nginx-vendor-current: src/http/modules/ngx_http_ssl

comparison src/http/modules/ngx_http_ssl_module.c @ 272:29a6403156b0 NGINX_0_5_6

nginx 0.5.6 *) Change: now the ngx_http_index_module ignores all methods except the GET, HEAD, and POST methods. *) Feature: the ngx_http_limit_zone_module. *) Feature: the $binary_remote_addr variable. *) Feature: the "ssl_session_cache" directives of the ngx_http_ssl_module and ngx_imap_ssl_module. *) Feature: the DELETE method supports recursive removal. *) Bugfix: the byte-ranges were transferred incorrectly if the $r->sendfile() was used.

author	Igor Sysoev <http://sysoev.ru>
date	Tue, 09 Jan 2007 00:00:00 +0300
parents	559bc7ec214e
children	55328d69b335

comparison

equal deleted inserted replaced

-:fcbee7dacf2b
+:29a6403156b0
 static ngx_int_t ngx_http_ssl_add_variables(ngx_conf_t *cf);
 static void *ngx_http_ssl_create_srv_conf(ngx_conf_t *cf);
 static char *ngx_http_ssl_merge_srv_conf(ngx_conf_t *cf,
 void *parent, void *child);
+static char *ngx_http_ssl_session_cache(ngx_conf_t *cf, ngx_command_t *cmd,
+void *conf);
 #if !defined (SSL_OP_CIPHER_SERVER_PREFERENCE)
 static char *ngx_http_ssl_nosupported(ngx_conf_t *cf, ngx_command_t *cmd,
 void *conf);
 offsetof(ngx_http_ssl_srv_conf_t, prefer_server_ciphers),
 NULL },
 #else
 ngx_http_ssl_nosupported, 0, 0, ngx_http_ssl_openssl097 },
 #endif
+{ ngx_string("ssl_session_cache"),
+NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_TAKE12,
+ngx_http_ssl_session_cache,
+NGX_HTTP_SRV_CONF_OFFSET,
+0,
+NULL },
 { ngx_string("ssl_session_timeout"),
 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_TAKE1,
 ngx_conf_set_sec_slot,
 NGX_HTTP_SRV_CONF_OFFSET,
 { ngx_null_string, NULL, NULL, 0, 0, 0 }
 };
-static u_char ngx_http_session_id_ctx[] = "HTTP";
+static ngx_str_t ngx_http_ssl_sess_id_ctx = ngx_string("HTTP");
 static ngx_int_t
 ngx_http_ssl_static_variable(ngx_http_request_t *r,
 ngx_http_variable_value_t *v, uintptr_t data)
 static void *
 ngx_http_ssl_create_srv_conf(ngx_conf_t *cf)
 {
-ngx_http_ssl_srv_conf_t  *scf;
+ngx_http_ssl_srv_conf_t  *sscf;
-scf = ngx_pcalloc(cf->pool, sizeof(ngx_http_ssl_srv_conf_t));
+sscf = ngx_pcalloc(cf->pool, sizeof(ngx_http_ssl_srv_conf_t));
-if (scf == NULL) {
+if (sscf == NULL) {
 return NGX_CONF_ERROR;
 }
 /*
 * set by ngx_pcalloc():
 *
-*     scf->protocols = 0;
+*     sscf->protocols = 0;
+*     sscf->certificate.len = 0;
-*     scf->certificate.len = 0;
+*     sscf->certificate.data = NULL;
-*     scf->certificate.data = NULL;
+*     sscf->certificate_key.len = 0;
-*     scf->certificate_key.len = 0;
+*     sscf->certificate_key.data = NULL;
-*     scf->certificate_key.data = NULL;
+*     sscf->client_certificate.len = 0;
-*     scf->client_certificate.len = 0;
+*     sscf->client_certificate.data = NULL;
-*     scf->client_certificate.data = NULL;
+*     sscf->ciphers.len = 0;
-*     scf->ciphers.len = 0;
+*     sscf->ciphers.data = NULL;
-*     scf->ciphers.data = NULL;
+*     sscf->shm_zone = NULL;
 */
-scf->enable = NGX_CONF_UNSET;
+sscf->enable = NGX_CONF_UNSET;
-scf->session_timeout = NGX_CONF_UNSET;
+sscf->verify = NGX_CONF_UNSET;
-scf->verify = NGX_CONF_UNSET;
+sscf->verify_depth = NGX_CONF_UNSET;
-scf->verify_depth = NGX_CONF_UNSET;
+sscf->prefer_server_ciphers = NGX_CONF_UNSET;
-scf->prefer_server_ciphers = NGX_CONF_UNSET;
+sscf->builtin_session_cache = NGX_CONF_UNSET;
+sscf->session_timeout = NGX_CONF_UNSET;
-return scf;
+return sscf;
 }
 static char *
 ngx_http_ssl_merge_srv_conf(ngx_conf_t *cf, void *parent, void *child)
 ngx_conf_merge_str_value(conf->ciphers, prev->ciphers, NGX_DEFLAUT_CIPHERS);
 conf->ssl.log = cf->log;
-if (ngx_ssl_create(&conf->ssl, conf->protocols) != NGX_OK) {
+if (ngx_ssl_create(&conf->ssl, conf->protocols, conf) != NGX_OK) {
 return NGX_CONF_ERROR;
 }
 cln = ngx_pool_cleanup_add(cf->pool, 0);
 if (cln == NULL) {
 cln->handler = ngx_ssl_cleanup_ctx;
 cln->data = &conf->ssl;
 if (ngx_ssl_certificate(cf, &conf->ssl, &conf->certificate,
-&conf->certificate_key) != NGX_OK)
+&conf->certificate_key)
+!= NGX_OK)
 {
 return NGX_CONF_ERROR;
 }
 if (SSL_CTX_set_cipher_list(conf->ssl.ctx,
 &conf->ciphers);
 }
 if (conf->verify) {
 if (ngx_ssl_client_certificate(cf, &conf->ssl,
-&conf->client_certificate, conf->verify_depth)
+&conf->client_certificate,
+conf->verify_depth)
 != NGX_OK)
 {
 return NGX_CONF_ERROR;
 }
 }
 /* a temporary 512-bit RSA key is required for export versions of MSIE */
 if (ngx_ssl_generate_rsa512_key(&conf->ssl) != NGX_OK) {
 return NGX_CONF_ERROR;
 }
-SSL_CTX_set_session_cache_mode(conf->ssl.ctx, SSL_SESS_CACHE_SERVER);
+ngx_conf_merge_value(conf->builtin_session_cache,
+prev->builtin_session_cache,
-SSL_CTX_set_session_id_context(conf->ssl.ctx, ngx_http_session_id_ctx,
+NGX_SSL_DFLT_BUILTIN_SCACHE);
-sizeof(ngx_http_session_id_ctx) - 1);
+if (conf->shm_zone == NULL) {
-SSL_CTX_set_timeout(conf->ssl.ctx, conf->session_timeout);
+conf->shm_zone = prev->shm_zone;
+}
+if (ngx_ssl_session_cache(&conf->ssl, &ngx_http_ssl_sess_id_ctx,
+conf->builtin_session_cache,
+conf->shm_zone, conf->session_timeout)
+!= NGX_OK)
+{
+return NGX_CONF_ERROR;
+}
 return NGX_CONF_OK;
+}
+static char *
+ngx_http_ssl_session_cache(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
+{
+ngx_http_ssl_srv_conf_t *sscf = conf;
+size_t       len;
+ngx_str_t   *value, name, size;
+ngx_int_t    n;
+ngx_uint_t   i, j;
+value = cf->args->elts;
+for (i = 1; i < cf->args->nelts; i++) {
+if (ngx_strcmp(value[i].data, "builtin") == 0) {
+sscf->builtin_session_cache = NGX_SSL_DFLT_BUILTIN_SCACHE;
+continue;
+}
+if (value[i].len > sizeof("builtin:") - 1
+&& ngx_strncmp(value[i].data, "builtin:", sizeof("builtin:") - 1)
+== 0)
+{
+n = ngx_atoi(value[i].data + sizeof("builtin:") - 1,
+value[i].len - (sizeof("builtin:") - 1));
+if (n == NGX_ERROR) {
+goto invalid;
+}
+sscf->builtin_session_cache = n;
+continue;
+}
+if (value[i].len > sizeof("shared:") - 1
+&& ngx_strncmp(value[i].data, "shared:", sizeof("shared:") - 1)
+== 0)
+{
+len = 0;
+for (j = sizeof("shared:") - 1; j < value[i].len; j++) {
+if (value[i].data[j] == ':') {
+break;
+}
+len++;
+}
+if (len == 0) {
+goto invalid;
+}
+name.len = len;
+name.data = value[i].data + sizeof("shared:") - 1;
+size.len = value[i].len - j - 1;
+size.data = name.data + len + 1;
+n = ngx_parse_size(&size);
+if (n == NGX_ERROR) {
+goto invalid;
+}
+if (n < (ngx_int_t) (8 * ngx_pagesize)) {
+ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
+"session cache \"%V\" is too small",
+&value[i]);
+return NGX_CONF_ERROR;
+}
+sscf->shm_zone = ngx_shared_memory_add(cf, &name, n,
+&ngx_http_ssl_module);
+if (sscf->shm_zone == NULL) {
+return NGX_CONF_ERROR;
+}
+continue;
+}
+goto invalid;
+}
+if (sscf->shm_zone && sscf->builtin_session_cache == NGX_CONF_UNSET) {
+sscf->builtin_session_cache = NGX_SSL_NO_BUILTIN_SCACHE;
+}
+return NGX_CONF_OK;
+invalid:
+ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
+"invalid session cache \"%V\"", &value[i]);
+return NGX_CONF_ERROR;
 }
 #if !defined (SSL_OP_CIPHER_SERVER_PREFERENCE)

Mercurial > hg > nginx-vendor-current

comparison src/http/modules/ngx_http_ssl_module.c @ 272:29a6403156b0 NGINX_0_5_6