Mercurial > hg > nginx-vendor-current
comparison src/http/modules/ngx_http_ssl_module.c @ 380:bc21d9cd9c54 NGINX_0_7_2
nginx 0.7.2
*) Feature: now nginx supports EDH key exchange ciphers.
*) Feature: the "ssl_dhparam" directive.
*) Feature: the $ssl_client_cert variable.
Thanks to Manlio Perillo.
*) Bugfix: after changing URI via a "rewrite" directive nginx did not
search a new location; bug appeared in 0.7.1.
Thanks to Maxim Dounin.
*) Bugfix: nginx could not be built without PCRE library; bug appeared
in 0.7.1.
*) Bugfix: when a request to a directory was redirected with the slash
added, nginx dropped a query string from the original request.
author | Igor Sysoev <http://sysoev.ru> |
---|---|
date | Mon, 16 Jun 2008 00:00:00 +0400 |
parents | 820f6378fc00 |
children | 0b6053502c55 |
comparison
equal
deleted
inserted
replaced
379:9d9dad60269f | 380:bc21d9cd9c54 |
---|---|
68 { ngx_string("ssl_certificate_key"), | 68 { ngx_string("ssl_certificate_key"), |
69 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_TAKE1, | 69 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_TAKE1, |
70 ngx_conf_set_str_slot, | 70 ngx_conf_set_str_slot, |
71 NGX_HTTP_SRV_CONF_OFFSET, | 71 NGX_HTTP_SRV_CONF_OFFSET, |
72 offsetof(ngx_http_ssl_srv_conf_t, certificate_key), | 72 offsetof(ngx_http_ssl_srv_conf_t, certificate_key), |
73 NULL }, | |
74 | |
75 { ngx_string("ssl_dhparam"), | |
76 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_TAKE1, | |
77 ngx_conf_set_str_slot, | |
78 NGX_HTTP_SRV_CONF_OFFSET, | |
79 offsetof(ngx_http_ssl_srv_conf_t, dhparam), | |
73 NULL }, | 80 NULL }, |
74 | 81 |
75 { ngx_string("ssl_protocols"), | 82 { ngx_string("ssl_protocols"), |
76 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_1MORE, | 83 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_1MORE, |
77 ngx_conf_set_bitmask_slot, | 84 ngx_conf_set_bitmask_slot, |
173 (uintptr_t) ngx_ssl_get_protocol, NGX_HTTP_VAR_CHANGEABLE, 0 }, | 180 (uintptr_t) ngx_ssl_get_protocol, NGX_HTTP_VAR_CHANGEABLE, 0 }, |
174 | 181 |
175 { ngx_string("ssl_cipher"), NULL, ngx_http_ssl_static_variable, | 182 { ngx_string("ssl_cipher"), NULL, ngx_http_ssl_static_variable, |
176 (uintptr_t) ngx_ssl_get_cipher_name, NGX_HTTP_VAR_CHANGEABLE, 0 }, | 183 (uintptr_t) ngx_ssl_get_cipher_name, NGX_HTTP_VAR_CHANGEABLE, 0 }, |
177 | 184 |
185 { ngx_string("ssl_client_cert"), NULL, ngx_http_ssl_variable, | |
186 (uintptr_t) ngx_ssl_get_certificate, NGX_HTTP_VAR_CHANGEABLE, 0 }, | |
187 | |
178 { ngx_string("ssl_client_s_dn"), NULL, ngx_http_ssl_variable, | 188 { ngx_string("ssl_client_s_dn"), NULL, ngx_http_ssl_variable, |
179 (uintptr_t) ngx_ssl_get_subject_dn, NGX_HTTP_VAR_CHANGEABLE, 0 }, | 189 (uintptr_t) ngx_ssl_get_subject_dn, NGX_HTTP_VAR_CHANGEABLE, 0 }, |
180 | 190 |
181 { ngx_string("ssl_client_i_dn"), NULL, ngx_http_ssl_variable, | 191 { ngx_string("ssl_client_i_dn"), NULL, ngx_http_ssl_variable, |
182 (uintptr_t) ngx_ssl_get_issuer_dn, NGX_HTTP_VAR_CHANGEABLE, 0 }, | 192 (uintptr_t) ngx_ssl_get_issuer_dn, NGX_HTTP_VAR_CHANGEABLE, 0 }, |
285 | 295 |
286 /* | 296 /* |
287 * set by ngx_pcalloc(): | 297 * set by ngx_pcalloc(): |
288 * | 298 * |
289 * sscf->protocols = 0; | 299 * sscf->protocols = 0; |
290 * sscf->certificate.len = 0; | 300 * sscf->certificate = { 0, NULL }; |
291 * sscf->certificate.data = NULL; | 301 * sscf->certificate_key = { 0, NULL }; |
292 * sscf->certificate_key.len = 0; | 302 * sscf->dhparam = { 0, NULL }; |
293 * sscf->certificate_key.data = NULL; | 303 * sscf->client_certificate = { 0, NULL }; |
294 * sscf->client_certificate.len = 0; | |
295 * sscf->client_certificate.data = NULL; | |
296 * sscf->ciphers.len = 0; | 304 * sscf->ciphers.len = 0; |
297 * sscf->ciphers.data = NULL; | 305 * sscf->ciphers.data = NULL; |
298 * sscf->shm_zone = NULL; | 306 * sscf->shm_zone = NULL; |
299 */ | 307 */ |
300 | 308 |
339 ngx_conf_merge_str_value(conf->certificate, prev->certificate, | 347 ngx_conf_merge_str_value(conf->certificate, prev->certificate, |
340 NGX_DEFLAUT_CERTIFICATE); | 348 NGX_DEFLAUT_CERTIFICATE); |
341 | 349 |
342 ngx_conf_merge_str_value(conf->certificate_key, prev->certificate_key, | 350 ngx_conf_merge_str_value(conf->certificate_key, prev->certificate_key, |
343 NGX_DEFLAUT_CERTIFICATE_KEY); | 351 NGX_DEFLAUT_CERTIFICATE_KEY); |
352 | |
353 ngx_conf_merge_str_value(conf->dhparam, prev->dhparam, ""); | |
344 | 354 |
345 ngx_conf_merge_str_value(conf->client_certificate, prev->client_certificate, | 355 ngx_conf_merge_str_value(conf->client_certificate, prev->client_certificate, |
346 ""); | 356 ""); |
347 | 357 |
348 ngx_conf_merge_str_value(conf->ciphers, prev->ciphers, NGX_DEFLAUT_CIPHERS); | 358 ngx_conf_merge_str_value(conf->ciphers, prev->ciphers, NGX_DEFLAUT_CIPHERS); |
412 /* a temporary 512-bit RSA key is required for export versions of MSIE */ | 422 /* a temporary 512-bit RSA key is required for export versions of MSIE */ |
413 if (ngx_ssl_generate_rsa512_key(&conf->ssl) != NGX_OK) { | 423 if (ngx_ssl_generate_rsa512_key(&conf->ssl) != NGX_OK) { |
414 return NGX_CONF_ERROR; | 424 return NGX_CONF_ERROR; |
415 } | 425 } |
416 | 426 |
427 if (ngx_ssl_dhparam(cf, &conf->ssl, &conf->dhparam) != NGX_OK) { | |
428 return NGX_CONF_ERROR; | |
429 } | |
430 | |
417 ngx_conf_merge_value(conf->builtin_session_cache, | 431 ngx_conf_merge_value(conf->builtin_session_cache, |
418 prev->builtin_session_cache, NGX_SSL_NONE_SCACHE); | 432 prev->builtin_session_cache, NGX_SSL_NONE_SCACHE); |
419 | 433 |
420 if (conf->shm_zone == NULL) { | 434 if (conf->shm_zone == NULL) { |
421 conf->shm_zone = prev->shm_zone; | 435 conf->shm_zone = prev->shm_zone; |