Mercurial > hg > nginx-quic
annotate src/http/modules/ngx_http_ssl_module.c @ 4159:718f2154b813 stable-1.0
Merging r3933, r4154:
A new fix for the case when ssl_session_cache defined, but ssl is not
enabled in any server. The previous r1033 does not help when unused zone
becomes used after reconfiguration, so it is backed out.
The initial thought was to make SSL modules independed from SSL implementation
and to keep OpenSSL code dependance as much as in separate files.
author | Igor Sysoev <igor@sysoev.ru> |
---|---|
date | Fri, 30 Sep 2011 13:36:33 +0000 |
parents | f87edc142316 |
children | 8d39230df833 |
rev | line source |
---|---|
441
da8c5707af39
nginx-0.1.0-2004-09-28-12:34:51 import; set copyright and remove unused files
Igor Sysoev <igor@sysoev.ru>
parents:
396
diff
changeset
|
1 |
da8c5707af39
nginx-0.1.0-2004-09-28-12:34:51 import; set copyright and remove unused files
Igor Sysoev <igor@sysoev.ru>
parents:
396
diff
changeset
|
2 /* |
444
42d11f017717
nginx-0.1.0-2004-09-29-20:00:49 import; remove years from copyright
Igor Sysoev <igor@sysoev.ru>
parents:
441
diff
changeset
|
3 * Copyright (C) Igor Sysoev |
441
da8c5707af39
nginx-0.1.0-2004-09-28-12:34:51 import; set copyright and remove unused files
Igor Sysoev <igor@sysoev.ru>
parents:
396
diff
changeset
|
4 */ |
da8c5707af39
nginx-0.1.0-2004-09-28-12:34:51 import; set copyright and remove unused files
Igor Sysoev <igor@sysoev.ru>
parents:
396
diff
changeset
|
5 |
383
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
6 |
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
7 #include <ngx_config.h> |
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
8 #include <ngx_core.h> |
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
9 #include <ngx_http.h> |
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
10 |
573 | 11 |
671 | 12 typedef ngx_int_t (*ngx_ssl_variable_handler_pt)(ngx_connection_t *c, |
13 ngx_pool_t *pool, ngx_str_t *s); | |
611 | 14 |
15 | |
4041
f87edc142316
Merge of r3960, r3961, r3962, r3963, r3965:
Igor Sysoev <igor@sysoev.ru>
parents:
3938
diff
changeset
|
16 #define NGX_DEFAULT_CIPHERS "HIGH:!aNULL:!MD5" |
f87edc142316
Merge of r3960, r3961, r3962, r3963, r3965:
Igor Sysoev <igor@sysoev.ru>
parents:
3938
diff
changeset
|
17 #define NGX_DEFAULT_ECDH_CURVE "prime256v1" |
383
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
18 |
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
19 |
671 | 20 static ngx_int_t ngx_http_ssl_static_variable(ngx_http_request_t *r, |
611 | 21 ngx_http_variable_value_t *v, uintptr_t data); |
671 | 22 static ngx_int_t ngx_http_ssl_variable(ngx_http_request_t *r, |
647 | 23 ngx_http_variable_value_t *v, uintptr_t data); |
611 | 24 |
25 static ngx_int_t ngx_http_ssl_add_variables(ngx_conf_t *cf); | |
383
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
26 static void *ngx_http_ssl_create_srv_conf(ngx_conf_t *cf); |
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
27 static char *ngx_http_ssl_merge_srv_conf(ngx_conf_t *cf, |
501 | 28 void *parent, void *child); |
383
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
29 |
2224 | 30 static char *ngx_http_ssl_enable(ngx_conf_t *cf, ngx_command_t *cmd, |
31 void *conf); | |
973 | 32 static char *ngx_http_ssl_session_cache(ngx_conf_t *cf, ngx_command_t *cmd, |
33 void *conf); | |
34 | |
383
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
35 |
547 | 36 static ngx_conf_bitmask_t ngx_http_ssl_protocols[] = { |
37 { ngx_string("SSLv2"), NGX_SSL_SSLv2 }, | |
38 { ngx_string("SSLv3"), NGX_SSL_SSLv3 }, | |
39 { ngx_string("TLSv1"), NGX_SSL_TLSv1 }, | |
40 { ngx_null_string, 0 } | |
41 }; | |
42 | |
43 | |
2123 | 44 static ngx_conf_enum_t ngx_http_ssl_verify[] = { |
45 { ngx_string("off"), 0 }, | |
46 { ngx_string("on"), 1 }, | |
2994 | 47 { ngx_string("optional"), 2 }, |
2123 | 48 { ngx_null_string, 0 } |
49 }; | |
50 | |
51 | |
395
f8f0f1834266
nginx-0.0.7-2004-07-16-21:11:43 import
Igor Sysoev <igor@sysoev.ru>
parents:
394
diff
changeset
|
52 static ngx_command_t ngx_http_ssl_commands[] = { |
383
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
53 |
393
5659d773cfa8
nginx-0.0.7-2004-07-15-20:35:51 import
Igor Sysoev <igor@sysoev.ru>
parents:
392
diff
changeset
|
54 { ngx_string("ssl"), |
599 | 55 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_FLAG, |
2224 | 56 ngx_http_ssl_enable, |
383
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
57 NGX_HTTP_SRV_CONF_OFFSET, |
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
58 offsetof(ngx_http_ssl_srv_conf_t, enable), |
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
59 NULL }, |
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
60 |
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
61 { ngx_string("ssl_certificate"), |
599 | 62 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_TAKE1, |
383
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
63 ngx_conf_set_str_slot, |
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
64 NGX_HTTP_SRV_CONF_OFFSET, |
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
65 offsetof(ngx_http_ssl_srv_conf_t, certificate), |
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
66 NULL }, |
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
67 |
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
68 { ngx_string("ssl_certificate_key"), |
599 | 69 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_TAKE1, |
383
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
70 ngx_conf_set_str_slot, |
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
71 NGX_HTTP_SRV_CONF_OFFSET, |
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
72 offsetof(ngx_http_ssl_srv_conf_t, certificate_key), |
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
73 NULL }, |
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
74 |
2044 | 75 { ngx_string("ssl_dhparam"), |
76 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_TAKE1, | |
77 ngx_conf_set_str_slot, | |
78 NGX_HTTP_SRV_CONF_OFFSET, | |
79 offsetof(ngx_http_ssl_srv_conf_t, dhparam), | |
80 NULL }, | |
81 | |
4041
f87edc142316
Merge of r3960, r3961, r3962, r3963, r3965:
Igor Sysoev <igor@sysoev.ru>
parents:
3938
diff
changeset
|
82 { ngx_string("ssl_ecdh_curve"), |
f87edc142316
Merge of r3960, r3961, r3962, r3963, r3965:
Igor Sysoev <igor@sysoev.ru>
parents:
3938
diff
changeset
|
83 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_TAKE1, |
f87edc142316
Merge of r3960, r3961, r3962, r3963, r3965:
Igor Sysoev <igor@sysoev.ru>
parents:
3938
diff
changeset
|
84 ngx_conf_set_str_slot, |
f87edc142316
Merge of r3960, r3961, r3962, r3963, r3965:
Igor Sysoev <igor@sysoev.ru>
parents:
3938
diff
changeset
|
85 NGX_HTTP_SRV_CONF_OFFSET, |
f87edc142316
Merge of r3960, r3961, r3962, r3963, r3965:
Igor Sysoev <igor@sysoev.ru>
parents:
3938
diff
changeset
|
86 offsetof(ngx_http_ssl_srv_conf_t, ecdh_curve), |
f87edc142316
Merge of r3960, r3961, r3962, r3963, r3965:
Igor Sysoev <igor@sysoev.ru>
parents:
3938
diff
changeset
|
87 NULL }, |
f87edc142316
Merge of r3960, r3961, r3962, r3963, r3965:
Igor Sysoev <igor@sysoev.ru>
parents:
3938
diff
changeset
|
88 |
547 | 89 { ngx_string("ssl_protocols"), |
563 | 90 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_1MORE, |
547 | 91 ngx_conf_set_bitmask_slot, |
92 NGX_HTTP_SRV_CONF_OFFSET, | |
93 offsetof(ngx_http_ssl_srv_conf_t, protocols), | |
94 &ngx_http_ssl_protocols }, | |
95 | |
479 | 96 { ngx_string("ssl_ciphers"), |
563 | 97 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_TAKE1, |
479 | 98 ngx_conf_set_str_slot, |
99 NGX_HTTP_SRV_CONF_OFFSET, | |
100 offsetof(ngx_http_ssl_srv_conf_t, ciphers), | |
101 NULL }, | |
102 | |
647 | 103 { ngx_string("ssl_verify_client"), |
667 | 104 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_FLAG, |
2123 | 105 ngx_conf_set_enum_slot, |
647 | 106 NGX_HTTP_SRV_CONF_OFFSET, |
107 offsetof(ngx_http_ssl_srv_conf_t, verify), | |
2123 | 108 &ngx_http_ssl_verify }, |
647 | 109 |
110 { ngx_string("ssl_verify_depth"), | |
111 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_1MORE, | |
112 ngx_conf_set_num_slot, | |
113 NGX_HTTP_SRV_CONF_OFFSET, | |
114 offsetof(ngx_http_ssl_srv_conf_t, verify_depth), | |
115 NULL }, | |
116 | |
117 { ngx_string("ssl_client_certificate"), | |
118 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_TAKE1, | |
119 ngx_conf_set_str_slot, | |
120 NGX_HTTP_SRV_CONF_OFFSET, | |
121 offsetof(ngx_http_ssl_srv_conf_t, client_certificate), | |
122 NULL }, | |
123 | |
547 | 124 { ngx_string("ssl_prefer_server_ciphers"), |
125 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_FLAG, | |
126 ngx_conf_set_flag_slot, | |
127 NGX_HTTP_SRV_CONF_OFFSET, | |
128 offsetof(ngx_http_ssl_srv_conf_t, prefer_server_ciphers), | |
129 NULL }, | |
130 | |
973 | 131 { ngx_string("ssl_session_cache"), |
132 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_TAKE12, | |
133 ngx_http_ssl_session_cache, | |
134 NGX_HTTP_SRV_CONF_OFFSET, | |
135 0, | |
136 NULL }, | |
137 | |
573 | 138 { ngx_string("ssl_session_timeout"), |
139 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_TAKE1, | |
140 ngx_conf_set_sec_slot, | |
141 NGX_HTTP_SRV_CONF_OFFSET, | |
142 offsetof(ngx_http_ssl_srv_conf_t, session_timeout), | |
143 NULL }, | |
144 | |
2995 | 145 { ngx_string("ssl_crl"), |
146 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_TAKE1, | |
147 ngx_conf_set_str_slot, | |
148 NGX_HTTP_SRV_CONF_OFFSET, | |
149 offsetof(ngx_http_ssl_srv_conf_t, crl), | |
150 NULL }, | |
151 | |
383
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
152 ngx_null_command |
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
153 }; |
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
154 |
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
155 |
395
f8f0f1834266
nginx-0.0.7-2004-07-16-21:11:43 import
Igor Sysoev <igor@sysoev.ru>
parents:
394
diff
changeset
|
156 static ngx_http_module_t ngx_http_ssl_module_ctx = { |
611 | 157 ngx_http_ssl_add_variables, /* preconfiguration */ |
509 | 158 NULL, /* postconfiguration */ |
383
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
159 |
541 | 160 NULL, /* create main configuration */ |
161 NULL, /* init main configuration */ | |
383
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
162 |
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
163 ngx_http_ssl_create_srv_conf, /* create server configuration */ |
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
164 ngx_http_ssl_merge_srv_conf, /* merge server configuration */ |
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
165 |
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
166 NULL, /* create location configuration */ |
485 | 167 NULL /* merge location configuration */ |
383
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
168 }; |
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
169 |
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
170 |
395
f8f0f1834266
nginx-0.0.7-2004-07-16-21:11:43 import
Igor Sysoev <igor@sysoev.ru>
parents:
394
diff
changeset
|
171 ngx_module_t ngx_http_ssl_module = { |
509 | 172 NGX_MODULE_V1, |
395
f8f0f1834266
nginx-0.0.7-2004-07-16-21:11:43 import
Igor Sysoev <igor@sysoev.ru>
parents:
394
diff
changeset
|
173 &ngx_http_ssl_module_ctx, /* module context */ |
f8f0f1834266
nginx-0.0.7-2004-07-16-21:11:43 import
Igor Sysoev <igor@sysoev.ru>
parents:
394
diff
changeset
|
174 ngx_http_ssl_commands, /* module directives */ |
383
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
175 NGX_HTTP_MODULE, /* module type */ |
541 | 176 NULL, /* init master */ |
393
5659d773cfa8
nginx-0.0.7-2004-07-15-20:35:51 import
Igor Sysoev <igor@sysoev.ru>
parents:
392
diff
changeset
|
177 NULL, /* init module */ |
541 | 178 NULL, /* init process */ |
179 NULL, /* init thread */ | |
180 NULL, /* exit thread */ | |
181 NULL, /* exit process */ | |
182 NULL, /* exit master */ | |
183 NGX_MODULE_V1_PADDING | |
383
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
184 }; |
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
185 |
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
186 |
611 | 187 static ngx_http_variable_t ngx_http_ssl_vars[] = { |
188 | |
671 | 189 { ngx_string("ssl_protocol"), NULL, ngx_http_ssl_static_variable, |
1565 | 190 (uintptr_t) ngx_ssl_get_protocol, NGX_HTTP_VAR_CHANGEABLE, 0 }, |
611 | 191 |
671 | 192 { ngx_string("ssl_cipher"), NULL, ngx_http_ssl_static_variable, |
1565 | 193 (uintptr_t) ngx_ssl_get_cipher_name, NGX_HTTP_VAR_CHANGEABLE, 0 }, |
611 | 194 |
3154 | 195 { ngx_string("ssl_session_id"), NULL, ngx_http_ssl_variable, |
196 (uintptr_t) ngx_ssl_get_session_id, NGX_HTTP_VAR_CHANGEABLE, 0 }, | |
197 | |
2045 | 198 { ngx_string("ssl_client_cert"), NULL, ngx_http_ssl_variable, |
199 (uintptr_t) ngx_ssl_get_certificate, NGX_HTTP_VAR_CHANGEABLE, 0 }, | |
200 | |
2123 | 201 { ngx_string("ssl_client_raw_cert"), NULL, ngx_http_ssl_variable, |
202 (uintptr_t) ngx_ssl_get_raw_certificate, | |
203 NGX_HTTP_VAR_CHANGEABLE, 0 }, | |
204 | |
671 | 205 { ngx_string("ssl_client_s_dn"), NULL, ngx_http_ssl_variable, |
1565 | 206 (uintptr_t) ngx_ssl_get_subject_dn, NGX_HTTP_VAR_CHANGEABLE, 0 }, |
647 | 207 |
671 | 208 { ngx_string("ssl_client_i_dn"), NULL, ngx_http_ssl_variable, |
1565 | 209 (uintptr_t) ngx_ssl_get_issuer_dn, NGX_HTTP_VAR_CHANGEABLE, 0 }, |
671 | 210 |
211 { ngx_string("ssl_client_serial"), NULL, ngx_http_ssl_variable, | |
1565 | 212 (uintptr_t) ngx_ssl_get_serial_number, NGX_HTTP_VAR_CHANGEABLE, 0 }, |
647 | 213 |
2994 | 214 { ngx_string("ssl_client_verify"), NULL, ngx_http_ssl_variable, |
215 (uintptr_t) ngx_ssl_get_client_verify, NGX_HTTP_VAR_CHANGEABLE, 0 }, | |
216 | |
637 | 217 { ngx_null_string, NULL, NULL, 0, 0, 0 } |
611 | 218 }; |
219 | |
220 | |
974
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
973
diff
changeset
|
221 static ngx_str_t ngx_http_ssl_sess_id_ctx = ngx_string("HTTP"); |
973 | 222 |
223 | |
224 static ngx_int_t | |
671 | 225 ngx_http_ssl_static_variable(ngx_http_request_t *r, |
611 | 226 ngx_http_variable_value_t *v, uintptr_t data) |
227 { | |
671 | 228 ngx_ssl_variable_handler_pt handler = (ngx_ssl_variable_handler_pt) data; |
611 | 229 |
1310
33d6c994a0b2
Sun Studio on sparc uses different bit order
Igor Sysoev <igor@sysoev.ru>
parents:
1219
diff
changeset
|
230 size_t len; |
33d6c994a0b2
Sun Studio on sparc uses different bit order
Igor Sysoev <igor@sysoev.ru>
parents:
1219
diff
changeset
|
231 ngx_str_t s; |
611 | 232 |
233 if (r->connection->ssl) { | |
234 | |
1310
33d6c994a0b2
Sun Studio on sparc uses different bit order
Igor Sysoev <igor@sysoev.ru>
parents:
1219
diff
changeset
|
235 (void) handler(r->connection, NULL, &s); |
33d6c994a0b2
Sun Studio on sparc uses different bit order
Igor Sysoev <igor@sysoev.ru>
parents:
1219
diff
changeset
|
236 |
33d6c994a0b2
Sun Studio on sparc uses different bit order
Igor Sysoev <igor@sysoev.ru>
parents:
1219
diff
changeset
|
237 v->data = s.data; |
611 | 238 |
671 | 239 for (len = 0; v->data[len]; len++) { /* void */ } |
611 | 240 |
241 v->len = len; | |
242 v->valid = 1; | |
1565 | 243 v->no_cacheable = 0; |
611 | 244 v->not_found = 0; |
245 | |
246 return NGX_OK; | |
247 } | |
248 | |
249 v->not_found = 1; | |
250 | |
251 return NGX_OK; | |
252 } | |
253 | |
254 | |
255 static ngx_int_t | |
671 | 256 ngx_http_ssl_variable(ngx_http_request_t *r, ngx_http_variable_value_t *v, |
647 | 257 uintptr_t data) |
258 { | |
671 | 259 ngx_ssl_variable_handler_pt handler = (ngx_ssl_variable_handler_pt) data; |
647 | 260 |
1310
33d6c994a0b2
Sun Studio on sparc uses different bit order
Igor Sysoev <igor@sysoev.ru>
parents:
1219
diff
changeset
|
261 ngx_str_t s; |
33d6c994a0b2
Sun Studio on sparc uses different bit order
Igor Sysoev <igor@sysoev.ru>
parents:
1219
diff
changeset
|
262 |
647 | 263 if (r->connection->ssl) { |
1310
33d6c994a0b2
Sun Studio on sparc uses different bit order
Igor Sysoev <igor@sysoev.ru>
parents:
1219
diff
changeset
|
264 |
33d6c994a0b2
Sun Studio on sparc uses different bit order
Igor Sysoev <igor@sysoev.ru>
parents:
1219
diff
changeset
|
265 if (handler(r->connection, r->pool, &s) != NGX_OK) { |
647 | 266 return NGX_ERROR; |
267 } | |
268 | |
1310
33d6c994a0b2
Sun Studio on sparc uses different bit order
Igor Sysoev <igor@sysoev.ru>
parents:
1219
diff
changeset
|
269 v->len = s.len; |
33d6c994a0b2
Sun Studio on sparc uses different bit order
Igor Sysoev <igor@sysoev.ru>
parents:
1219
diff
changeset
|
270 v->data = s.data; |
33d6c994a0b2
Sun Studio on sparc uses different bit order
Igor Sysoev <igor@sysoev.ru>
parents:
1219
diff
changeset
|
271 |
647 | 272 if (v->len) { |
273 v->valid = 1; | |
1565 | 274 v->no_cacheable = 0; |
647 | 275 v->not_found = 0; |
276 | |
277 return NGX_OK; | |
278 } | |
279 } | |
280 | |
281 v->not_found = 1; | |
282 | |
283 return NGX_OK; | |
284 } | |
285 | |
286 | |
287 static ngx_int_t | |
611 | 288 ngx_http_ssl_add_variables(ngx_conf_t *cf) |
289 { | |
290 ngx_http_variable_t *var, *v; | |
291 | |
292 for (v = ngx_http_ssl_vars; v->name.len; v++) { | |
293 var = ngx_http_add_variable(cf, &v->name, v->flags); | |
294 if (var == NULL) { | |
295 return NGX_ERROR; | |
296 } | |
297 | |
637 | 298 var->get_handler = v->get_handler; |
611 | 299 var->data = v->data; |
300 } | |
301 | |
302 return NGX_OK; | |
303 } | |
304 | |
305 | |
501 | 306 static void * |
307 ngx_http_ssl_create_srv_conf(ngx_conf_t *cf) | |
383
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
308 { |
971 | 309 ngx_http_ssl_srv_conf_t *sscf; |
383
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
310 |
971 | 311 sscf = ngx_pcalloc(cf->pool, sizeof(ngx_http_ssl_srv_conf_t)); |
312 if (sscf == NULL) { | |
2912
c7d57b539248
return NULL instead of NGX_CONF_ERROR on a create conf failure
Igor Sysoev <igor@sysoev.ru>
parents:
2716
diff
changeset
|
313 return NULL; |
383
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
314 } |
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
315 |
479 | 316 /* |
317 * set by ngx_pcalloc(): | |
318 * | |
971 | 319 * sscf->protocols = 0; |
2044 | 320 * sscf->certificate = { 0, NULL }; |
321 * sscf->certificate_key = { 0, NULL }; | |
322 * sscf->dhparam = { 0, NULL }; | |
4041
f87edc142316
Merge of r3960, r3961, r3962, r3963, r3965:
Igor Sysoev <igor@sysoev.ru>
parents:
3938
diff
changeset
|
323 * sscf->ecdh_curve = { 0, NULL }; |
2044 | 324 * sscf->client_certificate = { 0, NULL }; |
2995 | 325 * sscf->crl = { 0, NULL }; |
3516
dd1570b6f237
ngx_str_set() and ngx_str_null()
Igor Sysoev <igor@sysoev.ru>
parents:
3209
diff
changeset
|
326 * sscf->ciphers = { 0, NULL }; |
973 | 327 * sscf->shm_zone = NULL; |
479 | 328 */ |
329 | |
971 | 330 sscf->enable = NGX_CONF_UNSET; |
2123 | 331 sscf->prefer_server_ciphers = NGX_CONF_UNSET; |
2710 | 332 sscf->verify = NGX_CONF_UNSET_UINT; |
333 sscf->verify_depth = NGX_CONF_UNSET_UINT; | |
973 | 334 sscf->builtin_session_cache = NGX_CONF_UNSET; |
335 sscf->session_timeout = NGX_CONF_UNSET; | |
383
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
336 |
971 | 337 return sscf; |
383
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
338 } |
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
339 |
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
340 |
501 | 341 static char * |
342 ngx_http_ssl_merge_srv_conf(ngx_conf_t *cf, void *parent, void *child) | |
383
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
343 { |
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
344 ngx_http_ssl_srv_conf_t *prev = parent; |
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
345 ngx_http_ssl_srv_conf_t *conf = child; |
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
346 |
563 | 347 ngx_pool_cleanup_t *cln; |
348 | |
383
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
349 ngx_conf_merge_value(conf->enable, prev->enable, 0); |
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
350 |
573 | 351 ngx_conf_merge_value(conf->session_timeout, |
352 prev->session_timeout, 300); | |
353 | |
547 | 354 ngx_conf_merge_value(conf->prefer_server_ciphers, |
355 prev->prefer_server_ciphers, 0); | |
356 | |
357 ngx_conf_merge_bitmask_value(conf->protocols, prev->protocols, | |
3190
dd2ae3872634
disable SSLv2 and low ciphers by default
Igor Sysoev <igor@sysoev.ru>
parents:
3154
diff
changeset
|
358 (NGX_CONF_BITMASK_SET|NGX_SSL_SSLv3|NGX_SSL_TLSv1)); |
547 | 359 |
2123 | 360 ngx_conf_merge_uint_value(conf->verify, prev->verify, 0); |
361 ngx_conf_merge_uint_value(conf->verify_depth, prev->verify_depth, 1); | |
647 | 362 |
2224 | 363 ngx_conf_merge_str_value(conf->certificate, prev->certificate, ""); |
364 ngx_conf_merge_str_value(conf->certificate_key, prev->certificate_key, ""); | |
383
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
365 |
2044 | 366 ngx_conf_merge_str_value(conf->dhparam, prev->dhparam, ""); |
367 | |
647 | 368 ngx_conf_merge_str_value(conf->client_certificate, prev->client_certificate, |
369 ""); | |
2995 | 370 ngx_conf_merge_str_value(conf->crl, prev->crl, ""); |
647 | 371 |
4041
f87edc142316
Merge of r3960, r3961, r3962, r3963, r3965:
Igor Sysoev <igor@sysoev.ru>
parents:
3938
diff
changeset
|
372 ngx_conf_merge_str_value(conf->ecdh_curve, prev->ecdh_curve, |
f87edc142316
Merge of r3960, r3961, r3962, r3963, r3965:
Igor Sysoev <igor@sysoev.ru>
parents:
3938
diff
changeset
|
373 NGX_DEFAULT_ECDH_CURVE); |
f87edc142316
Merge of r3960, r3961, r3962, r3963, r3965:
Igor Sysoev <igor@sysoev.ru>
parents:
3938
diff
changeset
|
374 |
2124 | 375 ngx_conf_merge_str_value(conf->ciphers, prev->ciphers, NGX_DEFAULT_CIPHERS); |
479 | 376 |
377 | |
547 | 378 conf->ssl.log = cf->log; |
386
fa72605e7089
nginx-0.0.7-2004-07-12-01:03:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
385
diff
changeset
|
379 |
2224 | 380 if (conf->enable) { |
381 | |
382 if (conf->certificate.len == 0) { | |
383 ngx_log_error(NGX_LOG_EMERG, cf->log, 0, | |
384 "no \"ssl_certificate\" is defined for " | |
385 "the \"ssl\" directive in %s:%ui", | |
386 conf->file, conf->line); | |
387 return NGX_CONF_ERROR; | |
388 } | |
389 | |
390 if (conf->certificate_key.len == 0) { | |
391 ngx_log_error(NGX_LOG_EMERG, cf->log, 0, | |
392 "no \"ssl_certificate_key\" is defined for " | |
393 "the \"ssl\" directive in %s:%ui", | |
394 conf->file, conf->line); | |
395 return NGX_CONF_ERROR; | |
396 } | |
397 | |
398 } else { | |
399 | |
400 if (conf->certificate.len == 0) { | |
401 return NGX_CONF_OK; | |
402 } | |
403 | |
404 if (conf->certificate_key.len == 0) { | |
405 ngx_log_error(NGX_LOG_EMERG, cf->log, 0, | |
406 "no \"ssl_certificate_key\" is defined " | |
407 "for certificate \"%V\"", &conf->certificate); | |
408 return NGX_CONF_ERROR; | |
409 } | |
410 } | |
411 | |
969 | 412 if (ngx_ssl_create(&conf->ssl, conf->protocols, conf) != NGX_OK) { |
386
fa72605e7089
nginx-0.0.7-2004-07-12-01:03:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
385
diff
changeset
|
413 return NGX_CONF_ERROR; |
fa72605e7089
nginx-0.0.7-2004-07-12-01:03:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
385
diff
changeset
|
414 } |
fa72605e7089
nginx-0.0.7-2004-07-12-01:03:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
385
diff
changeset
|
415 |
1219 | 416 #ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME |
417 | |
418 if (SSL_CTX_set_tlsext_servername_callback(conf->ssl.ctx, | |
419 ngx_http_ssl_servername) | |
420 == 0) | |
421 { | |
3140
ba9a8ba4207e
*) issue warning instead of failure: this is too common case
Igor Sysoev <igor@sysoev.ru>
parents:
2996
diff
changeset
|
422 ngx_log_error(NGX_LOG_WARN, cf->log, 0, |
3209 | 423 "nginx was built with SNI support, however, now it is linked " |
3140
ba9a8ba4207e
*) issue warning instead of failure: this is too common case
Igor Sysoev <igor@sysoev.ru>
parents:
2996
diff
changeset
|
424 "dynamically to an OpenSSL library which has no tlsext support, " |
ba9a8ba4207e
*) issue warning instead of failure: this is too common case
Igor Sysoev <igor@sysoev.ru>
parents:
2996
diff
changeset
|
425 "therefore SNI is not available"); |
1219 | 426 } |
427 | |
428 #endif | |
429 | |
563 | 430 cln = ngx_pool_cleanup_add(cf->pool, 0); |
431 if (cln == NULL) { | |
509 | 432 return NGX_CONF_ERROR; |
433 } | |
434 | |
563 | 435 cln->handler = ngx_ssl_cleanup_ctx; |
436 cln->data = &conf->ssl; | |
437 | |
438 if (ngx_ssl_certificate(cf, &conf->ssl, &conf->certificate, | |
970 | 439 &conf->certificate_key) |
440 != NGX_OK) | |
529 | 441 { |
386
fa72605e7089
nginx-0.0.7-2004-07-12-01:03:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
385
diff
changeset
|
442 return NGX_CONF_ERROR; |
fa72605e7089
nginx-0.0.7-2004-07-12-01:03:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
385
diff
changeset
|
443 } |
fa72605e7089
nginx-0.0.7-2004-07-12-01:03:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
385
diff
changeset
|
444 |
547 | 445 if (SSL_CTX_set_cipher_list(conf->ssl.ctx, |
563 | 446 (const char *) conf->ciphers.data) |
447 == 0) | |
529 | 448 { |
395
f8f0f1834266
nginx-0.0.7-2004-07-16-21:11:43 import
Igor Sysoev <igor@sysoev.ru>
parents:
394
diff
changeset
|
449 ngx_ssl_error(NGX_LOG_EMERG, cf->log, 0, |
547 | 450 "SSL_CTX_set_cipher_list(\"%V\") failed", |
451 &conf->ciphers); | |
452 } | |
453 | |
647 | 454 if (conf->verify) { |
2123 | 455 |
456 if (conf->client_certificate.len == 0) { | |
457 ngx_log_error(NGX_LOG_EMERG, cf->log, 0, | |
458 "no ssl_client_certificate for ssl_client_verify"); | |
459 return NGX_CONF_ERROR; | |
460 } | |
461 | |
671 | 462 if (ngx_ssl_client_certificate(cf, &conf->ssl, |
970 | 463 &conf->client_certificate, |
464 conf->verify_depth) | |
671 | 465 != NGX_OK) |
466 { | |
467 return NGX_CONF_ERROR; | |
647 | 468 } |
2995 | 469 |
470 if (ngx_ssl_crl(cf, &conf->ssl, &conf->crl) != NGX_OK) { | |
471 return NGX_CONF_ERROR; | |
472 } | |
647 | 473 } |
474 | |
547 | 475 if (conf->prefer_server_ciphers) { |
476 SSL_CTX_set_options(conf->ssl.ctx, SSL_OP_CIPHER_SERVER_PREFERENCE); | |
477 } | |
478 | |
479 /* a temporary 512-bit RSA key is required for export versions of MSIE */ | |
4041
f87edc142316
Merge of r3960, r3961, r3962, r3963, r3965:
Igor Sysoev <igor@sysoev.ru>
parents:
3938
diff
changeset
|
480 SSL_CTX_set_tmp_rsa_callback(conf->ssl.ctx, ngx_ssl_rsa512_key_callback); |
f87edc142316
Merge of r3960, r3961, r3962, r3963, r3965:
Igor Sysoev <igor@sysoev.ru>
parents:
3938
diff
changeset
|
481 |
f87edc142316
Merge of r3960, r3961, r3962, r3963, r3965:
Igor Sysoev <igor@sysoev.ru>
parents:
3938
diff
changeset
|
482 if (ngx_ssl_dhparam(cf, &conf->ssl, &conf->dhparam) != NGX_OK) { |
386
fa72605e7089
nginx-0.0.7-2004-07-12-01:03:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
385
diff
changeset
|
483 return NGX_CONF_ERROR; |
fa72605e7089
nginx-0.0.7-2004-07-12-01:03:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
385
diff
changeset
|
484 } |
fa72605e7089
nginx-0.0.7-2004-07-12-01:03:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
385
diff
changeset
|
485 |
4041
f87edc142316
Merge of r3960, r3961, r3962, r3963, r3965:
Igor Sysoev <igor@sysoev.ru>
parents:
3938
diff
changeset
|
486 if (ngx_ssl_ecdh_curve(cf, &conf->ssl, &conf->ecdh_curve) != NGX_OK) { |
2044 | 487 return NGX_CONF_ERROR; |
488 } | |
489 | |
973 | 490 ngx_conf_merge_value(conf->builtin_session_cache, |
2032 | 491 prev->builtin_session_cache, NGX_SSL_NONE_SCACHE); |
973 | 492 |
493 if (conf->shm_zone == NULL) { | |
494 conf->shm_zone = prev->shm_zone; | |
495 } | |
496 | |
974
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
973
diff
changeset
|
497 if (ngx_ssl_session_cache(&conf->ssl, &ngx_http_ssl_sess_id_ctx, |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
973
diff
changeset
|
498 conf->builtin_session_cache, |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
973
diff
changeset
|
499 conf->shm_zone, conf->session_timeout) |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
973
diff
changeset
|
500 != NGX_OK) |
973 | 501 { |
974
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
973
diff
changeset
|
502 return NGX_CONF_ERROR; |
973 | 503 } |
573 | 504 |
383
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
505 return NGX_CONF_OK; |
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
506 } |
563 | 507 |
508 | |
973 | 509 static char * |
2224 | 510 ngx_http_ssl_enable(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) |
511 { | |
512 ngx_http_ssl_srv_conf_t *sscf = conf; | |
513 | |
514 char *rv; | |
515 | |
516 rv = ngx_conf_set_flag_slot(cf, cmd, conf); | |
517 | |
518 if (rv != NGX_CONF_OK) { | |
519 return rv; | |
520 } | |
521 | |
522 sscf->file = cf->conf_file->file.name.data; | |
523 sscf->line = cf->conf_file->line; | |
524 | |
525 return NGX_CONF_OK; | |
526 } | |
527 | |
528 | |
529 static char * | |
973 | 530 ngx_http_ssl_session_cache(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) |
531 { | |
532 ngx_http_ssl_srv_conf_t *sscf = conf; | |
533 | |
534 size_t len; | |
535 ngx_str_t *value, name, size; | |
536 ngx_int_t n; | |
537 ngx_uint_t i, j; | |
538 | |
539 value = cf->args->elts; | |
540 | |
541 for (i = 1; i < cf->args->nelts; i++) { | |
542 | |
1778 | 543 if (ngx_strcmp(value[i].data, "off") == 0) { |
544 sscf->builtin_session_cache = NGX_SSL_NO_SCACHE; | |
545 continue; | |
546 } | |
547 | |
2032 | 548 if (ngx_strcmp(value[i].data, "none") == 0) { |
549 sscf->builtin_session_cache = NGX_SSL_NONE_SCACHE; | |
550 continue; | |
551 } | |
552 | |
973 | 553 if (ngx_strcmp(value[i].data, "builtin") == 0) { |
974
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
973
diff
changeset
|
554 sscf->builtin_session_cache = NGX_SSL_DFLT_BUILTIN_SCACHE; |
973 | 555 continue; |
556 } | |
557 | |
558 if (value[i].len > sizeof("builtin:") - 1 | |
559 && ngx_strncmp(value[i].data, "builtin:", sizeof("builtin:") - 1) | |
560 == 0) | |
561 { | |
562 n = ngx_atoi(value[i].data + sizeof("builtin:") - 1, | |
563 value[i].len - (sizeof("builtin:") - 1)); | |
564 | |
565 if (n == NGX_ERROR) { | |
566 goto invalid; | |
567 } | |
568 | |
569 sscf->builtin_session_cache = n; | |
570 | |
571 continue; | |
572 } | |
573 | |
574 if (value[i].len > sizeof("shared:") - 1 | |
575 && ngx_strncmp(value[i].data, "shared:", sizeof("shared:") - 1) | |
576 == 0) | |
577 { | |
578 len = 0; | |
579 | |
580 for (j = sizeof("shared:") - 1; j < value[i].len; j++) { | |
581 if (value[i].data[j] == ':') { | |
2716
d5896f6608e8
move zone name from ngx_shm_zone_t to ngx_shm_t to use Win32 shared memory
Igor Sysoev <igor@sysoev.ru>
parents:
2710
diff
changeset
|
582 value[i].data[j] = '\0'; |
973 | 583 break; |
584 } | |
585 | |
586 len++; | |
587 } | |
588 | |
589 if (len == 0) { | |
590 goto invalid; | |
591 } | |
592 | |
593 name.len = len; | |
594 name.data = value[i].data + sizeof("shared:") - 1; | |
595 | |
596 size.len = value[i].len - j - 1; | |
597 size.data = name.data + len + 1; | |
598 | |
599 n = ngx_parse_size(&size); | |
600 | |
601 if (n == NGX_ERROR) { | |
602 goto invalid; | |
603 } | |
604 | |
605 if (n < (ngx_int_t) (8 * ngx_pagesize)) { | |
606 ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, | |
974
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
973
diff
changeset
|
607 "session cache \"%V\" is too small", |
973 | 608 &value[i]); |
609 | |
610 return NGX_CONF_ERROR; | |
611 } | |
612 | |
613 sscf->shm_zone = ngx_shared_memory_add(cf, &name, n, | |
614 &ngx_http_ssl_module); | |
615 if (sscf->shm_zone == NULL) { | |
616 return NGX_CONF_ERROR; | |
617 } | |
618 | |
4159 | 619 sscf->shm_zone->init = ngx_ssl_session_cache_init; |
620 | |
973 | 621 continue; |
622 } | |
623 | |
624 goto invalid; | |
625 } | |
626 | |
627 if (sscf->shm_zone && sscf->builtin_session_cache == NGX_CONF_UNSET) { | |
974
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
973
diff
changeset
|
628 sscf->builtin_session_cache = NGX_SSL_NO_BUILTIN_SCACHE; |
973 | 629 } |
630 | |
631 return NGX_CONF_OK; | |
632 | |
633 invalid: | |
634 | |
635 ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, | |
636 "invalid session cache \"%V\"", &value[i]); | |
637 | |
638 return NGX_CONF_ERROR; | |
639 } |