Mercurial > hg > nginx-mail
comparison src/http/modules/ngx_http_ssl_module.c @ 665:0b460e61bdcd default tip
Merge with nginx 1.0.0.
| author | Maxim Dounin <mdounin@mdounin.ru> |
|---|---|
| date | Mon, 25 Apr 2011 04:22:17 +0400 |
| parents | 8246d8a2c2be |
| children |
comparison
equal
deleted
inserted
replaced
| 572:06419a2298a9 | 665:0b460e61bdcd |
|---|---|
| 11 | 11 |
| 12 typedef ngx_int_t (*ngx_ssl_variable_handler_pt)(ngx_connection_t *c, | 12 typedef ngx_int_t (*ngx_ssl_variable_handler_pt)(ngx_connection_t *c, |
| 13 ngx_pool_t *pool, ngx_str_t *s); | 13 ngx_pool_t *pool, ngx_str_t *s); |
| 14 | 14 |
| 15 | 15 |
| 16 #define NGX_DEFAULT_CIPHERS "ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP" | 16 #define NGX_DEFAULT_CIPHERS "HIGH:!ADH:!MD5" |
| 17 | 17 |
| 18 | 18 |
| 19 static ngx_int_t ngx_http_ssl_static_variable(ngx_http_request_t *r, | 19 static ngx_int_t ngx_http_ssl_static_variable(ngx_http_request_t *r, |
| 20 ngx_http_variable_value_t *v, uintptr_t data); | 20 ngx_http_variable_value_t *v, uintptr_t data); |
| 21 static ngx_int_t ngx_http_ssl_variable(ngx_http_request_t *r, | 21 static ngx_int_t ngx_http_ssl_variable(ngx_http_request_t *r, |
| 182 (uintptr_t) ngx_ssl_get_protocol, NGX_HTTP_VAR_CHANGEABLE, 0 }, | 182 (uintptr_t) ngx_ssl_get_protocol, NGX_HTTP_VAR_CHANGEABLE, 0 }, |
| 183 | 183 |
| 184 { ngx_string("ssl_cipher"), NULL, ngx_http_ssl_static_variable, | 184 { ngx_string("ssl_cipher"), NULL, ngx_http_ssl_static_variable, |
| 185 (uintptr_t) ngx_ssl_get_cipher_name, NGX_HTTP_VAR_CHANGEABLE, 0 }, | 185 (uintptr_t) ngx_ssl_get_cipher_name, NGX_HTTP_VAR_CHANGEABLE, 0 }, |
| 186 | 186 |
| 187 { ngx_string("ssl_session_id"), NULL, ngx_http_ssl_variable, | |
| 188 (uintptr_t) ngx_ssl_get_session_id, NGX_HTTP_VAR_CHANGEABLE, 0 }, | |
| 189 | |
| 187 { ngx_string("ssl_client_cert"), NULL, ngx_http_ssl_variable, | 190 { ngx_string("ssl_client_cert"), NULL, ngx_http_ssl_variable, |
| 188 (uintptr_t) ngx_ssl_get_certificate, NGX_HTTP_VAR_CHANGEABLE, 0 }, | 191 (uintptr_t) ngx_ssl_get_certificate, NGX_HTTP_VAR_CHANGEABLE, 0 }, |
| 189 | 192 |
| 190 { ngx_string("ssl_client_raw_cert"), NULL, ngx_http_ssl_variable, | 193 { ngx_string("ssl_client_raw_cert"), NULL, ngx_http_ssl_variable, |
| 191 (uintptr_t) ngx_ssl_get_raw_certificate, | 194 (uintptr_t) ngx_ssl_get_raw_certificate, |
| 309 * sscf->certificate = { 0, NULL }; | 312 * sscf->certificate = { 0, NULL }; |
| 310 * sscf->certificate_key = { 0, NULL }; | 313 * sscf->certificate_key = { 0, NULL }; |
| 311 * sscf->dhparam = { 0, NULL }; | 314 * sscf->dhparam = { 0, NULL }; |
| 312 * sscf->client_certificate = { 0, NULL }; | 315 * sscf->client_certificate = { 0, NULL }; |
| 313 * sscf->crl = { 0, NULL }; | 316 * sscf->crl = { 0, NULL }; |
| 314 * sscf->ciphers.len = 0; | 317 * sscf->ciphers = { 0, NULL }; |
| 315 * sscf->ciphers.data = NULL; | |
| 316 * sscf->shm_zone = NULL; | 318 * sscf->shm_zone = NULL; |
| 317 */ | 319 */ |
| 318 | 320 |
| 319 sscf->enable = NGX_CONF_UNSET; | 321 sscf->enable = NGX_CONF_UNSET; |
| 320 sscf->prefer_server_ciphers = NGX_CONF_UNSET; | 322 sscf->prefer_server_ciphers = NGX_CONF_UNSET; |
| 342 | 344 |
| 343 ngx_conf_merge_value(conf->prefer_server_ciphers, | 345 ngx_conf_merge_value(conf->prefer_server_ciphers, |
| 344 prev->prefer_server_ciphers, 0); | 346 prev->prefer_server_ciphers, 0); |
| 345 | 347 |
| 346 ngx_conf_merge_bitmask_value(conf->protocols, prev->protocols, | 348 ngx_conf_merge_bitmask_value(conf->protocols, prev->protocols, |
| 347 (NGX_CONF_BITMASK_SET | 349 (NGX_CONF_BITMASK_SET|NGX_SSL_SSLv3|NGX_SSL_TLSv1)); |
| 348 |NGX_SSL_SSLv2|NGX_SSL_SSLv3|NGX_SSL_TLSv1)); | |
| 349 | 350 |
| 350 ngx_conf_merge_uint_value(conf->verify, prev->verify, 0); | 351 ngx_conf_merge_uint_value(conf->verify, prev->verify, 0); |
| 351 ngx_conf_merge_uint_value(conf->verify_depth, prev->verify_depth, 1); | 352 ngx_conf_merge_uint_value(conf->verify_depth, prev->verify_depth, 1); |
| 352 | 353 |
| 353 ngx_conf_merge_str_value(conf->certificate, prev->certificate, ""); | 354 ngx_conf_merge_str_value(conf->certificate, prev->certificate, ""); |
| 405 if (SSL_CTX_set_tlsext_servername_callback(conf->ssl.ctx, | 406 if (SSL_CTX_set_tlsext_servername_callback(conf->ssl.ctx, |
| 406 ngx_http_ssl_servername) | 407 ngx_http_ssl_servername) |
| 407 == 0) | 408 == 0) |
| 408 { | 409 { |
| 409 ngx_log_error(NGX_LOG_WARN, cf->log, 0, | 410 ngx_log_error(NGX_LOG_WARN, cf->log, 0, |
| 410 "nginx was build with SNI support, however, now it is linked " | 411 "nginx was built with SNI support, however, now it is linked " |
| 411 "dynamically to an OpenSSL library which has no tlsext support, " | 412 "dynamically to an OpenSSL library which has no tlsext support, " |
| 412 "therefore SNI is not available"); | 413 "therefore SNI is not available"); |
| 413 } | 414 } |
| 414 | 415 |
| 415 #endif | 416 #endif |