Re: [PATCH 2 of 2] SSL: SSL_sendfile() support with kernel TLS

Thu, 24 Nov 2022 01:22:08 -0800 


> On 27 Sep 2021, at 17:18, Maxim Dounin <mdou...@mdounin.ru> wrote:
> 
> # HG changeset patch
> # User Maxim Dounin <mdou...@mdounin.ru>
> # Date 1632717779 -10800
> #      Mon Sep 27 07:42:59 2021 +0300
> # Node ID ff514bf17f7f2257dcf036c5c973b74672cefa9a
> # Parent  8f0fd60c33c106fba5f1ce3cafe990f15fcccc0c
> SSL: SSL_sendfile() support with kernel TLS.
> 
> Requires OpenSSL 3.0 compiled with "enable-ktls" option.  Further, KTLS
> needs to be enabled in kernel, and in OpenSSL, either via OpenSSL
> configuration file or with "ssl_conf_command Options KTLS;" in nginx
> configuration.
> 
> On FreeBSD, kernel TLS is available starting with FreeBSD 13.0, and
> can be enabled with "sysctl kern.ipc.tls.enable=1" and "kldload ktls_ocf".
> 
> On Linux, kernel TLS is available starting with kernel 4.13 (at least 5.2
> is recommended), and needs kernel compiled with CONFIG_TLS=y (with
> CONFIG_TLS=m, which is used at least on Ubuntu 21.04 by default,
> the tls module needs to be loaded with "modprobe tls").
> 
> diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c

[..]

> @@ -2882,6 +2937,150 @@ ngx_ssl_write_early(ngx_connection_t *c,
> #endif
> 
> 
> +static ssize_t
> +ngx_ssl_sendfile(ngx_connection_t *c, ngx_buf_t *file, size_t size)
> +{
> +#ifdef BIO_get_ktls_send
> +
> +    int        sslerr;
> +    ssize_t    n;
> +    ngx_err_t  err;
> +
> +    ngx_ssl_clear_error(c->log);
> +
> +    ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0,
> +                   "SSL to sendfile: @%O %uz",
> +                   file->file_pos, size);
> +
> +    ngx_set_errno(0);
> +
> +    n = SSL_sendfile(c->ssl->connection, file->file->fd, file->file_pos,
> +                     size, 0);
> +
> +    ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL_sendfile: %d", n);
> +

Hello,

looks like a wrong format specifier slipped through review.
Patch to address this:

# HG changeset patch
# User Sergey Kandaurov <pluk...@nginx.com>
# Date 1669241969 -14400
#      Thu Nov 24 02:19:29 2022 +0400
# Node ID 66ad8bd4b9e4347bda8fe64423632ded19093db2
# Parent  75bfb3a97ca3d6292fb7877b89bb46720c15da80
SSL: fixed debug logging of SSL_sendfile() return value.

diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c
--- a/src/event/ngx_event_openssl.c
+++ b/src/event/ngx_event_openssl.c
@@ -3020,7 +3020,7 @@ ngx_ssl_sendfile(ngx_connection_t *c, ng
     n = SSL_sendfile(c->ssl->connection, file->file->fd, file->file_pos,
                      size, flags);
 
-    ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL_sendfile: %d", n);
+    ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL_sendfile: %z", n);
 
     if (n > 0) {
 

> [..]

-- 
Sergey Kandaurov

_______________________________________________
nginx-devel mailing list -- nginx-devel@nginx.org
To unsubscribe send an email to nginx-devel-le...@nginx.org

Reply via email to