xref: /unit/src/nxt_openssl.c (revision 1920:7c19530e2502)
1 
2 /*
3  * Copyright (C) Igor Sysoev
4  * Copyright (C) NGINX, Inc.
5  */
6 
7 #include <nxt_main.h>
8 #include <nxt_conf.h>
9 #include <openssl/ssl.h>
10 #include <openssl/conf.h>
11 #include <openssl/err.h>
12 #include <openssl/rand.h>
13 #include <openssl/x509v3.h>
14 
15 
16 typedef struct {
17     SSL             *session;
18     nxt_conn_t      *conn;
19 
20     int             ssl_error;
21     uint8_t         times;      /* 2 bits */
22     uint8_t         handshake;  /* 1 bit  */
23 
24     nxt_tls_conf_t  *conf;
25     nxt_buf_mem_t   buffer;
26 } nxt_openssl_conn_t;
27 
28 
29 typedef enum {
30     NXT_OPENSSL_HANDSHAKE = 0,
31     NXT_OPENSSL_READ,
32     NXT_OPENSSL_WRITE,
33     NXT_OPENSSL_SHUTDOWN,
34 } nxt_openssl_io_t;
35 
36 
37 static nxt_int_t nxt_openssl_library_init(nxt_task_t *task);
38 static void nxt_openssl_library_free(nxt_task_t *task);
39 #if OPENSSL_VERSION_NUMBER < 0x10100004L
40 static nxt_int_t nxt_openssl_locks_init(void);
41 static void nxt_openssl_lock(int mode, int type, const char *file, int line);
42 static unsigned long nxt_openssl_thread_id(void);
43 static void nxt_openssl_locks_free(void);
44 #endif
45 static nxt_int_t nxt_openssl_server_init(nxt_task_t *task, nxt_mp_t *mp,
46     nxt_tls_init_t *tls_init, nxt_bool_t last);
47 static nxt_int_t nxt_openssl_chain_file(nxt_task_t *task, SSL_CTX *ctx,
48     nxt_tls_conf_t *conf, nxt_mp_t *mp, nxt_bool_t single);
49 #if (NXT_HAVE_OPENSSL_CONF_CMD)
50 static nxt_int_t nxt_ssl_conf_commands(nxt_task_t *task, SSL_CTX *ctx,
51     nxt_conf_value_t *value, nxt_mp_t *mp);
52 #endif
53 static void nxt_ssl_session_cache(SSL_CTX *ctx, size_t cache_size,
54     time_t timeout);
55 static nxt_uint_t nxt_openssl_cert_get_names(nxt_task_t *task, X509 *cert,
56     nxt_tls_conf_t *conf, nxt_mp_t *mp);
57 static nxt_int_t nxt_openssl_bundle_hash_test(nxt_lvlhsh_query_t *lhq,
58     void *data);
59 static nxt_int_t nxt_openssl_bundle_hash_insert(nxt_task_t *task,
60     nxt_lvlhsh_t *lvlhsh, nxt_tls_bundle_hash_item_t *item, nxt_mp_t * mp);
61 static nxt_int_t nxt_openssl_servername(SSL *s, int *ad, void *arg);
62 static nxt_tls_bundle_conf_t *nxt_openssl_find_ctx(nxt_tls_conf_t *conf,
63     nxt_str_t *sn);
64 static void nxt_openssl_server_free(nxt_task_t *task, nxt_tls_conf_t *conf);
65 static void nxt_openssl_conn_init(nxt_task_t *task, nxt_tls_conf_t *conf,
66     nxt_conn_t *c);
67 static void nxt_openssl_conn_handshake(nxt_task_t *task, void *obj, void *data);
68 static ssize_t nxt_openssl_conn_io_recvbuf(nxt_conn_t *c, nxt_buf_t *b);
69 static ssize_t nxt_openssl_conn_io_sendbuf(nxt_task_t *task, nxt_sendbuf_t *sb);
70 static ssize_t nxt_openssl_conn_io_send(nxt_task_t *task, nxt_sendbuf_t *sb,
71     void *buf, size_t size);
72 static void nxt_openssl_conn_io_shutdown(nxt_task_t *task, void *obj,
73     void *data);
74 static nxt_int_t nxt_openssl_conn_test_error(nxt_task_t *task, nxt_conn_t *c,
75     int ret, nxt_err_t sys_err, nxt_openssl_io_t io);
76 static void nxt_openssl_conn_io_shutdown_timeout(nxt_task_t *task, void *obj,
77     void *data);
78 static void nxt_cdecl nxt_openssl_conn_error(nxt_task_t *task,
79     nxt_err_t err, const char *fmt, ...);
80 static nxt_uint_t nxt_openssl_log_error_level(nxt_err_t err);
81 
82 
83 const nxt_tls_lib_t  nxt_openssl_lib = {
84     .library_init = nxt_openssl_library_init,
85     .library_free = nxt_openssl_library_free,
86 
87     .server_init = nxt_openssl_server_init,
88     .server_free = nxt_openssl_server_free,
89 };
90 
91 
92 static nxt_conn_io_t  nxt_openssl_conn_io = {
93     .read = nxt_conn_io_read,
94     .recvbuf = nxt_openssl_conn_io_recvbuf,
95 
96     .write = nxt_conn_io_write,
97     .sendbuf = nxt_openssl_conn_io_sendbuf,
98 
99     .shutdown = nxt_openssl_conn_io_shutdown,
100 };
101 
102 
103 static long  nxt_openssl_version;
104 static int   nxt_openssl_connection_index;
105 
106 
107 static nxt_int_t
108 nxt_openssl_library_init(nxt_task_t *task)
109 {
110     int  index;
111 
112     if (nxt_fast_path(nxt_openssl_version != 0)) {
113         return NXT_OK;
114     }
115 
116 #if OPENSSL_VERSION_NUMBER >= 0x10100003L
117 
118     OPENSSL_init_ssl(OPENSSL_INIT_LOAD_CONFIG, NULL);
119 
120 #else
121     {
122         nxt_int_t  ret;
123 
124         SSL_load_error_strings();
125 
126         OPENSSL_config(NULL);
127 
128         /*
129          * SSL_library_init(3):
130          *
131          *   SSL_library_init() always returns "1",
132          *   so it is safe to discard the return value.
133          */
134         (void) SSL_library_init();
135 
136         ret = nxt_openssl_locks_init();
137         if (nxt_slow_path(ret != NXT_OK)) {
138             return ret;
139         }
140     }
141 
142 #endif
143 
144     nxt_openssl_version = SSLeay();
145 
146     nxt_log(task, NXT_LOG_INFO, "%s, %xl",
147             SSLeay_version(SSLEAY_VERSION), nxt_openssl_version);
148 
149 #ifndef SSL_OP_NO_COMPRESSION
150     {
151         /*
152          * Disable gzip compression in OpenSSL prior to 1.0.0
153          * version, this saves about 522K per connection.
154          */
155         int                 n;
156         STACK_OF(SSL_COMP)  *ssl_comp_methods;
157 
158         ssl_comp_methods = SSL_COMP_get_compression_methods();
159 
160         for (n = sk_SSL_COMP_num(ssl_comp_methods); n != 0; n--) {
161             (void) sk_SSL_COMP_pop(ssl_comp_methods);
162         }
163     }
164 #endif
165 
166     index = SSL_get_ex_new_index(0, NULL, NULL, NULL, NULL);
167 
168     if (index == -1) {
169         nxt_openssl_log_error(task, NXT_LOG_ALERT,
170                               "SSL_get_ex_new_index() failed");
171         return NXT_ERROR;
172     }
173 
174     nxt_openssl_connection_index = index;
175 
176     return NXT_OK;
177 }
178 
179 
180 #if OPENSSL_VERSION_NUMBER >= 0x10100003L
181 
182 static void
183 nxt_openssl_library_free(nxt_task_t *task)
184 {
185 }
186 
187 #else
188 
189 static nxt_thread_mutex_t  *nxt_openssl_locks;
190 
191 static nxt_int_t
192 nxt_openssl_locks_init(void)
193 {
194     int        i, n;
195     nxt_int_t  ret;
196 
197     n = CRYPTO_num_locks();
198 
199     nxt_openssl_locks = OPENSSL_malloc(n * sizeof(nxt_thread_mutex_t));
200     if (nxt_slow_path(nxt_openssl_locks == NULL)) {
201         return NXT_ERROR;
202     }
203 
204     for (i = 0; i < n; i++) {
205         ret = nxt_thread_mutex_create(&nxt_openssl_locks[i]);
206         if (nxt_slow_path(ret != NXT_OK)) {
207             return ret;
208         }
209     }
210 
211     CRYPTO_set_locking_callback(nxt_openssl_lock);
212 
213     CRYPTO_set_id_callback(nxt_openssl_thread_id);
214 
215     return NXT_OK;
216 }
217 
218 
219 static void
220 nxt_openssl_lock(int mode, int type, const char *file, int line)
221 {
222     nxt_thread_mutex_t  *lock;
223 
224     lock = &nxt_openssl_locks[type];
225 
226     if ((mode & CRYPTO_LOCK) != 0) {
227         (void) nxt_thread_mutex_lock(lock);
228 
229     } else {
230         (void) nxt_thread_mutex_unlock(lock);
231     }
232 }
233 
234 
235 static u_long
236 nxt_openssl_thread_id(void)
237 {
238     return (u_long) nxt_thread_handle();
239 }
240 
241 
242 static void
243 nxt_openssl_library_free(nxt_task_t *task)
244 {
245     nxt_openssl_locks_free();
246 }
247 
248 
249 static void
250 nxt_openssl_locks_free(void)
251 {
252     int  i, n;
253 
254     n = CRYPTO_num_locks();
255 
256     CRYPTO_set_locking_callback(NULL);
257 
258     for (i = 0; i < n; i++) {
259         nxt_thread_mutex_destroy(&nxt_openssl_locks[i]);
260     }
261 
262     OPENSSL_free(nxt_openssl_locks);
263 }
264 
265 #endif
266 
267 
268 static nxt_int_t
269 nxt_openssl_server_init(nxt_task_t *task, nxt_mp_t *mp,
270     nxt_tls_init_t *tls_init, nxt_bool_t last)
271 {
272     SSL_CTX                *ctx;
273     const char             *ciphers, *ca_certificate;
274     nxt_tls_conf_t         *conf;
275     STACK_OF(X509_NAME)    *list;
276     nxt_tls_bundle_conf_t  *bundle;
277 
278     ctx = SSL_CTX_new(SSLv23_server_method());
279     if (ctx == NULL) {
280         nxt_openssl_log_error(task, NXT_LOG_ALERT, "SSL_CTX_new() failed");
281         return NXT_ERROR;
282     }
283 
284     conf = tls_init->conf;
285 
286     bundle = conf->bundle;
287     nxt_assert(bundle != NULL);
288 
289     bundle->ctx = ctx;
290 
291 #ifdef SSL_OP_NO_RENEGOTIATION
292     /* Renegration is not currently supported. */
293     SSL_CTX_set_options(ctx, SSL_OP_NO_RENEGOTIATION);
294 #endif
295 
296 #ifdef SSL_OP_NO_COMPRESSION
297     /*
298      * Disable gzip compression in OpenSSL 1.0.0,
299      * this saves about 522K per connection.
300      */
301     SSL_CTX_set_options(ctx, SSL_OP_NO_COMPRESSION);
302 #endif
303 
304 #ifdef SSL_MODE_RELEASE_BUFFERS
305 
306     if (nxt_openssl_version >= 10001078) {
307         /*
308          * Allow to release read and write buffers in OpenSSL 1.0.0,
309          * this saves about 34K per idle connection.  It is not safe
310          * before OpenSSL 1.0.1h (CVE-2010-5298).
311          */
312         SSL_CTX_set_mode(ctx, SSL_MODE_RELEASE_BUFFERS);
313     }
314 
315 #endif
316 
317     if (nxt_openssl_chain_file(task, ctx, conf, mp,
318                                last && bundle->next == NULL)
319         != NXT_OK)
320     {
321         goto fail;
322     }
323 /*
324     key = conf->certificate_key;
325 
326     if (SSL_CTX_use_PrivateKey_file(ctx, key, SSL_FILETYPE_PEM) == 0) {
327         nxt_openssl_log_error(task, NXT_LOG_ALERT,
328                               "SSL_CTX_use_PrivateKey_file(\"%s\") failed",
329                               key);
330         goto fail;
331     }
332 */
333 
334     ciphers = (conf->ciphers != NULL) ? conf->ciphers : "HIGH:!aNULL:!MD5";
335 
336     if (SSL_CTX_set_cipher_list(ctx, ciphers) == 0) {
337         nxt_openssl_log_error(task, NXT_LOG_ALERT,
338                               "SSL_CTX_set_cipher_list(\"%s\") failed",
339                               ciphers);
340         goto fail;
341     }
342 
343 #if (NXT_HAVE_OPENSSL_CONF_CMD)
344     if (tls_init->conf_cmds != NULL
345         && nxt_ssl_conf_commands(task, ctx, tls_init->conf_cmds, mp) != NXT_OK)
346     {
347         goto fail;
348     }
349 #endif
350 
351     nxt_ssl_session_cache(ctx, tls_init->cache_size, tls_init->timeout);
352 
353     SSL_CTX_set_options(ctx, SSL_OP_CIPHER_SERVER_PREFERENCE);
354 
355     if (conf->ca_certificate != NULL) {
356 
357         /* TODO: verify callback */
358         SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, NULL);
359 
360         /* TODO: verify depth */
361         SSL_CTX_set_verify_depth(ctx, 1);
362 
363         ca_certificate = conf->ca_certificate;
364 
365         if (SSL_CTX_load_verify_locations(ctx, ca_certificate, NULL) == 0) {
366             nxt_openssl_log_error(task, NXT_LOG_ALERT,
367                               "SSL_CTX_load_verify_locations(\"%s\") failed",
368                               ca_certificate);
369             goto fail;
370         }
371 
372         list = SSL_load_client_CA_file(ca_certificate);
373 
374         if (list == NULL) {
375             nxt_openssl_log_error(task, NXT_LOG_ALERT,
376                               "SSL_load_client_CA_file(\"%s\") failed",
377                               ca_certificate);
378             goto fail;
379         }
380 
381         /*
382          * SSL_load_client_CA_file() in OpenSSL prior to 0.9.7h and
383          * 0.9.8 versions always leaves an error in the error queue.
384          */
385         ERR_clear_error();
386 
387         SSL_CTX_set_client_CA_list(ctx, list);
388     }
389 
390     if (last) {
391         conf->conn_init = nxt_openssl_conn_init;
392 
393         if (bundle->next != NULL) {
394             SSL_CTX_set_tlsext_servername_callback(ctx, nxt_openssl_servername);
395         }
396     }
397 
398     return NXT_OK;
399 
400 fail:
401 
402     SSL_CTX_free(ctx);
403 
404 #if (OPENSSL_VERSION_NUMBER >= 0x1010100fL \
405      && OPENSSL_VERSION_NUMBER < 0x1010101fL)
406     RAND_keep_random_devices_open(0);
407 #endif
408 
409     return NXT_ERROR;
410 }
411 
412 
413 static nxt_int_t
414 nxt_openssl_chain_file(nxt_task_t *task, SSL_CTX *ctx, nxt_tls_conf_t *conf,
415     nxt_mp_t *mp, nxt_bool_t single)
416 {
417     BIO                    *bio;
418     X509                   *cert, *ca;
419     long                   reason;
420     EVP_PKEY               *key;
421     nxt_int_t              ret;
422     nxt_tls_bundle_conf_t  *bundle;
423 
424     ret = NXT_ERROR;
425     cert = NULL;
426 
427     bio = BIO_new(BIO_s_fd());
428     if (bio == NULL) {
429         goto end;
430     }
431 
432     bundle = conf->bundle;
433 
434     BIO_set_fd(bio, bundle->chain_file, BIO_CLOSE);
435 
436     cert = PEM_read_bio_X509_AUX(bio, NULL, NULL, NULL);
437     if (cert == NULL) {
438         goto end;
439     }
440 
441     if (SSL_CTX_use_certificate(ctx, cert) != 1) {
442         goto end;
443     }
444 
445     if (!single && nxt_openssl_cert_get_names(task, cert, conf, mp) != NXT_OK) {
446         goto clean;
447     }
448 
449     for ( ;; ) {
450         ca = PEM_read_bio_X509(bio, NULL, NULL, NULL);
451 
452         if (ca == NULL) {
453             reason = ERR_GET_REASON(ERR_peek_last_error());
454             if (reason != PEM_R_NO_START_LINE) {
455                 goto end;
456             }
457 
458             ERR_clear_error();
459             break;
460         }
461 
462         /*
463          * Note that ca isn't freed if it was successfully added to the chain,
464          * while the main certificate needs a X509_free() call, since
465          * its reference count is increased by SSL_CTX_use_certificate().
466          */
467 #ifdef SSL_CTX_add0_chain_cert
468         if (SSL_CTX_add0_chain_cert(ctx, ca) != 1) {
469 #else
470         if (SSL_CTX_add_extra_chain_cert(ctx, ca) != 1) {
471 #endif
472             X509_free(ca);
473             goto end;
474         }
475     }
476 
477     if (BIO_reset(bio) != 0) {
478         goto end;
479     }
480 
481     key = PEM_read_bio_PrivateKey(bio, NULL, NULL, NULL);
482     if (key == NULL) {
483         goto end;
484     }
485 
486     if (SSL_CTX_use_PrivateKey(ctx, key) == 1) {
487         ret = NXT_OK;
488     }
489 
490     EVP_PKEY_free(key);
491 
492 end:
493 
494     if (ret != NXT_OK) {
495         nxt_openssl_log_error(task, NXT_LOG_ALERT,
496                               "nxt_openssl_chain_file() failed");
497     }
498 
499 clean:
500 
501     BIO_free(bio);
502     X509_free(cert);
503 
504     return ret;
505 }
506 
507 
508 #if (NXT_HAVE_OPENSSL_CONF_CMD)
509 
510 static nxt_int_t
511 nxt_ssl_conf_commands(nxt_task_t *task, SSL_CTX *ctx, nxt_conf_value_t *conf,
512     nxt_mp_t *mp)
513 {
514     int               ret;
515     char              *zcmd, *zvalue;
516     uint32_t          index;
517     nxt_str_t         cmd, value;
518     SSL_CONF_CTX      *cctx;
519     nxt_conf_value_t  *member;
520 
521     cctx = SSL_CONF_CTX_new();
522     if (nxt_slow_path(cctx == NULL)) {
523         nxt_openssl_log_error(task, NXT_LOG_ALERT,
524                               "SSL_CONF_CTX_new() failed");
525         return NXT_ERROR;
526     }
527 
528     SSL_CONF_CTX_set_flags(cctx, SSL_CONF_FLAG_FILE
529                                  | SSL_CONF_FLAG_SERVER
530                                  | SSL_CONF_FLAG_CERTIFICATE
531                                  | SSL_CONF_FLAG_SHOW_ERRORS);
532 
533     SSL_CONF_CTX_set_ssl_ctx(cctx, ctx);
534 
535     index = 0;
536 
537     for ( ;; ) {
538         member = nxt_conf_next_object_member(conf, &cmd, &index);
539         if (nxt_slow_path(member == NULL)) {
540             break;
541         }
542 
543         nxt_conf_get_string(member, &value);
544 
545         zcmd = nxt_str_cstrz(mp, &cmd);
546         zvalue = nxt_str_cstrz(mp, &value);
547 
548         if (nxt_slow_path(zcmd == NULL || zvalue == NULL)) {
549             goto fail;
550         }
551 
552         ret = SSL_CONF_cmd(cctx, zcmd, zvalue);
553         if (ret == -2) {
554             nxt_openssl_log_error(task, NXT_LOG_ERR,
555                                   "unknown command \"%s\" in "
556                                   "\"conf_commands\" option", zcmd);
557             goto fail;
558         }
559 
560         if (ret <= 0) {
561             nxt_openssl_log_error(task, NXT_LOG_ERR,
562                                   "invalid value \"%s\" for command \"%s\" "
563                                   "in \"conf_commands\" option",
564                                   zvalue, zcmd);
565             goto fail;
566         }
567 
568         nxt_debug(task, "SSL_CONF_cmd(\"%s\", \"%s\")", zcmd, zvalue);
569     }
570 
571     if (SSL_CONF_CTX_finish(cctx) != 1) {
572         nxt_openssl_log_error(task, NXT_LOG_ALERT,
573                               "SSL_CONF_finish() failed");
574         goto fail;
575     }
576 
577     SSL_CONF_CTX_free(cctx);
578 
579     return NXT_OK;
580 
581 fail:
582 
583     SSL_CONF_CTX_free(cctx);
584 
585     return NXT_ERROR;
586 }
587 
588 #endif
589 
590 
591 static void
592 nxt_ssl_session_cache(SSL_CTX *ctx, size_t cache_size, time_t timeout)
593 {
594     if (cache_size == 0) {
595         SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF);
596         return;
597     }
598 
599     SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_SERVER);
600 
601     SSL_CTX_sess_set_cache_size(ctx, cache_size);
602 
603     SSL_CTX_set_timeout(ctx, (long) timeout);
604 }
605 
606 
607 static nxt_uint_t
608 nxt_openssl_cert_get_names(nxt_task_t *task, X509 *cert, nxt_tls_conf_t *conf,
609     nxt_mp_t *mp)
610 {
611     int                         len;
612     nxt_str_t                   domain, str;
613     X509_NAME                   *x509_name;
614     nxt_uint_t                  i, n;
615     GENERAL_NAME                *name;
616     nxt_tls_bundle_conf_t       *bundle;
617     STACK_OF(GENERAL_NAME)      *alt_names;
618     nxt_tls_bundle_hash_item_t  *item;
619 
620     bundle = conf->bundle;
621 
622     alt_names = X509_get_ext_d2i(cert, NID_subject_alt_name, NULL, NULL);
623 
624     if (alt_names != NULL) {
625         n = sk_GENERAL_NAME_num(alt_names);
626 
627         for (i = 0; i != n; i++) {
628             name = sk_GENERAL_NAME_value(alt_names, i);
629 
630             if (name->type != GEN_DNS) {
631                 continue;
632             }
633 
634             str.length = ASN1_STRING_length(name->d.dNSName);
635 #if OPENSSL_VERSION_NUMBER > 0x10100000L
636             str.start = (u_char *) ASN1_STRING_get0_data(name->d.dNSName);
637 #else
638             str.start = ASN1_STRING_data(name->d.dNSName);
639 #endif
640 
641             domain.start = nxt_mp_nget(mp, str.length);
642             if (nxt_slow_path(domain.start == NULL)) {
643                 goto fail;
644             }
645 
646             domain.length = str.length;
647             nxt_memcpy_lowcase(domain.start, str.start, str.length);
648 
649             item = nxt_mp_get(mp, sizeof(nxt_tls_bundle_hash_item_t));
650             if (nxt_slow_path(item == NULL)) {
651                 goto fail;
652             }
653 
654             item->name = domain;
655             item->bundle = bundle;
656 
657             if (nxt_openssl_bundle_hash_insert(task, &conf->bundle_hash,
658                                                item, mp)
659                 == NXT_ERROR)
660             {
661                 goto fail;
662             }
663         }
664 
665         sk_GENERAL_NAME_pop_free(alt_names, GENERAL_NAME_free);
666 
667     } else {
668         x509_name = X509_get_subject_name(cert);
669         len = X509_NAME_get_text_by_NID(x509_name, NID_commonName,
670                                         NULL, 0);
671         if (len <= 0) {
672             nxt_log(task, NXT_LOG_WARN, "certificate \"%V\" has neither "
673                     "Subject Alternative Name nor Common Name", &bundle->name);
674             return NXT_OK;
675         }
676 
677         domain.start = nxt_mp_nget(mp, len + 1);
678         if (nxt_slow_path(domain.start == NULL)) {
679             return NXT_ERROR;
680         }
681 
682         domain.length = X509_NAME_get_text_by_NID(x509_name, NID_commonName,
683                                                   (char *) domain.start,
684                                                   len + 1);
685         nxt_memcpy_lowcase(domain.start, domain.start, domain.length);
686 
687         item = nxt_mp_get(mp, sizeof(nxt_tls_bundle_hash_item_t));
688         if (nxt_slow_path(item == NULL)) {
689             return NXT_ERROR;
690         }
691 
692         item->name = domain;
693         item->bundle = bundle;
694 
695         if (nxt_openssl_bundle_hash_insert(task, &conf->bundle_hash, item,
696                                            mp)
697             == NXT_ERROR)
698         {
699             return NXT_ERROR;
700         }
701     }
702 
703     return NXT_OK;
704 
705 fail:
706 
707     sk_GENERAL_NAME_pop_free(alt_names, GENERAL_NAME_free);
708 
709     return NXT_ERROR;
710 }
711 
712 
713 static const nxt_lvlhsh_proto_t  nxt_openssl_bundle_hash_proto
714     nxt_aligned(64) =
715 {
716     NXT_LVLHSH_DEFAULT,
717     nxt_openssl_bundle_hash_test,
718     nxt_mp_lvlhsh_alloc,
719     nxt_mp_lvlhsh_free,
720 };
721 
722 
723 static nxt_int_t
724 nxt_openssl_bundle_hash_test(nxt_lvlhsh_query_t *lhq, void *data)
725 {
726     nxt_tls_bundle_hash_item_t  *item;
727 
728     item = data;
729 
730     return nxt_strstr_eq(&lhq->key, &item->name) ? NXT_OK : NXT_DECLINED;
731 }
732 
733 
734 static nxt_int_t
735 nxt_openssl_bundle_hash_insert(nxt_task_t *task, nxt_lvlhsh_t *lvlhsh,
736     nxt_tls_bundle_hash_item_t *item, nxt_mp_t *mp)
737 {
738     nxt_str_t                   str;
739     nxt_int_t                   ret;
740     nxt_lvlhsh_query_t          lhq;
741     nxt_tls_bundle_hash_item_t  *old;
742 
743     str = item->name;
744 
745     if (item->name.start[0] == '*') {
746         item->name.start++;
747         item->name.length--;
748 
749         if (item->name.length == 0 || item->name.start[0] != '.') {
750             nxt_log(task, NXT_LOG_WARN, "ignored invalid name \"%V\" "
751                     "in certificate \"%V\": missing \".\" "
752                     "after wildcard symbol", &str, &item->bundle->name);
753             return NXT_OK;
754         }
755     }
756 
757     lhq.pool = mp;
758     lhq.key = item->name;
759     lhq.value = item;
760     lhq.proto = &nxt_openssl_bundle_hash_proto;
761     lhq.replace = 0;
762     lhq.key_hash = nxt_murmur_hash2(item->name.start, item->name.length);
763 
764     ret = nxt_lvlhsh_insert(lvlhsh, &lhq);
765     if (nxt_fast_path(ret == NXT_OK)) {
766         nxt_debug(task, "name \"%V\" for certificate \"%V\" is inserted",
767                   &str, &item->bundle->name);
768         return NXT_OK;
769     }
770 
771     if (nxt_fast_path(ret == NXT_DECLINED)) {
772         old = lhq.value;
773         if (old->bundle != item->bundle) {
774             nxt_log(task, NXT_LOG_WARN, "ignored duplicate name \"%V\" "
775                     "in certificate \"%V\", identical name appears in \"%V\"",
776                     &str, &old->bundle->name, &item->bundle->name);
777 
778             old->bundle = item->bundle;
779         }
780 
781         return NXT_OK;
782     }
783 
784     return NXT_ERROR;
785 }
786 
787 
788 static nxt_int_t
789 nxt_openssl_servername(SSL *s, int *ad, void *arg)
790 {
791     nxt_str_t              str;
792     nxt_uint_t             i;
793     nxt_conn_t             *c;
794     const char             *servername;
795     nxt_tls_conf_t         *conf;
796     nxt_openssl_conn_t     *tls;
797     nxt_tls_bundle_conf_t  *bundle;
798 
799     c = SSL_get_ex_data(s, nxt_openssl_connection_index);
800 
801     if (nxt_slow_path(c == NULL)) {
802         nxt_thread_log_alert("SSL_get_ex_data() failed");
803         return SSL_TLSEXT_ERR_ALERT_FATAL;
804     }
805 
806     servername = SSL_get_servername(s, TLSEXT_NAMETYPE_host_name);
807     if (nxt_slow_path(servername == NULL)) {
808         nxt_log(c->socket.task, NXT_LOG_ALERT, "SSL_get_servername() returned "
809                                                "NULL in server name callback");
810         return SSL_TLSEXT_ERR_ALERT_FATAL;
811     }
812 
813     str.length = nxt_strlen(servername);
814     if (str.length == 0) {
815         nxt_debug(c->socket.task, "client sent zero-length server name");
816         goto done;
817     }
818 
819     if (servername[0] == '.') {
820         nxt_debug(c->socket.task, "ignored the server name \"%s\": "
821                                   "leading \".\"", servername);
822         goto done;
823     }
824 
825     nxt_debug(c->socket.task, "tls with servername \"%s\"", servername);
826 
827     str.start = nxt_mp_nget(c->mem_pool, str.length);
828     if (nxt_slow_path(str.start == NULL)) {
829         return SSL_TLSEXT_ERR_ALERT_FATAL;
830     }
831 
832     nxt_memcpy_lowcase(str.start, (const u_char *) servername, str.length);
833 
834     tls = c->u.tls;
835     conf = tls->conf;
836 
837     bundle = nxt_openssl_find_ctx(conf, &str);
838 
839     if (bundle == NULL) {
840         for (i = 1; i < str.length; i++) {
841             if (str.start[i] == '.') {
842                 str.start += i;
843                 str.length -= i;
844 
845                 bundle = nxt_openssl_find_ctx(conf, &str);
846                 break;
847             }
848         }
849     }
850 
851     if (bundle != NULL) {
852         nxt_debug(c->socket.task, "new tls context found for \"%V\": \"%V\" "
853                                   "(old: \"%V\")", &str, &bundle->name,
854                                   &conf->bundle->name);
855 
856         if (bundle != conf->bundle) {
857             if (SSL_set_SSL_CTX(s, bundle->ctx) == NULL) {
858                 nxt_openssl_log_error(c->socket.task, NXT_LOG_ALERT,
859                                       "SSL_set_SSL_CTX() failed");
860 
861                 return SSL_TLSEXT_ERR_ALERT_FATAL;
862             }
863         }
864     }
865 
866 done:
867 
868     return SSL_TLSEXT_ERR_OK;
869 }
870 
871 
872 static nxt_tls_bundle_conf_t *
873 nxt_openssl_find_ctx(nxt_tls_conf_t *conf, nxt_str_t *sn)
874 {
875     nxt_int_t                   ret;
876     nxt_lvlhsh_query_t          lhq;
877     nxt_tls_bundle_hash_item_t  *item;
878 
879     lhq.key_hash = nxt_murmur_hash2(sn->start, sn->length);
880     lhq.key = *sn;
881     lhq.proto = &nxt_openssl_bundle_hash_proto;
882 
883     ret = nxt_lvlhsh_find(&conf->bundle_hash, &lhq);
884     if (ret != NXT_OK) {
885         return NULL;
886     }
887 
888     item = lhq.value;
889 
890     return item->bundle;
891 }
892 
893 
894 static void
895 nxt_openssl_server_free(nxt_task_t *task, nxt_tls_conf_t *conf)
896 {
897     nxt_tls_bundle_conf_t  *bundle;
898 
899     bundle = conf->bundle;
900     nxt_assert(bundle != NULL);
901 
902     do {
903         SSL_CTX_free(bundle->ctx);
904         bundle = bundle->next;
905     } while (bundle != NULL);
906 
907 #if (OPENSSL_VERSION_NUMBER >= 0x1010100fL \
908      && OPENSSL_VERSION_NUMBER < 0x1010101fL)
909     RAND_keep_random_devices_open(0);
910 #endif
911 }
912 
913 
914 static void
915 nxt_openssl_conn_init(nxt_task_t *task, nxt_tls_conf_t *conf, nxt_conn_t *c)
916 {
917     int                 ret;
918     SSL                 *s;
919     SSL_CTX             *ctx;
920     nxt_openssl_conn_t  *tls;
921 
922     nxt_log_debug(c->socket.log, "openssl conn init");
923 
924     tls = nxt_mp_zget(c->mem_pool, sizeof(nxt_openssl_conn_t));
925     if (tls == NULL) {
926         goto fail;
927     }
928 
929     c->u.tls = tls;
930     nxt_buf_mem_set_size(&tls->buffer, conf->buffer_size);
931 
932     ctx = conf->bundle->ctx;
933 
934     s = SSL_new(ctx);
935     if (s == NULL) {
936         nxt_openssl_log_error(task, NXT_LOG_ALERT, "SSL_new() failed");
937         goto fail;
938     }
939 
940     tls->session = s;
941     /* To pass TLS config to the nxt_openssl_servername() callback. */
942     tls->conf = conf;
943     tls->conn = c;
944 
945     ret = SSL_set_fd(s, c->socket.fd);
946 
947     if (ret == 0) {
948         nxt_openssl_log_error(task, NXT_LOG_ALERT, "SSL_set_fd(%d) failed",
949                               c->socket.fd);
950         goto fail;
951     }
952 
953     SSL_set_accept_state(s);
954 
955     if (SSL_set_ex_data(s, nxt_openssl_connection_index, c) == 0) {
956         nxt_openssl_log_error(task, NXT_LOG_ALERT, "SSL_set_ex_data() failed");
957         goto fail;
958     }
959 
960     c->io = &nxt_openssl_conn_io;
961     c->sendfile = NXT_CONN_SENDFILE_OFF;
962 
963     nxt_openssl_conn_handshake(task, c, c->socket.data);
964 
965     return;
966 
967 fail:
968 
969     nxt_work_queue_add(c->read_work_queue, c->read_state->error_handler,
970                        task, c, c->socket.data);
971 }
972 
973 
974 nxt_inline void
975 nxt_openssl_conn_free(nxt_task_t *task, nxt_conn_t *c)
976 {
977     nxt_openssl_conn_t  *tls;
978 
979     nxt_debug(task, "openssl conn free");
980 
981     tls = c->u.tls;
982 
983     if (tls != NULL) {
984         c->u.tls = NULL;
985         nxt_free(tls->buffer.start);
986         SSL_free(tls->session);
987     }
988 }
989 
990 
991 static void
992 nxt_openssl_conn_handshake(nxt_task_t *task, void *obj, void *data)
993 {
994     int                     ret;
995     nxt_int_t               n;
996     nxt_err_t               err;
997     nxt_conn_t              *c;
998     nxt_work_queue_t        *wq;
999     nxt_work_handler_t      handler;
1000     nxt_openssl_conn_t      *tls;
1001     const nxt_conn_state_t  *state;
1002 
1003     c = obj;
1004 
1005     nxt_debug(task, "openssl conn handshake fd:%d", c->socket.fd);
1006 
1007     if (c->socket.error != 0) {
1008         return;
1009     }
1010 
1011     tls = c->u.tls;
1012 
1013     if (tls == NULL) {
1014         return;
1015     }
1016 
1017     nxt_debug(task, "openssl conn handshake: %d times", tls->times);
1018 
1019     /* "tls->times == 1" is suitable to run SSL_do_handshake() in job. */
1020 
1021     ret = SSL_do_handshake(tls->session);
1022 
1023     err = (ret <= 0) ? nxt_socket_errno : 0;
1024 
1025     nxt_thread_time_debug_update(task->thread);
1026 
1027     nxt_debug(task, "SSL_do_handshake(%d): %d err:%d", c->socket.fd, ret, err);
1028 
1029     state = (c->read_state != NULL) ? c->read_state : c->write_state;
1030 
1031     if (ret > 0) {
1032         /* ret == 1, the handshake was successfully completed. */
1033         tls->handshake = 1;
1034 
1035         if (c->read_state != NULL) {
1036             if (state->io_read_handler != NULL || c->read != NULL) {
1037                 nxt_conn_read(task->thread->engine, c);
1038                 return;
1039             }
1040 
1041         } else {
1042             if (c->write != NULL) {
1043                 nxt_conn_write(task->thread->engine, c);
1044                 return;
1045             }
1046         }
1047 
1048         handler = state->ready_handler;
1049 
1050     } else {
1051         c->socket.read_handler = nxt_openssl_conn_handshake;
1052         c->socket.write_handler = nxt_openssl_conn_handshake;
1053 
1054         n = nxt_openssl_conn_test_error(task, c, ret, err,
1055                                         NXT_OPENSSL_HANDSHAKE);
1056         switch (n) {
1057 
1058         case NXT_AGAIN:
1059             if (tls->ssl_error == SSL_ERROR_WANT_READ && tls->times < 2) {
1060                 tls->times++;
1061             }
1062 
1063             return;
1064 
1065         case 0:
1066             handler = state->close_handler;
1067             break;
1068 
1069         default:
1070         case NXT_ERROR:
1071             nxt_openssl_conn_error(task, err, "SSL_do_handshake(%d) failed",
1072                                    c->socket.fd);
1073 
1074             handler = state->error_handler;
1075             break;
1076         }
1077     }
1078 
1079     wq = (c->read_state != NULL) ? c->read_work_queue : c->write_work_queue;
1080 
1081     nxt_work_queue_add(wq, handler, task, c, data);
1082 }
1083 
1084 
1085 static ssize_t
1086 nxt_openssl_conn_io_recvbuf(nxt_conn_t *c, nxt_buf_t *b)
1087 {
1088     int                 ret;
1089     size_t              size;
1090     nxt_int_t           n;
1091     nxt_err_t           err;
1092     nxt_openssl_conn_t  *tls;
1093 
1094     tls = c->u.tls;
1095     size = b->mem.end - b->mem.free;
1096 
1097     ret = SSL_read(tls->session, b->mem.free, size);
1098 
1099     err = (ret <= 0) ? nxt_socket_errno : 0;
1100 
1101     nxt_debug(c->socket.task, "SSL_read(%d, %p, %uz): %d err:%d",
1102               c->socket.fd, b->mem.free, size, ret, err);
1103 
1104     if (ret > 0) {
1105         return ret;
1106     }
1107 
1108     n = nxt_openssl_conn_test_error(c->socket.task, c, ret, err,
1109                                     NXT_OPENSSL_READ);
1110     if (n == NXT_ERROR) {
1111         nxt_openssl_conn_error(c->socket.task, err,
1112                                "SSL_read(%d, %p, %uz) failed",
1113                                c->socket.fd, b->mem.free, size);
1114     }
1115 
1116     return n;
1117 }
1118 
1119 
1120 static ssize_t
1121 nxt_openssl_conn_io_sendbuf(nxt_task_t *task, nxt_sendbuf_t *sb)
1122 {
1123     nxt_uint_t    niov;
1124     struct iovec  iov;
1125 
1126     niov = nxt_sendbuf_mem_coalesce0(task, sb, &iov, 1);
1127 
1128     if (niov == 0 && sb->sync) {
1129         return 0;
1130     }
1131 
1132     return nxt_openssl_conn_io_send(task, sb, iov.iov_base, iov.iov_len);
1133 }
1134 
1135 
1136 static ssize_t
1137 nxt_openssl_conn_io_send(nxt_task_t *task, nxt_sendbuf_t *sb, void *buf,
1138     size_t size)
1139 {
1140     int                 ret;
1141     nxt_err_t           err;
1142     nxt_int_t           n;
1143     nxt_conn_t          *c;
1144     nxt_openssl_conn_t  *tls;
1145 
1146     tls = sb->tls;
1147 
1148     ret = SSL_write(tls->session, buf, size);
1149 
1150     err = (ret <= 0) ? nxt_socket_errno : 0;
1151 
1152     nxt_debug(task, "SSL_write(%d, %p, %uz): %d err:%d",
1153               sb->socket, buf, size, ret, err);
1154 
1155     if (ret > 0) {
1156         return ret;
1157     }
1158 
1159     c = tls->conn;
1160     c->socket.write_ready = sb->ready;
1161 
1162     n = nxt_openssl_conn_test_error(task, c, ret, err, NXT_OPENSSL_WRITE);
1163 
1164     sb->ready = c->socket.write_ready;
1165 
1166     if (n == NXT_ERROR) {
1167         sb->error = c->socket.error;
1168         nxt_openssl_conn_error(task, err, "SSL_write(%d, %p, %uz) failed",
1169                                sb->socket, buf, size);
1170     }
1171 
1172     return n;
1173 }
1174 
1175 
1176 static void
1177 nxt_openssl_conn_io_shutdown(nxt_task_t *task, void *obj, void *data)
1178 {
1179     int                 ret, mode;
1180     SSL                 *s;
1181     nxt_err_t           err;
1182     nxt_int_t           n;
1183     nxt_bool_t          quiet, once;
1184     nxt_conn_t          *c;
1185     nxt_openssl_conn_t  *tls;
1186     nxt_work_handler_t  handler;
1187 
1188     c = obj;
1189 
1190     nxt_debug(task, "openssl conn shutdown fd:%d", c->socket.fd);
1191 
1192     c->read_state = NULL;
1193     tls = c->u.tls;
1194 
1195     if (tls == NULL) {
1196         return;
1197     }
1198 
1199     s = tls->session;
1200 
1201     if (s == NULL || !tls->handshake) {
1202         handler = c->write_state->ready_handler;
1203         goto done;
1204     }
1205 
1206     mode = SSL_get_shutdown(s);
1207 
1208     if (c->socket.timedout || c->socket.error != 0) {
1209         quiet = 1;
1210 
1211     } else if (c->socket.closed && !(mode & SSL_RECEIVED_SHUTDOWN)) {
1212         quiet = 1;
1213 
1214     } else {
1215         quiet = 0;
1216     }
1217 
1218     SSL_set_quiet_shutdown(s, quiet);
1219 
1220     if (tls->conf->no_wait_shutdown) {
1221         mode |= SSL_RECEIVED_SHUTDOWN;
1222     }
1223 
1224     once = 1;
1225 
1226     for ( ;; ) {
1227         SSL_set_shutdown(s, mode);
1228 
1229         ret = SSL_shutdown(s);
1230 
1231         err = (ret <= 0) ? nxt_socket_errno : 0;
1232 
1233         nxt_debug(task, "SSL_shutdown(%d, %d, %b): %d err:%d",
1234                   c->socket.fd, mode, quiet, ret, err);
1235 
1236         if (ret > 0) {
1237             /* ret == 1, the shutdown was successfully completed. */
1238             handler = c->write_state->ready_handler;
1239             goto done;
1240         }
1241 
1242         if (ret == 0) {
1243             /*
1244              * If SSL_shutdown() returns 0 then it should be called
1245              * again.  The second SSL_shutdown() call should return
1246              * -1/SSL_ERROR_WANT_READ or -1/SSL_ERROR_WANT_WRITE.
1247              * OpenSSL prior to 0.9.8m version however never returns
1248              * -1 at all.  Fortunately, OpenSSL preserves internally
1249              * correct status available via SSL_get_error(-1).
1250              */
1251             if (once) {
1252                 once = 0;
1253                 mode = SSL_get_shutdown(s);
1254                 continue;
1255             }
1256 
1257             ret = -1;
1258         }
1259 
1260         /* ret == -1 */
1261 
1262         break;
1263     }
1264 
1265     c->socket.read_handler = nxt_openssl_conn_io_shutdown;
1266     c->socket.write_handler = nxt_openssl_conn_io_shutdown;
1267     c->socket.error_handler = c->write_state->error_handler;
1268 
1269     n = nxt_openssl_conn_test_error(task, c, ret, err, NXT_OPENSSL_SHUTDOWN);
1270 
1271     switch (n) {
1272 
1273     case 0:
1274         handler = c->write_state->close_handler;
1275         break;
1276 
1277     case NXT_AGAIN:
1278         c->write_timer.handler = nxt_openssl_conn_io_shutdown_timeout;
1279         nxt_timer_add(task->thread->engine, &c->write_timer, 5000);
1280         return;
1281 
1282     default:
1283     case NXT_ERROR:
1284         nxt_openssl_conn_error(task, err, "SSL_shutdown(%d) failed",
1285                                c->socket.fd);
1286         handler = c->write_state->error_handler;
1287     }
1288 
1289 done:
1290 
1291     nxt_openssl_conn_free(task, c);
1292 
1293     nxt_work_queue_add(c->write_work_queue, handler, task, c, data);
1294 }
1295 
1296 
1297 static nxt_int_t
1298 nxt_openssl_conn_test_error(nxt_task_t *task, nxt_conn_t *c, int ret,
1299     nxt_err_t sys_err, nxt_openssl_io_t io)
1300 {
1301     u_long              lib_err;
1302     nxt_openssl_conn_t  *tls;
1303 
1304     tls = c->u.tls;
1305 
1306     tls->ssl_error = SSL_get_error(tls->session, ret);
1307 
1308     nxt_debug(task, "SSL_get_error(): %d", tls->ssl_error);
1309 
1310     switch (tls->ssl_error) {
1311 
1312     case SSL_ERROR_WANT_READ:
1313         c->socket.read_ready = 0;
1314 
1315         if (io != NXT_OPENSSL_READ) {
1316             nxt_fd_event_block_write(task->thread->engine, &c->socket);
1317 
1318             if (nxt_fd_event_is_disabled(c->socket.read)) {
1319                 nxt_fd_event_enable_read(task->thread->engine, &c->socket);
1320             }
1321         }
1322 
1323         return NXT_AGAIN;
1324 
1325     case SSL_ERROR_WANT_WRITE:
1326         c->socket.write_ready = 0;
1327 
1328         if (io != NXT_OPENSSL_WRITE) {
1329             nxt_fd_event_block_read(task->thread->engine, &c->socket);
1330 
1331             if (nxt_fd_event_is_disabled(c->socket.write)) {
1332                 nxt_fd_event_enable_write(task->thread->engine, &c->socket);
1333             }
1334         }
1335 
1336         return NXT_AGAIN;
1337 
1338     case SSL_ERROR_SYSCALL:
1339         lib_err = ERR_peek_error();
1340 
1341         nxt_debug(task, "ERR_peek_error(): %l", lib_err);
1342 
1343         if (sys_err != 0 || lib_err != 0) {
1344             c->socket.error = sys_err;
1345             return NXT_ERROR;
1346         }
1347 
1348         /* A connection was just closed. */
1349         c->socket.closed = 1;
1350         return 0;
1351 
1352     case SSL_ERROR_ZERO_RETURN:
1353         /* A "close notify" alert. */
1354         return 0;
1355 
1356     default: /* SSL_ERROR_SSL, etc. */
1357         c->socket.error = 1000;  /* Nonexistent errno code. */
1358         return NXT_ERROR;
1359     }
1360 }
1361 
1362 
1363 static void
1364 nxt_openssl_conn_io_shutdown_timeout(nxt_task_t *task, void *obj, void *data)
1365 {
1366     nxt_conn_t   *c;
1367     nxt_timer_t  *timer;
1368 
1369     timer = obj;
1370 
1371     nxt_debug(task, "openssl conn shutdown timeout");
1372 
1373     c = nxt_write_timer_conn(timer);
1374 
1375     c->socket.timedout = 1;
1376     nxt_openssl_conn_io_shutdown(task, c, NULL);
1377 }
1378 
1379 
1380 static void nxt_cdecl
1381 nxt_openssl_conn_error(nxt_task_t *task, nxt_err_t err, const char *fmt, ...)
1382 {
1383     u_char      *p, *end;
1384     va_list     args;
1385     nxt_uint_t  level;
1386     u_char      msg[NXT_MAX_ERROR_STR];
1387 
1388     level = nxt_openssl_log_error_level(err);
1389 
1390     if (nxt_log_level_enough(task->log, level)) {
1391 
1392         end = msg + sizeof(msg);
1393 
1394         va_start(args, fmt);
1395         p = nxt_vsprintf(msg, end, fmt, args);
1396         va_end(args);
1397 
1398         if (err != 0) {
1399             p = nxt_sprintf(p, end, " %E", err);
1400         }
1401 
1402         p = nxt_openssl_copy_error(p, end);
1403 
1404         nxt_log(task, level, "%*s", p - msg, msg);
1405 
1406     } else {
1407         ERR_clear_error();
1408     }
1409 }
1410 
1411 
1412 static nxt_uint_t
1413 nxt_openssl_log_error_level(nxt_err_t err)
1414 {
1415     switch (ERR_GET_REASON(ERR_peek_error())) {
1416 
1417     case 0:
1418         return nxt_socket_error_level(err);
1419 
1420     case SSL_R_BAD_CHANGE_CIPHER_SPEC:                    /*  103 */
1421     case SSL_R_BLOCK_CIPHER_PAD_IS_WRONG:                 /*  129 */
1422     case SSL_R_DIGEST_CHECK_FAILED:                       /*  149 */
1423     case SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST:             /*  151 */
1424     case SSL_R_EXCESSIVE_MESSAGE_SIZE:                    /*  152 */
1425     case SSL_R_LENGTH_MISMATCH:                           /*  159 */
1426 #ifdef SSL_R_NO_CIPHERS_PASSED
1427     case SSL_R_NO_CIPHERS_PASSED:                         /*  182 */
1428 #endif
1429     case SSL_R_NO_CIPHERS_SPECIFIED:                      /*  183 */
1430     case SSL_R_NO_COMPRESSION_SPECIFIED:                  /*  187 */
1431     case SSL_R_NO_SHARED_CIPHER:                          /*  193 */
1432     case SSL_R_RECORD_LENGTH_MISMATCH:                    /*  213 */
1433 #ifdef SSL_R_PARSE_TLSEXT
1434     case SSL_R_PARSE_TLSEXT:                              /*  227 */
1435 #endif
1436     case SSL_R_UNEXPECTED_MESSAGE:                        /*  244 */
1437     case SSL_R_UNEXPECTED_RECORD:                         /*  245 */
1438     case SSL_R_UNKNOWN_ALERT_TYPE:                        /*  246 */
1439     case SSL_R_UNKNOWN_PROTOCOL:                          /*  252 */
1440     case SSL_R_WRONG_VERSION_NUMBER:                      /*  267 */
1441     case SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC:       /*  281 */
1442 #ifdef SSL_R_RENEGOTIATE_EXT_TOO_LONG
1443     case SSL_R_RENEGOTIATE_EXT_TOO_LONG:                  /*  335 */
1444     case SSL_R_RENEGOTIATION_ENCODING_ERR:                /*  336 */
1445     case SSL_R_RENEGOTIATION_MISMATCH:                    /*  337 */
1446 #endif
1447 #ifdef SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED
1448     case SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED:      /*  338 */
1449 #endif
1450 #ifdef SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING
1451     case SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING:          /*  345 */
1452 #endif
1453     case 1000:/* SSL_R_SSLV3_ALERT_CLOSE_NOTIFY */
1454     case SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE:            /* 1010 */
1455     case SSL_R_SSLV3_ALERT_BAD_RECORD_MAC:                /* 1020 */
1456     case SSL_R_TLSV1_ALERT_DECRYPTION_FAILED:             /* 1021 */
1457     case SSL_R_TLSV1_ALERT_RECORD_OVERFLOW:               /* 1022 */
1458     case SSL_R_SSLV3_ALERT_DECOMPRESSION_FAILURE:         /* 1030 */
1459     case SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE:             /* 1040 */
1460     case SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER:             /* 1047 */
1461         break;
1462 
1463     case SSL_R_SSLV3_ALERT_NO_CERTIFICATE:                /* 1041 */
1464     case SSL_R_SSLV3_ALERT_BAD_CERTIFICATE:               /* 1042 */
1465     case SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE:       /* 1043 */
1466     case SSL_R_SSLV3_ALERT_CERTIFICATE_REVOKED:           /* 1044 */
1467     case SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED:           /* 1045 */
1468     case SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN:           /* 1046 */
1469     case SSL_R_TLSV1_ALERT_UNKNOWN_CA:                    /* 1048 */
1470     case SSL_R_TLSV1_ALERT_ACCESS_DENIED:                 /* 1049 */
1471     case SSL_R_TLSV1_ALERT_DECODE_ERROR:                  /* 1050 */
1472     case SSL_R_TLSV1_ALERT_DECRYPT_ERROR:                 /* 1051 */
1473     case SSL_R_TLSV1_ALERT_EXPORT_RESTRICTION:            /* 1060 */
1474     case SSL_R_TLSV1_ALERT_PROTOCOL_VERSION:              /* 1070 */
1475     case SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY:         /* 1071 */
1476     case SSL_R_TLSV1_ALERT_INTERNAL_ERROR:                /* 1080 */
1477     case SSL_R_TLSV1_ALERT_USER_CANCELLED:                /* 1090 */
1478     case SSL_R_TLSV1_ALERT_NO_RENEGOTIATION:              /* 1100 */
1479         return NXT_LOG_ERR;
1480 
1481     default:
1482         return NXT_LOG_ALERT;
1483     }
1484 
1485     return NXT_LOG_INFO;
1486 }
1487 
1488 
1489 void nxt_cdecl
1490 nxt_openssl_log_error(nxt_task_t *task, nxt_uint_t level, const char *fmt, ...)
1491 {
1492     u_char   *p, *end;
1493     va_list  args;
1494     u_char   msg[NXT_MAX_ERROR_STR];
1495 
1496     end = msg + sizeof(msg);
1497 
1498     va_start(args, fmt);
1499     p = nxt_vsprintf(msg, end, fmt, args);
1500     va_end(args);
1501 
1502     p = nxt_openssl_copy_error(p, end);
1503 
1504     nxt_log(task, level, "%*s", p - msg, msg);
1505 }
1506 
1507 
1508 u_char *
1509 nxt_openssl_copy_error(u_char *p, u_char *end)
1510 {
1511     int         flags;
1512     u_long      err;
1513     nxt_bool_t  clear;
1514     const char  *data, *delimiter;
1515 
1516     err = ERR_peek_error();
1517     if (err == 0) {
1518         return p;
1519     }
1520 
1521     /* Log the most relevant error message ... */
1522     data = ERR_reason_error_string(err);
1523 
1524     p = nxt_sprintf(p, end, " (%d: %s) (OpenSSL: ", ERR_GET_REASON(err), data);
1525 
1526     /*
1527      * ... followed by all queued cumbersome OpenSSL error messages
1528      * and drain the error queue.
1529      */
1530     delimiter = "";
1531     clear = 0;
1532 
1533     for ( ;; ) {
1534         err = ERR_get_error_line_data(NULL, NULL, &data, &flags);
1535         if (err == 0) {
1536             break;
1537         }
1538 
1539         p = nxt_sprintf(p, end, "%s", delimiter);
1540 
1541         ERR_error_string_n(err, (char *) p, end - p);
1542 
1543         while (p < end && *p != '\0') {
1544             p++;
1545         }
1546 
1547         if ((flags & ERR_TXT_STRING) != 0) {
1548             p = nxt_sprintf(p, end, ":%s", data);
1549         }
1550 
1551         clear |= ((flags & ERR_TXT_MALLOCED) != 0);
1552 
1553         delimiter = "; ";
1554     }
1555 
1556     /* Deallocate additional data. */
1557 
1558     if (clear) {
1559         ERR_clear_error();
1560     }
1561 
1562     if (p < end) {
1563         *p++ = ')';
1564     }
1565 
1566     return p;
1567 }
1568