nginx-vendor-current: src/http/modules/ngx_http_ssl

comparison src/http/modules/ngx_http_ssl_module.c @ 28:7ca9bdc82b3f NGINX_0_1_14

nginx 0.1.14 *) Feature: the autoconfiguration directives: --http-client-body-temp-path=PATH, --http-proxy-temp-path=PATH, and --http-fastcgi-temp-path=PATH *) Change: the directory name for the temporary files with the client request body is specified by directive client_body_temp_path, by default it is <prefix>/client_body_temp. *) Feature: the ngx_http_fastcgi_module and the directives: fastcgi_pass, fastcgi_root, fastcgi_index, fastcgi_params, fastcgi_connect_timeout, fastcgi_send_timeout, fastcgi_read_timeout, fastcgi_send_lowat, fastcgi_header_buffer_size, fastcgi_buffers, fastcgi_busy_buffers_size, fastcgi_temp_path, fastcgi_max_temp_file_size, fastcgi_temp_file_write_size, fastcgi_next_upstream, and fastcgi_x_powered_by. *) Bugfix: the "[alert] zero size buf" error; bug appeared in 0.1.3. *) Change: the URI must be specified after the host name in the proxy_pass directive. *) Change: the %3F symbol in the URI was considered as the argument string start. *) Feature: the unix domain sockets support in the ngx_http_proxy_module. *) Feature: the ssl_engine and ssl_ciphers directives. Thanks to Sergey Skvortsov for SSL-accelerator.

author	Igor Sysoev <http://sysoev.ru>
date	Tue, 18 Jan 2005 00:00:00 +0300
parents	f0b350454894
children	aab2ea7c0458

comparison

equal deleted inserted replaced

-:66901c2556fd
+:7ca9bdc82b3f
 #include <ngx_config.h>
 #include <ngx_core.h>
 #include <ngx_http.h>
+#include <openssl/engine.h>
 #define NGX_DEFLAUT_CERTIFICATE      "cert.pem"
 #define NGX_DEFLAUT_CERTIFICATE_KEY  "cert.pem"
+static void *ngx_http_ssl_create_main_conf(ngx_conf_t *cf);
+static char *ngx_http_ssl_init_main_conf(ngx_conf_t *cf, void *conf);
 static void *ngx_http_ssl_create_srv_conf(ngx_conf_t *cf);
 static char *ngx_http_ssl_merge_srv_conf(ngx_conf_t *cf,
 void *parent, void *child);
 static ngx_command_t  ngx_http_ssl_commands[] = {
+{ ngx_string("ssl_engine"),
+NGX_HTTP_MAIN_CONF|NGX_CONF_TAKE1,
+ngx_conf_set_str_slot,
+NGX_HTTP_MAIN_CONF_OFFSET,
+offsetof(ngx_http_ssl_main_conf_t, engine),
+NULL },
 { ngx_string("ssl"),
 NGX_HTTP_SRV_CONF|NGX_CONF_FLAG,
 ngx_conf_set_flag_slot,
 NGX_HTTP_SRV_CONF_OFFSET,
 offsetof(ngx_http_ssl_srv_conf_t, enable),
 ngx_conf_set_str_slot,
 NGX_HTTP_SRV_CONF_OFFSET,
 offsetof(ngx_http_ssl_srv_conf_t, certificate_key),
 NULL },
+{ ngx_string("ssl_ciphers"),
+NGX_HTTP_SRV_CONF|NGX_CONF_TAKE1,
+ngx_conf_set_str_slot,
+NGX_HTTP_SRV_CONF_OFFSET,
+offsetof(ngx_http_ssl_srv_conf_t, ciphers),
+NULL },
 ngx_null_command
 };
 static ngx_http_module_t  ngx_http_ssl_module_ctx = {
 NULL,                                  /* pre conf */
-NULL,                                  /* create main configuration */
+ngx_http_ssl_create_main_conf,         /* create main configuration */
-NULL,                                  /* init main configuration */
+ngx_http_ssl_init_main_conf,           /* init main configuration */
 ngx_http_ssl_create_srv_conf,          /* create server configuration */
 ngx_http_ssl_merge_srv_conf,           /* merge server configuration */
 NULL,                                  /* create location configuration */
 NULL,                                  /* init module */
 NULL                                   /* init process */
 };
+static void *ngx_http_ssl_create_main_conf(ngx_conf_t *cf)
+{
+ngx_http_ssl_main_conf_t  *mcf;
+if (!(mcf = ngx_pcalloc(cf->pool, sizeof(ngx_http_ssl_main_conf_t)))) {
+return NGX_CONF_ERROR;
+}
+/*
+* set by ngx_pcalloc():
+*
+*     mcf->engine.len = 0;
+*     mcf->engine.data = NULL;
+*/
+return mcf;
+}
+static char *ngx_http_ssl_init_main_conf(ngx_conf_t *cf, void *conf)
+{
+ngx_http_ssl_main_conf_t *mcf = conf;
+ENGINE  *engine;
+if (mcf->engine.len == 0) {
+return NGX_CONF_OK;
+}
+engine = ENGINE_by_id((const char *) mcf->engine.data);
+if (engine == NULL) {
+ngx_ssl_error(NGX_LOG_WARN, cf->log, 0,
+"ENGINE_by_id(\"%V\") failed", &mcf->engine);
+return NGX_CONF_ERROR;
+}
+if (ENGINE_set_default(engine, ENGINE_METHOD_ALL) == 0) {
+ngx_ssl_error(NGX_LOG_WARN, cf->log, 0,
+"ENGINE_set_default(\"%V\", ENGINE_METHOD_ALL) failed",
+&mcf->engine);
+return NGX_CONF_ERROR;
+}
+ENGINE_free(engine);
+return NGX_CONF_OK;
+}
 static void *ngx_http_ssl_create_srv_conf(ngx_conf_t *cf)
 {
 ngx_http_ssl_srv_conf_t  *scf;
 if (!(scf = ngx_pcalloc(cf->pool, sizeof(ngx_http_ssl_srv_conf_t)))) {
 return NGX_CONF_ERROR;
 }
+/*
+* set by ngx_pcalloc():
+*
+*     scf->certificate.len = 0;
+*     scf->certificate.data = NULL;
+*     scf->certificate_key.len = 0;
+*     scf->certificate_key.data = NULL;
+*     scf->ciphers.len = 0;
+*     scf->ciphers.data = NULL;
+*/
 scf->enable = NGX_CONF_UNSET;
 return scf;
 }
 NGX_DEFLAUT_CERTIFICATE);
 ngx_conf_merge_str_value(conf->certificate_key, prev->certificate_key,
 NGX_DEFLAUT_CERTIFICATE_KEY);
+ngx_conf_merge_str_value(conf->ciphers, prev->ciphers, "");
 /* TODO: configure methods */
 conf->ssl_ctx = SSL_CTX_new(SSLv23_server_method());
 if (conf->ssl_ctx == NULL) {
 ngx_ssl_error(NGX_LOG_EMERG, cf->log, 0, "SSL_CTX_new() failed");
 return NGX_CONF_ERROR;
+}
+if (conf->ciphers.len) {
+if (SSL_CTX_set_cipher_list(conf->ssl_ctx,
+(const char *) conf->ciphers.data) == 0)
+{
+ngx_ssl_error(NGX_LOG_EMERG, cf->log, 0,
+"SSL_CTX_set_cipher_list(\"%V\") failed",
+&conf->ciphers);
+}
 }
 if (SSL_CTX_use_certificate_file(conf->ssl_ctx,
 (char *) conf->certificate.data,
 SSL_FILETYPE_PEM) == 0) {

Mercurial > hg > nginx-vendor-current

comparison src/http/modules/ngx_http_ssl_module.c @ 28:7ca9bdc82b3f NGINX_0_1_14