Mercurial > hg > nginx-vendor-current

comparison src/event/ngx_event_openssl.c @ 112:408f195b3482 NGINX_0_3_3

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
nginx 0.3.3 *) Change: the "bl" and "af" parameters of the "listen" directive was renamed to the "backlog" and "accept_filter". *) Feature: the "rcvbuf" and "sndbuf" parameters of the "listen" directive. *) Change: the "$msec" log parameter does not require now the additional the gettimeofday() system call. *) Feature: the -t switch now tests the "listen" directives. *) Bugfix: if the invalid address was specified in the "listen" directive, then after the -HUP signal nginx left an open socket in the CLOSED state. *) Bugfix: the mime type may be incorrectly set to default value for index file with variable in the name; bug appeared in 0.3.0. *) Feature: the "timer_resolution" directive. *) Feature: the millisecond "$upstream_response_time" log parameter. *) Bugfix: a temporary file with client request body now is removed just after the response header was transferred to a client. *) Bugfix: OpenSSL 0.9.6 compatibility. *) Bugfix: the SSL certificate and key file paths could not be relative. *) Bugfix: the "ssl_prefer_server_ciphers" directive did not work in the ngx_imap_ssl_module. *) Bugfix: the "ssl_protocols" directive allowed to specify the single protocol only.
author Igor Sysoev <http://sysoev.ru>
date Wed, 19 Oct 2005 00:00:00 +0400
parents cf3d6edb3ad6
children e85dca77c46a
comparison
equal deleted inserted replaced
111:a175b609c76d 112:408f195b3482
103 if (ssl->ctx == NULL) { 103 if (ssl->ctx == NULL) {
104 ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0, "SSL_CTX_new() failed"); 104 ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0, "SSL_CTX_new() failed");
105 return NGX_ERROR; 105 return NGX_ERROR;
106 } 106 }
107 107
108 SSL_CTX_set_options(ssl->ctx, SSL_OP_ALL); 108 /*
109 * these options are needed on client side only:
110 * SSL_OP_MICROSOFT_SESS_ID_BUG
111 * SSL_OP_NETSCAPE_CHALLENGE_BUG
112 * SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG
113 */
114
115 SSL_CTX_set_options(ssl->ctx, SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG);
116 SSL_CTX_set_options(ssl->ctx, SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER);
117
118 /* this option allow a potential SSL 2.0 rollback (CAN-2005-2969) */
119 SSL_CTX_set_options(ssl->ctx, SSL_OP_MSIE_SSLV2_RSA_PADDING);
120
121 SSL_CTX_set_options(ssl->ctx, SSL_OP_SSLEAY_080_CLIENT_DH_BUG);
122 SSL_CTX_set_options(ssl->ctx, SSL_OP_TLS_D5_BUG);
123 SSL_CTX_set_options(ssl->ctx, SSL_OP_TLS_BLOCK_PADDING_BUG);
124
125 #ifdef SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS
126 SSL_CTX_set_options(ssl->ctx, SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS);
127 #endif
128
109 129
110 if (ngx_ssl_protocols[protocols >> 1] != 0) { 130 if (ngx_ssl_protocols[protocols >> 1] != 0) {
111 SSL_CTX_set_options(ssl->ctx, ngx_ssl_protocols[protocols >> 1]); 131 SSL_CTX_set_options(ssl->ctx, ngx_ssl_protocols[protocols >> 1]);
112 } 132 }
113 133
118 return NGX_OK; 138 return NGX_OK;
119 } 139 }
120 140
121 141
122 ngx_int_t 142 ngx_int_t
123 ngx_ssl_certificate(ngx_ssl_t *ssl, u_char *cert, u_char *key) 143 ngx_ssl_certificate(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *cert,
124 { 144 ngx_str_t *key)
125 if (SSL_CTX_use_certificate_chain_file(ssl->ctx, (char *) cert) == 0) { 145 {
126 ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0, 146 if (ngx_conf_full_name(cf->cycle, cert) == NGX_ERROR) {
127 "SSL_CTX_use_certificate_chain_file(\"%s\") failed", 147 return NGX_ERROR;
128 cert); 148 }
129 return NGX_ERROR; 149
130 } 150 if (SSL_CTX_use_certificate_chain_file(ssl->ctx, (char *) cert->data)
131
132 if (SSL_CTX_use_PrivateKey_file(ssl->ctx, (char *) key, SSL_FILETYPE_PEM)
133 == 0) 151 == 0)
134 { 152 {
135 ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0, 153 ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0,
136 "SSL_CTX_use_PrivateKey_file(\"%s\") failed", key); 154 "SSL_CTX_use_certificate_chain_file(\"%s\") failed",
155 cert->data);
156 return NGX_ERROR;
157 }
158
159 if (ngx_conf_full_name(cf->cycle, key) == NGX_ERROR) {
160 return NGX_ERROR;
161 }
162
163 if (SSL_CTX_use_PrivateKey_file(ssl->ctx, (char *) key->data,
164 SSL_FILETYPE_PEM) == 0)
165 {
166 ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0,
167 "SSL_CTX_use_PrivateKey_file(\"%s\") failed", key->data);
137 return NGX_ERROR; 168 return NGX_ERROR;
138 } 169 }
139 170
140 return NGX_OK; 171 return NGX_OK;
141 } 172 }
400 431
401 if (ngx_handle_write_event(c->write, 0) == NGX_ERROR) { 432 if (ngx_handle_write_event(c->write, 0) == NGX_ERROR) {
402 return NGX_ERROR; 433 return NGX_ERROR;
403 } 434 }
404 435
405 if (ngx_mutex_lock(ngx_posted_events_mutex) == NGX_ERROR) { 436 ngx_post_event(c->write, &ngx_posted_events);
406 return NGX_ERROR;
407 }
408
409 ngx_post_event(c->write);
410
411 ngx_mutex_unlock(ngx_posted_events_mutex);
412 } 437 }
413 438
414 return NGX_OK; 439 return NGX_OK;
415 } 440 }
416 441
630 655
631 if (ngx_handle_read_event(c->read, 0) == NGX_ERROR) { 656 if (ngx_handle_read_event(c->read, 0) == NGX_ERROR) {
632 return NGX_ERROR; 657 return NGX_ERROR;
633 } 658 }
634 659
635 if (ngx_mutex_lock(ngx_posted_events_mutex) == NGX_ERROR) { 660 ngx_post_event(c->read, &ngx_posted_events);
636 return NGX_ERROR;
637 }
638
639 ngx_post_event(c->read);
640
641 ngx_mutex_unlock(ngx_posted_events_mutex);
642 } 661 }
643 662
644 return n; 663 return n;
645 } 664 }
646 665
923 942
924 static char * 943 static char *
925 ngx_openssl_noengine(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) 944 ngx_openssl_noengine(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
926 { 945 {
927 ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, 946 ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
928 "\"ssl_engine\" is not supported: " NGX_SSL_NAME 947 "\"ssl_engine\" directive is available only in "
929 " library does not support crypto accelerators"); 948 "OpenSSL 0.9.7 and higher,");
930 949
931 return NGX_CONF_ERROR; 950 return NGX_CONF_ERROR;
932 } 951 }
933 952
934 #endif 953 #endif