_size);
809 
810     ctx = conf->bundle->ctx;
811 
812     s = SSL_new(ctx);
813     if (s == NULL) {
814         nxt_openssl_log_error(task, NXT_LOG_ALERT, "SSL_new() failed");
815         goto fail;
816     }
817 
818     tls->session = s;
819     /* To pass TLS config to the nxt_openssl_servername() callback. */
820     tls->conf = conf;
821     tls->conn = c;
822 
823     ret = SSL_set_fd(s, c->socket.fd);
824 
825     if (ret == 0) {
826         nxt_openssl_log_error(task, NXT_LOG_ALERT, "SSL_set_fd(%d) failed",
827                               c->socket.fd);
828         goto fail;
829     }
830 
831     SSL_set_accept_state(s);
832 
833     if (SSL_set_ex_data(s, nxt_openssl_connection_index, c) == 0) {
834         nxt_openssl_log_error(task, NXT_LOG_ALERT, "SSL_set_ex_data() failed");
835         goto fail;
836     }
837 
838     c->io = &nxt_openssl_conn_io;
839     c->sendfile = NXT_CONN_SENDFILE_OFF;
840 
841     nxt_openssl_conn_handshake(task, c, c->socket.data);
842     /*
843      * TLS configuration might be destroyed after the TLS connection
844      * is established.
845      */
846     tls->conf = NULL;
847     return;
848 
849 fail:
850 
851     nxt_work_queue_add(c->read_work_queue, c->read_state->error_handler,
852                        task, c, c->socket.data);
853 }
854 
855 
856 nxt_inline void
857 nxt_openssl_conn_free(nxt_task_t *task, nxt_conn_t *c)
858 {
859     nxt_openssl_conn_t  *tls;
860 
861     nxt_debug(task, "openssl conn free");
862 
863     tls = c->u.tls;
864 
865     if (tls != NULL) {
866         c->u.tls = NULL;
867         nxt_free(tls->buffer.start);
868         SSL_free(tls->session);
869     }
870 }
871 
872 
873 static void
874 nxt_openssl_conn_handshake(nxt_task_t *task, void *obj, void *data)
875 {
876     int                     ret;
877     nxt_int_t               n;
878     nxt_err_t               err;
879     nxt_conn_t              *c;
880     nxt_work_queue_t        *wq;
881     nxt_work_handler_t      handler;
882     nxt_openssl_conn_t      *tls;
883     const nxt_conn_state_t  *state;
884 
885     c = obj;
886 
887     nxt_debug(task, "openssl conn handshake fd:%d", c->socket.fd);
888 
889     if (c->socket.error != 0) {
890         return;
891     }
892 
893     tls = c->u.tls;
894 
895     if (tls == NULL) {
896         return;
897     }
898 
899     nxt_debug(task, "openssl conn handshake: %d times", tls->times);
900 
901     /* "tls->times == 1" is suitable to run SSL_do_handshake() in job. */
902 
903     ret = SSL_do_handshake(tls->session);
904 
905     err = (ret <= 0) ? nxt_socket_errno : 0;
906 
907     nxt_thread_time_debug_update(task->thread);
908 
909     nxt_debug(task, "SSL_do_handshake(%d): %d err:%d", c->socket.fd, ret, err);
910 
911     state = (c->read_state != NULL) ? c->read_state : c->write_state;
912 
913     if (ret > 0) {
914         /* ret == 1, the handshake was successfully completed. */
915         tls->handshake = 1;
916 
917         if (c->read_state != NULL) {
918             if (state->io_read_handler != NULL || c->read != NULL) {
919                 nxt_conn_read(task->thread->engine, c);
920                 return;
921             }
922 
923         } else {
924             if (c->write != NULL) {
925                 nxt_conn_write(task->thread->engine, c);
926                 return;
927             }
928         }
929 
930         handler = state->ready_handler;
931 
932     } else {
933         c->socket.read_handler = nxt_openssl_conn_handshake;
934         c->socket.write_handler = nxt_openssl_conn_handshake;
935 
936         n = nxt_openssl_conn_test_error(task, c, ret, err,
937                                         NXT_OPENSSL_HANDSHAKE);
938         switch (n) {
939 
940         case NXT_AGAIN:
941             if (tls->ssl_error == SSL_ERROR_WANT_READ && tls->times < 2) {
942                 tls->times++;
943             }
944 
945             return;
946 
947         case 0:
948             handler = state->close_handler;
949             break;
950 
951         default:
952         case NXT_ERROR:
953             nxt_openssl_conn_error(task, err, "SSL_do_handshake(%d) failed",
954                                    c->socket.fd);
955 
956             handler = state->error_handler;
957             break;
958         }
959     }
960 
961     wq = (c->read_state != NULL) ? c->read_work_queue : c->write_work_queue;
962 
963     nxt_work_queue_add(wq, handler, task, c, data);
964 }
965 
966 
967 static ssize_t
968 nxt_openssl_conn_io_recvbuf(nxt_conn_t *c, nxt_buf_t *b)
969 {
970     int                 ret;
971     size_t              size;
972     nxt_int_t           n;
973     nxt_err_t           err;
974     nxt_openssl_conn_t  *tls;
975 
976     tls = c->u.tls;
977     size = b->mem.end - b->mem.free;
978 
979     ret = SSL_read(tls->session, b->mem.free, size);
980 
981     err = (ret <= 0) ? nxt_socket_errno : 0;
982 
983     nxt_debug(c->socket.task, "SSL_read(%d, %p, %uz): %d err:%d",
984               c->socket.fd, b->mem.free, size, ret, err);
985 
986     if (ret > 0) {
987         return ret;
988     }
989 
990     n = nxt_openssl_conn_test_error(c->socket.task, c, ret, err,
991                                     NXT_OPENSSL_READ);
992     if (n == NXT_ERROR) {
993         nxt_openssl_conn_error(c->socket.task, err,
994                                "SSL_read(%d, %p, %uz) failed",
995                                c->socket.fd, b->mem.free, size);
996     }
997 
998     return n;
999 }
1000 
1001 
1002 static ssize_t
1003 nxt_openssl_conn_io_sendbuf(nxt_task_t *task, nxt_sendbuf_t *sb)
1004 {
1005     nxt_uint_t    niov;
1006     struct iovec  iov;
1007 
1008     niov = nxt_sendbuf_mem_coalesce0(task, sb, &iov, 1);
1009 
1010     if (niov == 0 && sb->sync) {
1011         return 0;
1012     }
1013 
1014     return nxt_openssl_conn_io_send(task, sb, iov.iov_base, iov.iov_len);
1015 }
1016 
1017 
1018 static ssize_t
1019 nxt_openssl_conn_io_send(nxt_task_t *task, nxt_sendbuf_t *sb, void *buf,
1020     size_t size)
1021 {
1022     int                 ret;
1023     nxt_err_t           err;
1024     nxt_int_t           n;
1025     nxt_conn_t          *c;
1026     nxt_openssl_conn_t  *tls;
1027 
1028     tls = sb->tls;
1029 
1030     ret = SSL_write(tls->session, buf, size);
1031 
1032     err = (ret <= 0) ? nxt_socket_errno : 0;
1033 
1034     nxt_debug(task, "SSL_write(%d, %p, %uz): %d err:%d",
1035               sb->socket, buf, size, ret, err);
1036 
1037     if (ret > 0) {
1038         return ret;
1039     }
1040 
1041     c = tls->conn;
1042     c->socket.write_ready = sb->ready;
1043 
1044     n = nxt_openssl_conn_test_error(task, c, ret, err, NXT_OPENSSL_WRITE);
1045 
1046     sb->ready = c->socket.write_ready;
1047 
1048     if (n == NXT_ERROR) {
1049         sb->error = c->socket.error;
1050         nxt_openssl_conn_error(task, err, "SSL_write(%d, %p, %uz) failed",
1051                                sb->socket, buf, size);
1052     }
1053 
1054     return n;
1055 }
1056 
1057 
1058 static void
1059 nxt_openssl_conn_io_shutdown(nxt_task_t *task, void *obj, void *data)
1060 {
1061     int                 ret, mode;
1062     SSL                 *s;
1063     nxt_err_t           err;
1064     nxt_int_t           n;
1065     nxt_bool_t          quiet, once;
1066     nxt_conn_t          *c;
1067     nxt_openssl_conn_t  *tls;
1068     nxt_work_handler_t  handler;
1069 
1070     c = obj;
1071 
1072     nxt_debug(task, "openssl conn shutdown fd:%d", c->socket.fd);
1073 
1074     c->read_state = NULL;
1075     tls = c->u.tls;
1076 
1077     if (tls == NULL) {
1078         return;
1079     }
1080 
1081     s = tls->session;
1082 
1083     if (s == NULL || !tls->handshake) {
1084         handler = c->write_state->ready_handler;
1085         goto done;
1086     }
1087 
1088     mode = SSL_get_shutdown(s);
1089 
1090     if (c->socket.timedout || c->socket.error != 0) {
1091         quiet = 1;
1092 
1093     } else if (c->socket.closed && !(mode & SSL_RECEIVED_SHUTDOWN)) {
1094         quiet = 1;
1095 
1096     } else {
1097         quiet = 0;
1098     }
1099 
1100     SSL_set_quiet_shutdown(s, quiet);
1101 
1102     once = 1;
1103 
1104     for ( ;; ) {
1105         SSL_set_shutdown(s, mode);
1106 
1107         ret = SSL_shutdown(s);
1108 
1109         err = (ret <= 0) ? nxt_socket_errno : 0;
1110 
1111         nxt_debug(task, "SSL_shutdown(%d, %d, %b): %d err:%d",
1112                   c->socket.fd, mode, quiet, ret, err);
1113 
1114         if (ret > 0) {
1115             /* ret == 1, the shutdown was successfully completed. */
1116             handler = c->write_state->ready_handler;
1117             goto done;
1118         }
1119 
1120         if (ret == 0) {
1121             /*
1122              * If SSL_shutdown() returns 0 then it should be called
1123              * again.  The second SSL_shutdown() call should return
1124              * -1/SSL_ERROR_WANT_READ or -1/SSL_ERROR_WANT_WRITE.
1125              * OpenSSL prior to 0.9.8m version however never returns
1126              * -1 at all.  Fortunately, OpenSSL preserves internally
1127              * correct status available via SSL_get_error(-1).
1128              */
1129             if (once) {
1130                 once = 0;
1131                 mode = SSL_get_shutdown(s);
1132                 continue;
1133             }
1134 
1135             ret = -1;
1136         }
1137 
1138         /* ret == -1 */
1139 
1140         break;
1141     }
1142 
1143     c->socket.read_handler = nxt_openssl_conn_io_shutdown;
1144     c->socket.write_handler = nxt_openssl_conn_io_shutdown;
1145     c->socket.error_handler = c->write_state->error_handler;
1146 
1147     n = nxt_openssl_conn_test_error(task, c, ret, err, NXT_OPENSSL_SHUTDOWN);
1148 
1149     switch (n) {
1150 
1151     case 0:
1152         handler = c->write_state->close_handler;
1153         break;
1154 
1155     case NXT_AGAIN:
1156         nxt_timer_add(task->thread->engine, &c->read_timer, 5000);
1157         return;
1158 
1159     default:
1160     case NXT_ERROR:
1161         nxt_openssl_conn_error(task, err, "SSL_shutdown(%d) failed",
1162                                c->socket.fd);
1163         handler = c->write_state->error_handler;
1164     }
1165 
1166 done:
1167 
1168     nxt_openssl_conn_free(task, c);
1169 
1170     nxt_work_queue_add(c->write_work_queue, handler, task, c, data);
1171 }
1172 
1173 
1174 static nxt_int_t
1175 nxt_openssl_conn_test_error(nxt_task_t *task, nxt_conn_t *c, int ret,
1176     nxt_err_t sys_err, nxt_openssl_io_t io)
1177 {
1178     u_long              lib_err;
1179     nxt_openssl_conn_t  *tls;
1180 
1181     tls = c->u.tls;
1182 
1183     tls->ssl_error = SSL_get_error(tls->session, ret);
1184 
1185     nxt_debug(task, "SSL_get_error(): %d", tls->ssl_error);
1186 
1187     switch (tls->ssl_error) {
1188 
1189     case SSL_ERROR_WANT_READ:
1190         c->socket.read_ready = 0;
1191 
1192         if (io != NXT_OPENSSL_READ) {
1193             nxt_fd_event_block_write(task->thread->engine, &c->socket);
1194 
1195             if (nxt_fd_event_is_disabled(c->socket.read)) {
1196                 nxt_fd_event_enable_read(task->thread->engine, &c->socket);
1197             }
1198         }
1199 
1200         return NXT_AGAIN;
1201 
1202     case SSL_ERROR_WANT_WRITE:
1203         c->socket.write_ready = 0;
1204 
1205         if (io != NXT_OPENSSL_WRITE) {
1206             nxt_fd_event_block_read(task->thread->engine, &c->socket);
1207 
1208             if (nxt_fd_event_is_disabled(c->socket.write)) {
1209                 nxt_fd_event_enable_write(task->thread->engine, &c->socket);
1210             }
1211         }
1212 
1213         return NXT_AGAIN;
1214 
1215     case SSL_ERROR_SYSCALL:
1216         lib_err = ERR_peek_error();
1217 
1218         nxt_debug(task, "ERR_peek_error(): %l", lib_err);
1219 
1220         if (sys_err != 0 || lib_err != 0) {
1221             c->socket.error = sys_err;
1222             return NXT_ERROR;
1223         }
1224 
1225         /* A connection was just closed. */
1226         c->socket.closed = 1;
1227         return 0;
1228 
1229     case SSL_ERROR_ZERO_RETURN:
1230         /* A "close notify" alert. */
1231         return 0;
1232 
1233     default: /* SSL_ERROR_SSL, etc. */
1234         c->socket.error = 1000;  /* Nonexistent errno code. */
1235         return NXT_ERROR;
1236     }
1237 }
1238 
1239 
1240 static void nxt_cdecl
1241 nxt_openssl_conn_error(nxt_task_t *task, nxt_err_t err, const char *fmt, ...)
1242 {
1243     u_char      *p, *end;
1244     va_list     args;
1245     nxt_uint_t  level;
1246     u_char      msg[NXT_MAX_ERROR_STR];
1247 
1248     level = nxt_openssl_log_error_level(err);
1249 
1250     if (nxt_log_level_enough(task->log, level)) {
1251 
1252         end = msg + sizeof(msg);
1253 
1254         va_start(args, fmt);
1255         p = nxt_vsprintf(msg, end, fmt, args);
1256         va_end(args);
1257 
1258         if (err != 0) {
1259             p = nxt_sprintf(p, end, " %E", err);
1260         }
1261 
1262         p = nxt_openssl_copy_error(p, end);
1263 
1264         nxt_log(task, level, "%*s", p - msg, msg);
1265 
1266     } else {
1267         ERR_clear_error();
1268     }
1269 }
1270 
1271 
1272 static nxt_uint_t
1273 nxt_openssl_log_error_level(nxt_err_t err)
1274 {
1275     switch (ERR_GET_REASON(ERR_peek_error())) {
1276 
1277     case 0:
1278         return nxt_socket_error_level(err);
1279 
1280     case SSL_R_BAD_CHANGE_CIPHER_SPEC:                    /*  103 */
1281     case SSL_R_BLOCK_CIPHER_PAD_IS_WRONG:                 /*  129 */
1282     case SSL_R_DIGEST_CHECK_FAILED:                       /*  149 */
1283     case SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST:             /*  151 */
1284     case SSL_R_EXCESSIVE_MESSAGE_SIZE:                    /*  152 */
1285     case SSL_R_LENGTH_MISMATCH:                           /*  159 */
1286 #ifdef SSL_R_NO_CIPHERS_PASSED
1287     case SSL_R_NO_CIPHERS_PASSED:                         /*  182 */
1288 #endif
1289     case SSL_R_NO_CIPHERS_SPECIFIED:                      /*  183 */
1290     case SSL_R_NO_COMPRESSION_SPECIFIED:                  /*  187 */
1291     case SSL_R_NO_SHARED_CIPHER:                          /*  193 */
1292     case SSL_R_RECORD_LENGTH_MISMATCH:                    /*  213 */
1293 #ifdef SSL_R_PARSE_TLSEXT
1294     case SSL_R_PARSE_TLSEXT:                              /*  227 */
1295 #endif
1296     case SSL_R_UNEXPECTED_MESSAGE:                        /*  244 */
1297     case SSL_R_UNEXPECTED_RECORD:                         /*  245 */
1298     case SSL_R_UNKNOWN_ALERT_TYPE:                        /*  246 */
1299     case SSL_R_UNKNOWN_PROTOCOL:                          /*  252 */
1300     case SSL_R_WRONG_VERSION_NUMBER:                      /*  267 */
1301     case SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC:       /*  281 */
1302 #ifdef SSL_R_RENEGOTIATE_EXT_TOO_LONG
1303     case SSL_R_RENEGOTIATE_EXT_TOO_LONG:                  /*  335 */
1304     case SSL_R_RENEGOTIATION_ENCODING_ERR:                /*  336 */
1305     case SSL_R_RENEGOTIATION_MISMATCH:                    /*  337 */
1306 #endif
1307 #ifdef SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED
1308     case SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED:      /*  338 */
1309 #endif
1310 #ifdef SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING
1311     case SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING:          /*  345 */
1312 #endif
1313     case 1000:/* SSL_R_SSLV3_ALERT_CLOSE_NOTIFY */
1314     case SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE:            /* 1010 */
1315     case SSL_R_SSLV3_ALERT_BAD_RECORD_MAC:                /* 1020 */
1316     case SSL_R_TLSV1_ALERT_DECRYPTION_FAILED:             /* 1021 */
1317     case SSL_R_TLSV1_ALERT_RECORD_OVERFLOW:               /* 1022 */
1318     case SSL_R_SSLV3_ALERT_DECOMPRESSION_FAILURE:         /* 1030 */
1319     case SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE:             /* 1040 */
1320     case SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER:             /* 1047 */
1321         break;
1322 
1323     case SSL_R_SSLV3_ALERT_NO_CERTIFICATE:                /* 1041 */
1324     case SSL_R_SSLV3_ALERT_BAD_CERTIFICATE:               /* 1042 */
1325     case SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE:       /* 1043 */
1326     case SSL_R_SSLV3_ALERT_CERTIFICATE_REVOKED:           /* 1044 */
1327     case SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED:           /* 1045 */
1328     case SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN:           /* 1046 */
1329     case SSL_R_TLSV1_ALERT_UNKNOWN_CA:                    /* 1048 */
1330     case SSL_R_TLSV1_ALERT_ACCESS_DENIED:                 /* 1049 */
1331     case SSL_R_TLSV1_ALERT_DECODE_ERROR:                  /* 1050 */
1332     case SSL_R_TLSV1_ALERT_DECRYPT_ERROR:                 /* 1051 */
1333     case SSL_R_TLSV1_ALERT_EXPORT_RESTRICTION:            /* 1060 */
1334     case SSL_R_TLSV1_ALERT_PROTOCOL_VERSION:              /* 1070 */
1335     case SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY:         /* 1071 */
1336     case SSL_R_TLSV1_ALERT_INTERNAL_ERROR:                /* 1080 */
1337     case SSL_R_TLSV1_ALERT_USER_CANCELLED:                /* 1090 */
1338     case SSL_R_TLSV1_ALERT_NO_RENEGOTIATION:              /* 1100 */
1339         return NXT_LOG_ERR;
1340 
1341     default:
1342         return NXT_LOG_ALERT;
1343     }
1344 
1345     return NXT_LOG_INFO;
1346 }
1347 
1348 
1349 void nxt_cdecl
1350 nxt_openssl_log_error(nxt_task_t *task, nxt_uint_t level, const char *fmt, ...)
1351 {
1352     u_char   *p, *end;
1353     va_list  args;
1354     u_char   msg[NXT_MAX_ERROR_STR];
1355 
1356     end = msg + sizeof(msg);
1357 
1358     va_start(args, fmt);
1359     p = nxt_vsprintf(msg, end, fmt, args);
1360     va_end(args);
1361 
1362     p = nxt_openssl_copy_error(p, end);
1363 
1364     nxt_log(task, level, "%*s", p - msg, msg);
1365 }
1366 
1367 
1368 u_char *
1369 nxt_openssl_copy_error(u_char *p, u_char *end)
1370 {
1371     int         flags;
1372     u_long      err;
1373     nxt_bool_t  clear;
1374     const char  *data, *delimiter;
1375 
1376     err = ERR_peek_error();
1377     if (err == 0) {
1378         return p;
1379     }
1380 
1381     /* Log the most relevant error message ... */
1382     data = ERR_reason_error_string(err);
1383 
1384     p = nxt_sprintf(p, end, " (%d: %s) (OpenSSL: ", ERR_GET_REASON(err), data);
1385 
1386     /*
1387      * ... followed by all queued cumbersome OpenSSL error messages
1388      * and drain the error queue.
1389      */
1390     delimiter = "";
1391     clear = 0;
1392 
1393     for ( ;; ) {
1394         err = ERR_get_error_line_data(NULL, NULL, &data, &flags);
1395         if (err == 0) {
1396             break;
1397         }
1398 
1399         p = nxt_sprintf(p, end, "%s", delimiter);
1400 
1401         ERR_error_string_n(err, (char *) p, end - p);
1402 
1403         while (p < end && *p != '\0') {
1404             p++;
1405         }
1406 
1407         if ((flags & ERR_TXT_STRING) != 0) {
1408             p = nxt_sprintf(p, end, ":%s", data);
1409         }
1410 
1411         clear |= ((flags & ERR_TXT_MALLOCED) != 0);
1412 
1413         delimiter = "; ";
1414     }
1415 
1416     /* Deallocate additional data. */
1417 
1418     if (clear) {
1419         ERR_clear_error();
1420     }
1421 
1422     if (p < end) {
1423         *p++ = ')';
1424     }
1425 
1426     return p;
1427 }
1428