Mercurial > hg > nginx-vendor-current

diff src/http/modules/ngx_http_ssl_module.c @ 112:408f195b3482 NGINX_0_3_3

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
nginx 0.3.3 *) Change: the "bl" and "af" parameters of the "listen" directive was renamed to the "backlog" and "accept_filter". *) Feature: the "rcvbuf" and "sndbuf" parameters of the "listen" directive. *) Change: the "$msec" log parameter does not require now the additional the gettimeofday() system call. *) Feature: the -t switch now tests the "listen" directives. *) Bugfix: if the invalid address was specified in the "listen" directive, then after the -HUP signal nginx left an open socket in the CLOSED state. *) Bugfix: the mime type may be incorrectly set to default value for index file with variable in the name; bug appeared in 0.3.0. *) Feature: the "timer_resolution" directive. *) Feature: the millisecond "$upstream_response_time" log parameter. *) Bugfix: a temporary file with client request body now is removed just after the response header was transferred to a client. *) Bugfix: OpenSSL 0.9.6 compatibility. *) Bugfix: the SSL certificate and key file paths could not be relative. *) Bugfix: the "ssl_prefer_server_ciphers" directive did not work in the ngx_imap_ssl_module. *) Bugfix: the "ssl_protocols" directive allowed to specify the single protocol only.
author Igor Sysoev <http://sysoev.ru>
date Wed, 19 Oct 2005 00:00:00 +0400
parents ca4f70b3ccc6
children d25a1d6034f1
line wrap: on
line diff
--- a/src/http/modules/ngx_http_ssl_module.c
+++ b/src/http/modules/ngx_http_ssl_module.c
@@ -17,6 +17,15 @@ static void *ngx_http_ssl_create_srv_con
 static char *ngx_http_ssl_merge_srv_conf(ngx_conf_t *cf,
     void *parent, void *child);
 
+#if !defined (SSL_OP_CIPHER_SERVER_PREFERENCE)
+
+static char *ngx_http_ssl_nosupported(ngx_conf_t *cf, ngx_command_t *cmd,
+    void *conf);
+
+static char  ngx_http_ssl_openssl097[] = "OpenSSL 0.9.7 and higher";
+
+#endif
+
 
 static ngx_conf_bitmask_t  ngx_http_ssl_protocols[] = {
     { ngx_string("SSLv2"), NGX_SSL_SSLv2 },
@@ -26,6 +35,7 @@ static ngx_conf_bitmask_t  ngx_http_ssl_
 };
 
 
+
 static ngx_command_t  ngx_http_ssl_commands[] = {
 
     { ngx_string("ssl"),
@@ -50,14 +60,14 @@ static ngx_command_t  ngx_http_ssl_comma
       NULL },
 
     { ngx_string("ssl_protocols"),
-      NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_TAKE1,
+      NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_1MORE,
       ngx_conf_set_bitmask_slot,
       NGX_HTTP_SRV_CONF_OFFSET,
       offsetof(ngx_http_ssl_srv_conf_t, protocols),
       &ngx_http_ssl_protocols },
 
     { ngx_string("ssl_ciphers"),
-      NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_1MORE,
+      NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_TAKE1,
       ngx_conf_set_str_slot,
       NGX_HTTP_SRV_CONF_OFFSET,
       offsetof(ngx_http_ssl_srv_conf_t, ciphers),
@@ -65,10 +75,14 @@ static ngx_command_t  ngx_http_ssl_comma
 
     { ngx_string("ssl_prefer_server_ciphers"),
       NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_FLAG,
+#ifdef SSL_OP_CIPHER_SERVER_PREFERENCE
       ngx_conf_set_flag_slot,
       NGX_HTTP_SRV_CONF_OFFSET,
       offsetof(ngx_http_ssl_srv_conf_t, prefer_server_ciphers),
       NULL },
+#else
+      ngx_http_ssl_nosupported, 0, 0, ngx_http_ssl_openssl097 },
+#endif
 
       ngx_null_command
 };
@@ -144,6 +158,8 @@ ngx_http_ssl_merge_srv_conf(ngx_conf_t *
     ngx_http_ssl_srv_conf_t *prev = parent;
     ngx_http_ssl_srv_conf_t *conf = child;
 
+    ngx_pool_cleanup_t  *cln;
+
     ngx_conf_merge_value(conf->enable, prev->enable, 0);
 
     if (conf->enable == 0) {
@@ -172,29 +188,37 @@ ngx_http_ssl_merge_srv_conf(ngx_conf_t *
         return NGX_CONF_ERROR;
     }
 
-    if (ngx_pool_cleanup_add(cf->pool, ngx_ssl_cleanup_ctx, &conf->ssl) == NULL)
-    {
+    cln = ngx_pool_cleanup_add(cf->pool, 0);
+    if (cln == NULL) {
         return NGX_CONF_ERROR;
     }
 
-    if (ngx_ssl_certificate(&conf->ssl, conf->certificate.data,
-                            conf->certificate_key.data) != NGX_OK)
+    cln->handler = ngx_ssl_cleanup_ctx;
+    cln->data = &conf->ssl;
+
+    if (ngx_ssl_certificate(cf, &conf->ssl, &conf->certificate,
+                            &conf->certificate_key) != NGX_OK)
     {
         return NGX_CONF_ERROR;
     }
 
     if (SSL_CTX_set_cipher_list(conf->ssl.ctx,
-                                (const char *) conf->ciphers.data) == 0)
+                                (const char *) conf->ciphers.data)
+        == 0)
     {
         ngx_ssl_error(NGX_LOG_EMERG, cf->log, 0,
                       "SSL_CTX_set_cipher_list(\"%V\") failed",
                       &conf->ciphers);
     }
 
+#ifdef SSL_OP_CIPHER_SERVER_PREFERENCE
+
     if (conf->prefer_server_ciphers) {
         SSL_CTX_set_options(conf->ssl.ctx, SSL_OP_CIPHER_SERVER_PREFERENCE);
     }
 
+#endif
+
     /* a temporary 512-bit RSA key is required for export versions of MSIE */
     if (ngx_ssl_generate_rsa512_key(&conf->ssl) != NGX_OK) {
         return NGX_CONF_ERROR;
@@ -207,3 +231,18 @@ ngx_http_ssl_merge_srv_conf(ngx_conf_t *
 
     return NGX_CONF_OK;
 }
+
+
+#if !defined (SSL_OP_CIPHER_SERVER_PREFERENCE)
+
+static char *
+ngx_http_ssl_nosupported(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
+{
+    ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
+                       "\"%V\" directive is available only in %s,",
+                       &cmd->name, cmd->post);
+
+    return NGX_CONF_ERROR;
+}
+
+#endif