Mercurial > hg > nginx-vendor-current
diff src/http/modules/ngx_http_ssl_module.c @ 28:7ca9bdc82b3f NGINX_0_1_14
nginx 0.1.14
*) Feature: the autoconfiguration directives:
--http-client-body-temp-path=PATH, --http-proxy-temp-path=PATH, and
--http-fastcgi-temp-path=PATH
*) Change: the directory name for the temporary files with the client
request body is specified by directive client_body_temp_path, by
default it is <prefix>/client_body_temp.
*) Feature: the ngx_http_fastcgi_module and the directives:
fastcgi_pass, fastcgi_root, fastcgi_index, fastcgi_params,
fastcgi_connect_timeout, fastcgi_send_timeout, fastcgi_read_timeout,
fastcgi_send_lowat, fastcgi_header_buffer_size, fastcgi_buffers,
fastcgi_busy_buffers_size, fastcgi_temp_path,
fastcgi_max_temp_file_size, fastcgi_temp_file_write_size,
fastcgi_next_upstream, and fastcgi_x_powered_by.
*) Bugfix: the "[alert] zero size buf" error; bug appeared in 0.1.3.
*) Change: the URI must be specified after the host name in the
proxy_pass directive.
*) Change: the %3F symbol in the URI was considered as the argument
string start.
*) Feature: the unix domain sockets support in the
ngx_http_proxy_module.
*) Feature: the ssl_engine and ssl_ciphers directives.
Thanks to Sergey Skvortsov for SSL-accelerator.
| author | Igor Sysoev <http://sysoev.ru> |
|---|---|
| date | Tue, 18 Jan 2005 00:00:00 +0300 |
| parents | f0b350454894 |
| children | aab2ea7c0458 |
line wrap: on
line diff
--- a/src/http/modules/ngx_http_ssl_module.c +++ b/src/http/modules/ngx_http_ssl_module.c @@ -8,11 +8,15 @@ #include <ngx_core.h> #include <ngx_http.h> +#include <openssl/engine.h> + #define NGX_DEFLAUT_CERTIFICATE "cert.pem" #define NGX_DEFLAUT_CERTIFICATE_KEY "cert.pem" +static void *ngx_http_ssl_create_main_conf(ngx_conf_t *cf); +static char *ngx_http_ssl_init_main_conf(ngx_conf_t *cf, void *conf); static void *ngx_http_ssl_create_srv_conf(ngx_conf_t *cf); static char *ngx_http_ssl_merge_srv_conf(ngx_conf_t *cf, void *parent, void *child); @@ -20,6 +24,13 @@ static char *ngx_http_ssl_merge_srv_conf static ngx_command_t ngx_http_ssl_commands[] = { + { ngx_string("ssl_engine"), + NGX_HTTP_MAIN_CONF|NGX_CONF_TAKE1, + ngx_conf_set_str_slot, + NGX_HTTP_MAIN_CONF_OFFSET, + offsetof(ngx_http_ssl_main_conf_t, engine), + NULL }, + { ngx_string("ssl"), NGX_HTTP_SRV_CONF|NGX_CONF_FLAG, ngx_conf_set_flag_slot, @@ -41,6 +52,13 @@ static ngx_command_t ngx_http_ssl_comma offsetof(ngx_http_ssl_srv_conf_t, certificate_key), NULL }, + { ngx_string("ssl_ciphers"), + NGX_HTTP_SRV_CONF|NGX_CONF_TAKE1, + ngx_conf_set_str_slot, + NGX_HTTP_SRV_CONF_OFFSET, + offsetof(ngx_http_ssl_srv_conf_t, ciphers), + NULL }, + ngx_null_command }; @@ -48,8 +66,8 @@ static ngx_command_t ngx_http_ssl_comma static ngx_http_module_t ngx_http_ssl_module_ctx = { NULL, /* pre conf */ - NULL, /* create main configuration */ - NULL, /* init main configuration */ + ngx_http_ssl_create_main_conf, /* create main configuration */ + ngx_http_ssl_init_main_conf, /* init main configuration */ ngx_http_ssl_create_srv_conf, /* create server configuration */ ngx_http_ssl_merge_srv_conf, /* merge server configuration */ @@ -69,6 +87,56 @@ ngx_module_t ngx_http_ssl_module = { }; +static void *ngx_http_ssl_create_main_conf(ngx_conf_t *cf) +{ + ngx_http_ssl_main_conf_t *mcf; + + if (!(mcf = ngx_pcalloc(cf->pool, sizeof(ngx_http_ssl_main_conf_t)))) { + return NGX_CONF_ERROR; + } + + /* + * set by ngx_pcalloc(): + * + * mcf->engine.len = 0; + * mcf->engine.data = NULL; + */ + + return mcf; +} + + +static char *ngx_http_ssl_init_main_conf(ngx_conf_t *cf, void *conf) +{ + ngx_http_ssl_main_conf_t *mcf = conf; + + ENGINE *engine; + + if (mcf->engine.len == 0) { + return NGX_CONF_OK; + } + + engine = ENGINE_by_id((const char *) mcf->engine.data); + + if (engine == NULL) { + ngx_ssl_error(NGX_LOG_WARN, cf->log, 0, + "ENGINE_by_id(\"%V\") failed", &mcf->engine); + return NGX_CONF_ERROR; + } + + if (ENGINE_set_default(engine, ENGINE_METHOD_ALL) == 0) { + ngx_ssl_error(NGX_LOG_WARN, cf->log, 0, + "ENGINE_set_default(\"%V\", ENGINE_METHOD_ALL) failed", + &mcf->engine); + return NGX_CONF_ERROR; + } + + ENGINE_free(engine); + + return NGX_CONF_OK; +} + + static void *ngx_http_ssl_create_srv_conf(ngx_conf_t *cf) { ngx_http_ssl_srv_conf_t *scf; @@ -77,6 +145,17 @@ static void *ngx_http_ssl_create_srv_con return NGX_CONF_ERROR; } + /* + * set by ngx_pcalloc(): + * + * scf->certificate.len = 0; + * scf->certificate.data = NULL; + * scf->certificate_key.len = 0; + * scf->certificate_key.data = NULL; + * scf->ciphers.len = 0; + * scf->ciphers.data = NULL; + */ + scf->enable = NGX_CONF_UNSET; return scf; @@ -101,6 +180,9 @@ static char *ngx_http_ssl_merge_srv_conf ngx_conf_merge_str_value(conf->certificate_key, prev->certificate_key, NGX_DEFLAUT_CERTIFICATE_KEY); + ngx_conf_merge_str_value(conf->ciphers, prev->ciphers, ""); + + /* TODO: configure methods */ conf->ssl_ctx = SSL_CTX_new(SSLv23_server_method()); @@ -110,6 +192,16 @@ static char *ngx_http_ssl_merge_srv_conf return NGX_CONF_ERROR; } + if (conf->ciphers.len) { + if (SSL_CTX_set_cipher_list(conf->ssl_ctx, + (const char *) conf->ciphers.data) == 0) + { + ngx_ssl_error(NGX_LOG_EMERG, cf->log, 0, + "SSL_CTX_set_cipher_list(\"%V\") failed", + &conf->ciphers); + } + } + if (SSL_CTX_use_certificate_file(conf->ssl_ctx, (char *) conf->certificate.data, SSL_FILETYPE_PEM) == 0) {