Mercurial > hg > nginx-vendor-current

diff src/http/modules/ngx_http_ssl_module.c @ 92:45945fa8b8ba NGINX_0_2_0

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
nginx 0.2.0 *) The pid-file names used during online upgrade was changed and now is not required a manual rename operation. The old master process adds the ".oldbin" suffix to its pid-file and executes a new binary file. The new master process creates usual pid-file without the ".newbin" suffix. If the master process exits, then old master process renames back its pid-file with the ".oldbin" suffix to the pid-file without suffix. *) Change: the "worker_connections" directive, new name of the "connections" directive; now the directive specifies maximum number of connections, but not maximum socket descriptor number. *) Feature: SSL supports the session cache inside one worker process. *) Feature: the "satisfy_any" directive. *) Change: the ngx_http_access_module and ngx_http_auth_basic_module do not run for subrequests. *) Feature: the "worker_rlimit_nofile" and "worker_rlimit_sigpending" directives. *) Bugfix: if all backend using in load-balancing failed after one error, then nginx did not try do connect to them during 60 seconds. *) Bugfix: in IMAP/POP3 command argument parsing. Thanks to Rob Mueller. *) Bugfix: errors while using SSL in IMAP/POP3 proxy. *) Bugfix: errors while using SSI and gzipping. *) Bugfix: the "Expires" and "Cache-Control" header lines were omitted from the 304 responses. Thanks to Alexandr Kukushkin.
author Igor Sysoev <http://sysoev.ru>
date Fri, 23 Sep 2005 00:00:00 +0400
parents 71c46860eb55
children ca4f70b3ccc6
line wrap: on
line diff
--- a/src/http/modules/ngx_http_ssl_module.c
+++ b/src/http/modules/ngx_http_ssl_module.c
@@ -83,6 +83,9 @@ ngx_module_t  ngx_http_ssl_module = {
 };
 
 
+static u_char ngx_http_session_id_ctx[] = "HTTP";
+
+
 static void *
 ngx_http_ssl_create_srv_conf(ngx_conf_t *cf)
 {
@@ -147,12 +150,6 @@ ngx_http_ssl_merge_srv_conf(ngx_conf_t *
     }
 
 
-#if 0
-    SSL_CTX_set_options(conf->ssl_ctx, SSL_OP_ALL);
-    SSL_CTX_set_options(conf->ssl_ctx, SSL_OP_NO_SSLv3);
-    SSL_CTX_set_options(conf->ssl_ctx, SSL_OP_SINGLE_DH_USE);
-#endif
-
     if (conf->ciphers.len) {
         if (SSL_CTX_set_cipher_list(conf->ssl_ctx,
                                    (const char *) conf->ciphers.data) == 0)
@@ -182,7 +179,16 @@ ngx_http_ssl_merge_srv_conf(ngx_conf_t *
         return NGX_CONF_ERROR;
     }
 
-    SSL_CTX_set_verify(conf->ssl_ctx, SSL_VERIFY_NONE, NULL);
+    SSL_CTX_set_options(conf->ssl_ctx, SSL_OP_ALL);
+
+    SSL_CTX_set_mode(conf->ssl_ctx, SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER);
+
+    SSL_CTX_set_read_ahead(conf->ssl_ctx, 1);
+
+    SSL_CTX_set_session_cache_mode(conf->ssl_ctx, SSL_SESS_CACHE_SERVER);
+
+    SSL_CTX_set_session_id_context(conf->ssl_ctx, ngx_http_session_id_ctx,
+                                   sizeof(ngx_http_session_id_ctx) - 1);
 
     return NGX_CONF_OK;
 }