Mercurial > hg > nginx
annotate src/http/modules/ngx_http_ssl_module.c @ 4437:3a1507f48686 stable-1.0
Merge of r4372, r4373, r4374:
SCGI fixes:
*) Fixed incorrect use of r->http_version in scgi module.
The r->http_version is a version of client's request, and modules
must not set it unless they are really willing to downgrade protocol
version used for a response (i.e. to HTTP/0.9 if no response headers
are available). In neither case r->http_version may be upgraded.
The former code downgraded response from HTTP/1.1 to HTTP/1.0 for no
reason, causing various problems (see ticket #66). It was also
possible that HTTP/0.9 requests were upgraded to HTTP/1.0.
*) Removed duplicate function declaration.
*) Removed error if there is no Status header.
The SCGI specification doesn't specify format of the response, and
assuming CGI specs should be used there is no reason to complain.
RFC 3875 explicitly states that "A Status header field is optional,
and status 200 'OK' is assumed if it is omitted".
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Sun, 05 Feb 2012 13:53:50 +0000 |
parents | efd515ace6bb |
children | fd40c9ef750d |
rev | line source |
---|---|
441
da8c5707af39
nginx-0.1.0-2004-09-28-12:34:51 import; set copyright and remove unused files
Igor Sysoev <igor@sysoev.ru>
parents:
396
diff
changeset
|
1 |
da8c5707af39
nginx-0.1.0-2004-09-28-12:34:51 import; set copyright and remove unused files
Igor Sysoev <igor@sysoev.ru>
parents:
396
diff
changeset
|
2 /* |
444
42d11f017717
nginx-0.1.0-2004-09-29-20:00:49 import; remove years from copyright
Igor Sysoev <igor@sysoev.ru>
parents:
441
diff
changeset
|
3 * Copyright (C) Igor Sysoev |
441
da8c5707af39
nginx-0.1.0-2004-09-28-12:34:51 import; set copyright and remove unused files
Igor Sysoev <igor@sysoev.ru>
parents:
396
diff
changeset
|
4 */ |
da8c5707af39
nginx-0.1.0-2004-09-28-12:34:51 import; set copyright and remove unused files
Igor Sysoev <igor@sysoev.ru>
parents:
396
diff
changeset
|
5 |
383
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
6 |
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
7 #include <ngx_config.h> |
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
8 #include <ngx_core.h> |
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
9 #include <ngx_http.h> |
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
10 |
573 | 11 |
671 | 12 typedef ngx_int_t (*ngx_ssl_variable_handler_pt)(ngx_connection_t *c, |
13 ngx_pool_t *pool, ngx_str_t *s); | |
611 | 14 |
15 | |
4041
f87edc142316
Merge of r3960, r3961, r3962, r3963, r3965:
Igor Sysoev <igor@sysoev.ru>
parents:
3938
diff
changeset
|
16 #define NGX_DEFAULT_CIPHERS "HIGH:!aNULL:!MD5" |
f87edc142316
Merge of r3960, r3961, r3962, r3963, r3965:
Igor Sysoev <igor@sysoev.ru>
parents:
3938
diff
changeset
|
17 #define NGX_DEFAULT_ECDH_CURVE "prime256v1" |
383
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
18 |
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
19 |
671 | 20 static ngx_int_t ngx_http_ssl_static_variable(ngx_http_request_t *r, |
611 | 21 ngx_http_variable_value_t *v, uintptr_t data); |
671 | 22 static ngx_int_t ngx_http_ssl_variable(ngx_http_request_t *r, |
647 | 23 ngx_http_variable_value_t *v, uintptr_t data); |
611 | 24 |
25 static ngx_int_t ngx_http_ssl_add_variables(ngx_conf_t *cf); | |
383
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
26 static void *ngx_http_ssl_create_srv_conf(ngx_conf_t *cf); |
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
27 static char *ngx_http_ssl_merge_srv_conf(ngx_conf_t *cf, |
501 | 28 void *parent, void *child); |
383
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
29 |
2224 | 30 static char *ngx_http_ssl_enable(ngx_conf_t *cf, ngx_command_t *cmd, |
31 void *conf); | |
973 | 32 static char *ngx_http_ssl_session_cache(ngx_conf_t *cf, ngx_command_t *cmd, |
33 void *conf); | |
34 | |
383
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
35 |
547 | 36 static ngx_conf_bitmask_t ngx_http_ssl_protocols[] = { |
37 { ngx_string("SSLv2"), NGX_SSL_SSLv2 }, | |
38 { ngx_string("SSLv3"), NGX_SSL_SSLv3 }, | |
39 { ngx_string("TLSv1"), NGX_SSL_TLSv1 }, | |
40 { ngx_null_string, 0 } | |
41 }; | |
42 | |
43 | |
2123 | 44 static ngx_conf_enum_t ngx_http_ssl_verify[] = { |
45 { ngx_string("off"), 0 }, | |
46 { ngx_string("on"), 1 }, | |
2994 | 47 { ngx_string("optional"), 2 }, |
2123 | 48 { ngx_null_string, 0 } |
49 }; | |
50 | |
51 | |
395
f8f0f1834266
nginx-0.0.7-2004-07-16-21:11:43 import
Igor Sysoev <igor@sysoev.ru>
parents:
394
diff
changeset
|
52 static ngx_command_t ngx_http_ssl_commands[] = { |
383
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
53 |
393
5659d773cfa8
nginx-0.0.7-2004-07-15-20:35:51 import
Igor Sysoev <igor@sysoev.ru>
parents:
392
diff
changeset
|
54 { ngx_string("ssl"), |
599 | 55 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_FLAG, |
2224 | 56 ngx_http_ssl_enable, |
383
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
57 NGX_HTTP_SRV_CONF_OFFSET, |
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
58 offsetof(ngx_http_ssl_srv_conf_t, enable), |
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
59 NULL }, |
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
60 |
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
61 { ngx_string("ssl_certificate"), |
599 | 62 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_TAKE1, |
383
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
63 ngx_conf_set_str_slot, |
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
64 NGX_HTTP_SRV_CONF_OFFSET, |
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
65 offsetof(ngx_http_ssl_srv_conf_t, certificate), |
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
66 NULL }, |
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
67 |
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
68 { ngx_string("ssl_certificate_key"), |
599 | 69 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_TAKE1, |
383
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
70 ngx_conf_set_str_slot, |
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
71 NGX_HTTP_SRV_CONF_OFFSET, |
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
72 offsetof(ngx_http_ssl_srv_conf_t, certificate_key), |
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
73 NULL }, |
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
74 |
2044 | 75 { ngx_string("ssl_dhparam"), |
76 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_TAKE1, | |
77 ngx_conf_set_str_slot, | |
78 NGX_HTTP_SRV_CONF_OFFSET, | |
79 offsetof(ngx_http_ssl_srv_conf_t, dhparam), | |
80 NULL }, | |
81 | |
4041
f87edc142316
Merge of r3960, r3961, r3962, r3963, r3965:
Igor Sysoev <igor@sysoev.ru>
parents:
3938
diff
changeset
|
82 { ngx_string("ssl_ecdh_curve"), |
f87edc142316
Merge of r3960, r3961, r3962, r3963, r3965:
Igor Sysoev <igor@sysoev.ru>
parents:
3938
diff
changeset
|
83 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_TAKE1, |
f87edc142316
Merge of r3960, r3961, r3962, r3963, r3965:
Igor Sysoev <igor@sysoev.ru>
parents:
3938
diff
changeset
|
84 ngx_conf_set_str_slot, |
f87edc142316
Merge of r3960, r3961, r3962, r3963, r3965:
Igor Sysoev <igor@sysoev.ru>
parents:
3938
diff
changeset
|
85 NGX_HTTP_SRV_CONF_OFFSET, |
f87edc142316
Merge of r3960, r3961, r3962, r3963, r3965:
Igor Sysoev <igor@sysoev.ru>
parents:
3938
diff
changeset
|
86 offsetof(ngx_http_ssl_srv_conf_t, ecdh_curve), |
f87edc142316
Merge of r3960, r3961, r3962, r3963, r3965:
Igor Sysoev <igor@sysoev.ru>
parents:
3938
diff
changeset
|
87 NULL }, |
f87edc142316
Merge of r3960, r3961, r3962, r3963, r3965:
Igor Sysoev <igor@sysoev.ru>
parents:
3938
diff
changeset
|
88 |
547 | 89 { ngx_string("ssl_protocols"), |
563 | 90 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_1MORE, |
547 | 91 ngx_conf_set_bitmask_slot, |
92 NGX_HTTP_SRV_CONF_OFFSET, | |
93 offsetof(ngx_http_ssl_srv_conf_t, protocols), | |
94 &ngx_http_ssl_protocols }, | |
95 | |
479 | 96 { ngx_string("ssl_ciphers"), |
563 | 97 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_TAKE1, |
479 | 98 ngx_conf_set_str_slot, |
99 NGX_HTTP_SRV_CONF_OFFSET, | |
100 offsetof(ngx_http_ssl_srv_conf_t, ciphers), | |
101 NULL }, | |
102 | |
647 | 103 { ngx_string("ssl_verify_client"), |
4357 | 104 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_TAKE1, |
2123 | 105 ngx_conf_set_enum_slot, |
647 | 106 NGX_HTTP_SRV_CONF_OFFSET, |
107 offsetof(ngx_http_ssl_srv_conf_t, verify), | |
2123 | 108 &ngx_http_ssl_verify }, |
647 | 109 |
110 { ngx_string("ssl_verify_depth"), | |
111 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_1MORE, | |
112 ngx_conf_set_num_slot, | |
113 NGX_HTTP_SRV_CONF_OFFSET, | |
114 offsetof(ngx_http_ssl_srv_conf_t, verify_depth), | |
115 NULL }, | |
116 | |
117 { ngx_string("ssl_client_certificate"), | |
118 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_TAKE1, | |
119 ngx_conf_set_str_slot, | |
120 NGX_HTTP_SRV_CONF_OFFSET, | |
121 offsetof(ngx_http_ssl_srv_conf_t, client_certificate), | |
122 NULL }, | |
123 | |
547 | 124 { ngx_string("ssl_prefer_server_ciphers"), |
125 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_FLAG, | |
126 ngx_conf_set_flag_slot, | |
127 NGX_HTTP_SRV_CONF_OFFSET, | |
128 offsetof(ngx_http_ssl_srv_conf_t, prefer_server_ciphers), | |
129 NULL }, | |
130 | |
973 | 131 { ngx_string("ssl_session_cache"), |
132 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_TAKE12, | |
133 ngx_http_ssl_session_cache, | |
134 NGX_HTTP_SRV_CONF_OFFSET, | |
135 0, | |
136 NULL }, | |
137 | |
573 | 138 { ngx_string("ssl_session_timeout"), |
139 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_TAKE1, | |
140 ngx_conf_set_sec_slot, | |
141 NGX_HTTP_SRV_CONF_OFFSET, | |
142 offsetof(ngx_http_ssl_srv_conf_t, session_timeout), | |
143 NULL }, | |
144 | |
2995 | 145 { ngx_string("ssl_crl"), |
146 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_TAKE1, | |
147 ngx_conf_set_str_slot, | |
148 NGX_HTTP_SRV_CONF_OFFSET, | |
149 offsetof(ngx_http_ssl_srv_conf_t, crl), | |
150 NULL }, | |
151 | |
383
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
152 ngx_null_command |
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
153 }; |
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
154 |
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
155 |
395
f8f0f1834266
nginx-0.0.7-2004-07-16-21:11:43 import
Igor Sysoev <igor@sysoev.ru>
parents:
394
diff
changeset
|
156 static ngx_http_module_t ngx_http_ssl_module_ctx = { |
611 | 157 ngx_http_ssl_add_variables, /* preconfiguration */ |
509 | 158 NULL, /* postconfiguration */ |
383
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
159 |
541 | 160 NULL, /* create main configuration */ |
161 NULL, /* init main configuration */ | |
383
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
162 |
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
163 ngx_http_ssl_create_srv_conf, /* create server configuration */ |
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
164 ngx_http_ssl_merge_srv_conf, /* merge server configuration */ |
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
165 |
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
166 NULL, /* create location configuration */ |
485 | 167 NULL /* merge location configuration */ |
383
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
168 }; |
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
169 |
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
170 |
395
f8f0f1834266
nginx-0.0.7-2004-07-16-21:11:43 import
Igor Sysoev <igor@sysoev.ru>
parents:
394
diff
changeset
|
171 ngx_module_t ngx_http_ssl_module = { |
509 | 172 NGX_MODULE_V1, |
395
f8f0f1834266
nginx-0.0.7-2004-07-16-21:11:43 import
Igor Sysoev <igor@sysoev.ru>
parents:
394
diff
changeset
|
173 &ngx_http_ssl_module_ctx, /* module context */ |
f8f0f1834266
nginx-0.0.7-2004-07-16-21:11:43 import
Igor Sysoev <igor@sysoev.ru>
parents:
394
diff
changeset
|
174 ngx_http_ssl_commands, /* module directives */ |
383
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
175 NGX_HTTP_MODULE, /* module type */ |
541 | 176 NULL, /* init master */ |
393
5659d773cfa8
nginx-0.0.7-2004-07-15-20:35:51 import
Igor Sysoev <igor@sysoev.ru>
parents:
392
diff
changeset
|
177 NULL, /* init module */ |
541 | 178 NULL, /* init process */ |
179 NULL, /* init thread */ | |
180 NULL, /* exit thread */ | |
181 NULL, /* exit process */ | |
182 NULL, /* exit master */ | |
183 NGX_MODULE_V1_PADDING | |
383
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
184 }; |
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
185 |
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
186 |
611 | 187 static ngx_http_variable_t ngx_http_ssl_vars[] = { |
188 | |
671 | 189 { ngx_string("ssl_protocol"), NULL, ngx_http_ssl_static_variable, |
1565 | 190 (uintptr_t) ngx_ssl_get_protocol, NGX_HTTP_VAR_CHANGEABLE, 0 }, |
611 | 191 |
671 | 192 { ngx_string("ssl_cipher"), NULL, ngx_http_ssl_static_variable, |
1565 | 193 (uintptr_t) ngx_ssl_get_cipher_name, NGX_HTTP_VAR_CHANGEABLE, 0 }, |
611 | 194 |
3154 | 195 { ngx_string("ssl_session_id"), NULL, ngx_http_ssl_variable, |
196 (uintptr_t) ngx_ssl_get_session_id, NGX_HTTP_VAR_CHANGEABLE, 0 }, | |
197 | |
2045 | 198 { ngx_string("ssl_client_cert"), NULL, ngx_http_ssl_variable, |
199 (uintptr_t) ngx_ssl_get_certificate, NGX_HTTP_VAR_CHANGEABLE, 0 }, | |
200 | |
2123 | 201 { ngx_string("ssl_client_raw_cert"), NULL, ngx_http_ssl_variable, |
202 (uintptr_t) ngx_ssl_get_raw_certificate, | |
203 NGX_HTTP_VAR_CHANGEABLE, 0 }, | |
204 | |
671 | 205 { ngx_string("ssl_client_s_dn"), NULL, ngx_http_ssl_variable, |
1565 | 206 (uintptr_t) ngx_ssl_get_subject_dn, NGX_HTTP_VAR_CHANGEABLE, 0 }, |
647 | 207 |
671 | 208 { ngx_string("ssl_client_i_dn"), NULL, ngx_http_ssl_variable, |
1565 | 209 (uintptr_t) ngx_ssl_get_issuer_dn, NGX_HTTP_VAR_CHANGEABLE, 0 }, |
671 | 210 |
211 { ngx_string("ssl_client_serial"), NULL, ngx_http_ssl_variable, | |
1565 | 212 (uintptr_t) ngx_ssl_get_serial_number, NGX_HTTP_VAR_CHANGEABLE, 0 }, |
647 | 213 |
2994 | 214 { ngx_string("ssl_client_verify"), NULL, ngx_http_ssl_variable, |
215 (uintptr_t) ngx_ssl_get_client_verify, NGX_HTTP_VAR_CHANGEABLE, 0 }, | |
216 | |
637 | 217 { ngx_null_string, NULL, NULL, 0, 0, 0 } |
611 | 218 }; |
219 | |
220 | |
974
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
973
diff
changeset
|
221 static ngx_str_t ngx_http_ssl_sess_id_ctx = ngx_string("HTTP"); |
973 | 222 |
223 | |
224 static ngx_int_t | |
671 | 225 ngx_http_ssl_static_variable(ngx_http_request_t *r, |
611 | 226 ngx_http_variable_value_t *v, uintptr_t data) |
227 { | |
671 | 228 ngx_ssl_variable_handler_pt handler = (ngx_ssl_variable_handler_pt) data; |
611 | 229 |
1310
33d6c994a0b2
Sun Studio on sparc uses different bit order
Igor Sysoev <igor@sysoev.ru>
parents:
1219
diff
changeset
|
230 size_t len; |
33d6c994a0b2
Sun Studio on sparc uses different bit order
Igor Sysoev <igor@sysoev.ru>
parents:
1219
diff
changeset
|
231 ngx_str_t s; |
611 | 232 |
233 if (r->connection->ssl) { | |
234 | |
1310
33d6c994a0b2
Sun Studio on sparc uses different bit order
Igor Sysoev <igor@sysoev.ru>
parents:
1219
diff
changeset
|
235 (void) handler(r->connection, NULL, &s); |
33d6c994a0b2
Sun Studio on sparc uses different bit order
Igor Sysoev <igor@sysoev.ru>
parents:
1219
diff
changeset
|
236 |
33d6c994a0b2
Sun Studio on sparc uses different bit order
Igor Sysoev <igor@sysoev.ru>
parents:
1219
diff
changeset
|
237 v->data = s.data; |
611 | 238 |
671 | 239 for (len = 0; v->data[len]; len++) { /* void */ } |
611 | 240 |
241 v->len = len; | |
242 v->valid = 1; | |
1565 | 243 v->no_cacheable = 0; |
611 | 244 v->not_found = 0; |
245 | |
246 return NGX_OK; | |
247 } | |
248 | |
249 v->not_found = 1; | |
250 | |
251 return NGX_OK; | |
252 } | |
253 | |
254 | |
255 static ngx_int_t | |
671 | 256 ngx_http_ssl_variable(ngx_http_request_t *r, ngx_http_variable_value_t *v, |
647 | 257 uintptr_t data) |
258 { | |
671 | 259 ngx_ssl_variable_handler_pt handler = (ngx_ssl_variable_handler_pt) data; |
647 | 260 |
1310
33d6c994a0b2
Sun Studio on sparc uses different bit order
Igor Sysoev <igor@sysoev.ru>
parents:
1219
diff
changeset
|
261 ngx_str_t s; |
33d6c994a0b2
Sun Studio on sparc uses different bit order
Igor Sysoev <igor@sysoev.ru>
parents:
1219
diff
changeset
|
262 |
647 | 263 if (r->connection->ssl) { |
1310
33d6c994a0b2
Sun Studio on sparc uses different bit order
Igor Sysoev <igor@sysoev.ru>
parents:
1219
diff
changeset
|
264 |
33d6c994a0b2
Sun Studio on sparc uses different bit order
Igor Sysoev <igor@sysoev.ru>
parents:
1219
diff
changeset
|
265 if (handler(r->connection, r->pool, &s) != NGX_OK) { |
647 | 266 return NGX_ERROR; |
267 } | |
268 | |
1310
33d6c994a0b2
Sun Studio on sparc uses different bit order
Igor Sysoev <igor@sysoev.ru>
parents:
1219
diff
changeset
|
269 v->len = s.len; |
33d6c994a0b2
Sun Studio on sparc uses different bit order
Igor Sysoev <igor@sysoev.ru>
parents:
1219
diff
changeset
|
270 v->data = s.data; |
33d6c994a0b2
Sun Studio on sparc uses different bit order
Igor Sysoev <igor@sysoev.ru>
parents:
1219
diff
changeset
|
271 |
647 | 272 if (v->len) { |
273 v->valid = 1; | |
1565 | 274 v->no_cacheable = 0; |
647 | 275 v->not_found = 0; |
276 | |
277 return NGX_OK; | |
278 } | |
279 } | |
280 | |
281 v->not_found = 1; | |
282 | |
283 return NGX_OK; | |
284 } | |
285 | |
286 | |
287 static ngx_int_t | |
611 | 288 ngx_http_ssl_add_variables(ngx_conf_t *cf) |
289 { | |
290 ngx_http_variable_t *var, *v; | |
291 | |
292 for (v = ngx_http_ssl_vars; v->name.len; v++) { | |
293 var = ngx_http_add_variable(cf, &v->name, v->flags); | |
294 if (var == NULL) { | |
295 return NGX_ERROR; | |
296 } | |
297 | |
637 | 298 var->get_handler = v->get_handler; |
611 | 299 var->data = v->data; |
300 } | |
301 | |
302 return NGX_OK; | |
303 } | |
304 | |
305 | |
501 | 306 static void * |
307 ngx_http_ssl_create_srv_conf(ngx_conf_t *cf) | |
383
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
308 { |
971 | 309 ngx_http_ssl_srv_conf_t *sscf; |
383
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
310 |
971 | 311 sscf = ngx_pcalloc(cf->pool, sizeof(ngx_http_ssl_srv_conf_t)); |
312 if (sscf == NULL) { | |
2912
c7d57b539248
return NULL instead of NGX_CONF_ERROR on a create conf failure
Igor Sysoev <igor@sysoev.ru>
parents:
2716
diff
changeset
|
313 return NULL; |
383
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
314 } |
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
315 |
479 | 316 /* |
317 * set by ngx_pcalloc(): | |
318 * | |
971 | 319 * sscf->protocols = 0; |
2044 | 320 * sscf->certificate = { 0, NULL }; |
321 * sscf->certificate_key = { 0, NULL }; | |
322 * sscf->dhparam = { 0, NULL }; | |
4041
f87edc142316
Merge of r3960, r3961, r3962, r3963, r3965:
Igor Sysoev <igor@sysoev.ru>
parents:
3938
diff
changeset
|
323 * sscf->ecdh_curve = { 0, NULL }; |
2044 | 324 * sscf->client_certificate = { 0, NULL }; |
2995 | 325 * sscf->crl = { 0, NULL }; |
3516
dd1570b6f237
ngx_str_set() and ngx_str_null()
Igor Sysoev <igor@sysoev.ru>
parents:
3209
diff
changeset
|
326 * sscf->ciphers = { 0, NULL }; |
973 | 327 * sscf->shm_zone = NULL; |
479 | 328 */ |
329 | |
971 | 330 sscf->enable = NGX_CONF_UNSET; |
2123 | 331 sscf->prefer_server_ciphers = NGX_CONF_UNSET; |
2710 | 332 sscf->verify = NGX_CONF_UNSET_UINT; |
333 sscf->verify_depth = NGX_CONF_UNSET_UINT; | |
973 | 334 sscf->builtin_session_cache = NGX_CONF_UNSET; |
335 sscf->session_timeout = NGX_CONF_UNSET; | |
383
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
336 |
971 | 337 return sscf; |
383
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
338 } |
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
339 |
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
340 |
501 | 341 static char * |
342 ngx_http_ssl_merge_srv_conf(ngx_conf_t *cf, void *parent, void *child) | |
383
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
343 { |
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
344 ngx_http_ssl_srv_conf_t *prev = parent; |
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
345 ngx_http_ssl_srv_conf_t *conf = child; |
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
346 |
563 | 347 ngx_pool_cleanup_t *cln; |
348 | |
4245
8d39230df833
Merging r4034, r4186, r4187, r4229, r4235, r4237:
Igor Sysoev <igor@sysoev.ru>
parents:
4159
diff
changeset
|
349 if (conf->enable == NGX_CONF_UNSET) { |
8d39230df833
Merging r4034, r4186, r4187, r4229, r4235, r4237:
Igor Sysoev <igor@sysoev.ru>
parents:
4159
diff
changeset
|
350 if (prev->enable == NGX_CONF_UNSET) { |
8d39230df833
Merging r4034, r4186, r4187, r4229, r4235, r4237:
Igor Sysoev <igor@sysoev.ru>
parents:
4159
diff
changeset
|
351 conf->enable = 0; |
8d39230df833
Merging r4034, r4186, r4187, r4229, r4235, r4237:
Igor Sysoev <igor@sysoev.ru>
parents:
4159
diff
changeset
|
352 |
8d39230df833
Merging r4034, r4186, r4187, r4229, r4235, r4237:
Igor Sysoev <igor@sysoev.ru>
parents:
4159
diff
changeset
|
353 } else { |
8d39230df833
Merging r4034, r4186, r4187, r4229, r4235, r4237:
Igor Sysoev <igor@sysoev.ru>
parents:
4159
diff
changeset
|
354 conf->enable = prev->enable; |
8d39230df833
Merging r4034, r4186, r4187, r4229, r4235, r4237:
Igor Sysoev <igor@sysoev.ru>
parents:
4159
diff
changeset
|
355 conf->file = prev->file; |
8d39230df833
Merging r4034, r4186, r4187, r4229, r4235, r4237:
Igor Sysoev <igor@sysoev.ru>
parents:
4159
diff
changeset
|
356 conf->line = prev->line; |
8d39230df833
Merging r4034, r4186, r4187, r4229, r4235, r4237:
Igor Sysoev <igor@sysoev.ru>
parents:
4159
diff
changeset
|
357 } |
8d39230df833
Merging r4034, r4186, r4187, r4229, r4235, r4237:
Igor Sysoev <igor@sysoev.ru>
parents:
4159
diff
changeset
|
358 } |
383
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
359 |
573 | 360 ngx_conf_merge_value(conf->session_timeout, |
361 prev->session_timeout, 300); | |
362 | |
547 | 363 ngx_conf_merge_value(conf->prefer_server_ciphers, |
364 prev->prefer_server_ciphers, 0); | |
365 | |
366 ngx_conf_merge_bitmask_value(conf->protocols, prev->protocols, | |
3190
dd2ae3872634
disable SSLv2 and low ciphers by default
Igor Sysoev <igor@sysoev.ru>
parents:
3154
diff
changeset
|
367 (NGX_CONF_BITMASK_SET|NGX_SSL_SSLv3|NGX_SSL_TLSv1)); |
547 | 368 |
2123 | 369 ngx_conf_merge_uint_value(conf->verify, prev->verify, 0); |
370 ngx_conf_merge_uint_value(conf->verify_depth, prev->verify_depth, 1); | |
647 | 371 |
2224 | 372 ngx_conf_merge_str_value(conf->certificate, prev->certificate, ""); |
373 ngx_conf_merge_str_value(conf->certificate_key, prev->certificate_key, ""); | |
383
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
374 |
2044 | 375 ngx_conf_merge_str_value(conf->dhparam, prev->dhparam, ""); |
376 | |
647 | 377 ngx_conf_merge_str_value(conf->client_certificate, prev->client_certificate, |
378 ""); | |
2995 | 379 ngx_conf_merge_str_value(conf->crl, prev->crl, ""); |
647 | 380 |
4041
f87edc142316
Merge of r3960, r3961, r3962, r3963, r3965:
Igor Sysoev <igor@sysoev.ru>
parents:
3938
diff
changeset
|
381 ngx_conf_merge_str_value(conf->ecdh_curve, prev->ecdh_curve, |
f87edc142316
Merge of r3960, r3961, r3962, r3963, r3965:
Igor Sysoev <igor@sysoev.ru>
parents:
3938
diff
changeset
|
382 NGX_DEFAULT_ECDH_CURVE); |
f87edc142316
Merge of r3960, r3961, r3962, r3963, r3965:
Igor Sysoev <igor@sysoev.ru>
parents:
3938
diff
changeset
|
383 |
2124 | 384 ngx_conf_merge_str_value(conf->ciphers, prev->ciphers, NGX_DEFAULT_CIPHERS); |
479 | 385 |
386 | |
547 | 387 conf->ssl.log = cf->log; |
386
fa72605e7089
nginx-0.0.7-2004-07-12-01:03:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
385
diff
changeset
|
388 |
2224 | 389 if (conf->enable) { |
390 | |
391 if (conf->certificate.len == 0) { | |
392 ngx_log_error(NGX_LOG_EMERG, cf->log, 0, | |
393 "no \"ssl_certificate\" is defined for " | |
394 "the \"ssl\" directive in %s:%ui", | |
395 conf->file, conf->line); | |
396 return NGX_CONF_ERROR; | |
397 } | |
398 | |
399 if (conf->certificate_key.len == 0) { | |
400 ngx_log_error(NGX_LOG_EMERG, cf->log, 0, | |
401 "no \"ssl_certificate_key\" is defined for " | |
402 "the \"ssl\" directive in %s:%ui", | |
403 conf->file, conf->line); | |
404 return NGX_CONF_ERROR; | |
405 } | |
406 | |
407 } else { | |
408 | |
409 if (conf->certificate.len == 0) { | |
410 return NGX_CONF_OK; | |
411 } | |
412 | |
413 if (conf->certificate_key.len == 0) { | |
414 ngx_log_error(NGX_LOG_EMERG, cf->log, 0, | |
415 "no \"ssl_certificate_key\" is defined " | |
416 "for certificate \"%V\"", &conf->certificate); | |
417 return NGX_CONF_ERROR; | |
418 } | |
419 } | |
420 | |
969 | 421 if (ngx_ssl_create(&conf->ssl, conf->protocols, conf) != NGX_OK) { |
386
fa72605e7089
nginx-0.0.7-2004-07-12-01:03:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
385
diff
changeset
|
422 return NGX_CONF_ERROR; |
fa72605e7089
nginx-0.0.7-2004-07-12-01:03:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
385
diff
changeset
|
423 } |
fa72605e7089
nginx-0.0.7-2004-07-12-01:03:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
385
diff
changeset
|
424 |
1219 | 425 #ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME |
426 | |
427 if (SSL_CTX_set_tlsext_servername_callback(conf->ssl.ctx, | |
428 ngx_http_ssl_servername) | |
429 == 0) | |
430 { | |
3140
ba9a8ba4207e
*) issue warning instead of failure: this is too common case
Igor Sysoev <igor@sysoev.ru>
parents:
2996
diff
changeset
|
431 ngx_log_error(NGX_LOG_WARN, cf->log, 0, |
3209 | 432 "nginx was built with SNI support, however, now it is linked " |
3140
ba9a8ba4207e
*) issue warning instead of failure: this is too common case
Igor Sysoev <igor@sysoev.ru>
parents:
2996
diff
changeset
|
433 "dynamically to an OpenSSL library which has no tlsext support, " |
ba9a8ba4207e
*) issue warning instead of failure: this is too common case
Igor Sysoev <igor@sysoev.ru>
parents:
2996
diff
changeset
|
434 "therefore SNI is not available"); |
1219 | 435 } |
436 | |
437 #endif | |
438 | |
563 | 439 cln = ngx_pool_cleanup_add(cf->pool, 0); |
440 if (cln == NULL) { | |
509 | 441 return NGX_CONF_ERROR; |
442 } | |
443 | |
563 | 444 cln->handler = ngx_ssl_cleanup_ctx; |
445 cln->data = &conf->ssl; | |
446 | |
447 if (ngx_ssl_certificate(cf, &conf->ssl, &conf->certificate, | |
970 | 448 &conf->certificate_key) |
449 != NGX_OK) | |
529 | 450 { |
386
fa72605e7089
nginx-0.0.7-2004-07-12-01:03:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
385
diff
changeset
|
451 return NGX_CONF_ERROR; |
fa72605e7089
nginx-0.0.7-2004-07-12-01:03:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
385
diff
changeset
|
452 } |
fa72605e7089
nginx-0.0.7-2004-07-12-01:03:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
385
diff
changeset
|
453 |
547 | 454 if (SSL_CTX_set_cipher_list(conf->ssl.ctx, |
563 | 455 (const char *) conf->ciphers.data) |
456 == 0) | |
529 | 457 { |
395
f8f0f1834266
nginx-0.0.7-2004-07-16-21:11:43 import
Igor Sysoev <igor@sysoev.ru>
parents:
394
diff
changeset
|
458 ngx_ssl_error(NGX_LOG_EMERG, cf->log, 0, |
547 | 459 "SSL_CTX_set_cipher_list(\"%V\") failed", |
460 &conf->ciphers); | |
461 } | |
462 | |
647 | 463 if (conf->verify) { |
2123 | 464 |
465 if (conf->client_certificate.len == 0) { | |
466 ngx_log_error(NGX_LOG_EMERG, cf->log, 0, | |
467 "no ssl_client_certificate for ssl_client_verify"); | |
468 return NGX_CONF_ERROR; | |
469 } | |
470 | |
671 | 471 if (ngx_ssl_client_certificate(cf, &conf->ssl, |
970 | 472 &conf->client_certificate, |
473 conf->verify_depth) | |
671 | 474 != NGX_OK) |
475 { | |
476 return NGX_CONF_ERROR; | |
647 | 477 } |
2995 | 478 |
479 if (ngx_ssl_crl(cf, &conf->ssl, &conf->crl) != NGX_OK) { | |
480 return NGX_CONF_ERROR; | |
481 } | |
647 | 482 } |
483 | |
547 | 484 if (conf->prefer_server_ciphers) { |
485 SSL_CTX_set_options(conf->ssl.ctx, SSL_OP_CIPHER_SERVER_PREFERENCE); | |
486 } | |
487 | |
488 /* a temporary 512-bit RSA key is required for export versions of MSIE */ | |
4041
f87edc142316
Merge of r3960, r3961, r3962, r3963, r3965:
Igor Sysoev <igor@sysoev.ru>
parents:
3938
diff
changeset
|
489 SSL_CTX_set_tmp_rsa_callback(conf->ssl.ctx, ngx_ssl_rsa512_key_callback); |
f87edc142316
Merge of r3960, r3961, r3962, r3963, r3965:
Igor Sysoev <igor@sysoev.ru>
parents:
3938
diff
changeset
|
490 |
f87edc142316
Merge of r3960, r3961, r3962, r3963, r3965:
Igor Sysoev <igor@sysoev.ru>
parents:
3938
diff
changeset
|
491 if (ngx_ssl_dhparam(cf, &conf->ssl, &conf->dhparam) != NGX_OK) { |
386
fa72605e7089
nginx-0.0.7-2004-07-12-01:03:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
385
diff
changeset
|
492 return NGX_CONF_ERROR; |
fa72605e7089
nginx-0.0.7-2004-07-12-01:03:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
385
diff
changeset
|
493 } |
fa72605e7089
nginx-0.0.7-2004-07-12-01:03:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
385
diff
changeset
|
494 |
4041
f87edc142316
Merge of r3960, r3961, r3962, r3963, r3965:
Igor Sysoev <igor@sysoev.ru>
parents:
3938
diff
changeset
|
495 if (ngx_ssl_ecdh_curve(cf, &conf->ssl, &conf->ecdh_curve) != NGX_OK) { |
2044 | 496 return NGX_CONF_ERROR; |
497 } | |
498 | |
973 | 499 ngx_conf_merge_value(conf->builtin_session_cache, |
2032 | 500 prev->builtin_session_cache, NGX_SSL_NONE_SCACHE); |
973 | 501 |
502 if (conf->shm_zone == NULL) { | |
503 conf->shm_zone = prev->shm_zone; | |
504 } | |
505 | |
974
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
973
diff
changeset
|
506 if (ngx_ssl_session_cache(&conf->ssl, &ngx_http_ssl_sess_id_ctx, |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
973
diff
changeset
|
507 conf->builtin_session_cache, |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
973
diff
changeset
|
508 conf->shm_zone, conf->session_timeout) |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
973
diff
changeset
|
509 != NGX_OK) |
973 | 510 { |
974
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
973
diff
changeset
|
511 return NGX_CONF_ERROR; |
973 | 512 } |
573 | 513 |
383
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
514 return NGX_CONF_OK; |
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
515 } |
563 | 516 |
517 | |
973 | 518 static char * |
2224 | 519 ngx_http_ssl_enable(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) |
520 { | |
521 ngx_http_ssl_srv_conf_t *sscf = conf; | |
522 | |
523 char *rv; | |
524 | |
525 rv = ngx_conf_set_flag_slot(cf, cmd, conf); | |
526 | |
527 if (rv != NGX_CONF_OK) { | |
528 return rv; | |
529 } | |
530 | |
531 sscf->file = cf->conf_file->file.name.data; | |
532 sscf->line = cf->conf_file->line; | |
533 | |
534 return NGX_CONF_OK; | |
535 } | |
536 | |
537 | |
538 static char * | |
973 | 539 ngx_http_ssl_session_cache(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) |
540 { | |
541 ngx_http_ssl_srv_conf_t *sscf = conf; | |
542 | |
543 size_t len; | |
544 ngx_str_t *value, name, size; | |
545 ngx_int_t n; | |
546 ngx_uint_t i, j; | |
547 | |
548 value = cf->args->elts; | |
549 | |
550 for (i = 1; i < cf->args->nelts; i++) { | |
551 | |
1778 | 552 if (ngx_strcmp(value[i].data, "off") == 0) { |
553 sscf->builtin_session_cache = NGX_SSL_NO_SCACHE; | |
554 continue; | |
555 } | |
556 | |
2032 | 557 if (ngx_strcmp(value[i].data, "none") == 0) { |
558 sscf->builtin_session_cache = NGX_SSL_NONE_SCACHE; | |
559 continue; | |
560 } | |
561 | |
973 | 562 if (ngx_strcmp(value[i].data, "builtin") == 0) { |
974
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
973
diff
changeset
|
563 sscf->builtin_session_cache = NGX_SSL_DFLT_BUILTIN_SCACHE; |
973 | 564 continue; |
565 } | |
566 | |
567 if (value[i].len > sizeof("builtin:") - 1 | |
568 && ngx_strncmp(value[i].data, "builtin:", sizeof("builtin:") - 1) | |
569 == 0) | |
570 { | |
571 n = ngx_atoi(value[i].data + sizeof("builtin:") - 1, | |
572 value[i].len - (sizeof("builtin:") - 1)); | |
573 | |
574 if (n == NGX_ERROR) { | |
575 goto invalid; | |
576 } | |
577 | |
578 sscf->builtin_session_cache = n; | |
579 | |
580 continue; | |
581 } | |
582 | |
583 if (value[i].len > sizeof("shared:") - 1 | |
584 && ngx_strncmp(value[i].data, "shared:", sizeof("shared:") - 1) | |
585 == 0) | |
586 { | |
587 len = 0; | |
588 | |
589 for (j = sizeof("shared:") - 1; j < value[i].len; j++) { | |
590 if (value[i].data[j] == ':') { | |
2716
d5896f6608e8
move zone name from ngx_shm_zone_t to ngx_shm_t to use Win32 shared memory
Igor Sysoev <igor@sysoev.ru>
parents:
2710
diff
changeset
|
591 value[i].data[j] = '\0'; |
973 | 592 break; |
593 } | |
594 | |
595 len++; | |
596 } | |
597 | |
598 if (len == 0) { | |
599 goto invalid; | |
600 } | |
601 | |
602 name.len = len; | |
603 name.data = value[i].data + sizeof("shared:") - 1; | |
604 | |
605 size.len = value[i].len - j - 1; | |
606 size.data = name.data + len + 1; | |
607 | |
608 n = ngx_parse_size(&size); | |
609 | |
610 if (n == NGX_ERROR) { | |
611 goto invalid; | |
612 } | |
613 | |
614 if (n < (ngx_int_t) (8 * ngx_pagesize)) { | |
615 ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, | |
974
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
973
diff
changeset
|
616 "session cache \"%V\" is too small", |
973 | 617 &value[i]); |
618 | |
619 return NGX_CONF_ERROR; | |
620 } | |
621 | |
622 sscf->shm_zone = ngx_shared_memory_add(cf, &name, n, | |
623 &ngx_http_ssl_module); | |
624 if (sscf->shm_zone == NULL) { | |
625 return NGX_CONF_ERROR; | |
626 } | |
627 | |
4159 | 628 sscf->shm_zone->init = ngx_ssl_session_cache_init; |
629 | |
973 | 630 continue; |
631 } | |
632 | |
633 goto invalid; | |
634 } | |
635 | |
636 if (sscf->shm_zone && sscf->builtin_session_cache == NGX_CONF_UNSET) { | |
974
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
973
diff
changeset
|
637 sscf->builtin_session_cache = NGX_SSL_NO_BUILTIN_SCACHE; |
973 | 638 } |
639 | |
640 return NGX_CONF_OK; | |
641 | |
642 invalid: | |
643 | |
644 ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, | |
645 "invalid session cache \"%V\"", &value[i]); | |
646 | |
647 return NGX_CONF_ERROR; | |
648 } |