nginx: src/stream/ngx_stream_ssl

annotate src/stream/ngx_stream_ssl_module.c @ 6553:2014ed60f17f

SSL: support for multiple curves (ticket #885). OpenSSL 1.0.2+ allows configuring a curve list instead of a single curve previously supported. This allows use of different curves depending on what client supports (as available via the elliptic_curves extension), and also allows use of different curves in an ECDHE key exchange and in the ECDSA certificate. The special value "auto" was introduced (now the default for ssl_ecdh_curve), which means "use an internal list of curves as available in the OpenSSL library used". For versions prior to OpenSSL 1.0.2 it maps to "prime256v1" as previously used. The default in 1.0.2b+ prefers prime256v1 as well (and X25519 in OpenSSL 1.1.0+). As client vs. server preference of curves is controlled by the same option as used for ciphers (SSL_OP_CIPHER_SERVER_PREFERENCE), the ssl_prefer_server_ciphers directive now controls both.

author	Maxim Dounin <mdounin@mdounin.ru>
date	Thu, 19 May 2016 14:46:32 +0300
parents	51e1f047d15d
children	04d8d1f85649

rev	line source
6115 61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	1
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	2 /*
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	3 * Copyright (C) Igor Sysoev
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	4 * Copyright (C) Nginx, Inc.
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	5 */
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	6
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	7
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	8 #include <ngx_config.h>
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	9 #include <ngx_core.h>
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	10 #include <ngx_stream.h>
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	11
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	12
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	13 #define NGX_DEFAULT_CIPHERS "HIGH:!aNULL:!MD5"
6553 2014ed60f17f SSL: support for multiple curves (ticket #885). Maxim Dounin <mdounin@mdounin.ru> parents: 6550 diff changeset	14 #define NGX_DEFAULT_ECDH_CURVE "auto"
6115 61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	15
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	16
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	17 static void ngx_stream_ssl_create_conf(ngx_conf_t cf);
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	18 static char ngx_stream_ssl_merge_conf(ngx_conf_t cf, void *parent,
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	19 void *child);
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	20
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	21 static char ngx_stream_ssl_password_file(ngx_conf_t cf, ngx_command_t *cmd,
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	22 void *conf);
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	23 static char ngx_stream_ssl_session_cache(ngx_conf_t cf, ngx_command_t *cmd,
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	24 void *conf);
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	25
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	26
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	27 static ngx_conf_bitmask_t ngx_stream_ssl_protocols[] = {
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	28 { ngx_string("SSLv2"), NGX_SSL_SSLv2 },
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	29 { ngx_string("SSLv3"), NGX_SSL_SSLv3 },
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	30 { ngx_string("TLSv1"), NGX_SSL_TLSv1 },
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	31 { ngx_string("TLSv1.1"), NGX_SSL_TLSv1_1 },
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	32 { ngx_string("TLSv1.2"), NGX_SSL_TLSv1_2 },
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	33 { ngx_null_string, 0 }
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	34 };
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	35
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	36
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	37 static ngx_command_t ngx_stream_ssl_commands[] = {
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	38
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	39 { ngx_string("ssl_handshake_timeout"),
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	40 NGX_STREAM_MAIN_CONF\|NGX_STREAM_SRV_CONF\|NGX_CONF_TAKE1,
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	41 ngx_conf_set_msec_slot,
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	42 NGX_STREAM_SRV_CONF_OFFSET,
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	43 offsetof(ngx_stream_ssl_conf_t, handshake_timeout),
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	44 NULL },
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	45
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	46 { ngx_string("ssl_certificate"),
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	47 NGX_STREAM_MAIN_CONF\|NGX_STREAM_SRV_CONF\|NGX_CONF_TAKE1,
6550 51e1f047d15d SSL: support for multiple certificates (ticket #814). Maxim Dounin <mdounin@mdounin.ru> parents: 6489 diff changeset	48 ngx_conf_set_str_array_slot,
6115 61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	49 NGX_STREAM_SRV_CONF_OFFSET,
6550 51e1f047d15d SSL: support for multiple certificates (ticket #814). Maxim Dounin <mdounin@mdounin.ru> parents: 6489 diff changeset	50 offsetof(ngx_stream_ssl_conf_t, certificates),
6115 61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	51 NULL },
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	52
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	53 { ngx_string("ssl_certificate_key"),
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	54 NGX_STREAM_MAIN_CONF\|NGX_STREAM_SRV_CONF\|NGX_CONF_TAKE1,
6550 51e1f047d15d SSL: support for multiple certificates (ticket #814). Maxim Dounin <mdounin@mdounin.ru> parents: 6489 diff changeset	55 ngx_conf_set_str_array_slot,
6115 61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	56 NGX_STREAM_SRV_CONF_OFFSET,
6550 51e1f047d15d SSL: support for multiple certificates (ticket #814). Maxim Dounin <mdounin@mdounin.ru> parents: 6489 diff changeset	57 offsetof(ngx_stream_ssl_conf_t, certificate_keys),
6115 61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	58 NULL },
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	59
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	60 { ngx_string("ssl_password_file"),
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	61 NGX_STREAM_MAIN_CONF\|NGX_STREAM_SRV_CONF\|NGX_CONF_TAKE1,
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	62 ngx_stream_ssl_password_file,
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	63 NGX_STREAM_SRV_CONF_OFFSET,
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	64 0,
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	65 NULL },
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	66
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	67 { ngx_string("ssl_dhparam"),
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	68 NGX_STREAM_MAIN_CONF\|NGX_STREAM_SRV_CONF\|NGX_CONF_TAKE1,
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	69 ngx_conf_set_str_slot,
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	70 NGX_STREAM_SRV_CONF_OFFSET,
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	71 offsetof(ngx_stream_ssl_conf_t, dhparam),
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	72 NULL },
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	73
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	74 { ngx_string("ssl_ecdh_curve"),
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	75 NGX_STREAM_MAIN_CONF\|NGX_STREAM_SRV_CONF\|NGX_CONF_TAKE1,
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	76 ngx_conf_set_str_slot,
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	77 NGX_STREAM_SRV_CONF_OFFSET,
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	78 offsetof(ngx_stream_ssl_conf_t, ecdh_curve),
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	79 NULL },
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	80
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	81 { ngx_string("ssl_protocols"),
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	82 NGX_STREAM_MAIN_CONF\|NGX_STREAM_SRV_CONF\|NGX_CONF_1MORE,
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	83 ngx_conf_set_bitmask_slot,
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	84 NGX_STREAM_SRV_CONF_OFFSET,
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	85 offsetof(ngx_stream_ssl_conf_t, protocols),
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	86 &ngx_stream_ssl_protocols },
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	87
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	88 { ngx_string("ssl_ciphers"),
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	89 NGX_STREAM_MAIN_CONF\|NGX_STREAM_SRV_CONF\|NGX_CONF_TAKE1,
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	90 ngx_conf_set_str_slot,
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	91 NGX_STREAM_SRV_CONF_OFFSET,
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	92 offsetof(ngx_stream_ssl_conf_t, ciphers),
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	93 NULL },
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	94
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	95 { ngx_string("ssl_prefer_server_ciphers"),
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	96 NGX_STREAM_MAIN_CONF\|NGX_STREAM_SRV_CONF\|NGX_CONF_FLAG,
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	97 ngx_conf_set_flag_slot,
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	98 NGX_STREAM_SRV_CONF_OFFSET,
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	99 offsetof(ngx_stream_ssl_conf_t, prefer_server_ciphers),
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	100 NULL },
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	101
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	102 { ngx_string("ssl_session_cache"),
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	103 NGX_STREAM_MAIN_CONF\|NGX_STREAM_SRV_CONF\|NGX_CONF_TAKE12,
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	104 ngx_stream_ssl_session_cache,
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	105 NGX_STREAM_SRV_CONF_OFFSET,
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	106 0,
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	107 NULL },
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	108
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	109 { ngx_string("ssl_session_tickets"),
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	110 NGX_STREAM_MAIN_CONF\|NGX_STREAM_SRV_CONF\|NGX_CONF_FLAG,
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	111 ngx_conf_set_flag_slot,
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	112 NGX_STREAM_SRV_CONF_OFFSET,
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	113 offsetof(ngx_stream_ssl_conf_t, session_tickets),
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	114 NULL },
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	115
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	116 { ngx_string("ssl_session_ticket_key"),
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	117 NGX_STREAM_MAIN_CONF\|NGX_STREAM_SRV_CONF\|NGX_CONF_TAKE1,
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	118 ngx_conf_set_str_array_slot,
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	119 NGX_STREAM_SRV_CONF_OFFSET,
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	120 offsetof(ngx_stream_ssl_conf_t, session_ticket_keys),
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	121 NULL },
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	122
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	123 { ngx_string("ssl_session_timeout"),
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	124 NGX_STREAM_MAIN_CONF\|NGX_STREAM_SRV_CONF\|NGX_CONF_TAKE1,
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	125 ngx_conf_set_sec_slot,
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	126 NGX_STREAM_SRV_CONF_OFFSET,
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	127 offsetof(ngx_stream_ssl_conf_t, session_timeout),
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	128 NULL },
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	129
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	130 ngx_null_command
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	131 };
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	132
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	133
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	134 static ngx_stream_module_t ngx_stream_ssl_module_ctx = {
6174 68c106e6fa0a Stream: added postconfiguration method to stream modules. Vladimir Homutov <vl@nginx.com> parents: 6157 diff changeset	135 NULL, /* postconfiguration */
68c106e6fa0a Stream: added postconfiguration method to stream modules. Vladimir Homutov <vl@nginx.com> parents: 6157 diff changeset	136
6115 61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	137 NULL, /* create main configuration */
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	138 NULL, /* init main configuration */
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	139
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	140 ngx_stream_ssl_create_conf, /* create server configuration */
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	141 ngx_stream_ssl_merge_conf /* merge server configuration */
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	142 };
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	143
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	144
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	145 ngx_module_t ngx_stream_ssl_module = {
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	146 NGX_MODULE_V1,
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	147 &ngx_stream_ssl_module_ctx, /* module context */
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	148 ngx_stream_ssl_commands, /* module directives */
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	149 NGX_STREAM_MODULE, /* module type */
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	150 NULL, /* init master */
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	151 NULL, /* init module */
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	152 NULL, /* init process */
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	153 NULL, /* init thread */
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	154 NULL, /* exit thread */
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	155 NULL, /* exit process */
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	156 NULL, /* exit master */
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	157 NGX_MODULE_V1_PADDING
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	158 };
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	159
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	160
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	161 static ngx_str_t ngx_stream_ssl_sess_id_ctx = ngx_string("STREAM");
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	162
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	163
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	164 static void *
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	165 ngx_stream_ssl_create_conf(ngx_conf_t *cf)
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	166 {
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	167 ngx_stream_ssl_conf_t *scf;
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	168
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	169 scf = ngx_pcalloc(cf->pool, sizeof(ngx_stream_ssl_conf_t));
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	170 if (scf == NULL) {
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	171 return NULL;
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	172 }
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	173
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	174 /*
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	175 * set by ngx_pcalloc():
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	176 *
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	177 * scf->protocols = 0;
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	178 * scf->dhparam = { 0, NULL };
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	179 * scf->ecdh_curve = { 0, NULL };
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	180 * scf->ciphers = { 0, NULL };
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	181 * scf->shm_zone = NULL;
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	182 */
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	183
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	184 scf->handshake_timeout = NGX_CONF_UNSET_MSEC;
6550 51e1f047d15d SSL: support for multiple certificates (ticket #814). Maxim Dounin <mdounin@mdounin.ru> parents: 6489 diff changeset	185 scf->certificates = NGX_CONF_UNSET_PTR;
51e1f047d15d SSL: support for multiple certificates (ticket #814). Maxim Dounin <mdounin@mdounin.ru> parents: 6489 diff changeset	186 scf->certificate_keys = NGX_CONF_UNSET_PTR;
6115 61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	187 scf->passwords = NGX_CONF_UNSET_PTR;
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	188 scf->prefer_server_ciphers = NGX_CONF_UNSET;
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	189 scf->builtin_session_cache = NGX_CONF_UNSET;
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	190 scf->session_timeout = NGX_CONF_UNSET;
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	191 scf->session_tickets = NGX_CONF_UNSET;
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	192 scf->session_ticket_keys = NGX_CONF_UNSET_PTR;
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	193
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	194 return scf;
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	195 }
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	196
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	197
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	198 static char *
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	199 ngx_stream_ssl_merge_conf(ngx_conf_t cf, void parent, void *child)
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	200 {
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	201 ngx_stream_ssl_conf_t *prev = parent;
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	202 ngx_stream_ssl_conf_t *conf = child;
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	203
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	204 ngx_pool_cleanup_t *cln;
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	205
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	206 ngx_conf_merge_msec_value(conf->handshake_timeout,
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	207 prev->handshake_timeout, 60000);
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	208
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	209 ngx_conf_merge_value(conf->session_timeout,
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	210 prev->session_timeout, 300);
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	211
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	212 ngx_conf_merge_value(conf->prefer_server_ciphers,
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	213 prev->prefer_server_ciphers, 0);
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	214
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	215 ngx_conf_merge_bitmask_value(conf->protocols, prev->protocols,
6157 b2899e7d0ef8 Disabled SSLv3 by default (ticket #653). Maxim Dounin <mdounin@mdounin.ru> parents: 6115 diff changeset	216 (NGX_CONF_BITMASK_SET\|NGX_SSL_TLSv1
6115 61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	217 \|NGX_SSL_TLSv1_1\|NGX_SSL_TLSv1_2));
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	218
6550 51e1f047d15d SSL: support for multiple certificates (ticket #814). Maxim Dounin <mdounin@mdounin.ru> parents: 6489 diff changeset	219 ngx_conf_merge_ptr_value(conf->certificates, prev->certificates, NULL);
51e1f047d15d SSL: support for multiple certificates (ticket #814). Maxim Dounin <mdounin@mdounin.ru> parents: 6489 diff changeset	220 ngx_conf_merge_ptr_value(conf->certificate_keys, prev->certificate_keys,
51e1f047d15d SSL: support for multiple certificates (ticket #814). Maxim Dounin <mdounin@mdounin.ru> parents: 6489 diff changeset	221 NULL);
6115 61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	222
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	223 ngx_conf_merge_ptr_value(conf->passwords, prev->passwords, NULL);
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	224
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	225 ngx_conf_merge_str_value(conf->dhparam, prev->dhparam, "");
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	226
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	227 ngx_conf_merge_str_value(conf->ecdh_curve, prev->ecdh_curve,
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	228 NGX_DEFAULT_ECDH_CURVE);
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	229
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	230 ngx_conf_merge_str_value(conf->ciphers, prev->ciphers, NGX_DEFAULT_CIPHERS);
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	231
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	232
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	233 conf->ssl.log = cf->log;
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	234
6550 51e1f047d15d SSL: support for multiple certificates (ticket #814). Maxim Dounin <mdounin@mdounin.ru> parents: 6489 diff changeset	235 if (conf->certificates == NULL) {
6115 61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	236 return NGX_CONF_OK;
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	237 }
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	238
6550 51e1f047d15d SSL: support for multiple certificates (ticket #814). Maxim Dounin <mdounin@mdounin.ru> parents: 6489 diff changeset	239 if (conf->certificate_keys == NULL
51e1f047d15d SSL: support for multiple certificates (ticket #814). Maxim Dounin <mdounin@mdounin.ru> parents: 6489 diff changeset	240 \|\| conf->certificate_keys->nelts < conf->certificates->nelts)
51e1f047d15d SSL: support for multiple certificates (ticket #814). Maxim Dounin <mdounin@mdounin.ru> parents: 6489 diff changeset	241 {
6115 61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	242 ngx_log_error(NGX_LOG_EMERG, cf->log, 0,
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	243 "no \"ssl_certificate_key\" is defined "
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	244 "for certificate \"%V\"",
6550 51e1f047d15d SSL: support for multiple certificates (ticket #814). Maxim Dounin <mdounin@mdounin.ru> parents: 6489 diff changeset	245 ((ngx_str_t *) conf->certificates->elts)
51e1f047d15d SSL: support for multiple certificates (ticket #814). Maxim Dounin <mdounin@mdounin.ru> parents: 6489 diff changeset	246 + conf->certificates->nelts - 1);
6115 61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	247 return NGX_CONF_ERROR;
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	248 }
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	249
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	250 if (ngx_ssl_create(&conf->ssl, conf->protocols, NULL) != NGX_OK) {
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	251 return NGX_CONF_ERROR;
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	252 }
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	253
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	254 cln = ngx_pool_cleanup_add(cf->pool, 0);
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	255 if (cln == NULL) {
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	256 return NGX_CONF_ERROR;
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	257 }
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	258
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	259 cln->handler = ngx_ssl_cleanup_ctx;
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	260 cln->data = &conf->ssl;
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	261
6550 51e1f047d15d SSL: support for multiple certificates (ticket #814). Maxim Dounin <mdounin@mdounin.ru> parents: 6489 diff changeset	262 if (ngx_ssl_certificates(cf, &conf->ssl, conf->certificates,
51e1f047d15d SSL: support for multiple certificates (ticket #814). Maxim Dounin <mdounin@mdounin.ru> parents: 6489 diff changeset	263 conf->certificate_keys, conf->passwords)
6115 61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	264 != NGX_OK)
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	265 {
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	266 return NGX_CONF_ERROR;
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	267 }
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	268
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	269 if (SSL_CTX_set_cipher_list(conf->ssl.ctx,
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	270 (const char *) conf->ciphers.data)
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	271 == 0)
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	272 {
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	273 ngx_ssl_error(NGX_LOG_EMERG, cf->log, 0,
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	274 "SSL_CTX_set_cipher_list(\"%V\") failed",
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	275 &conf->ciphers);
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	276 return NGX_CONF_ERROR;
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	277 }
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	278
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	279 if (conf->prefer_server_ciphers) {
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	280 SSL_CTX_set_options(conf->ssl.ctx, SSL_OP_CIPHER_SERVER_PREFERENCE);
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	281 }
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	282
6489 c256dfdd469d SSL: RSA_generate_key() is deprecated in OpenSSL 1.1.0. Maxim Dounin <mdounin@mdounin.ru> parents: 6199 diff changeset	283 #if (OPENSSL_VERSION_NUMBER < 0x10100001L && !defined LIBRESSL_VERSION_NUMBER)
6115 61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	284 SSL_CTX_set_tmp_rsa_callback(conf->ssl.ctx, ngx_ssl_rsa512_key_callback);
6199 4b703a5a4631 Stream: avoid SSL_CTX_set_tmp_rsa_callback() call with LibreSSL. Piotr Sikora <piotr@cloudflare.com> parents: 6174 diff changeset	285 #endif
6115 61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	286
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	287 if (ngx_ssl_dhparam(cf, &conf->ssl, &conf->dhparam) != NGX_OK) {
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	288 return NGX_CONF_ERROR;
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	289 }
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	290
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	291 if (ngx_ssl_ecdh_curve(cf, &conf->ssl, &conf->ecdh_curve) != NGX_OK) {
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	292 return NGX_CONF_ERROR;
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	293 }
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	294
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	295 ngx_conf_merge_value(conf->builtin_session_cache,
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	296 prev->builtin_session_cache, NGX_SSL_NONE_SCACHE);
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	297
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	298 if (conf->shm_zone == NULL) {
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	299 conf->shm_zone = prev->shm_zone;
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	300 }
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	301
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	302 if (ngx_ssl_session_cache(&conf->ssl, &ngx_stream_ssl_sess_id_ctx,
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	303 conf->builtin_session_cache,
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	304 conf->shm_zone, conf->session_timeout)
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	305 != NGX_OK)
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	306 {
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	307 return NGX_CONF_ERROR;
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	308 }
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	309
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	310 ngx_conf_merge_value(conf->session_tickets,
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	311 prev->session_tickets, 1);
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	312
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	313 #ifdef SSL_OP_NO_TICKET
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	314 if (!conf->session_tickets) {
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	315 SSL_CTX_set_options(conf->ssl.ctx, SSL_OP_NO_TICKET);
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	316 }
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	317 #endif
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	318
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	319 ngx_conf_merge_ptr_value(conf->session_ticket_keys,
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	320 prev->session_ticket_keys, NULL);
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	321
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	322 if (ngx_ssl_session_ticket_keys(cf, &conf->ssl, conf->session_ticket_keys)
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	323 != NGX_OK)
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	324 {
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	325 return NGX_CONF_ERROR;
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	326 }
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	327
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	328 return NGX_CONF_OK;
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	329 }
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	330
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	331
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	332 static char *
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	333 ngx_stream_ssl_password_file(ngx_conf_t cf, ngx_command_t cmd, void *conf)
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	334 {
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	335 ngx_stream_ssl_conf_t *scf = conf;
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	336
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	337 ngx_str_t *value;
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	338
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	339 if (scf->passwords != NGX_CONF_UNSET_PTR) {
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	340 return "is duplicate";
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	341 }
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	342
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	343 value = cf->args->elts;
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	344
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	345 scf->passwords = ngx_ssl_read_password_file(cf, &value[1]);
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	346
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	347 if (scf->passwords == NULL) {
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	348 return NGX_CONF_ERROR;
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	349 }
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	350
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	351 return NGX_CONF_OK;
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	352 }
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	353
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	354
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	355 static char *
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	356 ngx_stream_ssl_session_cache(ngx_conf_t cf, ngx_command_t cmd, void *conf)
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	357 {
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	358 ngx_stream_ssl_conf_t *scf = conf;
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	359
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	360 size_t len;
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	361 ngx_str_t *value, name, size;
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	362 ngx_int_t n;
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	363 ngx_uint_t i, j;
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	364
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	365 value = cf->args->elts;
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	366
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	367 for (i = 1; i < cf->args->nelts; i++) {
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	368
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	369 if (ngx_strcmp(value[i].data, "off") == 0) {
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	370 scf->builtin_session_cache = NGX_SSL_NO_SCACHE;
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	371 continue;
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	372 }
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	373
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	374 if (ngx_strcmp(value[i].data, "none") == 0) {
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	375 scf->builtin_session_cache = NGX_SSL_NONE_SCACHE;
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	376 continue;
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	377 }
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	378
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	379 if (ngx_strcmp(value[i].data, "builtin") == 0) {
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	380 scf->builtin_session_cache = NGX_SSL_DFLT_BUILTIN_SCACHE;
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	381 continue;
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	382 }
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	383
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	384 if (value[i].len > sizeof("builtin:") - 1
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	385 && ngx_strncmp(value[i].data, "builtin:", sizeof("builtin:") - 1)
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	386 == 0)
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	387 {
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	388 n = ngx_atoi(value[i].data + sizeof("builtin:") - 1,
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	389 value[i].len - (sizeof("builtin:") - 1));
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	390
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	391 if (n == NGX_ERROR) {
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	392 goto invalid;
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	393 }
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	394
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	395 scf->builtin_session_cache = n;
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	396
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	397 continue;
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	398 }
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	399
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	400 if (value[i].len > sizeof("shared:") - 1
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	401 && ngx_strncmp(value[i].data, "shared:", sizeof("shared:") - 1)
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	402 == 0)
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	403 {
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	404 len = 0;
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	405
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	406 for (j = sizeof("shared:") - 1; j < value[i].len; j++) {
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	407 if (value[i].data[j] == ':') {
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	408 break;
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	409 }
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	410
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	411 len++;
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	412 }
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	413
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	414 if (len == 0) {
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	415 goto invalid;
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	416 }
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	417
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	418 name.len = len;
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	419 name.data = value[i].data + sizeof("shared:") - 1;
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	420
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	421 size.len = value[i].len - j - 1;
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	422 size.data = name.data + len + 1;
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	423
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	424 n = ngx_parse_size(&size);
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	425
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	426 if (n == NGX_ERROR) {
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	427 goto invalid;
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	428 }
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	429
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	430 if (n < (ngx_int_t) (8 * ngx_pagesize)) {
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	431 ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	432 "session cache \"%V\" is too small",
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	433 &value[i]);
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	434
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	435 return NGX_CONF_ERROR;
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	436 }
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	437
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	438 scf->shm_zone = ngx_shared_memory_add(cf, &name, n,
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	439 &ngx_stream_ssl_module);
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	440 if (scf->shm_zone == NULL) {
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	441 return NGX_CONF_ERROR;
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	442 }
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	443
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	444 scf->shm_zone->init = ngx_ssl_session_cache_init;
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	445
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	446 continue;
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	447 }
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	448
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	449 goto invalid;
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	450 }
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	451
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	452 if (scf->shm_zone && scf->builtin_session_cache == NGX_CONF_UNSET) {
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	453 scf->builtin_session_cache = NGX_SSL_NO_BUILTIN_SCACHE;
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	454 }
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	455
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	456 return NGX_CONF_OK;
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	457
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	458 invalid:
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	459
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	460 ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	461 "invalid session cache \"%V\"", &value[i]);
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	462
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	463 return NGX_CONF_ERROR;
61d7ae76647d Stream: port from NGINX+. Ruslan Ermilov <ru@nginx.com> parents: diff changeset	464 }

Mercurial > hg > nginx

annotate src/stream/ngx_stream_ssl_module.c @ 6553:2014ed60f17f