Mercurial > hg > nginx-vendor-current

annotate src/http/modules/ngx_http_ssl_module.c @ 34:aab2ea7c0458 NGINX_0_1_17

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
nginx 0.1.17 *) Change: the ngx_http_rewrite_module was rewritten from the scratch. Now it is possible to redirect, to return the error codes, to check the variables and referrers. The directives can be used inside locations. The redirect directive was canceled. *) Feature: the ngx_http_geo_module. *) Feature: the proxy_set_x_var and fastcgi_set_var directives. *) Bugfix: the location configuration with "=" modifier may be used in another location. *) Bugfix: the correct content type was set only for requests that use small caps letters in extension. *) Bugfix: if the proxy_pass or fastcgi_pass directives were set in the location, and access was denied, and the error was redirected to a static page, then the segmentation fault occurred. *) Bugfix: if in a proxied "Location" header was a relative URL, then a host name and a slash were added to them; bug appeared in 0.1.14. *) Bugfix: the system error message was not logged on Linux.
author Igor Sysoev <http://sysoev.ru>
date Thu, 03 Feb 2005 00:00:00 +0300
parents 7ca9bdc82b3f
children 72eb30262aac
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
0
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
1
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
2 /*
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
3 * Copyright (C) Igor Sysoev
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
4 */
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
5
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
6
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
7 #include <ngx_config.h>
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
8 #include <ngx_core.h>
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
9 #include <ngx_http.h>
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
10
28
7ca9bdc82b3f nginx 0.1.14
Igor Sysoev <http://sysoev.ru>
parents: 0
diff changeset
11 #include <openssl/engine.h>
7ca9bdc82b3f nginx 0.1.14
Igor Sysoev <http://sysoev.ru>
parents: 0
diff changeset
12
0
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
13
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
14 #define NGX_DEFLAUT_CERTIFICATE "cert.pem"
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
15 #define NGX_DEFLAUT_CERTIFICATE_KEY "cert.pem"
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
16
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
17
28
7ca9bdc82b3f nginx 0.1.14
Igor Sysoev <http://sysoev.ru>
parents: 0
diff changeset
18 static void *ngx_http_ssl_create_main_conf(ngx_conf_t *cf);
7ca9bdc82b3f nginx 0.1.14
Igor Sysoev <http://sysoev.ru>
parents: 0
diff changeset
19 static char *ngx_http_ssl_init_main_conf(ngx_conf_t *cf, void *conf);
0
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
20 static void *ngx_http_ssl_create_srv_conf(ngx_conf_t *cf);
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
21 static char *ngx_http_ssl_merge_srv_conf(ngx_conf_t *cf,
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
22 void *parent, void *child);
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
23
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
24
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
25 static ngx_command_t ngx_http_ssl_commands[] = {
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
26
28
7ca9bdc82b3f nginx 0.1.14
Igor Sysoev <http://sysoev.ru>
parents: 0
diff changeset
27 { ngx_string("ssl_engine"),
7ca9bdc82b3f nginx 0.1.14
Igor Sysoev <http://sysoev.ru>
parents: 0
diff changeset
28 NGX_HTTP_MAIN_CONF|NGX_CONF_TAKE1,
7ca9bdc82b3f nginx 0.1.14
Igor Sysoev <http://sysoev.ru>
parents: 0
diff changeset
29 ngx_conf_set_str_slot,
7ca9bdc82b3f nginx 0.1.14
Igor Sysoev <http://sysoev.ru>
parents: 0
diff changeset
30 NGX_HTTP_MAIN_CONF_OFFSET,
7ca9bdc82b3f nginx 0.1.14
Igor Sysoev <http://sysoev.ru>
parents: 0
diff changeset
31 offsetof(ngx_http_ssl_main_conf_t, engine),
7ca9bdc82b3f nginx 0.1.14
Igor Sysoev <http://sysoev.ru>
parents: 0
diff changeset
32 NULL },
7ca9bdc82b3f nginx 0.1.14
Igor Sysoev <http://sysoev.ru>
parents: 0
diff changeset
33
0
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
34 { ngx_string("ssl"),
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
35 NGX_HTTP_SRV_CONF|NGX_CONF_FLAG,
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
36 ngx_conf_set_flag_slot,
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
37 NGX_HTTP_SRV_CONF_OFFSET,
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
38 offsetof(ngx_http_ssl_srv_conf_t, enable),
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
39 NULL },
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
40
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
41 { ngx_string("ssl_certificate"),
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
42 NGX_HTTP_SRV_CONF|NGX_CONF_TAKE1,
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
43 ngx_conf_set_str_slot,
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
44 NGX_HTTP_SRV_CONF_OFFSET,
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
45 offsetof(ngx_http_ssl_srv_conf_t, certificate),
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
46 NULL },
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
47
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
48 { ngx_string("ssl_certificate_key"),
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
49 NGX_HTTP_SRV_CONF|NGX_CONF_TAKE1,
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
50 ngx_conf_set_str_slot,
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
51 NGX_HTTP_SRV_CONF_OFFSET,
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
52 offsetof(ngx_http_ssl_srv_conf_t, certificate_key),
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
53 NULL },
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
54
28
7ca9bdc82b3f nginx 0.1.14
Igor Sysoev <http://sysoev.ru>
parents: 0
diff changeset
55 { ngx_string("ssl_ciphers"),
7ca9bdc82b3f nginx 0.1.14
Igor Sysoev <http://sysoev.ru>
parents: 0
diff changeset
56 NGX_HTTP_SRV_CONF|NGX_CONF_TAKE1,
7ca9bdc82b3f nginx 0.1.14
Igor Sysoev <http://sysoev.ru>
parents: 0
diff changeset
57 ngx_conf_set_str_slot,
7ca9bdc82b3f nginx 0.1.14
Igor Sysoev <http://sysoev.ru>
parents: 0
diff changeset
58 NGX_HTTP_SRV_CONF_OFFSET,
7ca9bdc82b3f nginx 0.1.14
Igor Sysoev <http://sysoev.ru>
parents: 0
diff changeset
59 offsetof(ngx_http_ssl_srv_conf_t, ciphers),
7ca9bdc82b3f nginx 0.1.14
Igor Sysoev <http://sysoev.ru>
parents: 0
diff changeset
60 NULL },
7ca9bdc82b3f nginx 0.1.14
Igor Sysoev <http://sysoev.ru>
parents: 0
diff changeset
61
0
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
62 ngx_null_command
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
63 };
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
64
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
65
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
66 static ngx_http_module_t ngx_http_ssl_module_ctx = {
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
67 NULL, /* pre conf */
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
68
28
7ca9bdc82b3f nginx 0.1.14
Igor Sysoev <http://sysoev.ru>
parents: 0
diff changeset
69 ngx_http_ssl_create_main_conf, /* create main configuration */
7ca9bdc82b3f nginx 0.1.14
Igor Sysoev <http://sysoev.ru>
parents: 0
diff changeset
70 ngx_http_ssl_init_main_conf, /* init main configuration */
0
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
71
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
72 ngx_http_ssl_create_srv_conf, /* create server configuration */
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
73 ngx_http_ssl_merge_srv_conf, /* merge server configuration */
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
74
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
75 NULL, /* create location configuration */
34
aab2ea7c0458 nginx 0.1.17
Igor Sysoev <http://sysoev.ru>
parents: 28
diff changeset
76 NULL /* merge location configuration */
0
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
77 };
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
78
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
79
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
80 ngx_module_t ngx_http_ssl_module = {
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
81 NGX_MODULE,
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
82 &ngx_http_ssl_module_ctx, /* module context */
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
83 ngx_http_ssl_commands, /* module directives */
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
84 NGX_HTTP_MODULE, /* module type */
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
85 NULL, /* init module */
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
86 NULL /* init process */
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
87 };
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
88
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
89
28
7ca9bdc82b3f nginx 0.1.14
Igor Sysoev <http://sysoev.ru>
parents: 0
diff changeset
90 static void *ngx_http_ssl_create_main_conf(ngx_conf_t *cf)
7ca9bdc82b3f nginx 0.1.14
Igor Sysoev <http://sysoev.ru>
parents: 0
diff changeset
91 {
7ca9bdc82b3f nginx 0.1.14
Igor Sysoev <http://sysoev.ru>
parents: 0
diff changeset
92 ngx_http_ssl_main_conf_t *mcf;
7ca9bdc82b3f nginx 0.1.14
Igor Sysoev <http://sysoev.ru>
parents: 0
diff changeset
93
7ca9bdc82b3f nginx 0.1.14
Igor Sysoev <http://sysoev.ru>
parents: 0
diff changeset
94 if (!(mcf = ngx_pcalloc(cf->pool, sizeof(ngx_http_ssl_main_conf_t)))) {
7ca9bdc82b3f nginx 0.1.14
Igor Sysoev <http://sysoev.ru>
parents: 0
diff changeset
95 return NGX_CONF_ERROR;
7ca9bdc82b3f nginx 0.1.14
Igor Sysoev <http://sysoev.ru>
parents: 0
diff changeset
96 }
7ca9bdc82b3f nginx 0.1.14
Igor Sysoev <http://sysoev.ru>
parents: 0
diff changeset
97
7ca9bdc82b3f nginx 0.1.14
Igor Sysoev <http://sysoev.ru>
parents: 0
diff changeset
98 /*
7ca9bdc82b3f nginx 0.1.14
Igor Sysoev <http://sysoev.ru>
parents: 0
diff changeset
99 * set by ngx_pcalloc():
7ca9bdc82b3f nginx 0.1.14
Igor Sysoev <http://sysoev.ru>
parents: 0
diff changeset
100 *
7ca9bdc82b3f nginx 0.1.14
Igor Sysoev <http://sysoev.ru>
parents: 0
diff changeset
101 * mcf->engine.len = 0;
7ca9bdc82b3f nginx 0.1.14
Igor Sysoev <http://sysoev.ru>
parents: 0
diff changeset
102 * mcf->engine.data = NULL;
7ca9bdc82b3f nginx 0.1.14
Igor Sysoev <http://sysoev.ru>
parents: 0
diff changeset
103 */
7ca9bdc82b3f nginx 0.1.14
Igor Sysoev <http://sysoev.ru>
parents: 0
diff changeset
104
7ca9bdc82b3f nginx 0.1.14
Igor Sysoev <http://sysoev.ru>
parents: 0
diff changeset
105 return mcf;
7ca9bdc82b3f nginx 0.1.14
Igor Sysoev <http://sysoev.ru>
parents: 0
diff changeset
106 }
7ca9bdc82b3f nginx 0.1.14
Igor Sysoev <http://sysoev.ru>
parents: 0
diff changeset
107
7ca9bdc82b3f nginx 0.1.14
Igor Sysoev <http://sysoev.ru>
parents: 0
diff changeset
108
7ca9bdc82b3f nginx 0.1.14
Igor Sysoev <http://sysoev.ru>
parents: 0
diff changeset
109 static char *ngx_http_ssl_init_main_conf(ngx_conf_t *cf, void *conf)
7ca9bdc82b3f nginx 0.1.14
Igor Sysoev <http://sysoev.ru>
parents: 0
diff changeset
110 {
7ca9bdc82b3f nginx 0.1.14
Igor Sysoev <http://sysoev.ru>
parents: 0
diff changeset
111 ngx_http_ssl_main_conf_t *mcf = conf;
7ca9bdc82b3f nginx 0.1.14
Igor Sysoev <http://sysoev.ru>
parents: 0
diff changeset
112
7ca9bdc82b3f nginx 0.1.14
Igor Sysoev <http://sysoev.ru>
parents: 0
diff changeset
113 ENGINE *engine;
7ca9bdc82b3f nginx 0.1.14
Igor Sysoev <http://sysoev.ru>
parents: 0
diff changeset
114
7ca9bdc82b3f nginx 0.1.14
Igor Sysoev <http://sysoev.ru>
parents: 0
diff changeset
115 if (mcf->engine.len == 0) {
7ca9bdc82b3f nginx 0.1.14
Igor Sysoev <http://sysoev.ru>
parents: 0
diff changeset
116 return NGX_CONF_OK;
7ca9bdc82b3f nginx 0.1.14
Igor Sysoev <http://sysoev.ru>
parents: 0
diff changeset
117 }
7ca9bdc82b3f nginx 0.1.14
Igor Sysoev <http://sysoev.ru>
parents: 0
diff changeset
118
7ca9bdc82b3f nginx 0.1.14
Igor Sysoev <http://sysoev.ru>
parents: 0
diff changeset
119 engine = ENGINE_by_id((const char *) mcf->engine.data);
7ca9bdc82b3f nginx 0.1.14
Igor Sysoev <http://sysoev.ru>
parents: 0
diff changeset
120
7ca9bdc82b3f nginx 0.1.14
Igor Sysoev <http://sysoev.ru>
parents: 0
diff changeset
121 if (engine == NULL) {
7ca9bdc82b3f nginx 0.1.14
Igor Sysoev <http://sysoev.ru>
parents: 0
diff changeset
122 ngx_ssl_error(NGX_LOG_WARN, cf->log, 0,
7ca9bdc82b3f nginx 0.1.14
Igor Sysoev <http://sysoev.ru>
parents: 0
diff changeset
123 "ENGINE_by_id(\"%V\") failed", &mcf->engine);
7ca9bdc82b3f nginx 0.1.14
Igor Sysoev <http://sysoev.ru>
parents: 0
diff changeset
124 return NGX_CONF_ERROR;
7ca9bdc82b3f nginx 0.1.14
Igor Sysoev <http://sysoev.ru>
parents: 0
diff changeset
125 }
7ca9bdc82b3f nginx 0.1.14
Igor Sysoev <http://sysoev.ru>
parents: 0
diff changeset
126
7ca9bdc82b3f nginx 0.1.14
Igor Sysoev <http://sysoev.ru>
parents: 0
diff changeset
127 if (ENGINE_set_default(engine, ENGINE_METHOD_ALL) == 0) {
7ca9bdc82b3f nginx 0.1.14
Igor Sysoev <http://sysoev.ru>
parents: 0
diff changeset
128 ngx_ssl_error(NGX_LOG_WARN, cf->log, 0,
7ca9bdc82b3f nginx 0.1.14
Igor Sysoev <http://sysoev.ru>
parents: 0
diff changeset
129 "ENGINE_set_default(\"%V\", ENGINE_METHOD_ALL) failed",
7ca9bdc82b3f nginx 0.1.14
Igor Sysoev <http://sysoev.ru>
parents: 0
diff changeset
130 &mcf->engine);
7ca9bdc82b3f nginx 0.1.14
Igor Sysoev <http://sysoev.ru>
parents: 0
diff changeset
131 return NGX_CONF_ERROR;
7ca9bdc82b3f nginx 0.1.14
Igor Sysoev <http://sysoev.ru>
parents: 0
diff changeset
132 }
7ca9bdc82b3f nginx 0.1.14
Igor Sysoev <http://sysoev.ru>
parents: 0
diff changeset
133
7ca9bdc82b3f nginx 0.1.14
Igor Sysoev <http://sysoev.ru>
parents: 0
diff changeset
134 ENGINE_free(engine);
7ca9bdc82b3f nginx 0.1.14
Igor Sysoev <http://sysoev.ru>
parents: 0
diff changeset
135
7ca9bdc82b3f nginx 0.1.14
Igor Sysoev <http://sysoev.ru>
parents: 0
diff changeset
136 return NGX_CONF_OK;
7ca9bdc82b3f nginx 0.1.14
Igor Sysoev <http://sysoev.ru>
parents: 0
diff changeset
137 }
7ca9bdc82b3f nginx 0.1.14
Igor Sysoev <http://sysoev.ru>
parents: 0
diff changeset
138
7ca9bdc82b3f nginx 0.1.14
Igor Sysoev <http://sysoev.ru>
parents: 0
diff changeset
139
0
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
140 static void *ngx_http_ssl_create_srv_conf(ngx_conf_t *cf)
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
141 {
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
142 ngx_http_ssl_srv_conf_t *scf;
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
143
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
144 if (!(scf = ngx_pcalloc(cf->pool, sizeof(ngx_http_ssl_srv_conf_t)))) {
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
145 return NGX_CONF_ERROR;
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
146 }
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
147
28
7ca9bdc82b3f nginx 0.1.14
Igor Sysoev <http://sysoev.ru>
parents: 0
diff changeset
148 /*
7ca9bdc82b3f nginx 0.1.14
Igor Sysoev <http://sysoev.ru>
parents: 0
diff changeset
149 * set by ngx_pcalloc():
7ca9bdc82b3f nginx 0.1.14
Igor Sysoev <http://sysoev.ru>
parents: 0
diff changeset
150 *
7ca9bdc82b3f nginx 0.1.14
Igor Sysoev <http://sysoev.ru>
parents: 0
diff changeset
151 * scf->certificate.len = 0;
7ca9bdc82b3f nginx 0.1.14
Igor Sysoev <http://sysoev.ru>
parents: 0
diff changeset
152 * scf->certificate.data = NULL;
7ca9bdc82b3f nginx 0.1.14
Igor Sysoev <http://sysoev.ru>
parents: 0
diff changeset
153 * scf->certificate_key.len = 0;
7ca9bdc82b3f nginx 0.1.14
Igor Sysoev <http://sysoev.ru>
parents: 0
diff changeset
154 * scf->certificate_key.data = NULL;
7ca9bdc82b3f nginx 0.1.14
Igor Sysoev <http://sysoev.ru>
parents: 0
diff changeset
155 * scf->ciphers.len = 0;
7ca9bdc82b3f nginx 0.1.14
Igor Sysoev <http://sysoev.ru>
parents: 0
diff changeset
156 * scf->ciphers.data = NULL;
7ca9bdc82b3f nginx 0.1.14
Igor Sysoev <http://sysoev.ru>
parents: 0
diff changeset
157 */
7ca9bdc82b3f nginx 0.1.14
Igor Sysoev <http://sysoev.ru>
parents: 0
diff changeset
158
0
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
159 scf->enable = NGX_CONF_UNSET;
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
160
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
161 return scf;
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
162 }
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
163
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
164
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
165 static char *ngx_http_ssl_merge_srv_conf(ngx_conf_t *cf,
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
166 void *parent, void *child)
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
167 {
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
168 ngx_http_ssl_srv_conf_t *prev = parent;
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
169 ngx_http_ssl_srv_conf_t *conf = child;
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
170
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
171 ngx_conf_merge_value(conf->enable, prev->enable, 0);
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
172
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
173 if (conf->enable == 0) {
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
174 return NGX_CONF_OK;
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
175 }
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
176
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
177 ngx_conf_merge_str_value(conf->certificate, prev->certificate,
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
178 NGX_DEFLAUT_CERTIFICATE);
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
179
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
180 ngx_conf_merge_str_value(conf->certificate_key, prev->certificate_key,
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
181 NGX_DEFLAUT_CERTIFICATE_KEY);
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
182
28
7ca9bdc82b3f nginx 0.1.14
Igor Sysoev <http://sysoev.ru>
parents: 0
diff changeset
183 ngx_conf_merge_str_value(conf->ciphers, prev->ciphers, "");
7ca9bdc82b3f nginx 0.1.14
Igor Sysoev <http://sysoev.ru>
parents: 0
diff changeset
184
7ca9bdc82b3f nginx 0.1.14
Igor Sysoev <http://sysoev.ru>
parents: 0
diff changeset
185
0
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
186 /* TODO: configure methods */
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
187
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
188 conf->ssl_ctx = SSL_CTX_new(SSLv23_server_method());
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
189
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
190 if (conf->ssl_ctx == NULL) {
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
191 ngx_ssl_error(NGX_LOG_EMERG, cf->log, 0, "SSL_CTX_new() failed");
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
192 return NGX_CONF_ERROR;
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
193 }
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
194
28
7ca9bdc82b3f nginx 0.1.14
Igor Sysoev <http://sysoev.ru>
parents: 0
diff changeset
195 if (conf->ciphers.len) {
7ca9bdc82b3f nginx 0.1.14
Igor Sysoev <http://sysoev.ru>
parents: 0
diff changeset
196 if (SSL_CTX_set_cipher_list(conf->ssl_ctx,
7ca9bdc82b3f nginx 0.1.14
Igor Sysoev <http://sysoev.ru>
parents: 0
diff changeset
197 (const char *) conf->ciphers.data) == 0)
7ca9bdc82b3f nginx 0.1.14
Igor Sysoev <http://sysoev.ru>
parents: 0
diff changeset
198 {
7ca9bdc82b3f nginx 0.1.14
Igor Sysoev <http://sysoev.ru>
parents: 0
diff changeset
199 ngx_ssl_error(NGX_LOG_EMERG, cf->log, 0,
7ca9bdc82b3f nginx 0.1.14
Igor Sysoev <http://sysoev.ru>
parents: 0
diff changeset
200 "SSL_CTX_set_cipher_list(\"%V\") failed",
7ca9bdc82b3f nginx 0.1.14
Igor Sysoev <http://sysoev.ru>
parents: 0
diff changeset
201 &conf->ciphers);
7ca9bdc82b3f nginx 0.1.14
Igor Sysoev <http://sysoev.ru>
parents: 0
diff changeset
202 }
7ca9bdc82b3f nginx 0.1.14
Igor Sysoev <http://sysoev.ru>
parents: 0
diff changeset
203 }
7ca9bdc82b3f nginx 0.1.14
Igor Sysoev <http://sysoev.ru>
parents: 0
diff changeset
204
0
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
205 if (SSL_CTX_use_certificate_file(conf->ssl_ctx,
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
206 (char *) conf->certificate.data,
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
207 SSL_FILETYPE_PEM) == 0) {
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
208 ngx_ssl_error(NGX_LOG_EMERG, cf->log, 0,
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
209 "SSL_CTX_use_certificate_file(\"%s\") failed",
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
210 conf->certificate.data);
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
211 return NGX_CONF_ERROR;
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
212 }
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
213
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
214 if (SSL_CTX_use_PrivateKey_file(conf->ssl_ctx,
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
215 (char *) conf->certificate_key.data,
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
216 SSL_FILETYPE_PEM) == 0) {
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
217 ngx_ssl_error(NGX_LOG_EMERG, cf->log, 0,
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
218 "SSL_CTX_use_PrivateKey_file(\"%s\") failed",
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
219 conf->certificate_key.data);
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
220 return NGX_CONF_ERROR;
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
221 }
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
222
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
223 return NGX_CONF_OK;
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
224 }
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
225
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
226
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
227 #if 0
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
228
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
229 static ngx_int_t ngx_http_ssl_init_process(ngx_cycle_t *cycle)
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
230 {
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
231 ngx_uint_t i;
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
232 ngx_http_ssl_srv_conf_t *sscf;
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
233 ngx_http_core_srv_conf_t **cscfp;
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
234 ngx_http_core_main_conf_t *cmcf;
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
235
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
236 cmcf = ngx_http_cycle_get_module_main_conf(cycle, ngx_http_core_module);
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
237
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
238 cscfp = cmcf->servers.elts;
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
239
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
240 for (i = 0; i < cmcf->servers.nelts; i++) {
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
241 sscf = cscfp[i]->ctx->srv_conf[ngx_http_ssl_module.ctx_index];
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
242
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
243 if (sscf->enable) {
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
244 cscfp[i]->recv = ngx_ssl_recv;
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
245 cscfp[i]->send_chain = ngx_ssl_send_chain;
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
246 }
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
247 }
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
248
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
249 return NGX_OK;
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
250 }
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
251
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
252 #endif