Mercurial > hg > nginx
comparison src/http/modules/ngx_http_ssl_module.c @ 2224:109849282793
*) listen ssl
*) no default ssl_cetificate and ssl_cetificate_key
author | Igor Sysoev <igor@sysoev.ru> |
---|---|
date | Mon, 01 Sep 2008 14:19:01 +0000 |
parents | e0b424b98f24 |
children | 218ee852de73 |
comparison
equal
deleted
inserted
replaced
2223:005fc65f7ce7 | 2224:109849282793 |
---|---|
11 | 11 |
12 typedef ngx_int_t (*ngx_ssl_variable_handler_pt)(ngx_connection_t *c, | 12 typedef ngx_int_t (*ngx_ssl_variable_handler_pt)(ngx_connection_t *c, |
13 ngx_pool_t *pool, ngx_str_t *s); | 13 ngx_pool_t *pool, ngx_str_t *s); |
14 | 14 |
15 | 15 |
16 #define NGX_DEFAULT_CERTIFICATE "cert.pem" | |
17 #define NGX_DEFAULT_CERTIFICATE_KEY "cert.pem" | |
18 #define NGX_DEFAULT_CIPHERS "ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP" | 16 #define NGX_DEFAULT_CIPHERS "ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP" |
19 | 17 |
20 | 18 |
21 static ngx_int_t ngx_http_ssl_static_variable(ngx_http_request_t *r, | 19 static ngx_int_t ngx_http_ssl_static_variable(ngx_http_request_t *r, |
22 ngx_http_variable_value_t *v, uintptr_t data); | 20 ngx_http_variable_value_t *v, uintptr_t data); |
26 static ngx_int_t ngx_http_ssl_add_variables(ngx_conf_t *cf); | 24 static ngx_int_t ngx_http_ssl_add_variables(ngx_conf_t *cf); |
27 static void *ngx_http_ssl_create_srv_conf(ngx_conf_t *cf); | 25 static void *ngx_http_ssl_create_srv_conf(ngx_conf_t *cf); |
28 static char *ngx_http_ssl_merge_srv_conf(ngx_conf_t *cf, | 26 static char *ngx_http_ssl_merge_srv_conf(ngx_conf_t *cf, |
29 void *parent, void *child); | 27 void *parent, void *child); |
30 | 28 |
29 static char *ngx_http_ssl_enable(ngx_conf_t *cf, ngx_command_t *cmd, | |
30 void *conf); | |
31 static char *ngx_http_ssl_session_cache(ngx_conf_t *cf, ngx_command_t *cmd, | 31 static char *ngx_http_ssl_session_cache(ngx_conf_t *cf, ngx_command_t *cmd, |
32 void *conf); | 32 void *conf); |
33 | 33 |
34 #if !defined (SSL_OP_CIPHER_SERVER_PREFERENCE) | 34 #if !defined (SSL_OP_CIPHER_SERVER_PREFERENCE) |
35 | 35 |
59 | 59 |
60 static ngx_command_t ngx_http_ssl_commands[] = { | 60 static ngx_command_t ngx_http_ssl_commands[] = { |
61 | 61 |
62 { ngx_string("ssl"), | 62 { ngx_string("ssl"), |
63 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_FLAG, | 63 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_FLAG, |
64 ngx_conf_set_flag_slot, | 64 ngx_http_ssl_enable, |
65 NGX_HTTP_SRV_CONF_OFFSET, | 65 NGX_HTTP_SRV_CONF_OFFSET, |
66 offsetof(ngx_http_ssl_srv_conf_t, enable), | 66 offsetof(ngx_http_ssl_srv_conf_t, enable), |
67 NULL }, | 67 NULL }, |
68 | 68 |
69 { ngx_string("ssl_certificate"), | 69 { ngx_string("ssl_certificate"), |
337 | 337 |
338 ngx_pool_cleanup_t *cln; | 338 ngx_pool_cleanup_t *cln; |
339 | 339 |
340 ngx_conf_merge_value(conf->enable, prev->enable, 0); | 340 ngx_conf_merge_value(conf->enable, prev->enable, 0); |
341 | 341 |
342 if (conf->enable == 0) { | |
343 return NGX_CONF_OK; | |
344 } | |
345 | |
346 ngx_conf_merge_value(conf->session_timeout, | 342 ngx_conf_merge_value(conf->session_timeout, |
347 prev->session_timeout, 300); | 343 prev->session_timeout, 300); |
348 | 344 |
349 ngx_conf_merge_value(conf->prefer_server_ciphers, | 345 ngx_conf_merge_value(conf->prefer_server_ciphers, |
350 prev->prefer_server_ciphers, 0); | 346 prev->prefer_server_ciphers, 0); |
354 |NGX_SSL_SSLv2|NGX_SSL_SSLv3|NGX_SSL_TLSv1)); | 350 |NGX_SSL_SSLv2|NGX_SSL_SSLv3|NGX_SSL_TLSv1)); |
355 | 351 |
356 ngx_conf_merge_uint_value(conf->verify, prev->verify, 0); | 352 ngx_conf_merge_uint_value(conf->verify, prev->verify, 0); |
357 ngx_conf_merge_uint_value(conf->verify_depth, prev->verify_depth, 1); | 353 ngx_conf_merge_uint_value(conf->verify_depth, prev->verify_depth, 1); |
358 | 354 |
359 ngx_conf_merge_str_value(conf->certificate, prev->certificate, | 355 ngx_conf_merge_str_value(conf->certificate, prev->certificate, ""); |
360 NGX_DEFAULT_CERTIFICATE); | 356 ngx_conf_merge_str_value(conf->certificate_key, prev->certificate_key, ""); |
361 | |
362 ngx_conf_merge_str_value(conf->certificate_key, prev->certificate_key, | |
363 NGX_DEFAULT_CERTIFICATE_KEY); | |
364 | 357 |
365 ngx_conf_merge_str_value(conf->dhparam, prev->dhparam, ""); | 358 ngx_conf_merge_str_value(conf->dhparam, prev->dhparam, ""); |
366 | 359 |
367 ngx_conf_merge_str_value(conf->client_certificate, prev->client_certificate, | 360 ngx_conf_merge_str_value(conf->client_certificate, prev->client_certificate, |
368 ""); | 361 ""); |
369 | 362 |
370 ngx_conf_merge_str_value(conf->ciphers, prev->ciphers, NGX_DEFAULT_CIPHERS); | 363 ngx_conf_merge_str_value(conf->ciphers, prev->ciphers, NGX_DEFAULT_CIPHERS); |
371 | 364 |
372 | 365 |
373 conf->ssl.log = cf->log; | 366 conf->ssl.log = cf->log; |
367 | |
368 if (conf->enable) { | |
369 | |
370 if (conf->certificate.len == 0) { | |
371 ngx_log_error(NGX_LOG_EMERG, cf->log, 0, | |
372 "no \"ssl_certificate\" is defined for " | |
373 "the \"ssl\" directive in %s:%ui", | |
374 conf->file, conf->line); | |
375 return NGX_CONF_ERROR; | |
376 } | |
377 | |
378 if (conf->certificate_key.len == 0) { | |
379 ngx_log_error(NGX_LOG_EMERG, cf->log, 0, | |
380 "no \"ssl_certificate_key\" is defined for " | |
381 "the \"ssl\" directive in %s:%ui", | |
382 conf->file, conf->line); | |
383 return NGX_CONF_ERROR; | |
384 } | |
385 | |
386 } else { | |
387 | |
388 if (conf->certificate.len == 0) { | |
389 return NGX_CONF_OK; | |
390 } | |
391 | |
392 if (conf->certificate_key.len == 0) { | |
393 ngx_log_error(NGX_LOG_EMERG, cf->log, 0, | |
394 "no \"ssl_certificate_key\" is defined " | |
395 "for certificate \"%V\"", &conf->certificate); | |
396 return NGX_CONF_ERROR; | |
397 } | |
398 } | |
374 | 399 |
375 if (ngx_ssl_create(&conf->ssl, conf->protocols, conf) != NGX_OK) { | 400 if (ngx_ssl_create(&conf->ssl, conf->protocols, conf) != NGX_OK) { |
376 return NGX_CONF_ERROR; | 401 return NGX_CONF_ERROR; |
377 } | 402 } |
378 | 403 |
465 return NGX_CONF_OK; | 490 return NGX_CONF_OK; |
466 } | 491 } |
467 | 492 |
468 | 493 |
469 static char * | 494 static char * |
495 ngx_http_ssl_enable(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) | |
496 { | |
497 ngx_http_ssl_srv_conf_t *sscf = conf; | |
498 | |
499 char *rv; | |
500 | |
501 rv = ngx_conf_set_flag_slot(cf, cmd, conf); | |
502 | |
503 if (rv != NGX_CONF_OK) { | |
504 return rv; | |
505 } | |
506 | |
507 sscf->file = cf->conf_file->file.name.data; | |
508 sscf->line = cf->conf_file->line; | |
509 | |
510 return NGX_CONF_OK; | |
511 } | |
512 | |
513 | |
514 static char * | |
470 ngx_http_ssl_session_cache(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) | 515 ngx_http_ssl_session_cache(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) |
471 { | 516 { |
472 ngx_http_ssl_srv_conf_t *sscf = conf; | 517 ngx_http_ssl_srv_conf_t *sscf = conf; |
473 | 518 |
474 size_t len; | 519 size_t len; |