SSL: avoid calling SSL_write() with zero data size. According to documentation, calling SSL_write() with num=0 bytes to be sent results in undefined behavior. We don't currently call ngx_ssl_send_chain() with empty chain and buffer. This check handles the case of a chain with total data size that is a multiple of NGX_SSL_BUFSIZE, and with the special buffer at the end. In practice such cases resulted in premature connection close and critical error "SSL_write() failed (SSL:)" in the error log.

commit: 0f0fac70a14fc489eab91888772073ed1259b633 [log] [tgz]
author: Valentin Bartenev <vbart@nginx.com> Mon Jan 28 15:40:25 2013 +0000
committer: Valentin Bartenev <vbart@nginx.com> Mon Jan 28 15:40:25 2013 +0000
tree: e44d6d8383f3f6d58afb97af1d23748312ffbf54
parent: f98b1d256114e7f9bdfd17ea362cdcb137cdc62c [diff]
diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c
index c27dba9..d288bc8 100644
--- a/src/event/ngx_event_openssl.c
+++ b/src/event/ngx_event_openssl.c

@@ -1213,6 +1213,12 @@
 
         size = buf->last - buf->pos;
 
+        if (size == 0) {
+            buf->flush = 0;
+            c->buffered &= ~NGX_SSL_BUFFERED;
+            return in;
+        }
+
         n = ngx_ssl_write(c, buf->pos, size);
 
         if (n == NGX_ERROR) {
commit	0f0fac70a14fc489eab91888772073ed1259b633	[log] [tgz]
author	Valentin Bartenev <vbart@nginx.com>	Mon Jan 28 15:40:25 2013 +0000
committer	Valentin Bartenev <vbart@nginx.com>	Mon Jan 28 15:40:25 2013 +0000
tree	e44d6d8383f3f6d58afb97af1d23748312ffbf54
parent	f98b1d256114e7f9bdfd17ea362cdcb137cdc62c [diff]