Mercurial > hg > nginx
comparison src/http/modules/ngx_http_ssl_module.c @ 8586:7621ffaa79b3 quic
SSL: added the "ssl_keys_file" directive.
author | Vladimir Homutov <vl@nginx.com> |
---|---|
date | Tue, 15 Sep 2020 22:44:46 +0300 |
parents | 0d2b2664b41c |
children | 93be5658a250 |
comparison
equal
deleted
inserted
replaced
8585:02ee77f8d53d | 8586:7621ffaa79b3 |
---|---|
115 { ngx_string("ssl_password_file"), | 115 { ngx_string("ssl_password_file"), |
116 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_TAKE1, | 116 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_TAKE1, |
117 ngx_http_ssl_password_file, | 117 ngx_http_ssl_password_file, |
118 NGX_HTTP_SRV_CONF_OFFSET, | 118 NGX_HTTP_SRV_CONF_OFFSET, |
119 0, | 119 0, |
120 NULL }, | |
121 | |
122 { ngx_string("ssl_keys_file"), | |
123 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_TAKE1, | |
124 ngx_conf_set_str_slot, | |
125 NGX_HTTP_SRV_CONF_OFFSET, | |
126 offsetof(ngx_http_ssl_srv_conf_t, keys_file), | |
120 NULL }, | 127 NULL }, |
121 | 128 |
122 { ngx_string("ssl_dhparam"), | 129 { ngx_string("ssl_dhparam"), |
123 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_TAKE1, | 130 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_TAKE1, |
124 ngx_conf_set_str_slot, | 131 ngx_conf_set_str_slot, |
603 * sscf->ecdh_curve = { 0, NULL }; | 610 * sscf->ecdh_curve = { 0, NULL }; |
604 * sscf->client_certificate = { 0, NULL }; | 611 * sscf->client_certificate = { 0, NULL }; |
605 * sscf->trusted_certificate = { 0, NULL }; | 612 * sscf->trusted_certificate = { 0, NULL }; |
606 * sscf->crl = { 0, NULL }; | 613 * sscf->crl = { 0, NULL }; |
607 * sscf->ciphers = { 0, NULL }; | 614 * sscf->ciphers = { 0, NULL }; |
615 * sscf->keys_file = { 0, NULL }; | |
608 * sscf->shm_zone = NULL; | 616 * sscf->shm_zone = NULL; |
609 * sscf->ocsp_responder = { 0, NULL }; | 617 * sscf->ocsp_responder = { 0, NULL }; |
610 * sscf->stapling_file = { 0, NULL }; | 618 * sscf->stapling_file = { 0, NULL }; |
611 * sscf->stapling_responder = { 0, NULL }; | 619 * sscf->stapling_responder = { 0, NULL }; |
612 */ | 620 */ |
674 ngx_conf_merge_ptr_value(conf->certificate_keys, prev->certificate_keys, | 682 ngx_conf_merge_ptr_value(conf->certificate_keys, prev->certificate_keys, |
675 NULL); | 683 NULL); |
676 | 684 |
677 ngx_conf_merge_ptr_value(conf->passwords, prev->passwords, NULL); | 685 ngx_conf_merge_ptr_value(conf->passwords, prev->passwords, NULL); |
678 | 686 |
687 ngx_conf_merge_str_value(conf->keys_file, prev->keys_file, ""); | |
688 | |
679 ngx_conf_merge_str_value(conf->dhparam, prev->dhparam, ""); | 689 ngx_conf_merge_str_value(conf->dhparam, prev->dhparam, ""); |
680 | 690 |
681 ngx_conf_merge_str_value(conf->client_certificate, prev->client_certificate, | 691 ngx_conf_merge_str_value(conf->client_certificate, prev->client_certificate, |
682 ""); | 692 ""); |
683 ngx_conf_merge_str_value(conf->trusted_certificate, | 693 ngx_conf_merge_str_value(conf->trusted_certificate, |
908 | 918 |
909 if (ngx_ssl_session_ticket_keys(cf, &conf->ssl, conf->session_ticket_keys) | 919 if (ngx_ssl_session_ticket_keys(cf, &conf->ssl, conf->session_ticket_keys) |
910 != NGX_OK) | 920 != NGX_OK) |
911 { | 921 { |
912 return NGX_CONF_ERROR; | 922 return NGX_CONF_ERROR; |
923 } | |
924 | |
925 if (conf->keys_file.len) { | |
926 | |
927 conf->ssl.keylog = ngx_conf_open_file(cf->cycle, &conf->keys_file); | |
928 | |
929 if (conf->ssl.keylog == NULL) { | |
930 return NGX_CONF_ERROR; | |
931 } | |
932 | |
933 SSL_CTX_set_keylog_callback(conf->ssl.ctx, ngx_ssl_keylogger); | |
913 } | 934 } |
914 | 935 |
915 if (conf->stapling) { | 936 if (conf->stapling) { |
916 | 937 |
917 if (ngx_ssl_stapling(cf, &conf->ssl, &conf->stapling_file, | 938 if (ngx_ssl_stapling(cf, &conf->ssl, &conf->stapling_file, |