xref: /unit/src/nxt_openssl.c (revision 836:ecd3c5bbf7d8)
1 
2 /*
3  * Copyright (C) Igor Sysoev
4  * Copyright (C) NGINX, Inc.
5  */
6 
7 #include <nxt_main.h>
8 #include <openssl/ssl.h>
9 #include <openssl/conf.h>
10 #include <openssl/err.h>
11 
12 
13 typedef struct {
14     SSL            *session;
15     nxt_conn_t     *conn;
16 
17     int            ssl_error;
18     uint8_t        times;      /* 2 bits */
19     uint8_t        handshake;  /* 1 bit  */
20 
21     nxt_buf_mem_t  buffer;
22 } nxt_openssl_conn_t;
23 
24 
25 typedef enum {
26     NXT_OPENSSL_HANDSHAKE = 0,
27     NXT_OPENSSL_READ,
28     NXT_OPENSSL_WRITE,
29     NXT_OPENSSL_SHUTDOWN,
30 } nxt_openssl_io_t;
31 
32 
33 static nxt_int_t nxt_openssl_library_init(nxt_task_t *task);
34 static void nxt_openssl_library_free(nxt_task_t *task);
35 #if OPENSSL_VERSION_NUMBER < 0x10100004L
36 static nxt_int_t nxt_openssl_locks_init(void);
37 static void nxt_openssl_lock(int mode, int type, const char *file, int line);
38 static unsigned long nxt_openssl_thread_id(void);
39 static void nxt_openssl_locks_free(void);
40 #endif
41 static nxt_int_t nxt_openssl_server_init(nxt_task_t *task,
42     nxt_tls_conf_t *conf);
43 static nxt_int_t nxt_openssl_chain_file(SSL_CTX *ctx, nxt_fd_t fd);
44 static void nxt_openssl_server_free(nxt_task_t *task, nxt_tls_conf_t *conf);
45 static void nxt_openssl_conn_init(nxt_task_t *task, nxt_tls_conf_t *conf,
46     nxt_conn_t *c);
47 static void nxt_openssl_conn_handshake(nxt_task_t *task, void *obj, void *data);
48 static ssize_t nxt_openssl_conn_io_recvbuf(nxt_conn_t *c, nxt_buf_t *b);
49 static ssize_t nxt_openssl_conn_io_sendbuf(nxt_task_t *task, nxt_sendbuf_t *sb);
50 static ssize_t nxt_openssl_conn_io_send(nxt_task_t *task, nxt_sendbuf_t *sb,
51     void *buf, size_t size);
52 static void nxt_openssl_conn_io_shutdown(nxt_task_t *task, void *obj,
53     void *data);
54 static nxt_int_t nxt_openssl_conn_test_error(nxt_task_t *task, nxt_conn_t *c,
55     int ret, nxt_err_t sys_err, nxt_openssl_io_t io);
56 static void nxt_cdecl nxt_openssl_conn_error(nxt_task_t *task,
57     nxt_err_t err, const char *fmt, ...);
58 static nxt_uint_t nxt_openssl_log_error_level(nxt_err_t err);
59 
60 
61 const nxt_tls_lib_t  nxt_openssl_lib = {
62     .library_init = nxt_openssl_library_init,
63     .library_free = nxt_openssl_library_free,
64 
65     .server_init = nxt_openssl_server_init,
66     .server_free = nxt_openssl_server_free,
67 };
68 
69 
70 static nxt_conn_io_t  nxt_openssl_conn_io = {
71     .read = nxt_conn_io_read,
72     .recvbuf = nxt_openssl_conn_io_recvbuf,
73 
74     .write = nxt_conn_io_write,
75     .sendbuf = nxt_openssl_conn_io_sendbuf,
76 
77     .shutdown = nxt_openssl_conn_io_shutdown,
78 };
79 
80 
81 static long  nxt_openssl_version;
82 static int   nxt_openssl_connection_index;
83 
84 
85 static nxt_int_t
86 nxt_openssl_library_init(nxt_task_t *task)
87 {
88     int  index;
89 
90     if (nxt_fast_path(nxt_openssl_version != 0)) {
91         return NXT_OK;
92     }
93 
94 #if OPENSSL_VERSION_NUMBER >= 0x10100003L
95 
96     OPENSSL_init_ssl(OPENSSL_INIT_LOAD_CONFIG, NULL);
97 
98 #else
99     {
100         nxt_int_t  ret;
101 
102         SSL_load_error_strings();
103 
104         OPENSSL_config(NULL);
105 
106         /*
107          * SSL_library_init(3):
108          *
109          *   SSL_library_init() always returns "1",
110          *   so it is safe to discard the return value.
111          */
112         (void) SSL_library_init();
113 
114         ret = nxt_openssl_locks_init();
115         if (nxt_slow_path(ret != NXT_OK)) {
116             return ret;
117         }
118     }
119 
120 #endif
121 
122     nxt_openssl_version = SSLeay();
123 
124     nxt_log(task, NXT_LOG_INFO, "%s, %xl",
125             SSLeay_version(SSLEAY_VERSION), nxt_openssl_version);
126 
127 #ifndef SSL_OP_NO_COMPRESSION
128     {
129         /*
130          * Disable gzip compression in OpenSSL prior to 1.0.0
131          * version, this saves about 522K per connection.
132          */
133         int                 n;
134         STACK_OF(SSL_COMP)  *ssl_comp_methods;
135 
136         ssl_comp_methods = SSL_COMP_get_compression_methods();
137 
138         for (n = sk_SSL_COMP_num(ssl_comp_methods); n != 0; n--) {
139             (void) sk_SSL_COMP_pop(ssl_comp_methods);
140         }
141     }
142 #endif
143 
144     index = SSL_get_ex_new_index(0, NULL, NULL, NULL, NULL);
145 
146     if (index == -1) {
147         nxt_openssl_log_error(task, NXT_LOG_ALERT,
148                               "SSL_get_ex_new_index() failed");
149         return NXT_ERROR;
150     }
151 
152     nxt_openssl_connection_index = index;
153 
154     return NXT_OK;
155 }
156 
157 
158 #if OPENSSL_VERSION_NUMBER >= 0x10100003L
159 
160 static void
161 nxt_openssl_library_free(nxt_task_t *task)
162 {
163 }
164 
165 #else
166 
167 static nxt_thread_mutex_t  *nxt_openssl_locks;
168 
169 static nxt_int_t
170 nxt_openssl_locks_init(void)
171 {
172     int        i, n;
173     nxt_int_t  ret;
174 
175     n = CRYPTO_num_locks();
176 
177     nxt_openssl_locks = OPENSSL_malloc(n * sizeof(nxt_thread_mutex_t));
178     if (nxt_slow_path(nxt_openssl_locks == NULL)) {
179         return NXT_ERROR;
180     }
181 
182     for (i = 0; i < n; i++) {
183         ret = nxt_thread_mutex_create(&nxt_openssl_locks[i]);
184         if (nxt_slow_path(ret != NXT_OK)) {
185             return ret;
186         }
187     }
188 
189     CRYPTO_set_locking_callback(nxt_openssl_lock);
190 
191     CRYPTO_set_id_callback(nxt_openssl_thread_id);
192 
193     return NXT_OK;
194 }
195 
196 
197 static void
198 nxt_openssl_lock(int mode, int type, const char *file, int line)
199 {
200     nxt_thread_mutex_t  *lock;
201 
202     lock = &nxt_openssl_locks[type];
203 
204     if ((mode & CRYPTO_LOCK) != 0) {
205         (void) nxt_thread_mutex_lock(lock);
206 
207     } else {
208         (void) nxt_thread_mutex_unlock(lock);
209     }
210 }
211 
212 
213 static u_long
214 nxt_openssl_thread_id(void)
215 {
216     return (u_long) nxt_thread_handle();
217 }
218 
219 
220 static void
221 nxt_openssl_library_free(nxt_task_t *task)
222 {
223     nxt_openssl_locks_free();
224 }
225 
226 
227 static void
228 nxt_openssl_locks_free(void)
229 {
230     int  i, n;
231 
232     n = CRYPTO_num_locks();
233 
234     CRYPTO_set_locking_callback(NULL);
235 
236     for (i = 0; i < n; i++) {
237         nxt_thread_mutex_destroy(&nxt_openssl_locks[i]);
238     }
239 
240     OPENSSL_free(nxt_openssl_locks);
241 }
242 
243 #endif
244 
245 
246 static nxt_int_t
247 nxt_openssl_server_init(nxt_task_t *task, nxt_tls_conf_t *conf)
248 {
249     SSL_CTX              *ctx;
250     nxt_fd_t             fd;
251     const char           *ciphers, *ca_certificate;
252     STACK_OF(X509_NAME)  *list;
253 
254     ctx = SSL_CTX_new(SSLv23_server_method());
255     if (ctx == NULL) {
256         nxt_openssl_log_error(task, NXT_LOG_ALERT, "SSL_CTX_new() failed");
257         return NXT_ERROR;
258     }
259 
260     conf->ctx = ctx;
261     conf->conn_init = nxt_openssl_conn_init;
262 
263 #ifdef SSL_OP_NO_RENEGOTIATION
264     /* Renegration is not currently supported. */
265     SSL_CTX_set_options(ctx, SSL_OP_NO_RENEGOTIATION);
266 #endif
267 
268 #ifdef SSL_OP_NO_COMPRESSION
269     /*
270      * Disable gzip compression in OpenSSL 1.0.0,
271      * this saves about 522K per connection.
272      */
273     SSL_CTX_set_options(ctx, SSL_OP_NO_COMPRESSION);
274 #endif
275 
276 #ifdef SSL_MODE_RELEASE_BUFFERS
277 
278     if (nxt_openssl_version >= 10001078) {
279         /*
280          * Allow to release read and write buffers in OpenSSL 1.0.0,
281          * this saves about 34K per idle connection.  It is not safe
282          * before OpenSSL 1.0.1h (CVE-2010-5298).
283          */
284         SSL_CTX_set_mode(ctx, SSL_MODE_RELEASE_BUFFERS);
285     }
286 
287 #endif
288 
289     fd = conf->chain_file;
290 
291     if (nxt_openssl_chain_file(ctx, fd) != NXT_OK) {
292         nxt_openssl_log_error(task, NXT_LOG_ALERT,
293                               "nxt_openssl_chain_file() failed");
294         goto fail;
295     }
296 /*
297     key = conf->certificate_key;
298 
299     if (SSL_CTX_use_PrivateKey_file(ctx, key, SSL_FILETYPE_PEM) == 0) {
300         nxt_openssl_log_error(task, NXT_LOG_ALERT,
301                               "SSL_CTX_use_PrivateKey_file(\"%s\") failed",
302                               key);
303         goto fail;
304     }
305 */
306     ciphers = (conf->ciphers != NULL) ? conf->ciphers : "HIGH:!aNULL:!MD5";
307 
308     if (SSL_CTX_set_cipher_list(ctx, ciphers) == 0) {
309         nxt_openssl_log_error(task, NXT_LOG_ALERT,
310                               "SSL_CTX_set_cipher_list(\"%s\") failed",
311                               ciphers);
312         goto fail;
313     }
314 
315     SSL_CTX_set_options(ctx, SSL_OP_CIPHER_SERVER_PREFERENCE);
316 
317     if (conf->ca_certificate != NULL) {
318 
319         /* TODO: verify callback */
320         SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, NULL);
321 
322         /* TODO: verify depth */
323         SSL_CTX_set_verify_depth(ctx, 1);
324 
325         ca_certificate = conf->ca_certificate;
326 
327         if (SSL_CTX_load_verify_locations(ctx, ca_certificate, NULL) == 0) {
328             nxt_openssl_log_error(task, NXT_LOG_ALERT,
329                               "SSL_CTX_load_verify_locations(\"%s\") failed",
330                               ca_certificate);
331             goto fail;
332         }
333 
334         list = SSL_load_client_CA_file(ca_certificate);
335 
336         if (list == NULL) {
337             nxt_openssl_log_error(task, NXT_LOG_ALERT,
338                               "SSL_load_client_CA_file(\"%s\") failed",
339                               ca_certificate);
340             goto fail;
341         }
342 
343         /*
344          * SSL_load_client_CA_file() in OpenSSL prior to 0.9.7h and
345          * 0.9.8 versions always leaves an error in the error queue.
346          */
347         ERR_clear_error();
348 
349         SSL_CTX_set_client_CA_list(ctx, list);
350     }
351 
352     return NXT_OK;
353 
354 fail:
355 
356     SSL_CTX_free(ctx);
357 
358     return NXT_ERROR;
359 }
360 
361 
362 static nxt_int_t
363 nxt_openssl_chain_file(SSL_CTX *ctx, nxt_fd_t fd)
364 {
365     BIO            *bio;
366     X509           *cert, *ca;
367     long           reason;
368     EVP_PKEY       *key;
369     nxt_int_t      ret;
370 
371     bio = BIO_new(BIO_s_fd());
372     if (bio == NULL) {
373         return NXT_ERROR;
374     }
375 
376     BIO_set_fd(bio, fd, BIO_CLOSE);
377 
378     ret = NXT_ERROR;
379 
380     cert = PEM_read_bio_X509_AUX(bio, NULL, NULL, NULL);
381     if (cert == NULL) {
382         goto end;
383     }
384 
385     if (SSL_CTX_use_certificate(ctx, cert) != 1) {
386         goto end;
387     }
388 
389     for ( ;; ) {
390         ca = PEM_read_bio_X509(bio, NULL, NULL, NULL);
391 
392         if (ca == NULL) {
393             reason = ERR_GET_REASON(ERR_peek_last_error());
394             if (reason != PEM_R_NO_START_LINE) {
395                 goto end;
396             }
397 
398             ERR_clear_error();
399             break;
400         }
401 
402         /*
403          * Note that ca isn't freed if it was successfully added to the chain,
404          * while the main certificate needs a X509_free() call, since
405          * its reference count is increased by SSL_CTX_use_certificate().
406          */
407 #ifdef SSL_CTX_add0_chain_cert
408         if (SSL_CTX_add0_chain_cert(ctx, ca) != 1) {
409 #else
410         if (SSL_CTX_add_extra_chain_cert(ctx, ca) != 1) {
411 #endif
412             X509_free(ca);
413             goto end;
414         }
415     }
416 
417     if (BIO_reset(bio) != 0) {
418         goto end;
419     }
420 
421     key = PEM_read_bio_PrivateKey(bio, NULL, NULL, NULL);
422     if (key == NULL) {
423         goto end;
424     }
425 
426     if (SSL_CTX_use_PrivateKey(ctx, key) == 1) {
427         ret = NXT_OK;
428     }
429 
430     EVP_PKEY_free(key);
431 
432 end:
433 
434     X509_free(cert);
435     BIO_free(bio);
436 
437     return ret;
438 }
439 
440 
441 static void
442 nxt_openssl_server_free(nxt_task_t *task, nxt_tls_conf_t *conf)
443 {
444     SSL_CTX_free(conf->ctx);
445 }
446 
447 
448 static void
449 nxt_openssl_conn_init(nxt_task_t *task, nxt_tls_conf_t *conf, nxt_conn_t *c)
450 {
451     int                 ret;
452     SSL                 *s;
453     SSL_CTX             *ctx;
454     nxt_openssl_conn_t  *tls;
455 
456     nxt_log_debug(c->socket.log, "openssl conn init");
457 
458     tls = nxt_mp_zget(c->mem_pool, sizeof(nxt_openssl_conn_t));
459     if (tls == NULL) {
460         goto fail;
461     }
462 
463     c->u.tls = tls;
464     nxt_buf_mem_set_size(&tls->buffer, conf->buffer_size);
465 
466     ctx = conf->ctx;
467 
468     s = SSL_new(ctx);
469     if (s == NULL) {
470         nxt_openssl_log_error(task, NXT_LOG_ALERT, "SSL_new() failed");
471         goto fail;
472     }
473 
474     tls->session = s;
475     tls->conn = c;
476 
477     ret = SSL_set_fd(s, c->socket.fd);
478 
479     if (ret == 0) {
480         nxt_openssl_log_error(task, NXT_LOG_ALERT, "SSL_set_fd(%d) failed",
481                               c->socket.fd);
482         goto fail;
483     }
484 
485     SSL_set_accept_state(s);
486 
487     if (SSL_set_ex_data(s, nxt_openssl_connection_index, c) == 0) {
488         nxt_openssl_log_error(task, NXT_LOG_ALERT, "SSL_set_ex_data() failed");
489         goto fail;
490     }
491 
492     c->io = &nxt_openssl_conn_io;
493     c->sendfile = NXT_CONN_SENDFILE_OFF;
494 
495     nxt_openssl_conn_handshake(task, c, c->socket.data);
496     return;
497 
498 fail:
499 
500     nxt_work_queue_add(c->read_work_queue, c->read_state->error_handler,
501                        task, c, c->socket.data);
502 }
503 
504 
505 nxt_inline void
506 nxt_openssl_conn_free(nxt_task_t *task, nxt_conn_t *c)
507 {
508     nxt_openssl_conn_t  *tls;
509 
510     nxt_debug(task, "openssl conn free");
511 
512     tls = c->u.tls;
513 
514     if (tls != NULL) {
515         c->u.tls = NULL;
516         nxt_free(tls->buffer.start);
517         SSL_free(tls->session);
518     }
519 }
520 
521 
522 static void
523 nxt_openssl_conn_handshake(nxt_task_t *task, void *obj, void *data)
524 {
525     int                     ret;
526     nxt_int_t               n;
527     nxt_err_t               err;
528     nxt_conn_t              *c;
529     nxt_work_queue_t        *wq;
530     nxt_work_handler_t      handler;
531     nxt_openssl_conn_t      *tls;
532     const nxt_conn_state_t  *state;
533 
534     c = obj;
535 
536     nxt_debug(task, "openssl conn handshake fd:%d", c->socket.fd);
537 
538     if (c->socket.error != 0) {
539         return;
540     }
541 
542     tls = c->u.tls;
543 
544     if (tls == NULL) {
545         return;
546     }
547 
548     nxt_debug(task, "openssl conn handshake: %d times", tls->times);
549 
550     /* "tls->times == 1" is suitable to run SSL_do_handshake() in job. */
551 
552     ret = SSL_do_handshake(tls->session);
553 
554     err = (ret <= 0) ? nxt_socket_errno : 0;
555 
556     nxt_thread_time_debug_update(task->thread);
557 
558     nxt_debug(task, "SSL_do_handshake(%d): %d err:%d", c->socket.fd, ret, err);
559 
560     state = (c->read_state != NULL) ? c->read_state : c->write_state;
561 
562     if (ret > 0) {
563         /* ret == 1, the handshake was successfully completed. */
564         tls->handshake = 1;
565 
566         if (c->read_state != NULL) {
567             if (state->io_read_handler != NULL || c->read != NULL) {
568                 nxt_conn_read(task->thread->engine, c);
569                 return;
570             }
571 
572         } else {
573             if (c->write != NULL) {
574                 nxt_conn_write(task->thread->engine, c);
575                 return;
576             }
577         }
578 
579         handler = state->ready_handler;
580 
581     } else {
582         c->socket.read_handler = nxt_openssl_conn_handshake;
583         c->socket.write_handler = nxt_openssl_conn_handshake;
584 
585         n = nxt_openssl_conn_test_error(task, c, ret, err,
586                                         NXT_OPENSSL_HANDSHAKE);
587         switch (n) {
588 
589         case NXT_AGAIN:
590             if (tls->ssl_error == SSL_ERROR_WANT_READ && tls->times < 2) {
591                 tls->times++;
592             }
593 
594             return;
595 
596         case 0:
597             handler = state->close_handler;
598             break;
599 
600         default:
601         case NXT_ERROR:
602             c->socket.error = err;
603             nxt_openssl_conn_error(task, err, "SSL_do_handshake(%d) failed",
604                                    c->socket.fd);
605 
606             handler = state->error_handler;
607             break;
608         }
609     }
610 
611     wq = (c->read_state != NULL) ? c->read_work_queue : c->write_work_queue;
612 
613     nxt_work_queue_add(wq, handler, task, c, data);
614 }
615 
616 
617 static ssize_t
618 nxt_openssl_conn_io_recvbuf(nxt_conn_t *c, nxt_buf_t *b)
619 {
620     int                 ret;
621     size_t              size;
622     nxt_int_t           n;
623     nxt_err_t           err;
624     nxt_openssl_conn_t  *tls;
625 
626     tls = c->u.tls;
627     size = b->mem.end - b->mem.free;
628 
629     ret = SSL_read(tls->session, b->mem.free, size);
630 
631     err = (ret <= 0) ? nxt_socket_errno : 0;
632 
633     nxt_debug(c->socket.task, "SSL_read(%d, %p, %uz): %d err:%d",
634               c->socket.fd, b->mem.free, size, ret, err);
635 
636     if (ret > 0) {
637         if ((size_t) ret < size) {
638             c->socket.read_ready = 0;
639         }
640 
641         return ret;
642     }
643 
644     n = nxt_openssl_conn_test_error(c->socket.task, c, ret, err,
645                                     NXT_OPENSSL_READ);
646     if (n == NXT_ERROR) {
647         c->socket.error = err;
648         nxt_openssl_conn_error(c->socket.task, err,
649                                "SSL_read(%d, %p, %uz) failed",
650                                c->socket.fd, b->mem.free, size);
651     }
652 
653     return n;
654 }
655 
656 
657 static ssize_t
658 nxt_openssl_conn_io_sendbuf(nxt_task_t *task, nxt_sendbuf_t *sb)
659 {
660     nxt_uint_t    niov;
661     struct iovec  iov;
662 
663     niov = nxt_sendbuf_mem_coalesce0(task, sb, &iov, 1);
664 
665     if (niov == 0 && sb->sync) {
666         return 0;
667     }
668 
669     return nxt_openssl_conn_io_send(task, sb, iov.iov_base, iov.iov_len);
670 }
671 
672 
673 static ssize_t
674 nxt_openssl_conn_io_send(nxt_task_t *task, nxt_sendbuf_t *sb, void *buf,
675     size_t size)
676 {
677     int                 ret;
678     nxt_err_t           err;
679     nxt_int_t           n;
680     nxt_conn_t          *c;
681     nxt_openssl_conn_t  *tls;
682 
683     tls = sb->tls;
684 
685     ret = SSL_write(tls->session, buf, size);
686 
687     if (ret <= 0) {
688         err = nxt_socket_errno;
689         sb->error = err;
690 
691     } else {
692         err = 0;
693     }
694 
695     nxt_debug(task, "SSL_write(%d, %p, %uz): %d err:%d",
696               sb->socket, buf, size, ret, err);
697 
698     if (ret > 0) {
699         return ret;
700     }
701 
702     c = tls->conn;
703     c->socket.write_ready = sb->ready;
704     c->socket.error = sb->error;
705 
706     n = nxt_openssl_conn_test_error(task, c, ret, err, NXT_OPENSSL_WRITE);
707 
708     sb->ready = c->socket.write_ready;
709     sb->error = c->socket.error;
710 
711     if (n == NXT_ERROR) {
712         sb->error = err;
713         nxt_openssl_conn_error(task, err, "SSL_write(%d, %p, %uz) failed",
714                                sb->socket, buf, size);
715     }
716 
717     return n;
718 }
719 
720 
721 static void
722 nxt_openssl_conn_io_shutdown(nxt_task_t *task, void *obj, void *data)
723 {
724     int                 ret, mode;
725     SSL                 *s;
726     nxt_err_t           err;
727     nxt_int_t           n;
728     nxt_bool_t          quiet, once;
729     nxt_conn_t          *c;
730     nxt_openssl_conn_t  *tls;
731     nxt_work_handler_t  handler;
732 
733     c = obj;
734 
735     nxt_debug(task, "openssl conn shutdown fd:%d", c->socket.fd);
736 
737     if (c->socket.error != 0) {
738         return;
739     }
740 
741     c->read_state = NULL;
742     tls = c->u.tls;
743 
744     if (tls == NULL) {
745         return;
746     }
747 
748     s = tls->session;
749 
750     if (s == NULL || !tls->handshake) {
751         handler = c->write_state->ready_handler;
752         goto done;
753     }
754 
755     mode = SSL_get_shutdown(s);
756 
757     if (c->socket.timedout || c->socket.error != 0) {
758         quiet = 1;
759 
760     } else if (c->socket.closed && !(mode & SSL_RECEIVED_SHUTDOWN)) {
761         quiet = 1;
762 
763     } else {
764         quiet = 0;
765     }
766 
767     SSL_set_quiet_shutdown(s, quiet);
768 
769     once = 1;
770 
771     for ( ;; ) {
772         SSL_set_shutdown(s, mode);
773 
774         ret = SSL_shutdown(s);
775 
776         err = (ret <= 0) ? nxt_socket_errno : 0;
777 
778         nxt_debug(task, "SSL_shutdown(%d, %d, %b): %d err:%d",
779                   c->socket.fd, mode, quiet, ret, err);
780 
781         if (ret > 0) {
782             /* ret == 1, the shutdown was successfully completed. */
783             handler = c->write_state->ready_handler;
784             goto done;
785         }
786 
787         if (ret == 0) {
788             /*
789              * If SSL_shutdown() returns 0 then it should be called
790              * again.  The second SSL_shutdown() call should return
791              * -1/SSL_ERROR_WANT_READ or -1/SSL_ERROR_WANT_WRITE.
792              * OpenSSL prior to 0.9.8m version however never returns
793              * -1 at all.  Fortunately, OpenSSL preserves internally
794              * correct status available via SSL_get_error(-1).
795              */
796             if (once) {
797                 once = 0;
798                 mode = SSL_get_shutdown(s);
799                 continue;
800             }
801 
802             ret = -1;
803         }
804 
805         /* ret == -1 */
806 
807         break;
808     }
809 
810     c->socket.read_handler = nxt_openssl_conn_io_shutdown;
811     c->socket.write_handler = nxt_openssl_conn_io_shutdown;
812     c->socket.error_handler = c->write_state->error_handler;
813 
814     n = nxt_openssl_conn_test_error(task, c, ret, err, NXT_OPENSSL_SHUTDOWN);
815 
816     switch (n) {
817 
818     case 0:
819         handler = c->write_state->close_handler;
820         break;
821 
822     case NXT_AGAIN:
823         nxt_timer_add(task->thread->engine, &c->read_timer, 5000);
824         return;
825 
826     default:
827     case NXT_ERROR:
828         c->socket.error = err;
829         nxt_openssl_conn_error(task, err, "SSL_shutdown(%d) failed",
830                                c->socket.fd);
831         handler = c->write_state->error_handler;
832     }
833 
834 done:
835 
836     nxt_openssl_conn_free(task, c);
837 
838     nxt_work_queue_add(c->write_work_queue, handler, task, c, data);
839 }
840 
841 
842 static nxt_int_t
843 nxt_openssl_conn_test_error(nxt_task_t *task, nxt_conn_t *c, int ret,
844     nxt_err_t sys_err, nxt_openssl_io_t io)
845 {
846     u_long              lib_err;
847     nxt_openssl_conn_t  *tls;
848 
849     tls = c->u.tls;
850 
851     tls->ssl_error = SSL_get_error(tls->session, ret);
852 
853     nxt_debug(task, "SSL_get_error(): %d", tls->ssl_error);
854 
855     switch (tls->ssl_error) {
856 
857     case SSL_ERROR_WANT_READ:
858 
859         if (io != NXT_OPENSSL_READ) {
860             nxt_fd_event_block_write(task->thread->engine, &c->socket);
861 
862             c->socket.read_ready = 0;
863 
864             if (nxt_fd_event_is_disabled(c->socket.read)) {
865                 nxt_fd_event_enable_read(task->thread->engine, &c->socket);
866             }
867         }
868 
869         return NXT_AGAIN;
870 
871     case SSL_ERROR_WANT_WRITE:
872 
873         if (io != NXT_OPENSSL_WRITE) {
874             nxt_fd_event_block_read(task->thread->engine, &c->socket);
875 
876             c->socket.write_ready = 0;
877 
878             if (nxt_fd_event_is_disabled(c->socket.write)) {
879                 nxt_fd_event_enable_write(task->thread->engine, &c->socket);
880             }
881         }
882 
883         return NXT_AGAIN;
884 
885     case SSL_ERROR_SYSCALL:
886         lib_err = ERR_peek_error();
887 
888         nxt_debug(task, "ERR_peek_error(): %l", lib_err);
889 
890         if (sys_err != 0 || lib_err != 0) {
891             return NXT_ERROR;
892         }
893 
894         /* A connection was just closed. */
895         c->socket.closed = 1;
896         return 0;
897 
898     case SSL_ERROR_ZERO_RETURN:
899         /* A "close notify" alert. */
900         return 0;
901 
902     default: /* SSL_ERROR_SSL, etc. */
903         c->socket.error = 1000;  /* Nonexistent errno code. */
904         return NXT_ERROR;
905     }
906 }
907 
908 
909 static void nxt_cdecl
910 nxt_openssl_conn_error(nxt_task_t *task, nxt_err_t err, const char *fmt, ...)
911 {
912     u_char      *p, *end;
913     va_list     args;
914     nxt_uint_t  level;
915     u_char      msg[NXT_MAX_ERROR_STR];
916 
917     level = nxt_openssl_log_error_level(err);
918 
919     if (nxt_log_level_enough(task->log, level)) {
920 
921         end = msg + sizeof(msg);
922 
923         va_start(args, fmt);
924         p = nxt_vsprintf(msg, end, fmt, args);
925         va_end(args);
926 
927         if (err != 0) {
928             p = nxt_sprintf(p, end, " %E", err);
929         }
930 
931         p = nxt_openssl_copy_error(p, end);
932 
933         nxt_log(task, level, "%*s", p - msg, msg);
934 
935     } else {
936         ERR_clear_error();
937     }
938 }
939 
940 
941 static nxt_uint_t
942 nxt_openssl_log_error_level(nxt_err_t err)
943 {
944     switch (ERR_GET_REASON(ERR_peek_error())) {
945 
946     case 0:
947         return nxt_socket_error_level(err);
948 
949     case SSL_R_BAD_CHANGE_CIPHER_SPEC:                    /*  103 */
950     case SSL_R_BLOCK_CIPHER_PAD_IS_WRONG:                 /*  129 */
951     case SSL_R_DIGEST_CHECK_FAILED:                       /*  149 */
952     case SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST:             /*  151 */
953     case SSL_R_EXCESSIVE_MESSAGE_SIZE:                    /*  152 */
954     case SSL_R_LENGTH_MISMATCH:                           /*  159 */
955 #ifdef SSL_R_NO_CIPHERS_PASSED
956     case SSL_R_NO_CIPHERS_PASSED:                         /*  182 */
957 #endif
958     case SSL_R_NO_CIPHERS_SPECIFIED:                      /*  183 */
959     case SSL_R_NO_COMPRESSION_SPECIFIED:                  /*  187 */
960     case SSL_R_NO_SHARED_CIPHER:                          /*  193 */
961     case SSL_R_RECORD_LENGTH_MISMATCH:                    /*  213 */
962 #ifdef SSL_R_PARSE_TLSEXT
963     case SSL_R_PARSE_TLSEXT:                              /*  227 */
964 #endif
965     case SSL_R_UNEXPECTED_MESSAGE:                        /*  244 */
966     case SSL_R_UNEXPECTED_RECORD:                         /*  245 */
967     case SSL_R_UNKNOWN_ALERT_TYPE:                        /*  246 */
968     case SSL_R_UNKNOWN_PROTOCOL:                          /*  252 */
969     case SSL_R_WRONG_VERSION_NUMBER:                      /*  267 */
970     case SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC:       /*  281 */
971 #ifdef SSL_R_RENEGOTIATE_EXT_TOO_LONG
972     case SSL_R_RENEGOTIATE_EXT_TOO_LONG:                  /*  335 */
973     case SSL_R_RENEGOTIATION_ENCODING_ERR:                /*  336 */
974     case SSL_R_RENEGOTIATION_MISMATCH:                    /*  337 */
975 #endif
976 #ifdef SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED
977     case SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED:      /*  338 */
978 #endif
979 #ifdef SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING
980     case SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING:          /*  345 */
981 #endif
982     case 1000:/* SSL_R_SSLV3_ALERT_CLOSE_NOTIFY */
983     case SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE:            /* 1010 */
984     case SSL_R_SSLV3_ALERT_BAD_RECORD_MAC:                /* 1020 */
985     case SSL_R_TLSV1_ALERT_DECRYPTION_FAILED:             /* 1021 */
986     case SSL_R_TLSV1_ALERT_RECORD_OVERFLOW:               /* 1022 */
987     case SSL_R_SSLV3_ALERT_DECOMPRESSION_FAILURE:         /* 1030 */
988     case SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE:             /* 1040 */
989     case SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER:             /* 1047 */
990         break;
991 
992     case SSL_R_SSLV3_ALERT_NO_CERTIFICATE:                /* 1041 */
993     case SSL_R_SSLV3_ALERT_BAD_CERTIFICATE:               /* 1042 */
994     case SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE:       /* 1043 */
995     case SSL_R_SSLV3_ALERT_CERTIFICATE_REVOKED:           /* 1044 */
996     case SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED:           /* 1045 */
997     case SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN:           /* 1046 */
998     case SSL_R_TLSV1_ALERT_UNKNOWN_CA:                    /* 1048 */
999     case SSL_R_TLSV1_ALERT_ACCESS_DENIED:                 /* 1049 */
1000     case SSL_R_TLSV1_ALERT_DECODE_ERROR:                  /* 1050 */
1001     case SSL_R_TLSV1_ALERT_DECRYPT_ERROR:                 /* 1051 */
1002     case SSL_R_TLSV1_ALERT_EXPORT_RESTRICTION:            /* 1060 */
1003     case SSL_R_TLSV1_ALERT_PROTOCOL_VERSION:              /* 1070 */
1004     case SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY:         /* 1071 */
1005     case SSL_R_TLSV1_ALERT_INTERNAL_ERROR:                /* 1080 */
1006     case SSL_R_TLSV1_ALERT_USER_CANCELLED:                /* 1090 */
1007     case SSL_R_TLSV1_ALERT_NO_RENEGOTIATION:              /* 1100 */
1008         return NXT_LOG_ERR;
1009 
1010     default:
1011         return NXT_LOG_ALERT;
1012     }
1013 
1014     return NXT_LOG_INFO;
1015 }
1016 
1017 
1018 void nxt_cdecl
1019 nxt_openssl_log_error(nxt_task_t *task, nxt_uint_t level, const char *fmt, ...)
1020 {
1021     u_char   *p, *end;
1022     va_list  args;
1023     u_char   msg[NXT_MAX_ERROR_STR];
1024 
1025     end = msg + sizeof(msg);
1026 
1027     va_start(args, fmt);
1028     p = nxt_vsprintf(msg, end, fmt, args);
1029     va_end(args);
1030 
1031     p = nxt_openssl_copy_error(p, end);
1032 
1033     nxt_log(task, level, "%*s", p - msg, msg);
1034 }
1035 
1036 
1037 u_char *
1038 nxt_openssl_copy_error(u_char *p, u_char *end)
1039 {
1040     int         flags;
1041     u_long      err;
1042     nxt_bool_t  clear;
1043     const char  *data, *delimiter;
1044 
1045     err = ERR_peek_error();
1046     if (err == 0) {
1047         return p;
1048     }
1049 
1050     /* Log the most relevant error message ... */
1051     data = ERR_reason_error_string(err);
1052 
1053     p = nxt_sprintf(p, end, " (%d: %s) (OpenSSL: ", ERR_GET_REASON(err), data);
1054 
1055     /*
1056      * ... followed by all queued cumbersome OpenSSL error messages
1057      * and drain the error queue.
1058      */
1059     delimiter = "";
1060     clear = 0;
1061 
1062     for ( ;; ) {
1063         err = ERR_get_error_line_data(NULL, NULL, &data, &flags);
1064         if (err == 0) {
1065             break;
1066         }
1067 
1068         p = nxt_sprintf(p, end, "%s", delimiter);
1069 
1070         ERR_error_string_n(err, (char *) p, end - p);
1071 
1072         while (p < end && *p != '\0') {
1073             p++;
1074         }
1075 
1076         if ((flags & ERR_TXT_STRING) != 0) {
1077             p = nxt_sprintf(p, end, ":%s", data);
1078         }
1079 
1080         clear |= ((flags & ERR_TXT_MALLOCED) != 0);
1081 
1082         delimiter = "; ";
1083     }
1084 
1085     /* Deallocate additional data. */
1086 
1087     if (clear) {
1088         ERR_clear_error();
1089     }
1090 
1091     if (p < end) {
1092         *p++ = ')';
1093     }
1094 
1095     return p;
1096 }
1097