Mercurial > hg > nginx
comparison src/event/ngx_event_openssl.c @ 6817:e75e854657ba
SSL: $ssl_curves (ticket #1088).
The variable contains a list of curves as supported by the client.
Known curves are listed by their names, unknown ones are shown
in hex, e.g., "0x001d:prime256v1:secp521r1:secp384r1".
Note that OpenSSL uses session data for SSL_get1_curves(), and
it doesn't store full list of curves supported by the client when
serializing a session. As a result $ssl_curves is only available
for new sessions (and will be empty for reused ones).
The variable is only meaningful when using OpenSSL 1.0.2 and above.
With older versions the variable is empty.
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Mon, 05 Dec 2016 22:23:23 +0300 |
parents | ea93c7d8752a |
children | e7cb5deb951d |
comparison
equal
deleted
inserted
replaced
6816:ea93c7d8752a | 6817:e75e854657ba |
---|---|
3376 return NGX_OK; | 3376 return NGX_OK; |
3377 } | 3377 } |
3378 | 3378 |
3379 | 3379 |
3380 ngx_int_t | 3380 ngx_int_t |
3381 ngx_ssl_get_curves(ngx_connection_t *c, ngx_pool_t *pool, ngx_str_t *s) | |
3382 { | |
3383 #ifdef SSL_CTRL_GET_CURVES | |
3384 | |
3385 int *curves, n, i, nid; | |
3386 u_char *p; | |
3387 size_t len; | |
3388 | |
3389 n = SSL_get1_curves(c->ssl->connection, NULL); | |
3390 | |
3391 if (n <= 0) { | |
3392 s->len = 0; | |
3393 return NGX_OK; | |
3394 } | |
3395 | |
3396 curves = ngx_palloc(pool, n * sizeof(int)); | |
3397 | |
3398 n = SSL_get1_curves(c->ssl->connection, curves); | |
3399 len = 0; | |
3400 | |
3401 for (i = 0; i < n; i++) { | |
3402 nid = curves[i]; | |
3403 | |
3404 if (nid & TLSEXT_nid_unknown) { | |
3405 len += sizeof("0x0000") - 1; | |
3406 | |
3407 } else { | |
3408 len += ngx_strlen(OBJ_nid2sn(nid)); | |
3409 } | |
3410 | |
3411 len += sizeof(":") - 1; | |
3412 } | |
3413 | |
3414 s->data = ngx_pnalloc(pool, len); | |
3415 if (s->data == NULL) { | |
3416 return NGX_ERROR; | |
3417 } | |
3418 | |
3419 p = s->data; | |
3420 | |
3421 for (i = 0; i < n; i++) { | |
3422 nid = curves[i]; | |
3423 | |
3424 if (nid & TLSEXT_nid_unknown) { | |
3425 p = ngx_sprintf(p, "0x%04xd", nid & 0xffff); | |
3426 | |
3427 } else { | |
3428 p = ngx_sprintf(p, "%s", OBJ_nid2sn(nid)); | |
3429 } | |
3430 | |
3431 *p++ = ':'; | |
3432 } | |
3433 | |
3434 p--; | |
3435 | |
3436 s->len = p - s->data; | |
3437 | |
3438 #else | |
3439 | |
3440 s->len = 0; | |
3441 | |
3442 #endif | |
3443 | |
3444 return NGX_OK; | |
3445 } | |
3446 | |
3447 | |
3448 ngx_int_t | |
3381 ngx_ssl_get_session_id(ngx_connection_t *c, ngx_pool_t *pool, ngx_str_t *s) | 3449 ngx_ssl_get_session_id(ngx_connection_t *c, ngx_pool_t *pool, ngx_str_t *s) |
3382 { | 3450 { |
3383 u_char *buf; | 3451 u_char *buf; |
3384 SSL_SESSION *sess; | 3452 SSL_SESSION *sess; |
3385 unsigned int len; | 3453 unsigned int len; |