Mercurial > hg > nginx-quic
annotate src/event/ngx_event_openssl.h @ 7906:7995cd199b52 quic
Merged with the default branch.
author | Sergey Kandaurov <pluknet@nginx.com> |
---|---|
date | Tue, 26 May 2020 20:26:44 +0300 |
parents | 253cf267f95a b56f725dd4bb |
children | 7621ffaa79b3 |
rev | line source |
---|---|
441
da8c5707af39
nginx-0.1.0-2004-09-28-12:34:51 import; set copyright and remove unused files
Igor Sysoev <igor@sysoev.ru>
parents:
397
diff
changeset
|
1 |
da8c5707af39
nginx-0.1.0-2004-09-28-12:34:51 import; set copyright and remove unused files
Igor Sysoev <igor@sysoev.ru>
parents:
397
diff
changeset
|
2 /* |
444
42d11f017717
nginx-0.1.0-2004-09-29-20:00:49 import; remove years from copyright
Igor Sysoev <igor@sysoev.ru>
parents:
441
diff
changeset
|
3 * Copyright (C) Igor Sysoev |
4412 | 4 * Copyright (C) Nginx, Inc. |
441
da8c5707af39
nginx-0.1.0-2004-09-28-12:34:51 import; set copyright and remove unused files
Igor Sysoev <igor@sysoev.ru>
parents:
397
diff
changeset
|
5 */ |
da8c5707af39
nginx-0.1.0-2004-09-28-12:34:51 import; set copyright and remove unused files
Igor Sysoev <igor@sysoev.ru>
parents:
397
diff
changeset
|
6 |
da8c5707af39
nginx-0.1.0-2004-09-28-12:34:51 import; set copyright and remove unused files
Igor Sysoev <igor@sysoev.ru>
parents:
397
diff
changeset
|
7 |
393
5659d773cfa8
nginx-0.0.7-2004-07-15-20:35:51 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
8 #ifndef _NGX_EVENT_OPENSSL_H_INCLUDED_ |
5659d773cfa8
nginx-0.0.7-2004-07-15-20:35:51 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
9 #define _NGX_EVENT_OPENSSL_H_INCLUDED_ |
5659d773cfa8
nginx-0.0.7-2004-07-15-20:35:51 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
10 |
5659d773cfa8
nginx-0.0.7-2004-07-15-20:35:51 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
11 |
5659d773cfa8
nginx-0.0.7-2004-07-15-20:35:51 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
12 #include <ngx_config.h> |
5659d773cfa8
nginx-0.0.7-2004-07-15-20:35:51 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
13 #include <ngx_core.h> |
5659d773cfa8
nginx-0.0.7-2004-07-15-20:35:51 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
14 |
5659d773cfa8
nginx-0.0.7-2004-07-15-20:35:51 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
15 #include <openssl/ssl.h> |
5659d773cfa8
nginx-0.0.7-2004-07-15-20:35:51 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
16 #include <openssl/err.h> |
7633
5d91389e0fd3
Initial QUIC support in http.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7612
diff
changeset
|
17 #include <openssl/aes.h> |
5753
febce92c82f6
SSL: include correct OpenSSL headers.
Piotr Sikora <piotr@cloudflare.com>
parents:
5744
diff
changeset
|
18 #include <openssl/bn.h> |
968 | 19 #include <openssl/conf.h> |
5753
febce92c82f6
SSL: include correct OpenSSL headers.
Piotr Sikora <piotr@cloudflare.com>
parents:
5744
diff
changeset
|
20 #include <openssl/crypto.h> |
febce92c82f6
SSL: include correct OpenSSL headers.
Piotr Sikora <piotr@cloudflare.com>
parents:
5744
diff
changeset
|
21 #include <openssl/dh.h> |
5777
4d092aa2f463
SSL: fix build with OPENSSL_NO_ENGINE and/or OPENSSL_NO_OCSP.
Piotr Sikora <piotr@cloudflare.com>
parents:
5753
diff
changeset
|
22 #ifndef OPENSSL_NO_ENGINE |
541 | 23 #include <openssl/engine.h> |
5777
4d092aa2f463
SSL: fix build with OPENSSL_NO_ENGINE and/or OPENSSL_NO_OCSP.
Piotr Sikora <piotr@cloudflare.com>
parents:
5753
diff
changeset
|
24 #endif |
3464
7f99ce2247f9
add OpenSSL_add_all_algorithms(), this fixes the error
Igor Sysoev <igor@sysoev.ru>
parents:
3300
diff
changeset
|
25 #include <openssl/evp.h> |
7637
4daf03d2bd0a
OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7633
diff
changeset
|
26 #ifdef OPENSSL_IS_BORINGSSL |
7633
5d91389e0fd3
Initial QUIC support in http.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7612
diff
changeset
|
27 #include <openssl/hkdf.h> |
7669
ec0c44aa2881
Chacha20 header protection support with BoringSSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7637
diff
changeset
|
28 #include <openssl/chacha.h> |
7637
4daf03d2bd0a
OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7633
diff
changeset
|
29 #else |
4daf03d2bd0a
OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7633
diff
changeset
|
30 #include <openssl/kdf.h> |
4daf03d2bd0a
OpenSSL compatibility.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7633
diff
changeset
|
31 #endif |
7132
8076ba459f05
SSL: include <openssl/hmac.h>.
Alessandro Ghedini <alessandro@ghedini.me>
parents:
7091
diff
changeset
|
32 #include <openssl/hmac.h> |
5777
4d092aa2f463
SSL: fix build with OPENSSL_NO_ENGINE and/or OPENSSL_NO_OCSP.
Piotr Sikora <piotr@cloudflare.com>
parents:
5753
diff
changeset
|
33 #ifndef OPENSSL_NO_OCSP |
4873
dd74fd35ceb5
OCSP stapling: ssl_stapling_file support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4872
diff
changeset
|
34 #include <openssl/ocsp.h> |
5777
4d092aa2f463
SSL: fix build with OPENSSL_NO_ENGINE and/or OPENSSL_NO_OCSP.
Piotr Sikora <piotr@cloudflare.com>
parents:
5753
diff
changeset
|
35 #endif |
5753
febce92c82f6
SSL: include correct OpenSSL headers.
Piotr Sikora <piotr@cloudflare.com>
parents:
5744
diff
changeset
|
36 #include <openssl/rand.h> |
febce92c82f6
SSL: include correct OpenSSL headers.
Piotr Sikora <piotr@cloudflare.com>
parents:
5744
diff
changeset
|
37 #include <openssl/rsa.h> |
febce92c82f6
SSL: include correct OpenSSL headers.
Piotr Sikora <piotr@cloudflare.com>
parents:
5744
diff
changeset
|
38 #include <openssl/x509.h> |
febce92c82f6
SSL: include correct OpenSSL headers.
Piotr Sikora <piotr@cloudflare.com>
parents:
5744
diff
changeset
|
39 #include <openssl/x509v3.h> |
541 | 40 |
547 | 41 #define NGX_SSL_NAME "OpenSSL" |
42 | |
43 | |
6485
382fc7069e3a
SSL: reasonable version for LibreSSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
6261
diff
changeset
|
44 #if (defined LIBRESSL_VERSION_NUMBER && OPENSSL_VERSION_NUMBER == 0x20000000L) |
382fc7069e3a
SSL: reasonable version for LibreSSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
6261
diff
changeset
|
45 #undef OPENSSL_VERSION_NUMBER |
7337
cab37803ebb3
SSL: fixed build with LibreSSL 2.8.0 (ticket #1605).
Maxim Dounin <mdounin@mdounin.ru>
parents:
7333
diff
changeset
|
46 #if (LIBRESSL_VERSION_NUMBER >= 0x2080000fL) |
cab37803ebb3
SSL: fixed build with LibreSSL 2.8.0 (ticket #1605).
Maxim Dounin <mdounin@mdounin.ru>
parents:
7333
diff
changeset
|
47 #define OPENSSL_VERSION_NUMBER 0x1010000fL |
cab37803ebb3
SSL: fixed build with LibreSSL 2.8.0 (ticket #1605).
Maxim Dounin <mdounin@mdounin.ru>
parents:
7333
diff
changeset
|
48 #else |
6485
382fc7069e3a
SSL: reasonable version for LibreSSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
6261
diff
changeset
|
49 #define OPENSSL_VERSION_NUMBER 0x1000107fL |
382fc7069e3a
SSL: reasonable version for LibreSSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
6261
diff
changeset
|
50 #endif |
7337
cab37803ebb3
SSL: fixed build with LibreSSL 2.8.0 (ticket #1605).
Maxim Dounin <mdounin@mdounin.ru>
parents:
7333
diff
changeset
|
51 #endif |
6485
382fc7069e3a
SSL: reasonable version for LibreSSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
6261
diff
changeset
|
52 |
382fc7069e3a
SSL: reasonable version for LibreSSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
6261
diff
changeset
|
53 |
6492
3b77efe05b92
SSL: SSLeay_version() is deprecated in OpenSSL 1.1.0.
Maxim Dounin <mdounin@mdounin.ru>
parents:
6485
diff
changeset
|
54 #if (OPENSSL_VERSION_NUMBER >= 0x10100001L) |
3b77efe05b92
SSL: SSLeay_version() is deprecated in OpenSSL 1.1.0.
Maxim Dounin <mdounin@mdounin.ru>
parents:
6485
diff
changeset
|
55 |
3b77efe05b92
SSL: SSLeay_version() is deprecated in OpenSSL 1.1.0.
Maxim Dounin <mdounin@mdounin.ru>
parents:
6485
diff
changeset
|
56 #define ngx_ssl_version() OpenSSL_version(OPENSSL_VERSION) |
3b77efe05b92
SSL: SSLeay_version() is deprecated in OpenSSL 1.1.0.
Maxim Dounin <mdounin@mdounin.ru>
parents:
6485
diff
changeset
|
57 |
3b77efe05b92
SSL: SSLeay_version() is deprecated in OpenSSL 1.1.0.
Maxim Dounin <mdounin@mdounin.ru>
parents:
6485
diff
changeset
|
58 #else |
3b77efe05b92
SSL: SSLeay_version() is deprecated in OpenSSL 1.1.0.
Maxim Dounin <mdounin@mdounin.ru>
parents:
6485
diff
changeset
|
59 |
3b77efe05b92
SSL: SSLeay_version() is deprecated in OpenSSL 1.1.0.
Maxim Dounin <mdounin@mdounin.ru>
parents:
6485
diff
changeset
|
60 #define ngx_ssl_version() SSLeay_version(SSLEAY_VERSION) |
3b77efe05b92
SSL: SSLeay_version() is deprecated in OpenSSL 1.1.0.
Maxim Dounin <mdounin@mdounin.ru>
parents:
6485
diff
changeset
|
61 |
3b77efe05b92
SSL: SSLeay_version() is deprecated in OpenSSL 1.1.0.
Maxim Dounin <mdounin@mdounin.ru>
parents:
6485
diff
changeset
|
62 #endif |
3b77efe05b92
SSL: SSLeay_version() is deprecated in OpenSSL 1.1.0.
Maxim Dounin <mdounin@mdounin.ru>
parents:
6485
diff
changeset
|
63 |
3b77efe05b92
SSL: SSLeay_version() is deprecated in OpenSSL 1.1.0.
Maxim Dounin <mdounin@mdounin.ru>
parents:
6485
diff
changeset
|
64 |
671 | 65 #define ngx_ssl_session_t SSL_SESSION |
66 #define ngx_ssl_conn_t SSL | |
67 | |
68 | |
6982
ac9b1df5b246
SSL: disabled renegotiation detection in client mode.
Sergey Kandaurov <pluknet@nginx.com>
parents:
6981
diff
changeset
|
69 #if (OPENSSL_VERSION_NUMBER < 0x10002000L) |
ac9b1df5b246
SSL: disabled renegotiation detection in client mode.
Sergey Kandaurov <pluknet@nginx.com>
parents:
6981
diff
changeset
|
70 #define SSL_is_server(s) (s)->server |
ac9b1df5b246
SSL: disabled renegotiation detection in client mode.
Sergey Kandaurov <pluknet@nginx.com>
parents:
6981
diff
changeset
|
71 #endif |
ac9b1df5b246
SSL: disabled renegotiation detection in client mode.
Sergey Kandaurov <pluknet@nginx.com>
parents:
6981
diff
changeset
|
72 |
ac9b1df5b246
SSL: disabled renegotiation detection in client mode.
Sergey Kandaurov <pluknet@nginx.com>
parents:
6981
diff
changeset
|
73 |
7899
8409f9df6219
SSL: client certificate validation with OCSP (ticket #1534).
Roman Arutyunyan <arut@nginx.com>
parents:
7612
diff
changeset
|
74 typedef struct ngx_ssl_ocsp_s ngx_ssl_ocsp_t; |
8409f9df6219
SSL: client certificate validation with OCSP (ticket #1534).
Roman Arutyunyan <arut@nginx.com>
parents:
7612
diff
changeset
|
75 |
8409f9df6219
SSL: client certificate validation with OCSP (ticket #1534).
Roman Arutyunyan <arut@nginx.com>
parents:
7612
diff
changeset
|
76 |
6735
e38e9c50a40e
Modules compatibility: compatibility with NGX_HTTP_SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
6591
diff
changeset
|
77 struct ngx_ssl_s { |
547 | 78 SSL_CTX *ctx; |
79 ngx_log_t *log; | |
5487
a297b7ad6f94
SSL: ssl_buffer_size directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5425
diff
changeset
|
80 size_t buffer_size; |
6735
e38e9c50a40e
Modules compatibility: compatibility with NGX_HTTP_SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
6591
diff
changeset
|
81 }; |
541 | 82 |
393
5659d773cfa8
nginx-0.0.7-2004-07-15-20:35:51 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
83 |
6735
e38e9c50a40e
Modules compatibility: compatibility with NGX_HTTP_SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
6591
diff
changeset
|
84 struct ngx_ssl_connection_s { |
671 | 85 ngx_ssl_conn_t *connection; |
6261
97f102a13f33
SSL: preserve default server context in connection (ticket #235).
Maxim Dounin <mdounin@mdounin.ru>
parents:
5882
diff
changeset
|
86 SSL_CTX *session_ctx; |
647 | 87 |
547 | 88 ngx_int_t last; |
89 ngx_buf_t *buf; | |
5487
a297b7ad6f94
SSL: ssl_buffer_size directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5425
diff
changeset
|
90 size_t buffer_size; |
547 | 91 |
92 ngx_connection_handler_pt handler; | |
396
6f3b20c1ac50
nginx-0.0.7-2004-07-18-23:11:20 import
Igor Sysoev <igor@sysoev.ru>
parents:
395
diff
changeset
|
93 |
7320
696df3ac27ac
SSL: save sessions for upstream peers using a callback function.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7132
diff
changeset
|
94 ngx_ssl_session_t *session; |
696df3ac27ac
SSL: save sessions for upstream peers using a callback function.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7132
diff
changeset
|
95 ngx_connection_handler_pt save_session; |
696df3ac27ac
SSL: save sessions for upstream peers using a callback function.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7132
diff
changeset
|
96 |
547 | 97 ngx_event_handler_pt saved_read_handler; |
98 ngx_event_handler_pt saved_write_handler; | |
479 | 99 |
7899
8409f9df6219
SSL: client certificate validation with OCSP (ticket #1534).
Roman Arutyunyan <arut@nginx.com>
parents:
7612
diff
changeset
|
100 ngx_ssl_ocsp_t *ocsp; |
8409f9df6219
SSL: client certificate validation with OCSP (ticket #1534).
Roman Arutyunyan <arut@nginx.com>
parents:
7612
diff
changeset
|
101 |
7357
548a63b354a2
SSL: support for TLSv1.3 early data with OpenSSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7337
diff
changeset
|
102 u_char early_buf; |
548a63b354a2
SSL: support for TLSv1.3 early data with OpenSSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7337
diff
changeset
|
103 |
547 | 104 unsigned handshaked:1; |
3300
5a08dfb8d763
disable SSL renegotiation (CVE-2009-3555)
Igor Sysoev <igor@sysoev.ru>
parents:
3154
diff
changeset
|
105 unsigned renegotiation:1; |
547 | 106 unsigned buffer:1; |
107 unsigned no_wait_shutdown:1; | |
108 unsigned no_send_shutdown:1; | |
5395
a720f0b0e083
SSL: adjust buffer used by OpenSSL during handshake (ticket #413).
Maxim Dounin <mdounin@mdounin.ru>
parents:
5223
diff
changeset
|
109 unsigned handshake_buffer_set:1; |
7357
548a63b354a2
SSL: support for TLSv1.3 early data with OpenSSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7337
diff
changeset
|
110 unsigned try_early_data:1; |
548a63b354a2
SSL: support for TLSv1.3 early data with OpenSSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7337
diff
changeset
|
111 unsigned in_early:1; |
7899
8409f9df6219
SSL: client certificate validation with OCSP (ticket #1534).
Roman Arutyunyan <arut@nginx.com>
parents:
7612
diff
changeset
|
112 unsigned in_ocsp:1; |
7357
548a63b354a2
SSL: support for TLSv1.3 early data with OpenSSL.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7337
diff
changeset
|
113 unsigned early_preread:1; |
7431
294162223c7c
SSL: avoid reading on pending SSL_write_early_data().
Sergey Kandaurov <pluknet@nginx.com>
parents:
7357
diff
changeset
|
114 unsigned write_blocked:1; |
6735
e38e9c50a40e
Modules compatibility: compatibility with NGX_HTTP_SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
6591
diff
changeset
|
115 }; |
395
f8f0f1834266
nginx-0.0.7-2004-07-16-21:11:43 import
Igor Sysoev <igor@sysoev.ru>
parents:
394
diff
changeset
|
116 |
f8f0f1834266
nginx-0.0.7-2004-07-16-21:11:43 import
Igor Sysoev <igor@sysoev.ru>
parents:
394
diff
changeset
|
117 |
2032 | 118 #define NGX_SSL_NO_SCACHE -2 |
119 #define NGX_SSL_NONE_SCACHE -3 | |
120 #define NGX_SSL_NO_BUILTIN_SCACHE -4 | |
121 #define NGX_SSL_DFLT_BUILTIN_SCACHE -5 | |
974
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
122 |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
123 |
1778 | 124 #define NGX_SSL_MAX_SESSION_SIZE 4096 |
974
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
125 |
1014
5ffd76a9ccf3
optimize the SSL session cache allocations
Igor Sysoev <igor@sysoev.ru>
parents:
974
diff
changeset
|
126 typedef struct ngx_ssl_sess_id_s ngx_ssl_sess_id_t; |
974
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
127 |
1014
5ffd76a9ccf3
optimize the SSL session cache allocations
Igor Sysoev <igor@sysoev.ru>
parents:
974
diff
changeset
|
128 struct ngx_ssl_sess_id_s { |
974
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
129 ngx_rbtree_node_t node; |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
130 u_char *id; |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
131 size_t len; |
1014
5ffd76a9ccf3
optimize the SSL session cache allocations
Igor Sysoev <igor@sysoev.ru>
parents:
974
diff
changeset
|
132 u_char *session; |
1760 | 133 ngx_queue_t queue; |
974
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
134 time_t expire; |
1017
ee25c79bea34
optimize the SSL session cache allocations on 64-bit platforms
Igor Sysoev <igor@sysoev.ru>
parents:
1014
diff
changeset
|
135 #if (NGX_PTR_SIZE == 8) |
ee25c79bea34
optimize the SSL session cache allocations on 64-bit platforms
Igor Sysoev <igor@sysoev.ru>
parents:
1014
diff
changeset
|
136 void *stub; |
ee25c79bea34
optimize the SSL session cache allocations on 64-bit platforms
Igor Sysoev <igor@sysoev.ru>
parents:
1014
diff
changeset
|
137 u_char sess_id[32]; |
ee25c79bea34
optimize the SSL session cache allocations on 64-bit platforms
Igor Sysoev <igor@sysoev.ru>
parents:
1014
diff
changeset
|
138 #endif |
974
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
139 }; |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
140 |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
141 |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
142 typedef struct { |
1759
89234cfbf810
embed session_rbtree and sentinel inside ngx_ssl_session_cache_t
Igor Sysoev <igor@sysoev.ru>
parents:
1017
diff
changeset
|
143 ngx_rbtree_t session_rbtree; |
89234cfbf810
embed session_rbtree and sentinel inside ngx_ssl_session_cache_t
Igor Sysoev <igor@sysoev.ru>
parents:
1017
diff
changeset
|
144 ngx_rbtree_node_t sentinel; |
1760 | 145 ngx_queue_t expire_queue; |
974
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
146 } ngx_ssl_session_cache_t; |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
147 |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
148 |
5425
1356a3b96924
SSL: added ability to set keys used for Session Tickets (RFC5077).
Piotr Sikora <piotr@cloudflare.com>
parents:
5395
diff
changeset
|
149 #ifdef SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB |
1356a3b96924
SSL: added ability to set keys used for Session Tickets (RFC5077).
Piotr Sikora <piotr@cloudflare.com>
parents:
5395
diff
changeset
|
150 |
1356a3b96924
SSL: added ability to set keys used for Session Tickets (RFC5077).
Piotr Sikora <piotr@cloudflare.com>
parents:
5395
diff
changeset
|
151 typedef struct { |
6854
75e7d55214bd
SSL: support AES256 encryption of tickets.
Maxim Dounin <mdounin@mdounin.ru>
parents:
6817
diff
changeset
|
152 size_t size; |
5425
1356a3b96924
SSL: added ability to set keys used for Session Tickets (RFC5077).
Piotr Sikora <piotr@cloudflare.com>
parents:
5395
diff
changeset
|
153 u_char name[16]; |
6854
75e7d55214bd
SSL: support AES256 encryption of tickets.
Maxim Dounin <mdounin@mdounin.ru>
parents:
6817
diff
changeset
|
154 u_char hmac_key[32]; |
75e7d55214bd
SSL: support AES256 encryption of tickets.
Maxim Dounin <mdounin@mdounin.ru>
parents:
6817
diff
changeset
|
155 u_char aes_key[32]; |
5425
1356a3b96924
SSL: added ability to set keys used for Session Tickets (RFC5077).
Piotr Sikora <piotr@cloudflare.com>
parents:
5395
diff
changeset
|
156 } ngx_ssl_session_ticket_key_t; |
1356a3b96924
SSL: added ability to set keys used for Session Tickets (RFC5077).
Piotr Sikora <piotr@cloudflare.com>
parents:
5395
diff
changeset
|
157 |
1356a3b96924
SSL: added ability to set keys used for Session Tickets (RFC5077).
Piotr Sikora <piotr@cloudflare.com>
parents:
5395
diff
changeset
|
158 #endif |
1356a3b96924
SSL: added ability to set keys used for Session Tickets (RFC5077).
Piotr Sikora <piotr@cloudflare.com>
parents:
5395
diff
changeset
|
159 |
974
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
160 |
4400
a0505851e70c
Added support for TLSv1.1, TLSv1.2 in ssl_protocols directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
3992
diff
changeset
|
161 #define NGX_SSL_SSLv2 0x0002 |
a0505851e70c
Added support for TLSv1.1, TLSv1.2 in ssl_protocols directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
3992
diff
changeset
|
162 #define NGX_SSL_SSLv3 0x0004 |
a0505851e70c
Added support for TLSv1.1, TLSv1.2 in ssl_protocols directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
3992
diff
changeset
|
163 #define NGX_SSL_TLSv1 0x0008 |
a0505851e70c
Added support for TLSv1.1, TLSv1.2 in ssl_protocols directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
3992
diff
changeset
|
164 #define NGX_SSL_TLSv1_1 0x0010 |
a0505851e70c
Added support for TLSv1.1, TLSv1.2 in ssl_protocols directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
3992
diff
changeset
|
165 #define NGX_SSL_TLSv1_2 0x0020 |
6981
08dc60979133
SSL: added support for TLSv1.3 in ssl_protocols directive.
Sergey Kandaurov <pluknet@nginx.com>
parents:
6854
diff
changeset
|
166 #define NGX_SSL_TLSv1_3 0x0040 |
393
5659d773cfa8
nginx-0.0.7-2004-07-15-20:35:51 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
167 |
5659d773cfa8
nginx-0.0.7-2004-07-15-20:35:51 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
168 |
547 | 169 #define NGX_SSL_BUFFER 1 |
577 | 170 #define NGX_SSL_CLIENT 2 |
395
f8f0f1834266
nginx-0.0.7-2004-07-16-21:11:43 import
Igor Sysoev <igor@sysoev.ru>
parents:
394
diff
changeset
|
171 |
547 | 172 #define NGX_SSL_BUFSIZE 16384 |
393
5659d773cfa8
nginx-0.0.7-2004-07-15-20:35:51 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
173 |
5659d773cfa8
nginx-0.0.7-2004-07-15-20:35:51 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
174 |
5659d773cfa8
nginx-0.0.7-2004-07-15-20:35:51 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
175 ngx_int_t ngx_ssl_init(ngx_log_t *log); |
969 | 176 ngx_int_t ngx_ssl_create(ngx_ssl_t *ssl, ngx_uint_t protocols, void *data); |
7461
a68799465b19
SSL: loading of connection-specific certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7431
diff
changeset
|
177 |
6550
51e1f047d15d
SSL: support for multiple certificates (ticket #814).
Maxim Dounin <mdounin@mdounin.ru>
parents:
6548
diff
changeset
|
178 ngx_int_t ngx_ssl_certificates(ngx_conf_t *cf, ngx_ssl_t *ssl, |
51e1f047d15d
SSL: support for multiple certificates (ticket #814).
Maxim Dounin <mdounin@mdounin.ru>
parents:
6548
diff
changeset
|
179 ngx_array_t *certs, ngx_array_t *keys, ngx_array_t *passwords); |
563 | 180 ngx_int_t ngx_ssl_certificate(ngx_conf_t *cf, ngx_ssl_t *ssl, |
5744
42114bf12da0
SSL: the "ssl_password_file" directive.
Valentin Bartenev <vbart@nginx.com>
parents:
5700
diff
changeset
|
181 ngx_str_t *cert, ngx_str_t *key, ngx_array_t *passwords); |
7461
a68799465b19
SSL: loading of connection-specific certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7431
diff
changeset
|
182 ngx_int_t ngx_ssl_connection_certificate(ngx_connection_t *c, ngx_pool_t *pool, |
a68799465b19
SSL: loading of connection-specific certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7431
diff
changeset
|
183 ngx_str_t *cert, ngx_str_t *key, ngx_array_t *passwords); |
a68799465b19
SSL: loading of connection-specific certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7431
diff
changeset
|
184 |
6591
04d8d1f85649
SSL: ngx_ssl_ciphers() to set list of ciphers.
Tim Taubert <tim@timtaubert.de>
parents:
6550
diff
changeset
|
185 ngx_int_t ngx_ssl_ciphers(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *ciphers, |
04d8d1f85649
SSL: ngx_ssl_ciphers() to set list of ciphers.
Tim Taubert <tim@timtaubert.de>
parents:
6550
diff
changeset
|
186 ngx_uint_t prefer_server_ciphers); |
647 | 187 ngx_int_t ngx_ssl_client_certificate(ngx_conf_t *cf, ngx_ssl_t *ssl, |
671 | 188 ngx_str_t *cert, ngx_int_t depth); |
4872
7c3cca603438
OCSP stapling: ssl_trusted_certificate directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4412
diff
changeset
|
189 ngx_int_t ngx_ssl_trusted_certificate(ngx_conf_t *cf, ngx_ssl_t *ssl, |
7c3cca603438
OCSP stapling: ssl_trusted_certificate directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4412
diff
changeset
|
190 ngx_str_t *cert, ngx_int_t depth); |
2995 | 191 ngx_int_t ngx_ssl_crl(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *crl); |
4875
386a06a22c40
OCSP stapling: loading OCSP responses.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4873
diff
changeset
|
192 ngx_int_t ngx_ssl_stapling(ngx_conf_t *cf, ngx_ssl_t *ssl, |
4879
4a804fd04e6c
OCSP stapling: ssl_stapling_verify directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4875
diff
changeset
|
193 ngx_str_t *file, ngx_str_t *responder, ngx_uint_t verify); |
4875
386a06a22c40
OCSP stapling: loading OCSP responses.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4873
diff
changeset
|
194 ngx_int_t ngx_ssl_stapling_resolver(ngx_conf_t *cf, ngx_ssl_t *ssl, |
386a06a22c40
OCSP stapling: loading OCSP responses.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4873
diff
changeset
|
195 ngx_resolver_t *resolver, ngx_msec_t resolver_timeout); |
7899
8409f9df6219
SSL: client certificate validation with OCSP (ticket #1534).
Roman Arutyunyan <arut@nginx.com>
parents:
7612
diff
changeset
|
196 ngx_int_t ngx_ssl_ocsp(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *responder, |
7900
b56f725dd4bb
OCSP: certificate status cache.
Roman Arutyunyan <arut@nginx.com>
parents:
7899
diff
changeset
|
197 ngx_uint_t depth, ngx_shm_zone_t *shm_zone); |
7899
8409f9df6219
SSL: client certificate validation with OCSP (ticket #1534).
Roman Arutyunyan <arut@nginx.com>
parents:
7612
diff
changeset
|
198 ngx_int_t ngx_ssl_ocsp_resolver(ngx_conf_t *cf, ngx_ssl_t *ssl, |
8409f9df6219
SSL: client certificate validation with OCSP (ticket #1534).
Roman Arutyunyan <arut@nginx.com>
parents:
7612
diff
changeset
|
199 ngx_resolver_t *resolver, ngx_msec_t resolver_timeout); |
8409f9df6219
SSL: client certificate validation with OCSP (ticket #1534).
Roman Arutyunyan <arut@nginx.com>
parents:
7612
diff
changeset
|
200 ngx_int_t ngx_ssl_ocsp_validate(ngx_connection_t *c); |
8409f9df6219
SSL: client certificate validation with OCSP (ticket #1534).
Roman Arutyunyan <arut@nginx.com>
parents:
7612
diff
changeset
|
201 ngx_int_t ngx_ssl_ocsp_get_status(ngx_connection_t *c, const char **s); |
8409f9df6219
SSL: client certificate validation with OCSP (ticket #1534).
Roman Arutyunyan <arut@nginx.com>
parents:
7612
diff
changeset
|
202 void ngx_ssl_ocsp_cleanup(ngx_connection_t *c); |
7900
b56f725dd4bb
OCSP: certificate status cache.
Roman Arutyunyan <arut@nginx.com>
parents:
7899
diff
changeset
|
203 ngx_int_t ngx_ssl_ocsp_cache_init(ngx_shm_zone_t *shm_zone, void *data); |
5223
71d85de7b53b
Style: replace SSL *ssl with ngx_ssl_conn_t *ssl_conn.
Piotr Sikora <piotr@cloudflare.com>
parents:
4884
diff
changeset
|
204 RSA *ngx_ssl_rsa512_key_callback(ngx_ssl_conn_t *ssl_conn, int is_export, |
71d85de7b53b
Style: replace SSL *ssl with ngx_ssl_conn_t *ssl_conn.
Piotr Sikora <piotr@cloudflare.com>
parents:
4884
diff
changeset
|
205 int key_length); |
5744
42114bf12da0
SSL: the "ssl_password_file" directive.
Valentin Bartenev <vbart@nginx.com>
parents:
5700
diff
changeset
|
206 ngx_array_t *ngx_ssl_read_password_file(ngx_conf_t *cf, ngx_str_t *file); |
7463
180df83473a4
SSL: passwords support for dynamic certificate loading.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7461
diff
changeset
|
207 ngx_array_t *ngx_ssl_preserve_passwords(ngx_conf_t *cf, |
180df83473a4
SSL: passwords support for dynamic certificate loading.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7461
diff
changeset
|
208 ngx_array_t *passwords); |
2044 | 209 ngx_int_t ngx_ssl_dhparam(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *file); |
3960 | 210 ngx_int_t ngx_ssl_ecdh_curve(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *name); |
7333
ba971deb4b44
SSL: support for TLSv1.3 early data with BoringSSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7320
diff
changeset
|
211 ngx_int_t ngx_ssl_early_data(ngx_conf_t *cf, ngx_ssl_t *ssl, |
ba971deb4b44
SSL: support for TLSv1.3 early data with BoringSSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7320
diff
changeset
|
212 ngx_uint_t enable); |
7320
696df3ac27ac
SSL: save sessions for upstream peers using a callback function.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7132
diff
changeset
|
213 ngx_int_t ngx_ssl_client_session_cache(ngx_conf_t *cf, ngx_ssl_t *ssl, |
696df3ac27ac
SSL: save sessions for upstream peers using a callback function.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7132
diff
changeset
|
214 ngx_uint_t enable); |
974
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
215 ngx_int_t ngx_ssl_session_cache(ngx_ssl_t *ssl, ngx_str_t *sess_ctx, |
7465
6708bec13757
SSL: adjusted session id context with dynamic certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7463
diff
changeset
|
216 ngx_array_t *certificates, ssize_t builtin_session_cache, |
6708bec13757
SSL: adjusted session id context with dynamic certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7463
diff
changeset
|
217 ngx_shm_zone_t *shm_zone, time_t timeout); |
5425
1356a3b96924
SSL: added ability to set keys used for Session Tickets (RFC5077).
Piotr Sikora <piotr@cloudflare.com>
parents:
5395
diff
changeset
|
218 ngx_int_t ngx_ssl_session_ticket_keys(ngx_conf_t *cf, ngx_ssl_t *ssl, |
1356a3b96924
SSL: added ability to set keys used for Session Tickets (RFC5077).
Piotr Sikora <piotr@cloudflare.com>
parents:
5395
diff
changeset
|
219 ngx_array_t *paths); |
3992
a1dd9dc754ab
A new fix for the case when ssl_session_cache defined, but ssl is not
Igor Sysoev <igor@sysoev.ru>
parents:
3960
diff
changeset
|
220 ngx_int_t ngx_ssl_session_cache_init(ngx_shm_zone_t *shm_zone, void *data); |
547 | 221 ngx_int_t ngx_ssl_create_connection(ngx_ssl_t *ssl, ngx_connection_t *c, |
543 | 222 ngx_uint_t flags); |
577 | 223 |
1924
291689a7e5dc
invalidate SSL session if there is no valid client certificate
Igor Sysoev <igor@sysoev.ru>
parents:
1779
diff
changeset
|
224 void ngx_ssl_remove_cached_session(SSL_CTX *ssl, ngx_ssl_session_t *sess); |
577 | 225 ngx_int_t ngx_ssl_set_session(ngx_connection_t *c, ngx_ssl_session_t *session); |
7320
696df3ac27ac
SSL: save sessions for upstream peers using a callback function.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7132
diff
changeset
|
226 ngx_ssl_session_t *ngx_ssl_get_session(ngx_connection_t *c); |
696df3ac27ac
SSL: save sessions for upstream peers using a callback function.
Sergey Kandaurov <pluknet@nginx.com>
parents:
7132
diff
changeset
|
227 ngx_ssl_session_t *ngx_ssl_get0_session(ngx_connection_t *c); |
611 | 228 #define ngx_ssl_free_session SSL_SESSION_free |
969 | 229 #define ngx_ssl_get_connection(ssl_conn) \ |
230 SSL_get_ex_data(ssl_conn, ngx_ssl_connection_index) | |
231 #define ngx_ssl_get_server_conf(ssl_ctx) \ | |
232 SSL_CTX_get_ex_data(ssl_ctx, ngx_ssl_server_conf_index) | |
611 | 233 |
4884
e406c997470a
SSL: the "ssl_verify_client" directive parameter "optional_no_ca".
Maxim Dounin <mdounin@mdounin.ru>
parents:
4879
diff
changeset
|
234 #define ngx_ssl_verify_error_optional(n) \ |
e406c997470a
SSL: the "ssl_verify_client" directive parameter "optional_no_ca".
Maxim Dounin <mdounin@mdounin.ru>
parents:
4879
diff
changeset
|
235 (n == X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT \ |
e406c997470a
SSL: the "ssl_verify_client" directive parameter "optional_no_ca".
Maxim Dounin <mdounin@mdounin.ru>
parents:
4879
diff
changeset
|
236 || n == X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN \ |
e406c997470a
SSL: the "ssl_verify_client" directive parameter "optional_no_ca".
Maxim Dounin <mdounin@mdounin.ru>
parents:
4879
diff
changeset
|
237 || n == X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY \ |
e406c997470a
SSL: the "ssl_verify_client" directive parameter "optional_no_ca".
Maxim Dounin <mdounin@mdounin.ru>
parents:
4879
diff
changeset
|
238 || n == X509_V_ERR_CERT_UNTRUSTED \ |
e406c997470a
SSL: the "ssl_verify_client" directive parameter "optional_no_ca".
Maxim Dounin <mdounin@mdounin.ru>
parents:
4879
diff
changeset
|
239 || n == X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE) |
e406c997470a
SSL: the "ssl_verify_client" directive parameter "optional_no_ca".
Maxim Dounin <mdounin@mdounin.ru>
parents:
4879
diff
changeset
|
240 |
5661
060c2e692b96
Upstream: proxy_ssl_verify and friends.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5658
diff
changeset
|
241 ngx_int_t ngx_ssl_check_host(ngx_connection_t *c, ngx_str_t *name); |
060c2e692b96
Upstream: proxy_ssl_verify and friends.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5658
diff
changeset
|
242 |
611 | 243 |
671 | 244 ngx_int_t ngx_ssl_get_protocol(ngx_connection_t *c, ngx_pool_t *pool, |
245 ngx_str_t *s); | |
246 ngx_int_t ngx_ssl_get_cipher_name(ngx_connection_t *c, ngx_pool_t *pool, | |
247 ngx_str_t *s); | |
6816
ea93c7d8752a
SSL: $ssl_ciphers (ticket #870).
Maxim Dounin <mdounin@mdounin.ru>
parents:
6815
diff
changeset
|
248 ngx_int_t ngx_ssl_get_ciphers(ngx_connection_t *c, ngx_pool_t *pool, |
ea93c7d8752a
SSL: $ssl_ciphers (ticket #870).
Maxim Dounin <mdounin@mdounin.ru>
parents:
6815
diff
changeset
|
249 ngx_str_t *s); |
6817
e75e854657ba
SSL: $ssl_curves (ticket #1088).
Maxim Dounin <mdounin@mdounin.ru>
parents:
6816
diff
changeset
|
250 ngx_int_t ngx_ssl_get_curves(ngx_connection_t *c, ngx_pool_t *pool, |
e75e854657ba
SSL: $ssl_curves (ticket #1088).
Maxim Dounin <mdounin@mdounin.ru>
parents:
6816
diff
changeset
|
251 ngx_str_t *s); |
3154 | 252 ngx_int_t ngx_ssl_get_session_id(ngx_connection_t *c, ngx_pool_t *pool, |
253 ngx_str_t *s); | |
5573
7c05f6590753
SSL: the $ssl_session_reused variable.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5487
diff
changeset
|
254 ngx_int_t ngx_ssl_get_session_reused(ngx_connection_t *c, ngx_pool_t *pool, |
7c05f6590753
SSL: the $ssl_session_reused variable.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5487
diff
changeset
|
255 ngx_str_t *s); |
7333
ba971deb4b44
SSL: support for TLSv1.3 early data with BoringSSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7320
diff
changeset
|
256 ngx_int_t ngx_ssl_get_early_data(ngx_connection_t *c, ngx_pool_t *pool, |
ba971deb4b44
SSL: support for TLSv1.3 early data with BoringSSL.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7320
diff
changeset
|
257 ngx_str_t *s); |
5658
94ae92776441
SSL: $ssl_server_name variable.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5573
diff
changeset
|
258 ngx_int_t ngx_ssl_get_server_name(ngx_connection_t *c, ngx_pool_t *pool, |
94ae92776441
SSL: $ssl_server_name variable.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5573
diff
changeset
|
259 ngx_str_t *s); |
2123 | 260 ngx_int_t ngx_ssl_get_raw_certificate(ngx_connection_t *c, ngx_pool_t *pool, |
261 ngx_str_t *s); | |
2045 | 262 ngx_int_t ngx_ssl_get_certificate(ngx_connection_t *c, ngx_pool_t *pool, |
263 ngx_str_t *s); | |
7091
82f0b8dcca27
SSL: the $ssl_client_escaped_cert variable (ticket #857).
Maxim Dounin <mdounin@mdounin.ru>
parents:
6982
diff
changeset
|
264 ngx_int_t ngx_ssl_get_escaped_certificate(ngx_connection_t *c, ngx_pool_t *pool, |
82f0b8dcca27
SSL: the $ssl_client_escaped_cert variable (ticket #857).
Maxim Dounin <mdounin@mdounin.ru>
parents:
6982
diff
changeset
|
265 ngx_str_t *s); |
647 | 266 ngx_int_t ngx_ssl_get_subject_dn(ngx_connection_t *c, ngx_pool_t *pool, |
267 ngx_str_t *s); | |
268 ngx_int_t ngx_ssl_get_issuer_dn(ngx_connection_t *c, ngx_pool_t *pool, | |
269 ngx_str_t *s); | |
6780
56d6bfe6b609
SSL: RFC2253 compliant $ssl_client_s_dn and $ssl_client_i_dn.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6735
diff
changeset
|
270 ngx_int_t ngx_ssl_get_subject_dn_legacy(ngx_connection_t *c, ngx_pool_t *pool, |
56d6bfe6b609
SSL: RFC2253 compliant $ssl_client_s_dn and $ssl_client_i_dn.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6735
diff
changeset
|
271 ngx_str_t *s); |
56d6bfe6b609
SSL: RFC2253 compliant $ssl_client_s_dn and $ssl_client_i_dn.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6735
diff
changeset
|
272 ngx_int_t ngx_ssl_get_issuer_dn_legacy(ngx_connection_t *c, ngx_pool_t *pool, |
56d6bfe6b609
SSL: RFC2253 compliant $ssl_client_s_dn and $ssl_client_i_dn.
Dmitry Volyntsev <xeioex@nginx.com>
parents:
6735
diff
changeset
|
273 ngx_str_t *s); |
671 | 274 ngx_int_t ngx_ssl_get_serial_number(ngx_connection_t *c, ngx_pool_t *pool, |
275 ngx_str_t *s); | |
5700
5e892d40e5cc
SSL: $ssl_client_fingerprint variable.
Sergey Budnevitch <sb@waeme.net>
parents:
5661
diff
changeset
|
276 ngx_int_t ngx_ssl_get_fingerprint(ngx_connection_t *c, ngx_pool_t *pool, |
5e892d40e5cc
SSL: $ssl_client_fingerprint variable.
Sergey Budnevitch <sb@waeme.net>
parents:
5661
diff
changeset
|
277 ngx_str_t *s); |
2994 | 278 ngx_int_t ngx_ssl_get_client_verify(ngx_connection_t *c, ngx_pool_t *pool, |
279 ngx_str_t *s); | |
6815
2d15fff64e3c
SSL: $ssl_client_v_start, $ssl_client_v_end, $ssl_client_v_remain.
Maxim Dounin <mdounin@mdounin.ru>
parents:
6812
diff
changeset
|
280 ngx_int_t ngx_ssl_get_client_v_start(ngx_connection_t *c, ngx_pool_t *pool, |
2d15fff64e3c
SSL: $ssl_client_v_start, $ssl_client_v_end, $ssl_client_v_remain.
Maxim Dounin <mdounin@mdounin.ru>
parents:
6812
diff
changeset
|
281 ngx_str_t *s); |
2d15fff64e3c
SSL: $ssl_client_v_start, $ssl_client_v_end, $ssl_client_v_remain.
Maxim Dounin <mdounin@mdounin.ru>
parents:
6812
diff
changeset
|
282 ngx_int_t ngx_ssl_get_client_v_end(ngx_connection_t *c, ngx_pool_t *pool, |
2d15fff64e3c
SSL: $ssl_client_v_start, $ssl_client_v_end, $ssl_client_v_remain.
Maxim Dounin <mdounin@mdounin.ru>
parents:
6812
diff
changeset
|
283 ngx_str_t *s); |
2d15fff64e3c
SSL: $ssl_client_v_start, $ssl_client_v_end, $ssl_client_v_remain.
Maxim Dounin <mdounin@mdounin.ru>
parents:
6812
diff
changeset
|
284 ngx_int_t ngx_ssl_get_client_v_remain(ngx_connection_t *c, ngx_pool_t *pool, |
2d15fff64e3c
SSL: $ssl_client_v_start, $ssl_client_v_end, $ssl_client_v_remain.
Maxim Dounin <mdounin@mdounin.ru>
parents:
6812
diff
changeset
|
285 ngx_str_t *s); |
671 | 286 |
647 | 287 |
547 | 288 ngx_int_t ngx_ssl_handshake(ngx_connection_t *c); |
469 | 289 ssize_t ngx_ssl_recv(ngx_connection_t *c, u_char *buf, size_t size); |
539 | 290 ssize_t ngx_ssl_write(ngx_connection_t *c, u_char *data, size_t size); |
5882
ec81934727a1
Core: added limit to recv_chain().
Roman Arutyunyan <arut@nginx.com>
parents:
5777
diff
changeset
|
291 ssize_t ngx_ssl_recv_chain(ngx_connection_t *c, ngx_chain_t *cl, off_t limit); |
394
e7a68e14ccd3
nginx-0.0.7-2004-07-16-10:33:35 import
Igor Sysoev <igor@sysoev.ru>
parents:
393
diff
changeset
|
292 ngx_chain_t *ngx_ssl_send_chain(ngx_connection_t *c, ngx_chain_t *in, |
489 | 293 off_t limit); |
1779
06014cfdb5b1
create ssl buffer on demand and free it before keep-alive
Igor Sysoev <igor@sysoev.ru>
parents:
1778
diff
changeset
|
294 void ngx_ssl_free_buffer(ngx_connection_t *c); |
394
e7a68e14ccd3
nginx-0.0.7-2004-07-16-10:33:35 import
Igor Sysoev <igor@sysoev.ru>
parents:
393
diff
changeset
|
295 ngx_int_t ngx_ssl_shutdown(ngx_connection_t *c); |
583 | 296 void ngx_cdecl ngx_ssl_error(ngx_uint_t level, ngx_log_t *log, ngx_err_t err, |
489 | 297 char *fmt, ...); |
509 | 298 void ngx_ssl_cleanup_ctx(void *data); |
393
5659d773cfa8
nginx-0.0.7-2004-07-15-20:35:51 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
299 |
5659d773cfa8
nginx-0.0.7-2004-07-15-20:35:51 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
300 |
969 | 301 extern int ngx_ssl_connection_index; |
302 extern int ngx_ssl_server_conf_index; | |
974
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
303 extern int ngx_ssl_session_cache_index; |
5425
1356a3b96924
SSL: added ability to set keys used for Session Tickets (RFC5077).
Piotr Sikora <piotr@cloudflare.com>
parents:
5395
diff
changeset
|
304 extern int ngx_ssl_session_ticket_keys_index; |
7899
8409f9df6219
SSL: client certificate validation with OCSP (ticket #1534).
Roman Arutyunyan <arut@nginx.com>
parents:
7612
diff
changeset
|
305 extern int ngx_ssl_ocsp_index; |
4875
386a06a22c40
OCSP stapling: loading OCSP responses.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4873
diff
changeset
|
306 extern int ngx_ssl_certificate_index; |
6548
8a34e92d8ab5
SSL: made it possible to iterate though all certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents:
6492
diff
changeset
|
307 extern int ngx_ssl_next_certificate_index; |
6812
a7ec59df0c4d
OCSP stapling: added certificate name to warnings.
Maxim Dounin <mdounin@mdounin.ru>
parents:
6780
diff
changeset
|
308 extern int ngx_ssl_certificate_name_index; |
4875
386a06a22c40
OCSP stapling: loading OCSP responses.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4873
diff
changeset
|
309 extern int ngx_ssl_stapling_index; |
671 | 310 |
311 | |
393
5659d773cfa8
nginx-0.0.7-2004-07-15-20:35:51 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
312 #endif /* _NGX_EVENT_OPENSSL_H_INCLUDED_ */ |