Mercurial > hg > nginx-ranges
comparison src/event/ngx_event_openssl.c @ 112:408f195b3482 NGINX_0_3_3
nginx 0.3.3
*) Change: the "bl" and "af" parameters of the "listen" directive was
renamed to the "backlog" and "accept_filter".
*) Feature: the "rcvbuf" and "sndbuf" parameters of the "listen"
directive.
*) Change: the "$msec" log parameter does not require now the
additional the gettimeofday() system call.
*) Feature: the -t switch now tests the "listen" directives.
*) Bugfix: if the invalid address was specified in the "listen"
directive, then after the -HUP signal nginx left an open socket in
the CLOSED state.
*) Bugfix: the mime type may be incorrectly set to default value for
index file with variable in the name; bug appeared in 0.3.0.
*) Feature: the "timer_resolution" directive.
*) Feature: the millisecond "$upstream_response_time" log parameter.
*) Bugfix: a temporary file with client request body now is removed
just after the response header was transferred to a client.
*) Bugfix: OpenSSL 0.9.6 compatibility.
*) Bugfix: the SSL certificate and key file paths could not be relative.
*) Bugfix: the "ssl_prefer_server_ciphers" directive did not work in
the ngx_imap_ssl_module.
*) Bugfix: the "ssl_protocols" directive allowed to specify the single
protocol only.
author | Igor Sysoev <http://sysoev.ru> |
---|---|
date | Wed, 19 Oct 2005 00:00:00 +0400 |
parents | cf3d6edb3ad6 |
children | e85dca77c46a |
comparison
equal
deleted
inserted
replaced
111:a175b609c76d | 112:408f195b3482 |
---|---|
103 if (ssl->ctx == NULL) { | 103 if (ssl->ctx == NULL) { |
104 ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0, "SSL_CTX_new() failed"); | 104 ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0, "SSL_CTX_new() failed"); |
105 return NGX_ERROR; | 105 return NGX_ERROR; |
106 } | 106 } |
107 | 107 |
108 SSL_CTX_set_options(ssl->ctx, SSL_OP_ALL); | 108 /* |
109 * these options are needed on client side only: | |
110 * SSL_OP_MICROSOFT_SESS_ID_BUG | |
111 * SSL_OP_NETSCAPE_CHALLENGE_BUG | |
112 * SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG | |
113 */ | |
114 | |
115 SSL_CTX_set_options(ssl->ctx, SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG); | |
116 SSL_CTX_set_options(ssl->ctx, SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER); | |
117 | |
118 /* this option allow a potential SSL 2.0 rollback (CAN-2005-2969) */ | |
119 SSL_CTX_set_options(ssl->ctx, SSL_OP_MSIE_SSLV2_RSA_PADDING); | |
120 | |
121 SSL_CTX_set_options(ssl->ctx, SSL_OP_SSLEAY_080_CLIENT_DH_BUG); | |
122 SSL_CTX_set_options(ssl->ctx, SSL_OP_TLS_D5_BUG); | |
123 SSL_CTX_set_options(ssl->ctx, SSL_OP_TLS_BLOCK_PADDING_BUG); | |
124 | |
125 #ifdef SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS | |
126 SSL_CTX_set_options(ssl->ctx, SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS); | |
127 #endif | |
128 | |
109 | 129 |
110 if (ngx_ssl_protocols[protocols >> 1] != 0) { | 130 if (ngx_ssl_protocols[protocols >> 1] != 0) { |
111 SSL_CTX_set_options(ssl->ctx, ngx_ssl_protocols[protocols >> 1]); | 131 SSL_CTX_set_options(ssl->ctx, ngx_ssl_protocols[protocols >> 1]); |
112 } | 132 } |
113 | 133 |
118 return NGX_OK; | 138 return NGX_OK; |
119 } | 139 } |
120 | 140 |
121 | 141 |
122 ngx_int_t | 142 ngx_int_t |
123 ngx_ssl_certificate(ngx_ssl_t *ssl, u_char *cert, u_char *key) | 143 ngx_ssl_certificate(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *cert, |
124 { | 144 ngx_str_t *key) |
125 if (SSL_CTX_use_certificate_chain_file(ssl->ctx, (char *) cert) == 0) { | 145 { |
126 ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0, | 146 if (ngx_conf_full_name(cf->cycle, cert) == NGX_ERROR) { |
127 "SSL_CTX_use_certificate_chain_file(\"%s\") failed", | 147 return NGX_ERROR; |
128 cert); | 148 } |
129 return NGX_ERROR; | 149 |
130 } | 150 if (SSL_CTX_use_certificate_chain_file(ssl->ctx, (char *) cert->data) |
131 | |
132 if (SSL_CTX_use_PrivateKey_file(ssl->ctx, (char *) key, SSL_FILETYPE_PEM) | |
133 == 0) | 151 == 0) |
134 { | 152 { |
135 ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0, | 153 ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0, |
136 "SSL_CTX_use_PrivateKey_file(\"%s\") failed", key); | 154 "SSL_CTX_use_certificate_chain_file(\"%s\") failed", |
155 cert->data); | |
156 return NGX_ERROR; | |
157 } | |
158 | |
159 if (ngx_conf_full_name(cf->cycle, key) == NGX_ERROR) { | |
160 return NGX_ERROR; | |
161 } | |
162 | |
163 if (SSL_CTX_use_PrivateKey_file(ssl->ctx, (char *) key->data, | |
164 SSL_FILETYPE_PEM) == 0) | |
165 { | |
166 ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0, | |
167 "SSL_CTX_use_PrivateKey_file(\"%s\") failed", key->data); | |
137 return NGX_ERROR; | 168 return NGX_ERROR; |
138 } | 169 } |
139 | 170 |
140 return NGX_OK; | 171 return NGX_OK; |
141 } | 172 } |
400 | 431 |
401 if (ngx_handle_write_event(c->write, 0) == NGX_ERROR) { | 432 if (ngx_handle_write_event(c->write, 0) == NGX_ERROR) { |
402 return NGX_ERROR; | 433 return NGX_ERROR; |
403 } | 434 } |
404 | 435 |
405 if (ngx_mutex_lock(ngx_posted_events_mutex) == NGX_ERROR) { | 436 ngx_post_event(c->write, &ngx_posted_events); |
406 return NGX_ERROR; | |
407 } | |
408 | |
409 ngx_post_event(c->write); | |
410 | |
411 ngx_mutex_unlock(ngx_posted_events_mutex); | |
412 } | 437 } |
413 | 438 |
414 return NGX_OK; | 439 return NGX_OK; |
415 } | 440 } |
416 | 441 |
630 | 655 |
631 if (ngx_handle_read_event(c->read, 0) == NGX_ERROR) { | 656 if (ngx_handle_read_event(c->read, 0) == NGX_ERROR) { |
632 return NGX_ERROR; | 657 return NGX_ERROR; |
633 } | 658 } |
634 | 659 |
635 if (ngx_mutex_lock(ngx_posted_events_mutex) == NGX_ERROR) { | 660 ngx_post_event(c->read, &ngx_posted_events); |
636 return NGX_ERROR; | |
637 } | |
638 | |
639 ngx_post_event(c->read); | |
640 | |
641 ngx_mutex_unlock(ngx_posted_events_mutex); | |
642 } | 661 } |
643 | 662 |
644 return n; | 663 return n; |
645 } | 664 } |
646 | 665 |
923 | 942 |
924 static char * | 943 static char * |
925 ngx_openssl_noengine(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) | 944 ngx_openssl_noengine(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) |
926 { | 945 { |
927 ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, | 946 ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, |
928 "\"ssl_engine\" is not supported: " NGX_SSL_NAME | 947 "\"ssl_engine\" directive is available only in " |
929 " library does not support crypto accelerators"); | 948 "OpenSSL 0.9.7 and higher,"); |
930 | 949 |
931 return NGX_CONF_ERROR; | 950 return NGX_CONF_ERROR; |
932 } | 951 } |
933 | 952 |
934 #endif | 953 #endif |