xref: /unit/src/nxt_openssl.c (revision 1884:4645a43bc248)
1 
2 /*
3  * Copyright (C) Igor Sysoev
4  * Copyright (C) NGINX, Inc.
5  */
6 
7 #include <nxt_main.h>
8 #include <openssl/ssl.h>
9 #include <openssl/conf.h>
10 #include <openssl/err.h>
11 #include <openssl/rand.h>
12 #include <openssl/x509v3.h>
13 
14 
15 typedef struct {
16     SSL             *session;
17     nxt_conn_t      *conn;
18 
19     int             ssl_error;
20     uint8_t         times;      /* 2 bits */
21     uint8_t         handshake;  /* 1 bit  */
22 
23     nxt_tls_conf_t  *conf;
24     nxt_buf_mem_t   buffer;
25 } nxt_openssl_conn_t;
26 
27 
28 typedef enum {
29     NXT_OPENSSL_HANDSHAKE = 0,
30     NXT_OPENSSL_READ,
31     NXT_OPENSSL_WRITE,
32     NXT_OPENSSL_SHUTDOWN,
33 } nxt_openssl_io_t;
34 
35 
36 static nxt_int_t nxt_openssl_library_init(nxt_task_t *task);
37 static void nxt_openssl_library_free(nxt_task_t *task);
38 #if OPENSSL_VERSION_NUMBER < 0x10100004L
39 static nxt_int_t nxt_openssl_locks_init(void);
40 static void nxt_openssl_lock(int mode, int type, const char *file, int line);
41 static unsigned long nxt_openssl_thread_id(void);
42 static void nxt_openssl_locks_free(void);
43 #endif
44 static nxt_int_t nxt_openssl_server_init(nxt_task_t *task,
45     nxt_tls_conf_t *conf, nxt_mp_t *mp, nxt_bool_t last);
46 static nxt_int_t nxt_openssl_chain_file(nxt_task_t *task, SSL_CTX *ctx,
47     nxt_tls_conf_t *conf, nxt_mp_t *mp, nxt_bool_t single);
48 static nxt_uint_t nxt_openssl_cert_get_names(nxt_task_t *task, X509 *cert,
49     nxt_tls_conf_t *conf, nxt_mp_t *mp);
50 static nxt_int_t nxt_openssl_bundle_hash_test(nxt_lvlhsh_query_t *lhq,
51     void *data);
52 static nxt_int_t nxt_openssl_bundle_hash_insert(nxt_task_t *task,
53     nxt_lvlhsh_t *lvlhsh, nxt_tls_bundle_hash_item_t *item, nxt_mp_t * mp);
54 static nxt_int_t nxt_openssl_servername(SSL *s, int *ad, void *arg);
55 static nxt_tls_bundle_conf_t *nxt_openssl_find_ctx(nxt_tls_conf_t *conf,
56     nxt_str_t *sn);
57 static void nxt_openssl_server_free(nxt_task_t *task, nxt_tls_conf_t *conf);
58 static void nxt_openssl_conn_init(nxt_task_t *task, nxt_tls_conf_t *conf,
59     nxt_conn_t *c);
60 static void nxt_openssl_conn_handshake(nxt_task_t *task, void *obj, void *data);
61 static ssize_t nxt_openssl_conn_io_recvbuf(nxt_conn_t *c, nxt_buf_t *b);
62 static ssize_t nxt_openssl_conn_io_sendbuf(nxt_task_t *task, nxt_sendbuf_t *sb);
63 static ssize_t nxt_openssl_conn_io_send(nxt_task_t *task, nxt_sendbuf_t *sb,
64     void *buf, size_t size);
65 static void nxt_openssl_conn_io_shutdown(nxt_task_t *task, void *obj,
66     void *data);
67 static nxt_int_t nxt_openssl_conn_test_error(nxt_task_t *task, nxt_conn_t *c,
68     int ret, nxt_err_t sys_err, nxt_openssl_io_t io);
69 static void nxt_openssl_conn_io_shutdown_timeout(nxt_task_t *task, void *obj,
70     void *data);
71 static void nxt_cdecl nxt_openssl_conn_error(nxt_task_t *task,
72     nxt_err_t err, const char *fmt, ...);
73 static nxt_uint_t nxt_openssl_log_error_level(nxt_err_t err);
74 
75 
76 const nxt_tls_lib_t  nxt_openssl_lib = {
77     .library_init = nxt_openssl_library_init,
78     .library_free = nxt_openssl_library_free,
79 
80     .server_init = nxt_openssl_server_init,
81     .server_free = nxt_openssl_server_free,
82 };
83 
84 
85 static nxt_conn_io_t  nxt_openssl_conn_io = {
86     .read = nxt_conn_io_read,
87     .recvbuf = nxt_openssl_conn_io_recvbuf,
88 
89     .write = nxt_conn_io_write,
90     .sendbuf = nxt_openssl_conn_io_sendbuf,
91 
92     .shutdown = nxt_openssl_conn_io_shutdown,
93 };
94 
95 
96 static long  nxt_openssl_version;
97 static int   nxt_openssl_connection_index;
98 
99 
100 static nxt_int_t
101 nxt_openssl_library_init(nxt_task_t *task)
102 {
103     int  index;
104 
105     if (nxt_fast_path(nxt_openssl_version != 0)) {
106         return NXT_OK;
107     }
108 
109 #if OPENSSL_VERSION_NUMBER >= 0x10100003L
110 
111     OPENSSL_init_ssl(OPENSSL_INIT_LOAD_CONFIG, NULL);
112 
113 #else
114     {
115         nxt_int_t  ret;
116 
117         SSL_load_error_strings();
118 
119         OPENSSL_config(NULL);
120 
121         /*
122          * SSL_library_init(3):
123          *
124          *   SSL_library_init() always returns "1",
125          *   so it is safe to discard the return value.
126          */
127         (void) SSL_library_init();
128 
129         ret = nxt_openssl_locks_init();
130         if (nxt_slow_path(ret != NXT_OK)) {
131             return ret;
132         }
133     }
134 
135 #endif
136 
137     nxt_openssl_version = SSLeay();
138 
139     nxt_log(task, NXT_LOG_INFO, "%s, %xl",
140             SSLeay_version(SSLEAY_VERSION), nxt_openssl_version);
141 
142 #ifndef SSL_OP_NO_COMPRESSION
143     {
144         /*
145          * Disable gzip compression in OpenSSL prior to 1.0.0
146          * version, this saves about 522K per connection.
147          */
148         int                 n;
149         STACK_OF(SSL_COMP)  *ssl_comp_methods;
150 
151         ssl_comp_methods = SSL_COMP_get_compression_methods();
152 
153         for (n = sk_SSL_COMP_num(ssl_comp_methods); n != 0; n--) {
154             (void) sk_SSL_COMP_pop(ssl_comp_methods);
155         }
156     }
157 #endif
158 
159     index = SSL_get_ex_new_index(0, NULL, NULL, NULL, NULL);
160 
161     if (index == -1) {
162         nxt_openssl_log_error(task, NXT_LOG_ALERT,
163                               "SSL_get_ex_new_index() failed");
164         return NXT_ERROR;
165     }
166 
167     nxt_openssl_connection_index = index;
168 
169     return NXT_OK;
170 }
171 
172 
173 #if OPENSSL_VERSION_NUMBER >= 0x10100003L
174 
175 static void
176 nxt_openssl_library_free(nxt_task_t *task)
177 {
178 }
179 
180 #else
181 
182 static nxt_thread_mutex_t  *nxt_openssl_locks;
183 
184 static nxt_int_t
185 nxt_openssl_locks_init(void)
186 {
187     int        i, n;
188     nxt_int_t  ret;
189 
190     n = CRYPTO_num_locks();
191 
192     nxt_openssl_locks = OPENSSL_malloc(n * sizeof(nxt_thread_mutex_t));
193     if (nxt_slow_path(nxt_openssl_locks == NULL)) {
194         return NXT_ERROR;
195     }
196 
197     for (i = 0; i < n; i++) {
198         ret = nxt_thread_mutex_create(&nxt_openssl_locks[i]);
199         if (nxt_slow_path(ret != NXT_OK)) {
200             return ret;
201         }
202     }
203 
204     CRYPTO_set_locking_callback(nxt_openssl_lock);
205 
206     CRYPTO_set_id_callback(nxt_openssl_thread_id);
207 
208     return NXT_OK;
209 }
210 
211 
212 static void
213 nxt_openssl_lock(int mode, int type, const char *file, int line)
214 {
215     nxt_thread_mutex_t  *lock;
216 
217     lock = &nxt_openssl_locks[type];
218 
219     if ((mode & CRYPTO_LOCK) != 0) {
220         (void) nxt_thread_mutex_lock(lock);
221 
222     } else {
223         (void) nxt_thread_mutex_unlock(lock);
224     }
225 }
226 
227 
228 static u_long
229 nxt_openssl_thread_id(void)
230 {
231     return (u_long) nxt_thread_handle();
232 }
233 
234 
235 static void
236 nxt_openssl_library_free(nxt_task_t *task)
237 {
238     nxt_openssl_locks_free();
239 }
240 
241 
242 static void
243 nxt_openssl_locks_free(void)
244 {
245     int  i, n;
246 
247     n = CRYPTO_num_locks();
248 
249     CRYPTO_set_locking_callback(NULL);
250 
251     for (i = 0; i < n; i++) {
252         nxt_thread_mutex_destroy(&nxt_openssl_locks[i]);
253     }
254 
255     OPENSSL_free(nxt_openssl_locks);
256 }
257 
258 #endif
259 
260 
261 static nxt_int_t
262 nxt_openssl_server_init(nxt_task_t *task, nxt_tls_conf_t *conf,
263     nxt_mp_t *mp, nxt_bool_t last)
264 {
265     SSL_CTX                *ctx;
266     const char             *ciphers, *ca_certificate;
267     STACK_OF(X509_NAME)    *list;
268     nxt_tls_bundle_conf_t  *bundle;
269 
270     ctx = SSL_CTX_new(SSLv23_server_method());
271     if (ctx == NULL) {
272         nxt_openssl_log_error(task, NXT_LOG_ALERT, "SSL_CTX_new() failed");
273         return NXT_ERROR;
274     }
275 
276     bundle = conf->bundle;
277     nxt_assert(bundle != NULL);
278 
279     bundle->ctx = ctx;
280 
281 #ifdef SSL_OP_NO_RENEGOTIATION
282     /* Renegration is not currently supported. */
283     SSL_CTX_set_options(ctx, SSL_OP_NO_RENEGOTIATION);
284 #endif
285 
286 #ifdef SSL_OP_NO_COMPRESSION
287     /*
288      * Disable gzip compression in OpenSSL 1.0.0,
289      * this saves about 522K per connection.
290      */
291     SSL_CTX_set_options(ctx, SSL_OP_NO_COMPRESSION);
292 #endif
293 
294 #ifdef SSL_MODE_RELEASE_BUFFERS
295 
296     if (nxt_openssl_version >= 10001078) {
297         /*
298          * Allow to release read and write buffers in OpenSSL 1.0.0,
299          * this saves about 34K per idle connection.  It is not safe
300          * before OpenSSL 1.0.1h (CVE-2010-5298).
301          */
302         SSL_CTX_set_mode(ctx, SSL_MODE_RELEASE_BUFFERS);
303     }
304 
305 #endif
306 
307     if (nxt_openssl_chain_file(task, ctx, conf, mp,
308                                last && bundle->next == NULL)
309         != NXT_OK)
310     {
311         goto fail;
312     }
313 /*
314     key = conf->certificate_key;
315 
316     if (SSL_CTX_use_PrivateKey_file(ctx, key, SSL_FILETYPE_PEM) == 0) {
317         nxt_openssl_log_error(task, NXT_LOG_ALERT,
318                               "SSL_CTX_use_PrivateKey_file(\"%s\") failed",
319                               key);
320         goto fail;
321     }
322 */
323     ciphers = (conf->ciphers != NULL) ? conf->ciphers : "HIGH:!aNULL:!MD5";
324 
325     if (SSL_CTX_set_cipher_list(ctx, ciphers) == 0) {
326         nxt_openssl_log_error(task, NXT_LOG_ALERT,
327                               "SSL_CTX_set_cipher_list(\"%s\") failed",
328                               ciphers);
329         goto fail;
330     }
331 
332     SSL_CTX_set_options(ctx, SSL_OP_CIPHER_SERVER_PREFERENCE);
333 
334     if (conf->ca_certificate != NULL) {
335 
336         /* TODO: verify callback */
337         SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, NULL);
338 
339         /* TODO: verify depth */
340         SSL_CTX_set_verify_depth(ctx, 1);
341 
342         ca_certificate = conf->ca_certificate;
343 
344         if (SSL_CTX_load_verify_locations(ctx, ca_certificate, NULL) == 0) {
345             nxt_openssl_log_error(task, NXT_LOG_ALERT,
346                               "SSL_CTX_load_verify_locations(\"%s\") failed",
347                               ca_certificate);
348             goto fail;
349         }
350 
351         list = SSL_load_client_CA_file(ca_certificate);
352 
353         if (list == NULL) {
354             nxt_openssl_log_error(task, NXT_LOG_ALERT,
355                               "SSL_load_client_CA_file(\"%s\") failed",
356                               ca_certificate);
357             goto fail;
358         }
359 
360         /*
361          * SSL_load_client_CA_file() in OpenSSL prior to 0.9.7h and
362          * 0.9.8 versions always leaves an error in the error queue.
363          */
364         ERR_clear_error();
365 
366         SSL_CTX_set_client_CA_list(ctx, list);
367     }
368 
369     if (last) {
370         conf->conn_init = nxt_openssl_conn_init;
371 
372         if (bundle->next != NULL) {
373             SSL_CTX_set_tlsext_servername_callback(ctx, nxt_openssl_servername);
374         }
375     }
376 
377     return NXT_OK;
378 
379 fail:
380 
381     SSL_CTX_free(ctx);
382 
383 #if (OPENSSL_VERSION_NUMBER >= 0x1010100fL \
384      && OPENSSL_VERSION_NUMBER < 0x1010101fL)
385     RAND_keep_random_devices_open(0);
386 #endif
387 
388     return NXT_ERROR;
389 }
390 
391 
392 static nxt_int_t
393 nxt_openssl_chain_file(nxt_task_t *task, SSL_CTX *ctx, nxt_tls_conf_t *conf,
394     nxt_mp_t *mp, nxt_bool_t single)
395 {
396     BIO                    *bio;
397     X509                   *cert, *ca;
398     long                   reason;
399     EVP_PKEY               *key;
400     nxt_int_t              ret;
401     nxt_tls_bundle_conf_t  *bundle;
402 
403     ret = NXT_ERROR;
404     cert = NULL;
405 
406     bio = BIO_new(BIO_s_fd());
407     if (bio == NULL) {
408         goto end;
409     }
410 
411     bundle = conf->bundle;
412 
413     BIO_set_fd(bio, bundle->chain_file, BIO_CLOSE);
414 
415     cert = PEM_read_bio_X509_AUX(bio, NULL, NULL, NULL);
416     if (cert == NULL) {
417         goto end;
418     }
419 
420     if (SSL_CTX_use_certificate(ctx, cert) != 1) {
421         goto end;
422     }
423 
424     if (!single && nxt_openssl_cert_get_names(task, cert, conf, mp) != NXT_OK) {
425         goto clean;
426     }
427 
428     for ( ;; ) {
429         ca = PEM_read_bio_X509(bio, NULL, NULL, NULL);
430 
431         if (ca == NULL) {
432             reason = ERR_GET_REASON(ERR_peek_last_error());
433             if (reason != PEM_R_NO_START_LINE) {
434                 goto end;
435             }
436 
437             ERR_clear_error();
438             break;
439         }
440 
441         /*
442          * Note that ca isn't freed if it was successfully added to the chain,
443          * while the main certificate needs a X509_free() call, since
444          * its reference count is increased by SSL_CTX_use_certificate().
445          */
446 #ifdef SSL_CTX_add0_chain_cert
447         if (SSL_CTX_add0_chain_cert(ctx, ca) != 1) {
448 #else
449         if (SSL_CTX_add_extra_chain_cert(ctx, ca) != 1) {
450 #endif
451             X509_free(ca);
452             goto end;
453         }
454     }
455 
456     if (BIO_reset(bio) != 0) {
457         goto end;
458     }
459 
460     key = PEM_read_bio_PrivateKey(bio, NULL, NULL, NULL);
461     if (key == NULL) {
462         goto end;
463     }
464 
465     if (SSL_CTX_use_PrivateKey(ctx, key) == 1) {
466         ret = NXT_OK;
467     }
468 
469     EVP_PKEY_free(key);
470 
471 end:
472 
473     if (ret != NXT_OK) {
474         nxt_openssl_log_error(task, NXT_LOG_ALERT,
475                               "nxt_openssl_chain_file() failed");
476     }
477 
478 clean:
479 
480     BIO_free(bio);
481     X509_free(cert);
482 
483     return ret;
484 }
485 
486 
487 static nxt_uint_t
488 nxt_openssl_cert_get_names(nxt_task_t *task, X509 *cert, nxt_tls_conf_t *conf,
489     nxt_mp_t *mp)
490 {
491     int                         len;
492     nxt_str_t                   domain, str;
493     X509_NAME                   *x509_name;
494     nxt_uint_t                  i, n;
495     GENERAL_NAME                *name;
496     nxt_tls_bundle_conf_t       *bundle;
497     STACK_OF(GENERAL_NAME)      *alt_names;
498     nxt_tls_bundle_hash_item_t  *item;
499 
500     bundle = conf->bundle;
501 
502     alt_names = X509_get_ext_d2i(cert, NID_subject_alt_name, NULL, NULL);
503 
504     if (alt_names != NULL) {
505         n = sk_GENERAL_NAME_num(alt_names);
506 
507         for (i = 0; i != n; i++) {
508             name = sk_GENERAL_NAME_value(alt_names, i);
509 
510             if (name->type != GEN_DNS) {
511                 continue;
512             }
513 
514             str.length = ASN1_STRING_length(name->d.dNSName);
515 #if OPENSSL_VERSION_NUMBER > 0x10100000L
516             str.start = (u_char *) ASN1_STRING_get0_data(name->d.dNSName);
517 #else
518             str.start = ASN1_STRING_data(name->d.dNSName);
519 #endif
520 
521             domain.start = nxt_mp_nget(mp, str.length);
522             if (nxt_slow_path(domain.start == NULL)) {
523                 goto fail;
524             }
525 
526             domain.length = str.length;
527             nxt_memcpy_lowcase(domain.start, str.start, str.length);
528 
529             item = nxt_mp_get(mp, sizeof(nxt_tls_bundle_hash_item_t));
530             if (nxt_slow_path(item == NULL)) {
531                 goto fail;
532             }
533 
534             item->name = domain;
535             item->bundle = bundle;
536 
537             if (nxt_openssl_bundle_hash_insert(task, &conf->bundle_hash,
538                                                item, mp)
539                 == NXT_ERROR)
540             {
541                 goto fail;
542             }
543         }
544 
545         sk_GENERAL_NAME_pop_free(alt_names, GENERAL_NAME_free);
546 
547     } else {
548         x509_name = X509_get_subject_name(cert);
549         len = X509_NAME_get_text_by_NID(x509_name, NID_commonName,
550                                         NULL, 0);
551         if (len <= 0) {
552             nxt_log(task, NXT_LOG_WARN, "certificate \"%V\" has neither "
553                     "Subject Alternative Name nor Common Name", bundle->name);
554             return NXT_OK;
555         }
556 
557         domain.start = nxt_mp_nget(mp, len + 1);
558         if (nxt_slow_path(domain.start == NULL)) {
559             return NXT_ERROR;
560         }
561 
562         domain.length = X509_NAME_get_text_by_NID(x509_name, NID_commonName,
563                                                   (char *) domain.start,
564                                                   len + 1);
565         nxt_memcpy_lowcase(domain.start, domain.start, domain.length);
566 
567         item = nxt_mp_get(mp, sizeof(nxt_tls_bundle_hash_item_t));
568         if (nxt_slow_path(item == NULL)) {
569             return NXT_ERROR;
570         }
571 
572         item->name = domain;
573         item->bundle = bundle;
574 
575         if (nxt_openssl_bundle_hash_insert(task, &conf->bundle_hash, item,
576                                            mp)
577             == NXT_ERROR)
578         {
579             return NXT_ERROR;
580         }
581     }
582 
583     return NXT_OK;
584 
585 fail:
586 
587     sk_GENERAL_NAME_pop_free(alt_names, GENERAL_NAME_free);
588 
589     return NXT_ERROR;
590 }
591 
592 
593 static const nxt_lvlhsh_proto_t  nxt_openssl_bundle_hash_proto
594     nxt_aligned(64) =
595 {
596     NXT_LVLHSH_DEFAULT,
597     nxt_openssl_bundle_hash_test,
598     nxt_mp_lvlhsh_alloc,
599     nxt_mp_lvlhsh_free,
600 };
601 
602 
603 static nxt_int_t
604 nxt_openssl_bundle_hash_test(nxt_lvlhsh_query_t *lhq, void *data)
605 {
606     nxt_tls_bundle_hash_item_t  *item;
607 
608     item = data;
609 
610     return nxt_strstr_eq(&lhq->key, &item->name) ? NXT_OK : NXT_DECLINED;
611 }
612 
613 
614 static nxt_int_t
615 nxt_openssl_bundle_hash_insert(nxt_task_t *task, nxt_lvlhsh_t *lvlhsh,
616     nxt_tls_bundle_hash_item_t *item, nxt_mp_t *mp)
617 {
618     nxt_str_t                   str;
619     nxt_int_t                   ret;
620     nxt_lvlhsh_query_t          lhq;
621     nxt_tls_bundle_hash_item_t  *old;
622 
623     str = item->name;
624 
625     if (item->name.start[0] == '*') {
626         item->name.start++;
627         item->name.length--;
628 
629         if (item->name.length == 0 || item->name.start[0] != '.') {
630             nxt_log(task, NXT_LOG_WARN, "ignored invalid name \"%V\" "
631                     "in certificate \"%V\": missing \".\" "
632                     "after wildcard symbol", &str, item->bundle->name);
633             return NXT_OK;
634         }
635     }
636 
637     lhq.pool = mp;
638     lhq.key = item->name;
639     lhq.value = item;
640     lhq.proto = &nxt_openssl_bundle_hash_proto;
641     lhq.replace = 0;
642     lhq.key_hash = nxt_murmur_hash2(item->name.start, item->name.length);
643 
644     ret = nxt_lvlhsh_insert(lvlhsh, &lhq);
645     if (nxt_fast_path(ret == NXT_OK)) {
646         nxt_debug(task, "name \"%V\" for certificate \"%V\" is inserted",
647                   &str, item->bundle->name);
648         return NXT_OK;
649     }
650 
651     if (nxt_fast_path(ret == NXT_DECLINED)) {
652         old = lhq.value;
653         if (old->bundle != item->bundle) {
654             nxt_log(task, NXT_LOG_WARN, "ignored duplicate name \"%V\" "
655                     "in certificate \"%V\", identical name appears in \"%V\"",
656                     &str, old->bundle->name, item->bundle->name);
657 
658             old->bundle = item->bundle;
659         }
660 
661         return NXT_OK;
662     }
663 
664     return NXT_ERROR;
665 }
666 
667 
668 static nxt_int_t
669 nxt_openssl_servername(SSL *s, int *ad, void *arg)
670 {
671     nxt_str_t              str;
672     nxt_uint_t             i;
673     nxt_conn_t             *c;
674     const char             *servername;
675     nxt_tls_conf_t         *conf;
676     nxt_openssl_conn_t     *tls;
677     nxt_tls_bundle_conf_t  *bundle;
678 
679     c = SSL_get_ex_data(s, nxt_openssl_connection_index);
680 
681     if (nxt_slow_path(c == NULL)) {
682         nxt_thread_log_alert("SSL_get_ex_data() failed");
683         return SSL_TLSEXT_ERR_ALERT_FATAL;
684     }
685 
686     servername = SSL_get_servername(s, TLSEXT_NAMETYPE_host_name);
687     if (nxt_slow_path(servername == NULL)) {
688         nxt_log(c->socket.task, NXT_LOG_ALERT, "SSL_get_servername() returned "
689                                                "NULL in server name callback");
690         return SSL_TLSEXT_ERR_ALERT_FATAL;
691     }
692 
693     str.length = nxt_strlen(servername);
694     if (str.length == 0) {
695         nxt_debug(c->socket.task, "client sent zero-length server name");
696         goto done;
697     }
698 
699     if (servername[0] == '.') {
700         nxt_debug(c->socket.task, "ignored the server name \"%s\": "
701                                   "leading \".\"", servername);
702         goto done;
703     }
704 
705     nxt_debug(c->socket.task, "tls with servername \"%s\"", servername);
706 
707     str.start = nxt_mp_nget(c->mem_pool, str.length);
708     if (nxt_slow_path(str.start == NULL)) {
709         return SSL_TLSEXT_ERR_ALERT_FATAL;
710     }
711 
712     nxt_memcpy_lowcase(str.start, (const u_char *) servername, str.length);
713 
714     tls = c->u.tls;
715     conf = tls->conf;
716 
717     bundle = nxt_openssl_find_ctx(conf, &str);
718 
719     if (bundle == NULL) {
720         for (i = 1; i < str.length; i++) {
721             if (str.start[i] == '.') {
722                 str.start += i;
723                 str.length -= i;
724 
725                 bundle = nxt_openssl_find_ctx(conf, &str);
726                 break;
727             }
728         }
729     }
730 
731     if (bundle != NULL) {
732         nxt_debug(c->socket.task, "new tls context found for \"%V\": \"%V\" "
733                                   "(old: \"%V\")", &str, bundle->name,
734                                   conf->bundle->name);
735 
736         if (bundle != conf->bundle) {
737             if (SSL_set_SSL_CTX(s, bundle->ctx) == NULL) {
738                 nxt_openssl_log_error(c->socket.task, NXT_LOG_ALERT,
739                                       "SSL_set_SSL_CTX() failed");
740 
741                 return SSL_TLSEXT_ERR_ALERT_FATAL;
742             }
743         }
744     }
745 
746 done:
747 
748     return SSL_TLSEXT_ERR_OK;
749 }
750 
751 
752 static nxt_tls_bundle_conf_t *
753 nxt_openssl_find_ctx(nxt_tls_conf_t *conf, nxt_str_t *sn)
754 {
755     nxt_int_t                   ret;
756     nxt_lvlhsh_query_t          lhq;
757     nxt_tls_bundle_hash_item_t  *item;
758 
759     lhq.key_hash = nxt_murmur_hash2(sn->start, sn->length);
760     lhq.key = *sn;
761     lhq.proto = &nxt_openssl_bundle_hash_proto;
762 
763     ret = nxt_lvlhsh_find(&conf->bundle_hash, &lhq);
764     if (ret != NXT_OK) {
765         return NULL;
766     }
767 
768     item = lhq.value;
769 
770     return item->bundle;
771 }
772 
773 
774 static void
775 nxt_openssl_server_free(nxt_task_t *task, nxt_tls_conf_t *conf)
776 {
777     nxt_tls_bundle_conf_t  *bundle;
778 
779     bundle = conf->bundle;
780     nxt_assert(bundle != NULL);
781 
782     do {
783         SSL_CTX_free(bundle->ctx);
784         bundle = bundle->next;
785     } while (bundle != NULL);
786 
787 #if (OPENSSL_VERSION_NUMBER >= 0x1010100fL \
788      && OPENSSL_VERSION_NUMBER < 0x1010101fL)
789     RAND_keep_random_devices_open(0);
790 #endif
791 }
792 
793 
794 static void
795 nxt_openssl_conn_init(nxt_task_t *task, nxt_tls_conf_t *conf, nxt_conn_t *c)
796 {
797     int                 ret;
798     SSL                 *s;
799     SSL_CTX             *ctx;
800     nxt_openssl_conn_t  *tls;
801 
802     nxt_log_debug(c->socket.log, "openssl conn init");
803 
804     tls = nxt_mp_zget(c->mem_pool, sizeof(nxt_openssl_conn_t));
805     if (tls == NULL) {
806         goto fail;
807     }
808 
809     c->u.tls = tls;
810     nxt_buf_mem_set_size(&tls->buffer, conf->buffer_size);
811 
812     ctx = conf->bundle->ctx;
813 
814     s = SSL_new(ctx);
815     if (s == NULL) {
816         nxt_openssl_log_error(task, NXT_LOG_ALERT, "SSL_new() failed");
817         goto fail;
818     }
819 
820     tls->session = s;
821     /* To pass TLS config to the nxt_openssl_servername() callback. */
822     tls->conf = conf;
823     tls->conn = c;
824 
825     ret = SSL_set_fd(s, c->socket.fd);
826 
827     if (ret == 0) {
828         nxt_openssl_log_error(task, NXT_LOG_ALERT, "SSL_set_fd(%d) failed",
829                               c->socket.fd);
830         goto fail;
831     }
832 
833     SSL_set_accept_state(s);
834 
835     if (SSL_set_ex_data(s, nxt_openssl_connection_index, c) == 0) {
836         nxt_openssl_log_error(task, NXT_LOG_ALERT, "SSL_set_ex_data() failed");
837         goto fail;
838     }
839 
840     c->io = &nxt_openssl_conn_io;
841     c->sendfile = NXT_CONN_SENDFILE_OFF;
842 
843     nxt_openssl_conn_handshake(task, c, c->socket.data);
844 
845     return;
846 
847 fail:
848 
849     nxt_work_queue_add(c->read_work_queue, c->read_state->error_handler,
850                        task, c, c->socket.data);
851 }
852 
853 
854 nxt_inline void
855 nxt_openssl_conn_free(nxt_task_t *task, nxt_conn_t *c)
856 {
857     nxt_openssl_conn_t  *tls;
858 
859     nxt_debug(task, "openssl conn free");
860 
861     tls = c->u.tls;
862 
863     if (tls != NULL) {
864         c->u.tls = NULL;
865         nxt_free(tls->buffer.start);
866         SSL_free(tls->session);
867     }
868 }
869 
870 
871 static void
872 nxt_openssl_conn_handshake(nxt_task_t *task, void *obj, void *data)
873 {
874     int                     ret;
875     nxt_int_t               n;
876     nxt_err_t               err;
877     nxt_conn_t              *c;
878     nxt_work_queue_t        *wq;
879     nxt_work_handler_t      handler;
880     nxt_openssl_conn_t      *tls;
881     const nxt_conn_state_t  *state;
882 
883     c = obj;
884 
885     nxt_debug(task, "openssl conn handshake fd:%d", c->socket.fd);
886 
887     if (c->socket.error != 0) {
888         return;
889     }
890 
891     tls = c->u.tls;
892 
893     if (tls == NULL) {
894         return;
895     }
896 
897     nxt_debug(task, "openssl conn handshake: %d times", tls->times);
898 
899     /* "tls->times == 1" is suitable to run SSL_do_handshake() in job. */
900 
901     ret = SSL_do_handshake(tls->session);
902 
903     err = (ret <= 0) ? nxt_socket_errno : 0;
904 
905     nxt_thread_time_debug_update(task->thread);
906 
907     nxt_debug(task, "SSL_do_handshake(%d): %d err:%d", c->socket.fd, ret, err);
908 
909     state = (c->read_state != NULL) ? c->read_state : c->write_state;
910 
911     if (ret > 0) {
912         /* ret == 1, the handshake was successfully completed. */
913         tls->handshake = 1;
914 
915         if (c->read_state != NULL) {
916             if (state->io_read_handler != NULL || c->read != NULL) {
917                 nxt_conn_read(task->thread->engine, c);
918                 return;
919             }
920 
921         } else {
922             if (c->write != NULL) {
923                 nxt_conn_write(task->thread->engine, c);
924                 return;
925             }
926         }
927 
928         handler = state->ready_handler;
929 
930     } else {
931         c->socket.read_handler = nxt_openssl_conn_handshake;
932         c->socket.write_handler = nxt_openssl_conn_handshake;
933 
934         n = nxt_openssl_conn_test_error(task, c, ret, err,
935                                         NXT_OPENSSL_HANDSHAKE);
936         switch (n) {
937 
938         case NXT_AGAIN:
939             if (tls->ssl_error == SSL_ERROR_WANT_READ && tls->times < 2) {
940                 tls->times++;
941             }
942 
943             return;
944 
945         case 0:
946             handler = state->close_handler;
947             break;
948 
949         default:
950         case NXT_ERROR:
951             nxt_openssl_conn_error(task, err, "SSL_do_handshake(%d) failed",
952                                    c->socket.fd);
953 
954             handler = state->error_handler;
955             break;
956         }
957     }
958 
959     wq = (c->read_state != NULL) ? c->read_work_queue : c->write_work_queue;
960 
961     nxt_work_queue_add(wq, handler, task, c, data);
962 }
963 
964 
965 static ssize_t
966 nxt_openssl_conn_io_recvbuf(nxt_conn_t *c, nxt_buf_t *b)
967 {
968     int                 ret;
969     size_t              size;
970     nxt_int_t           n;
971     nxt_err_t           err;
972     nxt_openssl_conn_t  *tls;
973 
974     tls = c->u.tls;
975     size = b->mem.end - b->mem.free;
976 
977     ret = SSL_read(tls->session, b->mem.free, size);
978 
979     err = (ret <= 0) ? nxt_socket_errno : 0;
980 
981     nxt_debug(c->socket.task, "SSL_read(%d, %p, %uz): %d err:%d",
982               c->socket.fd, b->mem.free, size, ret, err);
983 
984     if (ret > 0) {
985         return ret;
986     }
987 
988     n = nxt_openssl_conn_test_error(c->socket.task, c, ret, err,
989                                     NXT_OPENSSL_READ);
990     if (n == NXT_ERROR) {
991         nxt_openssl_conn_error(c->socket.task, err,
992                                "SSL_read(%d, %p, %uz) failed",
993                                c->socket.fd, b->mem.free, size);
994     }
995 
996     return n;
997 }
998 
999 
1000 static ssize_t
1001 nxt_openssl_conn_io_sendbuf(nxt_task_t *task, nxt_sendbuf_t *sb)
1002 {
1003     nxt_uint_t    niov;
1004     struct iovec  iov;
1005 
1006     niov = nxt_sendbuf_mem_coalesce0(task, sb, &iov, 1);
1007 
1008     if (niov == 0 && sb->sync) {
1009         return 0;
1010     }
1011 
1012     return nxt_openssl_conn_io_send(task, sb, iov.iov_base, iov.iov_len);
1013 }
1014 
1015 
1016 static ssize_t
1017 nxt_openssl_conn_io_send(nxt_task_t *task, nxt_sendbuf_t *sb, void *buf,
1018     size_t size)
1019 {
1020     int                 ret;
1021     nxt_err_t           err;
1022     nxt_int_t           n;
1023     nxt_conn_t          *c;
1024     nxt_openssl_conn_t  *tls;
1025 
1026     tls = sb->tls;
1027 
1028     ret = SSL_write(tls->session, buf, size);
1029 
1030     err = (ret <= 0) ? nxt_socket_errno : 0;
1031 
1032     nxt_debug(task, "SSL_write(%d, %p, %uz): %d err:%d",
1033               sb->socket, buf, size, ret, err);
1034 
1035     if (ret > 0) {
1036         return ret;
1037     }
1038 
1039     c = tls->conn;
1040     c->socket.write_ready = sb->ready;
1041 
1042     n = nxt_openssl_conn_test_error(task, c, ret, err, NXT_OPENSSL_WRITE);
1043 
1044     sb->ready = c->socket.write_ready;
1045 
1046     if (n == NXT_ERROR) {
1047         sb->error = c->socket.error;
1048         nxt_openssl_conn_error(task, err, "SSL_write(%d, %p, %uz) failed",
1049                                sb->socket, buf, size);
1050     }
1051 
1052     return n;
1053 }
1054 
1055 
1056 static void
1057 nxt_openssl_conn_io_shutdown(nxt_task_t *task, void *obj, void *data)
1058 {
1059     int                 ret, mode;
1060     SSL                 *s;
1061     nxt_err_t           err;
1062     nxt_int_t           n;
1063     nxt_bool_t          quiet, once;
1064     nxt_conn_t          *c;
1065     nxt_openssl_conn_t  *tls;
1066     nxt_work_handler_t  handler;
1067 
1068     c = obj;
1069 
1070     nxt_debug(task, "openssl conn shutdown fd:%d", c->socket.fd);
1071 
1072     c->read_state = NULL;
1073     tls = c->u.tls;
1074 
1075     if (tls == NULL) {
1076         return;
1077     }
1078 
1079     s = tls->session;
1080 
1081     if (s == NULL || !tls->handshake) {
1082         handler = c->write_state->ready_handler;
1083         goto done;
1084     }
1085 
1086     mode = SSL_get_shutdown(s);
1087 
1088     if (c->socket.timedout || c->socket.error != 0) {
1089         quiet = 1;
1090 
1091     } else if (c->socket.closed && !(mode & SSL_RECEIVED_SHUTDOWN)) {
1092         quiet = 1;
1093 
1094     } else {
1095         quiet = 0;
1096     }
1097 
1098     SSL_set_quiet_shutdown(s, quiet);
1099 
1100     if (tls->conf->no_wait_shutdown) {
1101         mode |= SSL_RECEIVED_SHUTDOWN;
1102     }
1103 
1104     once = 1;
1105 
1106     for ( ;; ) {
1107         SSL_set_shutdown(s, mode);
1108 
1109         ret = SSL_shutdown(s);
1110 
1111         err = (ret <= 0) ? nxt_socket_errno : 0;
1112 
1113         nxt_debug(task, "SSL_shutdown(%d, %d, %b): %d err:%d",
1114                   c->socket.fd, mode, quiet, ret, err);
1115 
1116         if (ret > 0) {
1117             /* ret == 1, the shutdown was successfully completed. */
1118             handler = c->write_state->ready_handler;
1119             goto done;
1120         }
1121 
1122         if (ret == 0) {
1123             /*
1124              * If SSL_shutdown() returns 0 then it should be called
1125              * again.  The second SSL_shutdown() call should return
1126              * -1/SSL_ERROR_WANT_READ or -1/SSL_ERROR_WANT_WRITE.
1127              * OpenSSL prior to 0.9.8m version however never returns
1128              * -1 at all.  Fortunately, OpenSSL preserves internally
1129              * correct status available via SSL_get_error(-1).
1130              */
1131             if (once) {
1132                 once = 0;
1133                 mode = SSL_get_shutdown(s);
1134                 continue;
1135             }
1136 
1137             ret = -1;
1138         }
1139 
1140         /* ret == -1 */
1141 
1142         break;
1143     }
1144 
1145     c->socket.read_handler = nxt_openssl_conn_io_shutdown;
1146     c->socket.write_handler = nxt_openssl_conn_io_shutdown;
1147     c->socket.error_handler = c->write_state->error_handler;
1148 
1149     n = nxt_openssl_conn_test_error(task, c, ret, err, NXT_OPENSSL_SHUTDOWN);
1150 
1151     switch (n) {
1152 
1153     case 0:
1154         handler = c->write_state->close_handler;
1155         break;
1156 
1157     case NXT_AGAIN:
1158         c->write_timer.handler = nxt_openssl_conn_io_shutdown_timeout;
1159         nxt_timer_add(task->thread->engine, &c->write_timer, 5000);
1160         return;
1161 
1162     default:
1163     case NXT_ERROR:
1164         nxt_openssl_conn_error(task, err, "SSL_shutdown(%d) failed",
1165                                c->socket.fd);
1166         handler = c->write_state->error_handler;
1167     }
1168 
1169 done:
1170 
1171     nxt_openssl_conn_free(task, c);
1172 
1173     nxt_work_queue_add(c->write_work_queue, handler, task, c, data);
1174 }
1175 
1176 
1177 static nxt_int_t
1178 nxt_openssl_conn_test_error(nxt_task_t *task, nxt_conn_t *c, int ret,
1179     nxt_err_t sys_err, nxt_openssl_io_t io)
1180 {
1181     u_long              lib_err;
1182     nxt_openssl_conn_t  *tls;
1183 
1184     tls = c->u.tls;
1185 
1186     tls->ssl_error = SSL_get_error(tls->session, ret);
1187 
1188     nxt_debug(task, "SSL_get_error(): %d", tls->ssl_error);
1189 
1190     switch (tls->ssl_error) {
1191 
1192     case SSL_ERROR_WANT_READ:
1193         c->socket.read_ready = 0;
1194 
1195         if (io != NXT_OPENSSL_READ) {
1196             nxt_fd_event_block_write(task->thread->engine, &c->socket);
1197 
1198             if (nxt_fd_event_is_disabled(c->socket.read)) {
1199                 nxt_fd_event_enable_read(task->thread->engine, &c->socket);
1200             }
1201         }
1202 
1203         return NXT_AGAIN;
1204 
1205     case SSL_ERROR_WANT_WRITE:
1206         c->socket.write_ready = 0;
1207 
1208         if (io != NXT_OPENSSL_WRITE) {
1209             nxt_fd_event_block_read(task->thread->engine, &c->socket);
1210 
1211             if (nxt_fd_event_is_disabled(c->socket.write)) {
1212                 nxt_fd_event_enable_write(task->thread->engine, &c->socket);
1213             }
1214         }
1215 
1216         return NXT_AGAIN;
1217 
1218     case SSL_ERROR_SYSCALL:
1219         lib_err = ERR_peek_error();
1220 
1221         nxt_debug(task, "ERR_peek_error(): %l", lib_err);
1222 
1223         if (sys_err != 0 || lib_err != 0) {
1224             c->socket.error = sys_err;
1225             return NXT_ERROR;
1226         }
1227 
1228         /* A connection was just closed. */
1229         c->socket.closed = 1;
1230         return 0;
1231 
1232     case SSL_ERROR_ZERO_RETURN:
1233         /* A "close notify" alert. */
1234         return 0;
1235 
1236     default: /* SSL_ERROR_SSL, etc. */
1237         c->socket.error = 1000;  /* Nonexistent errno code. */
1238         return NXT_ERROR;
1239     }
1240 }
1241 
1242 
1243 static void
1244 nxt_openssl_conn_io_shutdown_timeout(nxt_task_t *task, void *obj, void *data)
1245 {
1246     nxt_conn_t   *c;
1247     nxt_timer_t  *timer;
1248 
1249     timer = obj;
1250 
1251     nxt_debug(task, "openssl conn shutdown timeout");
1252 
1253     c = nxt_write_timer_conn(timer);
1254 
1255     c->socket.timedout = 1;
1256     nxt_openssl_conn_io_shutdown(task, c, NULL);
1257 }
1258 
1259 
1260 static void nxt_cdecl
1261 nxt_openssl_conn_error(nxt_task_t *task, nxt_err_t err, const char *fmt, ...)
1262 {
1263     u_char      *p, *end;
1264     va_list     args;
1265     nxt_uint_t  level;
1266     u_char      msg[NXT_MAX_ERROR_STR];
1267 
1268     level = nxt_openssl_log_error_level(err);
1269 
1270     if (nxt_log_level_enough(task->log, level)) {
1271 
1272         end = msg + sizeof(msg);
1273 
1274         va_start(args, fmt);
1275         p = nxt_vsprintf(msg, end, fmt, args);
1276         va_end(args);
1277 
1278         if (err != 0) {
1279             p = nxt_sprintf(p, end, " %E", err);
1280         }
1281 
1282         p = nxt_openssl_copy_error(p, end);
1283 
1284         nxt_log(task, level, "%*s", p - msg, msg);
1285 
1286     } else {
1287         ERR_clear_error();
1288     }
1289 }
1290 
1291 
1292 static nxt_uint_t
1293 nxt_openssl_log_error_level(nxt_err_t err)
1294 {
1295     switch (ERR_GET_REASON(ERR_peek_error())) {
1296 
1297     case 0:
1298         return nxt_socket_error_level(err);
1299 
1300     case SSL_R_BAD_CHANGE_CIPHER_SPEC:                    /*  103 */
1301     case SSL_R_BLOCK_CIPHER_PAD_IS_WRONG:                 /*  129 */
1302     case SSL_R_DIGEST_CHECK_FAILED:                       /*  149 */
1303     case SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST:             /*  151 */
1304     case SSL_R_EXCESSIVE_MESSAGE_SIZE:                    /*  152 */
1305     case SSL_R_LENGTH_MISMATCH:                           /*  159 */
1306 #ifdef SSL_R_NO_CIPHERS_PASSED
1307     case SSL_R_NO_CIPHERS_PASSED:                         /*  182 */
1308 #endif
1309     case SSL_R_NO_CIPHERS_SPECIFIED:                      /*  183 */
1310     case SSL_R_NO_COMPRESSION_SPECIFIED:                  /*  187 */
1311     case SSL_R_NO_SHARED_CIPHER:                          /*  193 */
1312     case SSL_R_RECORD_LENGTH_MISMATCH:                    /*  213 */
1313 #ifdef SSL_R_PARSE_TLSEXT
1314     case SSL_R_PARSE_TLSEXT:                              /*  227 */
1315 #endif
1316     case SSL_R_UNEXPECTED_MESSAGE:                        /*  244 */
1317     case SSL_R_UNEXPECTED_RECORD:                         /*  245 */
1318     case SSL_R_UNKNOWN_ALERT_TYPE:                        /*  246 */
1319     case SSL_R_UNKNOWN_PROTOCOL:                          /*  252 */
1320     case SSL_R_WRONG_VERSION_NUMBER:                      /*  267 */
1321     case SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC:       /*  281 */
1322 #ifdef SSL_R_RENEGOTIATE_EXT_TOO_LONG
1323     case SSL_R_RENEGOTIATE_EXT_TOO_LONG:                  /*  335 */
1324     case SSL_R_RENEGOTIATION_ENCODING_ERR:                /*  336 */
1325     case SSL_R_RENEGOTIATION_MISMATCH:                    /*  337 */
1326 #endif
1327 #ifdef SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED
1328     case SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED:      /*  338 */
1329 #endif
1330 #ifdef SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING
1331     case SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING:          /*  345 */
1332 #endif
1333     case 1000:/* SSL_R_SSLV3_ALERT_CLOSE_NOTIFY */
1334     case SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE:            /* 1010 */
1335     case SSL_R_SSLV3_ALERT_BAD_RECORD_MAC:                /* 1020 */
1336     case SSL_R_TLSV1_ALERT_DECRYPTION_FAILED:             /* 1021 */
1337     case SSL_R_TLSV1_ALERT_RECORD_OVERFLOW:               /* 1022 */
1338     case SSL_R_SSLV3_ALERT_DECOMPRESSION_FAILURE:         /* 1030 */
1339     case SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE:             /* 1040 */
1340     case SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER:             /* 1047 */
1341         break;
1342 
1343     case SSL_R_SSLV3_ALERT_NO_CERTIFICATE:                /* 1041 */
1344     case SSL_R_SSLV3_ALERT_BAD_CERTIFICATE:               /* 1042 */
1345     case SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE:       /* 1043 */
1346     case SSL_R_SSLV3_ALERT_CERTIFICATE_REVOKED:           /* 1044 */
1347     case SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED:           /* 1045 */
1348     case SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN:           /* 1046 */
1349     case SSL_R_TLSV1_ALERT_UNKNOWN_CA:                    /* 1048 */
1350     case SSL_R_TLSV1_ALERT_ACCESS_DENIED:                 /* 1049 */
1351     case SSL_R_TLSV1_ALERT_DECODE_ERROR:                  /* 1050 */
1352     case SSL_R_TLSV1_ALERT_DECRYPT_ERROR:                 /* 1051 */
1353     case SSL_R_TLSV1_ALERT_EXPORT_RESTRICTION:            /* 1060 */
1354     case SSL_R_TLSV1_ALERT_PROTOCOL_VERSION:              /* 1070 */
1355     case SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY:         /* 1071 */
1356     case SSL_R_TLSV1_ALERT_INTERNAL_ERROR:                /* 1080 */
1357     case SSL_R_TLSV1_ALERT_USER_CANCELLED:                /* 1090 */
1358     case SSL_R_TLSV1_ALERT_NO_RENEGOTIATION:              /* 1100 */
1359         return NXT_LOG_ERR;
1360 
1361     default:
1362         return NXT_LOG_ALERT;
1363     }
1364 
1365     return NXT_LOG_INFO;
1366 }
1367 
1368 
1369 void nxt_cdecl
1370 nxt_openssl_log_error(nxt_task_t *task, nxt_uint_t level, const char *fmt, ...)
1371 {
1372     u_char   *p, *end;
1373     va_list  args;
1374     u_char   msg[NXT_MAX_ERROR_STR];
1375 
1376     end = msg + sizeof(msg);
1377 
1378     va_start(args, fmt);
1379     p = nxt_vsprintf(msg, end, fmt, args);
1380     va_end(args);
1381 
1382     p = nxt_openssl_copy_error(p, end);
1383 
1384     nxt_log(task, level, "%*s", p - msg, msg);
1385 }
1386 
1387 
1388 u_char *
1389 nxt_openssl_copy_error(u_char *p, u_char *end)
1390 {
1391     int         flags;
1392     u_long      err;
1393     nxt_bool_t  clear;
1394     const char  *data, *delimiter;
1395 
1396     err = ERR_peek_error();
1397     if (err == 0) {
1398         return p;
1399     }
1400 
1401     /* Log the most relevant error message ... */
1402     data = ERR_reason_error_string(err);
1403 
1404     p = nxt_sprintf(p, end, " (%d: %s) (OpenSSL: ", ERR_GET_REASON(err), data);
1405 
1406     /*
1407      * ... followed by all queued cumbersome OpenSSL error messages
1408      * and drain the error queue.
1409      */
1410     delimiter = "";
1411     clear = 0;
1412 
1413     for ( ;; ) {
1414         err = ERR_get_error_line_data(NULL, NULL, &data, &flags);
1415         if (err == 0) {
1416             break;
1417         }
1418 
1419         p = nxt_sprintf(p, end, "%s", delimiter);
1420 
1421         ERR_error_string_n(err, (char *) p, end - p);
1422 
1423         while (p < end && *p != '\0') {
1424             p++;
1425         }
1426 
1427         if ((flags & ERR_TXT_STRING) != 0) {
1428             p = nxt_sprintf(p, end, ":%s", data);
1429         }
1430 
1431         clear |= ((flags & ERR_TXT_MALLOCED) != 0);
1432 
1433         delimiter = "; ";
1434     }
1435 
1436     /* Deallocate additional data. */
1437 
1438     if (clear) {
1439         ERR_clear_error();
1440     }
1441 
1442     if (p < end) {
1443         *p++ = ')';
1444     }
1445 
1446     return p;
1447 }
1448