Skip to first unread message
杨阳
Apr 29, 2016, 5:14:13 AM4/29/16
to openresty-en
when the create_ocsp_request failed, if I not return ngx.exit(ngx.ERROR) and just use return, I find it will not just throw out
"ssl handshake: userdata" but "
| failed to do SSL handshake: handshake failed |
"
[crit] 2557#0: *3 SSL_shutdown() failed (SSL: error:140E0197:SSL routines:SSL_shutdown:shutdown while in init) while SSL handshaking, client: unix:, server: unix:/home/vagrant/marco/nginx/app/t/servroot/html/nginx.sock at /home/vagrant/test-nginx/lib/Test/Nginx/Socket.pm line 1192.
BTW, I use the latest openresty-1.9.7.4's compile nginx(with openssl 1.0.2g), and I wonder why it can't finish the handshake, and in other test case, if it just return nil and it can finish the handshake.
Yichun Zhang (agentzh)
Apr 29, 2016, 6:25:24 PM4/29/16
to openresty-en
Hello!
On Fri, Apr 29, 2016 at 2:14 AM, 杨阳 wrote:
> when the create_ocsp_request failed, if I not return ngx.exit(ngx.ERROR) and just use return, I find it will not just throw out
>
> "ssl handshake: userdata" but "
> failed to do SSL handshake: handshake failed
> "
>
> [crit] 2557#0: *3 SSL_shutdown() failed (SSL: error:140E0197:SSL routines:SSL_shutdown:shutdown while in init) while SSL handshaking, client: unix:, server: unix:/home/vagrant/marco/nginx/app/t/servroot/html/nginx.sock at /home/vagrant/test-nginx/lib/Test/Nginx/Socket.pm line 1192.
>
>
> BTW, I use the latest openresty-1.9.7.4's compile nginx(with openssl 1.0.2g), and I wonder why it can't finish the handshake, and in other test case, if it just return nil and it can finish the handshake.
>
This is by design. "ngx.exit(ngx.ERROR)" *is* the way to abort the
handshake forcibly while plain "return" just quits the current Lua
handler. BTW, the return value of the "return" statement on the
top-level of the Lua handler is always ignored according to the
current implementation.
Regards,
-agentzh
On Fri, Apr 29, 2016 at 2:14 AM, 杨阳 wrote:
> when the create_ocsp_request failed, if I not return ngx.exit(ngx.ERROR) and just use return, I find it will not just throw out
>
> "ssl handshake: userdata" but "
> failed to do SSL handshake: handshake failed
> "
>
> [crit] 2557#0: *3 SSL_shutdown() failed (SSL: error:140E0197:SSL routines:SSL_shutdown:shutdown while in init) while SSL handshaking, client: unix:, server: unix:/home/vagrant/marco/nginx/app/t/servroot/html/nginx.sock at /home/vagrant/test-nginx/lib/Test/Nginx/Socket.pm line 1192.
>
>
> BTW, I use the latest openresty-1.9.7.4's compile nginx(with openssl 1.0.2g), and I wonder why it can't finish the handshake, and in other test case, if it just return nil and it can finish the handshake.
>
handshake forcibly while plain "return" just quits the current Lua
handler. BTW, the return value of the "return" statement on the
top-level of the Lua handler is always ignored according to the
current implementation.
Regards,
-agentzh
杨阳
May 2, 2016, 1:15:47 AM5/2/16
to openresty-en
I just wonder if I just use return rather than return ngx.exit(ngx.ERROR), why it will throw out some error statement, but others will not.
在 2016年4月29日星期五 UTC+8下午5:14:13,杨阳写道:
Yichun Zhang (agentzh)
May 2, 2016, 11:11:14 PM5/2/16
to openresty-en
Hello!
On Sun, May 1, 2016 at 10:15 PM, 杨阳 wrote:
>
> I just wonder if I just use return rather than return ngx.exit(ngx.ERROR), why it will throw out some error statement, but others will not.
>
I do not completely understand your English. I guess you are running
into this issue with OpenSSL 1.0.2f with nginx cores older than
1.9.12:
"Workaround: "called a function you should not call" and "shutdown
while in init" messages might appear in logs when using OpenSSL
1.0.2f."
See http://nginx.org/en/CHANGES for more details.
Because OpenResty 1.9.7.4 includes NGINX 1.9.7 which does have this
issue. You can downgrade OpenSSL to 1.0.2e for now until OpenResty
1.9.15.1 is out.
Regards,
-agentzh
On Sun, May 1, 2016 at 10:15 PM, 杨阳 wrote:
>
> I just wonder if I just use return rather than return ngx.exit(ngx.ERROR), why it will throw out some error statement, but others will not.
>
into this issue with OpenSSL 1.0.2f with nginx cores older than
1.9.12:
"Workaround: "called a function you should not call" and "shutdown
while in init" messages might appear in logs when using OpenSSL
1.0.2f."
See http://nginx.org/en/CHANGES for more details.
Because OpenResty 1.9.7.4 includes NGINX 1.9.7 which does have this
issue. You can downgrade OpenSSL to 1.0.2e for now until OpenResty
1.9.15.1 is out.
Regards,
-agentzh
Reply all
Reply to author
Forward
0 new messages