Mercurial > hg > nginx
annotate src/http/modules/ngx_http_ssl_module.c @ 667:63a820b0bc6c release-0.3.55
nginx-0.3.55-RELEASE import
*) Feature: the "stub" parameter in the "include" SSI command.
*) Feature: the "block" SSI command.
*) Feature: the unicode2nginx script was added to contrib.
*) Bugfix: if a "root" was specified by variable only, then the root
was relative to a server prefix.
*) Bugfix: if the request contained "//" or "/./" and escaped symbols
after them, then the proxied request was sent unescaped.
*) Bugfix: the $r->headers_in("Cookie") of the ngx_http_perl_module now
returns all "Cookie" header lines.
*) Bugfix: a segmentation fault occurred if
"client_body_in_file_only on" was used and nginx switched to a next
upstream.
*) Bugfix: on some condition while reconfiguration character codes
inside the "charset_map" may be treated invalid; the bug had
appeared in 0.3.50.
author | Igor Sysoev <igor@sysoev.ru> |
---|---|
date | Fri, 28 Jul 2006 15:16:17 +0000 |
parents | 95d7da23ea53 |
children | 562806624c4a |
rev | line source |
---|---|
441
da8c5707af39
nginx-0.1.0-2004-09-28-12:34:51 import; set copyright and remove unused files
Igor Sysoev <igor@sysoev.ru>
parents:
396
diff
changeset
|
1 |
da8c5707af39
nginx-0.1.0-2004-09-28-12:34:51 import; set copyright and remove unused files
Igor Sysoev <igor@sysoev.ru>
parents:
396
diff
changeset
|
2 /* |
444
42d11f017717
nginx-0.1.0-2004-09-29-20:00:49 import; remove years from copyright
Igor Sysoev <igor@sysoev.ru>
parents:
441
diff
changeset
|
3 * Copyright (C) Igor Sysoev |
441
da8c5707af39
nginx-0.1.0-2004-09-28-12:34:51 import; set copyright and remove unused files
Igor Sysoev <igor@sysoev.ru>
parents:
396
diff
changeset
|
4 */ |
da8c5707af39
nginx-0.1.0-2004-09-28-12:34:51 import; set copyright and remove unused files
Igor Sysoev <igor@sysoev.ru>
parents:
396
diff
changeset
|
5 |
383
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
6 |
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
7 #include <ngx_config.h> |
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
8 #include <ngx_core.h> |
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
9 #include <ngx_http.h> |
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
10 |
573 | 11 |
611 | 12 typedef u_char *(*ngx_ssl_variable_handler_pt)(ngx_connection_t *); |
13 | |
14 | |
383
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
15 #define NGX_DEFLAUT_CERTIFICATE "cert.pem" |
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
16 #define NGX_DEFLAUT_CERTIFICATE_KEY "cert.pem" |
547 | 17 #define NGX_DEFLAUT_CIPHERS "ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP" |
383
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
18 |
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
19 |
611 | 20 static ngx_int_t ngx_http_ssl_variable(ngx_http_request_t *r, |
21 ngx_http_variable_value_t *v, uintptr_t data); | |
647 | 22 static ngx_int_t ngx_http_ssl_client_s_dn(ngx_http_request_t *r, |
23 ngx_http_variable_value_t *v, uintptr_t data); | |
24 static ngx_int_t ngx_http_ssl_client_i_dn(ngx_http_request_t *r, | |
25 ngx_http_variable_value_t *v, uintptr_t data); | |
611 | 26 |
27 static ngx_int_t ngx_http_ssl_add_variables(ngx_conf_t *cf); | |
383
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
28 static void *ngx_http_ssl_create_srv_conf(ngx_conf_t *cf); |
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
29 static char *ngx_http_ssl_merge_srv_conf(ngx_conf_t *cf, |
501 | 30 void *parent, void *child); |
383
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
31 |
563 | 32 #if !defined (SSL_OP_CIPHER_SERVER_PREFERENCE) |
33 | |
34 static char *ngx_http_ssl_nosupported(ngx_conf_t *cf, ngx_command_t *cmd, | |
35 void *conf); | |
36 | |
37 static char ngx_http_ssl_openssl097[] = "OpenSSL 0.9.7 and higher"; | |
38 | |
39 #endif | |
40 | |
383
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
41 |
547 | 42 static ngx_conf_bitmask_t ngx_http_ssl_protocols[] = { |
43 { ngx_string("SSLv2"), NGX_SSL_SSLv2 }, | |
44 { ngx_string("SSLv3"), NGX_SSL_SSLv3 }, | |
45 { ngx_string("TLSv1"), NGX_SSL_TLSv1 }, | |
46 { ngx_null_string, 0 } | |
47 }; | |
48 | |
49 | |
395
f8f0f1834266
nginx-0.0.7-2004-07-16-21:11:43 import
Igor Sysoev <igor@sysoev.ru>
parents:
394
diff
changeset
|
50 static ngx_command_t ngx_http_ssl_commands[] = { |
383
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
51 |
393
5659d773cfa8
nginx-0.0.7-2004-07-15-20:35:51 import
Igor Sysoev <igor@sysoev.ru>
parents:
392
diff
changeset
|
52 { ngx_string("ssl"), |
599 | 53 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_FLAG, |
383
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
54 ngx_conf_set_flag_slot, |
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
55 NGX_HTTP_SRV_CONF_OFFSET, |
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
56 offsetof(ngx_http_ssl_srv_conf_t, enable), |
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
57 NULL }, |
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
58 |
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
59 { ngx_string("ssl_certificate"), |
599 | 60 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_TAKE1, |
383
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
61 ngx_conf_set_str_slot, |
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
62 NGX_HTTP_SRV_CONF_OFFSET, |
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
63 offsetof(ngx_http_ssl_srv_conf_t, certificate), |
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
64 NULL }, |
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
65 |
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
66 { ngx_string("ssl_certificate_key"), |
599 | 67 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_TAKE1, |
383
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
68 ngx_conf_set_str_slot, |
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
69 NGX_HTTP_SRV_CONF_OFFSET, |
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
70 offsetof(ngx_http_ssl_srv_conf_t, certificate_key), |
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
71 NULL }, |
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
72 |
547 | 73 { ngx_string("ssl_protocols"), |
563 | 74 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_1MORE, |
547 | 75 ngx_conf_set_bitmask_slot, |
76 NGX_HTTP_SRV_CONF_OFFSET, | |
77 offsetof(ngx_http_ssl_srv_conf_t, protocols), | |
78 &ngx_http_ssl_protocols }, | |
79 | |
479 | 80 { ngx_string("ssl_ciphers"), |
563 | 81 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_TAKE1, |
479 | 82 ngx_conf_set_str_slot, |
83 NGX_HTTP_SRV_CONF_OFFSET, | |
84 offsetof(ngx_http_ssl_srv_conf_t, ciphers), | |
85 NULL }, | |
86 | |
647 | 87 { ngx_string("ssl_verify_client"), |
667 | 88 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_FLAG, |
647 | 89 ngx_conf_set_flag_slot, |
90 NGX_HTTP_SRV_CONF_OFFSET, | |
91 offsetof(ngx_http_ssl_srv_conf_t, verify), | |
92 NULL }, | |
93 | |
94 { ngx_string("ssl_verify_depth"), | |
95 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_1MORE, | |
96 ngx_conf_set_num_slot, | |
97 NGX_HTTP_SRV_CONF_OFFSET, | |
98 offsetof(ngx_http_ssl_srv_conf_t, verify_depth), | |
99 NULL }, | |
100 | |
101 { ngx_string("ssl_client_certificate"), | |
102 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_TAKE1, | |
103 ngx_conf_set_str_slot, | |
104 NGX_HTTP_SRV_CONF_OFFSET, | |
105 offsetof(ngx_http_ssl_srv_conf_t, client_certificate), | |
106 NULL }, | |
107 | |
547 | 108 { ngx_string("ssl_prefer_server_ciphers"), |
109 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_FLAG, | |
563 | 110 #ifdef SSL_OP_CIPHER_SERVER_PREFERENCE |
547 | 111 ngx_conf_set_flag_slot, |
112 NGX_HTTP_SRV_CONF_OFFSET, | |
113 offsetof(ngx_http_ssl_srv_conf_t, prefer_server_ciphers), | |
114 NULL }, | |
563 | 115 #else |
116 ngx_http_ssl_nosupported, 0, 0, ngx_http_ssl_openssl097 }, | |
117 #endif | |
547 | 118 |
573 | 119 { ngx_string("ssl_session_timeout"), |
120 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_TAKE1, | |
121 ngx_conf_set_sec_slot, | |
122 NGX_HTTP_SRV_CONF_OFFSET, | |
123 offsetof(ngx_http_ssl_srv_conf_t, session_timeout), | |
124 NULL }, | |
125 | |
383
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
126 ngx_null_command |
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
127 }; |
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
128 |
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
129 |
395
f8f0f1834266
nginx-0.0.7-2004-07-16-21:11:43 import
Igor Sysoev <igor@sysoev.ru>
parents:
394
diff
changeset
|
130 static ngx_http_module_t ngx_http_ssl_module_ctx = { |
611 | 131 ngx_http_ssl_add_variables, /* preconfiguration */ |
509 | 132 NULL, /* postconfiguration */ |
383
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
133 |
541 | 134 NULL, /* create main configuration */ |
135 NULL, /* init main configuration */ | |
383
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
136 |
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
137 ngx_http_ssl_create_srv_conf, /* create server configuration */ |
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
138 ngx_http_ssl_merge_srv_conf, /* merge server configuration */ |
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
139 |
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
140 NULL, /* create location configuration */ |
485 | 141 NULL /* merge location configuration */ |
383
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
142 }; |
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
143 |
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
144 |
395
f8f0f1834266
nginx-0.0.7-2004-07-16-21:11:43 import
Igor Sysoev <igor@sysoev.ru>
parents:
394
diff
changeset
|
145 ngx_module_t ngx_http_ssl_module = { |
509 | 146 NGX_MODULE_V1, |
395
f8f0f1834266
nginx-0.0.7-2004-07-16-21:11:43 import
Igor Sysoev <igor@sysoev.ru>
parents:
394
diff
changeset
|
147 &ngx_http_ssl_module_ctx, /* module context */ |
f8f0f1834266
nginx-0.0.7-2004-07-16-21:11:43 import
Igor Sysoev <igor@sysoev.ru>
parents:
394
diff
changeset
|
148 ngx_http_ssl_commands, /* module directives */ |
383
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
149 NGX_HTTP_MODULE, /* module type */ |
541 | 150 NULL, /* init master */ |
393
5659d773cfa8
nginx-0.0.7-2004-07-15-20:35:51 import
Igor Sysoev <igor@sysoev.ru>
parents:
392
diff
changeset
|
151 NULL, /* init module */ |
541 | 152 NULL, /* init process */ |
153 NULL, /* init thread */ | |
154 NULL, /* exit thread */ | |
155 NULL, /* exit process */ | |
156 NULL, /* exit master */ | |
157 NGX_MODULE_V1_PADDING | |
383
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
158 }; |
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
159 |
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
160 |
611 | 161 static ngx_http_variable_t ngx_http_ssl_vars[] = { |
162 | |
637 | 163 { ngx_string("ssl_protocol"), NULL, ngx_http_ssl_variable, |
611 | 164 (uintptr_t) ngx_ssl_get_protocol, NGX_HTTP_VAR_CHANGABLE, 0 }, |
165 | |
637 | 166 { ngx_string("ssl_cipher"), NULL, ngx_http_ssl_variable, |
611 | 167 (uintptr_t) ngx_ssl_get_cipher_name, NGX_HTTP_VAR_CHANGABLE, 0 }, |
168 | |
647 | 169 { ngx_string("ssl_client_s_dn"), NULL, ngx_http_ssl_client_s_dn, |
170 0, NGX_HTTP_VAR_CHANGABLE, 0 }, | |
171 | |
172 { ngx_string("ssl_client_i_dn"), NULL, ngx_http_ssl_client_i_dn, | |
173 0, NGX_HTTP_VAR_CHANGABLE, 0 }, | |
174 | |
637 | 175 { ngx_null_string, NULL, NULL, 0, 0, 0 } |
611 | 176 }; |
177 | |
178 | |
543 | 179 static u_char ngx_http_session_id_ctx[] = "HTTP"; |
180 | |
181 | |
611 | 182 static ngx_int_t |
183 ngx_http_ssl_variable(ngx_http_request_t *r, | |
184 ngx_http_variable_value_t *v, uintptr_t data) | |
185 { | |
186 ngx_ssl_variable_handler_pt handler = (ngx_ssl_variable_handler_pt) data; | |
187 | |
188 size_t len; | |
189 u_char *name; | |
190 | |
191 if (r->connection->ssl) { | |
192 | |
193 name = handler(r->connection); | |
194 | |
195 for (len = 0; name[len]; len++) { /* void */ } | |
196 | |
197 v->len = len; | |
198 v->valid = 1; | |
199 v->no_cachable = 0; | |
200 v->not_found = 0; | |
201 v->data = name; | |
202 | |
203 return NGX_OK; | |
204 } | |
205 | |
206 v->not_found = 1; | |
207 | |
208 return NGX_OK; | |
209 } | |
210 | |
211 | |
212 static ngx_int_t | |
647 | 213 ngx_http_ssl_client_s_dn(ngx_http_request_t *r, ngx_http_variable_value_t *v, |
214 uintptr_t data) | |
215 { | |
216 if (r->connection->ssl) { | |
217 if (ngx_ssl_get_subject_dn(r->connection, r->pool, (ngx_str_t *) v) | |
218 != NGX_OK) | |
219 { | |
220 return NGX_ERROR; | |
221 } | |
222 | |
223 if (v->len) { | |
224 v->valid = 1; | |
225 v->no_cachable = 0; | |
226 v->not_found = 0; | |
227 | |
228 return NGX_OK; | |
229 } | |
230 } | |
231 | |
232 v->not_found = 1; | |
233 | |
234 return NGX_OK; | |
235 } | |
236 | |
237 | |
238 static ngx_int_t | |
239 ngx_http_ssl_client_i_dn(ngx_http_request_t *r, ngx_http_variable_value_t *v, | |
240 uintptr_t data) | |
241 { | |
242 if (r->connection->ssl) { | |
243 if (ngx_ssl_get_issuer_dn(r->connection, r->pool, (ngx_str_t *) v) | |
244 != NGX_OK) | |
245 { | |
246 return NGX_ERROR; | |
247 } | |
248 | |
249 if (v->len) { | |
250 v->valid = 1; | |
251 v->no_cachable = 0; | |
252 v->not_found = 0; | |
253 | |
254 return NGX_OK; | |
255 } | |
256 } | |
257 | |
258 v->not_found = 1; | |
259 | |
260 return NGX_OK; | |
261 } | |
262 | |
263 | |
264 static ngx_int_t | |
611 | 265 ngx_http_ssl_add_variables(ngx_conf_t *cf) |
266 { | |
267 ngx_http_variable_t *var, *v; | |
268 | |
269 for (v = ngx_http_ssl_vars; v->name.len; v++) { | |
270 var = ngx_http_add_variable(cf, &v->name, v->flags); | |
271 if (var == NULL) { | |
272 return NGX_ERROR; | |
273 } | |
274 | |
637 | 275 var->get_handler = v->get_handler; |
611 | 276 var->data = v->data; |
277 } | |
278 | |
279 return NGX_OK; | |
280 } | |
281 | |
282 | |
501 | 283 static void * |
284 ngx_http_ssl_create_srv_conf(ngx_conf_t *cf) | |
383
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
285 { |
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
286 ngx_http_ssl_srv_conf_t *scf; |
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
287 |
501 | 288 scf = ngx_pcalloc(cf->pool, sizeof(ngx_http_ssl_srv_conf_t)); |
289 if (scf == NULL) { | |
383
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
290 return NGX_CONF_ERROR; |
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
291 } |
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
292 |
479 | 293 /* |
294 * set by ngx_pcalloc(): | |
295 * | |
547 | 296 * scf->protocols = 0; |
297 | |
479 | 298 * scf->certificate.len = 0; |
299 * scf->certificate.data = NULL; | |
300 * scf->certificate_key.len = 0; | |
301 * scf->certificate_key.data = NULL; | |
647 | 302 * scf->client_certificate.len = 0; |
303 * scf->client_certificate.data = NULL; | |
479 | 304 * scf->ciphers.len = 0; |
305 * scf->ciphers.data = NULL; | |
306 */ | |
307 | |
383
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
308 scf->enable = NGX_CONF_UNSET; |
573 | 309 scf->session_timeout = NGX_CONF_UNSET; |
647 | 310 scf->verify = NGX_CONF_UNSET; |
311 scf->verify_depth = NGX_CONF_UNSET; | |
547 | 312 scf->prefer_server_ciphers = NGX_CONF_UNSET; |
383
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
313 |
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
314 return scf; |
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
315 } |
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
316 |
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
317 |
501 | 318 static char * |
319 ngx_http_ssl_merge_srv_conf(ngx_conf_t *cf, void *parent, void *child) | |
383
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
320 { |
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
321 ngx_http_ssl_srv_conf_t *prev = parent; |
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
322 ngx_http_ssl_srv_conf_t *conf = child; |
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
323 |
563 | 324 ngx_pool_cleanup_t *cln; |
325 | |
383
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
326 ngx_conf_merge_value(conf->enable, prev->enable, 0); |
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
327 |
393
5659d773cfa8
nginx-0.0.7-2004-07-15-20:35:51 import
Igor Sysoev <igor@sysoev.ru>
parents:
392
diff
changeset
|
328 if (conf->enable == 0) { |
5659d773cfa8
nginx-0.0.7-2004-07-15-20:35:51 import
Igor Sysoev <igor@sysoev.ru>
parents:
392
diff
changeset
|
329 return NGX_CONF_OK; |
5659d773cfa8
nginx-0.0.7-2004-07-15-20:35:51 import
Igor Sysoev <igor@sysoev.ru>
parents:
392
diff
changeset
|
330 } |
5659d773cfa8
nginx-0.0.7-2004-07-15-20:35:51 import
Igor Sysoev <igor@sysoev.ru>
parents:
392
diff
changeset
|
331 |
573 | 332 ngx_conf_merge_value(conf->session_timeout, |
333 prev->session_timeout, 300); | |
334 | |
547 | 335 ngx_conf_merge_value(conf->prefer_server_ciphers, |
336 prev->prefer_server_ciphers, 0); | |
337 | |
338 ngx_conf_merge_bitmask_value(conf->protocols, prev->protocols, | |
339 (NGX_CONF_BITMASK_SET | |
340 |NGX_SSL_SSLv2|NGX_SSL_SSLv3|NGX_SSL_TLSv1)); | |
341 | |
647 | 342 ngx_conf_merge_value(conf->verify, prev->verify, 0); |
343 ngx_conf_merge_value(conf->verify_depth, prev->verify_depth, 1); | |
344 | |
383
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
345 ngx_conf_merge_str_value(conf->certificate, prev->certificate, |
547 | 346 NGX_DEFLAUT_CERTIFICATE); |
383
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
347 |
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
348 ngx_conf_merge_str_value(conf->certificate_key, prev->certificate_key, |
547 | 349 NGX_DEFLAUT_CERTIFICATE_KEY); |
383
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
350 |
647 | 351 ngx_conf_merge_str_value(conf->client_certificate, prev->client_certificate, |
352 ""); | |
353 | |
547 | 354 ngx_conf_merge_str_value(conf->ciphers, prev->ciphers, NGX_DEFLAUT_CIPHERS); |
479 | 355 |
356 | |
547 | 357 conf->ssl.log = cf->log; |
386
fa72605e7089
nginx-0.0.7-2004-07-12-01:03:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
385
diff
changeset
|
358 |
547 | 359 if (ngx_ssl_create(&conf->ssl, conf->protocols) != NGX_OK) { |
386
fa72605e7089
nginx-0.0.7-2004-07-12-01:03:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
385
diff
changeset
|
360 return NGX_CONF_ERROR; |
fa72605e7089
nginx-0.0.7-2004-07-12-01:03:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
385
diff
changeset
|
361 } |
fa72605e7089
nginx-0.0.7-2004-07-12-01:03:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
385
diff
changeset
|
362 |
563 | 363 cln = ngx_pool_cleanup_add(cf->pool, 0); |
364 if (cln == NULL) { | |
509 | 365 return NGX_CONF_ERROR; |
366 } | |
367 | |
563 | 368 cln->handler = ngx_ssl_cleanup_ctx; |
369 cln->data = &conf->ssl; | |
370 | |
371 if (ngx_ssl_certificate(cf, &conf->ssl, &conf->certificate, | |
372 &conf->certificate_key) != NGX_OK) | |
529 | 373 { |
386
fa72605e7089
nginx-0.0.7-2004-07-12-01:03:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
385
diff
changeset
|
374 return NGX_CONF_ERROR; |
fa72605e7089
nginx-0.0.7-2004-07-12-01:03:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
385
diff
changeset
|
375 } |
fa72605e7089
nginx-0.0.7-2004-07-12-01:03:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
385
diff
changeset
|
376 |
547 | 377 if (SSL_CTX_set_cipher_list(conf->ssl.ctx, |
563 | 378 (const char *) conf->ciphers.data) |
379 == 0) | |
529 | 380 { |
395
f8f0f1834266
nginx-0.0.7-2004-07-16-21:11:43 import
Igor Sysoev <igor@sysoev.ru>
parents:
394
diff
changeset
|
381 ngx_ssl_error(NGX_LOG_EMERG, cf->log, 0, |
547 | 382 "SSL_CTX_set_cipher_list(\"%V\") failed", |
383 &conf->ciphers); | |
384 } | |
385 | |
647 | 386 if (conf->verify) { |
387 SSL_CTX_set_verify(conf->ssl.ctx, NGX_SSL_VERIFY, NULL); | |
388 | |
389 SSL_CTX_set_verify_depth(conf->ssl.ctx, conf->verify_depth); | |
390 | |
391 if (conf->client_certificate.len) { | |
392 if (ngx_ssl_client_certificate(cf, &conf->ssl, | |
393 &conf->client_certificate) | |
394 != NGX_OK) | |
395 { | |
396 return NGX_CONF_ERROR; | |
397 } | |
398 } | |
399 } | |
400 | |
563 | 401 #ifdef SSL_OP_CIPHER_SERVER_PREFERENCE |
402 | |
547 | 403 if (conf->prefer_server_ciphers) { |
404 SSL_CTX_set_options(conf->ssl.ctx, SSL_OP_CIPHER_SERVER_PREFERENCE); | |
405 } | |
406 | |
563 | 407 #endif |
408 | |
547 | 409 /* a temporary 512-bit RSA key is required for export versions of MSIE */ |
410 if (ngx_ssl_generate_rsa512_key(&conf->ssl) != NGX_OK) { | |
386
fa72605e7089
nginx-0.0.7-2004-07-12-01:03:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
385
diff
changeset
|
411 return NGX_CONF_ERROR; |
fa72605e7089
nginx-0.0.7-2004-07-12-01:03:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
385
diff
changeset
|
412 } |
fa72605e7089
nginx-0.0.7-2004-07-12-01:03:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
385
diff
changeset
|
413 |
547 | 414 SSL_CTX_set_session_cache_mode(conf->ssl.ctx, SSL_SESS_CACHE_SERVER); |
543 | 415 |
547 | 416 SSL_CTX_set_session_id_context(conf->ssl.ctx, ngx_http_session_id_ctx, |
543 | 417 sizeof(ngx_http_session_id_ctx) - 1); |
541 | 418 |
573 | 419 SSL_CTX_set_timeout(conf->ssl.ctx, conf->session_timeout); |
420 | |
383
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
421 return NGX_CONF_OK; |
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
422 } |
563 | 423 |
424 | |
425 #if !defined (SSL_OP_CIPHER_SERVER_PREFERENCE) | |
426 | |
427 static char * | |
428 ngx_http_ssl_nosupported(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) | |
429 { | |
430 ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, | |
431 "\"%V\" directive is available only in %s,", | |
432 &cmd->name, cmd->post); | |
433 | |
434 return NGX_CONF_ERROR; | |
435 } | |
436 | |
437 #endif |