Mercurial > hg > nginx
comparison src/event/ngx_event_openssl.c @ 7509:b99cbafd51da
SSL: removed OpenSSL 0.9.7 compatibility.
| author | Sergey Kandaurov <pluknet@nginx.com> |
|---|---|
| date | Mon, 11 Apr 2016 15:46:36 +0300 |
| parents | 65074e13f171 |
| children | 2432a687e789 |
comparison
equal
deleted
inserted
replaced
| 7508:c30a20e06c21 | 7509:b99cbafd51da |
|---|---|
| 162 | 162 |
| 163 OpenSSL_add_all_algorithms(); | 163 OpenSSL_add_all_algorithms(); |
| 164 | 164 |
| 165 #endif | 165 #endif |
| 166 | 166 |
| 167 #if OPENSSL_VERSION_NUMBER >= 0x0090800fL | |
| 168 #ifndef SSL_OP_NO_COMPRESSION | 167 #ifndef SSL_OP_NO_COMPRESSION |
| 169 { | 168 { |
| 170 /* | 169 /* |
| 171 * Disable gzip compression in OpenSSL prior to 1.0.0 version, | 170 * Disable gzip compression in OpenSSL prior to 1.0.0 version, |
| 172 * this saves about 522K per connection. | 171 * this saves about 522K per connection. |
| 180 while (n--) { | 179 while (n--) { |
| 181 (void) sk_SSL_COMP_pop(ssl_comp_methods); | 180 (void) sk_SSL_COMP_pop(ssl_comp_methods); |
| 182 } | 181 } |
| 183 } | 182 } |
| 184 #endif | 183 #endif |
| 185 #endif | |
| 186 | 184 |
| 187 ngx_ssl_connection_index = SSL_get_ex_new_index(0, NULL, NULL, NULL, NULL); | 185 ngx_ssl_connection_index = SSL_get_ex_new_index(0, NULL, NULL, NULL, NULL); |
| 188 | 186 |
| 189 if (ngx_ssl_connection_index == -1) { | 187 if (ngx_ssl_connection_index == -1) { |
| 190 ngx_ssl_error(NGX_LOG_ALERT, log, 0, "SSL_get_ex_new_index() failed"); | 188 ngx_ssl_error(NGX_LOG_ALERT, log, 0, "SSL_get_ex_new_index() failed"); |
| 901 if (list == NULL) { | 899 if (list == NULL) { |
| 902 ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0, | 900 ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0, |
| 903 "SSL_load_client_CA_file(\"%s\") failed", cert->data); | 901 "SSL_load_client_CA_file(\"%s\") failed", cert->data); |
| 904 return NGX_ERROR; | 902 return NGX_ERROR; |
| 905 } | 903 } |
| 906 | |
| 907 /* | |
| 908 * before 0.9.7h and 0.9.8 SSL_load_client_CA_file() | |
| 909 * always leaved an error in the error queue | |
| 910 */ | |
| 911 | |
| 912 ERR_clear_error(); | |
| 913 | 904 |
| 914 SSL_CTX_set_client_CA_list(ssl->ctx, list); | 905 SSL_CTX_set_client_CA_list(ssl->ctx, list); |
| 915 | 906 |
| 916 return NGX_OK; | 907 return NGX_OK; |
| 917 } | 908 } |
| 1074 * to write side of the connection by comparing rbio and wbio. | 1065 * to write side of the connection by comparing rbio and wbio. |
| 1075 * If they are different, we assume that it's due to buffering | 1066 * If they are different, we assume that it's due to buffering |
| 1076 * added to wbio, and set buffer size. | 1067 * added to wbio, and set buffer size. |
| 1077 */ | 1068 */ |
| 1078 | 1069 |
| 1079 rbio = SSL_get_rbio((ngx_ssl_conn_t *) ssl_conn); | 1070 rbio = SSL_get_rbio(ssl_conn); |
| 1080 wbio = SSL_get_wbio((ngx_ssl_conn_t *) ssl_conn); | 1071 wbio = SSL_get_wbio(ssl_conn); |
| 1081 | 1072 |
| 1082 if (rbio != wbio) { | 1073 if (rbio != wbio) { |
| 1083 (void) BIO_set_write_buffer_size(wbio, NGX_SSL_BUFSIZE); | 1074 (void) BIO_set_write_buffer_size(wbio, NGX_SSL_BUFSIZE); |
| 1084 c->ssl->handshake_buffer_set = 1; | 1075 c->ssl->handshake_buffer_set = 1; |
| 1085 } | 1076 } |
| 1358 | 1349 |
| 1359 | 1350 |
| 1360 ngx_int_t | 1351 ngx_int_t |
| 1361 ngx_ssl_ecdh_curve(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *name) | 1352 ngx_ssl_ecdh_curve(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *name) |
| 1362 { | 1353 { |
| 1363 #if OPENSSL_VERSION_NUMBER >= 0x0090800fL | |
| 1364 #ifndef OPENSSL_NO_ECDH | 1354 #ifndef OPENSSL_NO_ECDH |
| 1365 | 1355 |
| 1366 /* | 1356 /* |
| 1367 * Elliptic-Curve Diffie-Hellman parameters are either "named curves" | 1357 * Elliptic-Curve Diffie-Hellman parameters are either "named curves" |
| 1368 * from RFC 4492 section 5.1.1, or explicitly described curves over | 1358 * from RFC 4492 section 5.1.1, or explicitly described curves over |
| 1431 SSL_CTX_set_options(ssl->ctx, SSL_OP_SINGLE_ECDH_USE); | 1421 SSL_CTX_set_options(ssl->ctx, SSL_OP_SINGLE_ECDH_USE); |
| 1432 | 1422 |
| 1433 SSL_CTX_set_tmp_ecdh(ssl->ctx, ecdh); | 1423 SSL_CTX_set_tmp_ecdh(ssl->ctx, ecdh); |
| 1434 | 1424 |
| 1435 EC_KEY_free(ecdh); | 1425 EC_KEY_free(ecdh); |
| 1436 #endif | |
| 1437 #endif | 1426 #endif |
| 1438 #endif | 1427 #endif |
| 1439 | 1428 |
| 1440 return NGX_OK; | 1429 return NGX_OK; |
| 1441 } | 1430 } |
| 3362 if (sess_id == NULL) { | 3351 if (sess_id == NULL) { |
| 3363 goto failed; | 3352 goto failed; |
| 3364 } | 3353 } |
| 3365 } | 3354 } |
| 3366 | 3355 |
| 3367 #if OPENSSL_VERSION_NUMBER >= 0x0090800fL | |
| 3368 | |
| 3369 session_id = (u_char *) SSL_SESSION_get_id(sess, &session_id_length); | 3356 session_id = (u_char *) SSL_SESSION_get_id(sess, &session_id_length); |
| 3370 | |
| 3371 #else | |
| 3372 | |
| 3373 session_id = sess->session_id; | |
| 3374 session_id_length = sess->session_id_length; | |
| 3375 | |
| 3376 #endif | |
| 3377 | 3357 |
| 3378 #if (NGX_PTR_SIZE == 8) | 3358 #if (NGX_PTR_SIZE == 8) |
| 3379 | 3359 |
| 3380 id = sess_id->sess_id; | 3360 id = sess_id->sess_id; |
| 3381 | 3361 |
| 3448 #if OPENSSL_VERSION_NUMBER >= 0x10100003L | 3428 #if OPENSSL_VERSION_NUMBER >= 0x10100003L |
| 3449 const | 3429 const |
| 3450 #endif | 3430 #endif |
| 3451 u_char *id, int len, int *copy) | 3431 u_char *id, int len, int *copy) |
| 3452 { | 3432 { |
| 3453 #if OPENSSL_VERSION_NUMBER >= 0x0090707fL | |
| 3454 const | |
| 3455 #endif | |
| 3456 u_char *p; | |
| 3457 size_t slen; | 3433 size_t slen; |
| 3458 uint32_t hash; | 3434 uint32_t hash; |
| 3459 ngx_int_t rc; | 3435 ngx_int_t rc; |
| 3436 const u_char *p; | |
| 3460 ngx_shm_zone_t *shm_zone; | 3437 ngx_shm_zone_t *shm_zone; |
| 3461 ngx_slab_pool_t *shpool; | 3438 ngx_slab_pool_t *shpool; |
| 3462 ngx_rbtree_node_t *node, *sentinel; | 3439 ngx_rbtree_node_t *node, *sentinel; |
| 3463 ngx_ssl_session_t *sess; | 3440 ngx_ssl_session_t *sess; |
| 3464 ngx_ssl_sess_id_t *sess_id; | 3441 ngx_ssl_sess_id_t *sess_id; |
| 3576 return; | 3553 return; |
| 3577 } | 3554 } |
| 3578 | 3555 |
| 3579 cache = shm_zone->data; | 3556 cache = shm_zone->data; |
| 3580 | 3557 |
| 3581 #if OPENSSL_VERSION_NUMBER >= 0x0090800fL | |
| 3582 | |
| 3583 id = (u_char *) SSL_SESSION_get_id(sess, &len); | 3558 id = (u_char *) SSL_SESSION_get_id(sess, &len); |
| 3584 | |
| 3585 #else | |
| 3586 | |
| 3587 id = sess->session_id; | |
| 3588 len = sess->session_id_length; | |
| 3589 | |
| 3590 #endif | |
| 3591 | 3559 |
| 3592 hash = ngx_crc32_short(id, len); | 3560 hash = ngx_crc32_short(id, len); |
| 3593 | 3561 |
| 3594 ngx_log_debug2(NGX_LOG_DEBUG_EVENT, ngx_cycle->log, 0, | 3562 ngx_log_debug2(NGX_LOG_DEBUG_EVENT, ngx_cycle->log, 0, |
| 3595 "ssl remove session: %08XD:%ud", hash, len); | 3563 "ssl remove session: %08XD:%ud", hash, len); |
| 4385 if (sess == NULL) { | 4353 if (sess == NULL) { |
| 4386 s->len = 0; | 4354 s->len = 0; |
| 4387 return NGX_OK; | 4355 return NGX_OK; |
| 4388 } | 4356 } |
| 4389 | 4357 |
| 4390 #if OPENSSL_VERSION_NUMBER >= 0x0090800fL | |
| 4391 | |
| 4392 buf = (u_char *) SSL_SESSION_get_id(sess, &len); | 4358 buf = (u_char *) SSL_SESSION_get_id(sess, &len); |
| 4393 | |
| 4394 #else | |
| 4395 | |
| 4396 buf = sess->session_id; | |
| 4397 len = sess->session_id_length; | |
| 4398 | |
| 4399 #endif | |
| 4400 | 4359 |
| 4401 s->len = 2 * len; | 4360 s->len = 2 * len; |
| 4402 s->data = ngx_pnalloc(pool, 2 * len); | 4361 s->data = ngx_pnalloc(pool, 2 * len); |
| 4403 if (s->data == NULL) { | 4362 if (s->data == NULL) { |
| 4404 return NGX_ERROR; | 4363 return NGX_ERROR; |