Hey Maxim, > As far as I understand, this change isn't useable with an > unmodified nginx
It is, since nginx modules are free to install those SSL callbacks (for example: ngx_lua's ssl_certificate_by_lua). > (and introduces some minor pessimization in an > unlikely case when first ngx_ssl_handshake() will not return > NGX_AGAIN). Since SSL/TLS handshake requires at least 1 RTT (even in case of session resumption), the only case in which ngx_ssl_handshake() wouldn't return NGX_AGAIN is when the handshake failed based on ClientHello (no shared ciphers, inappropriate fallback, etc.), in which case the connection will be closed and ngx_reusable_connection(c, 0) will be called from ngx_close_connection() anyway. Calling ngx_reusable_connection(c, 0) twice is basically a no-op, so I don't really consider this a pessimization. Best regards, Piotr Sikora _______________________________________________ nginx-devel mailing list [email protected] http://mailman.nginx.org/mailman/listinfo/nginx-devel
