Mercurial > hg > nginx-mail
comparison src/http/modules/ngx_http_ssl_module.c @ 665:0b460e61bdcd default tip
Merge with nginx 1.0.0.
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Mon, 25 Apr 2011 04:22:17 +0400 |
parents | 8246d8a2c2be |
children |
comparison
equal
deleted
inserted
replaced
572:06419a2298a9 | 665:0b460e61bdcd |
---|---|
11 | 11 |
12 typedef ngx_int_t (*ngx_ssl_variable_handler_pt)(ngx_connection_t *c, | 12 typedef ngx_int_t (*ngx_ssl_variable_handler_pt)(ngx_connection_t *c, |
13 ngx_pool_t *pool, ngx_str_t *s); | 13 ngx_pool_t *pool, ngx_str_t *s); |
14 | 14 |
15 | 15 |
16 #define NGX_DEFAULT_CIPHERS "ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP" | 16 #define NGX_DEFAULT_CIPHERS "HIGH:!ADH:!MD5" |
17 | 17 |
18 | 18 |
19 static ngx_int_t ngx_http_ssl_static_variable(ngx_http_request_t *r, | 19 static ngx_int_t ngx_http_ssl_static_variable(ngx_http_request_t *r, |
20 ngx_http_variable_value_t *v, uintptr_t data); | 20 ngx_http_variable_value_t *v, uintptr_t data); |
21 static ngx_int_t ngx_http_ssl_variable(ngx_http_request_t *r, | 21 static ngx_int_t ngx_http_ssl_variable(ngx_http_request_t *r, |
182 (uintptr_t) ngx_ssl_get_protocol, NGX_HTTP_VAR_CHANGEABLE, 0 }, | 182 (uintptr_t) ngx_ssl_get_protocol, NGX_HTTP_VAR_CHANGEABLE, 0 }, |
183 | 183 |
184 { ngx_string("ssl_cipher"), NULL, ngx_http_ssl_static_variable, | 184 { ngx_string("ssl_cipher"), NULL, ngx_http_ssl_static_variable, |
185 (uintptr_t) ngx_ssl_get_cipher_name, NGX_HTTP_VAR_CHANGEABLE, 0 }, | 185 (uintptr_t) ngx_ssl_get_cipher_name, NGX_HTTP_VAR_CHANGEABLE, 0 }, |
186 | 186 |
187 { ngx_string("ssl_session_id"), NULL, ngx_http_ssl_variable, | |
188 (uintptr_t) ngx_ssl_get_session_id, NGX_HTTP_VAR_CHANGEABLE, 0 }, | |
189 | |
187 { ngx_string("ssl_client_cert"), NULL, ngx_http_ssl_variable, | 190 { ngx_string("ssl_client_cert"), NULL, ngx_http_ssl_variable, |
188 (uintptr_t) ngx_ssl_get_certificate, NGX_HTTP_VAR_CHANGEABLE, 0 }, | 191 (uintptr_t) ngx_ssl_get_certificate, NGX_HTTP_VAR_CHANGEABLE, 0 }, |
189 | 192 |
190 { ngx_string("ssl_client_raw_cert"), NULL, ngx_http_ssl_variable, | 193 { ngx_string("ssl_client_raw_cert"), NULL, ngx_http_ssl_variable, |
191 (uintptr_t) ngx_ssl_get_raw_certificate, | 194 (uintptr_t) ngx_ssl_get_raw_certificate, |
309 * sscf->certificate = { 0, NULL }; | 312 * sscf->certificate = { 0, NULL }; |
310 * sscf->certificate_key = { 0, NULL }; | 313 * sscf->certificate_key = { 0, NULL }; |
311 * sscf->dhparam = { 0, NULL }; | 314 * sscf->dhparam = { 0, NULL }; |
312 * sscf->client_certificate = { 0, NULL }; | 315 * sscf->client_certificate = { 0, NULL }; |
313 * sscf->crl = { 0, NULL }; | 316 * sscf->crl = { 0, NULL }; |
314 * sscf->ciphers.len = 0; | 317 * sscf->ciphers = { 0, NULL }; |
315 * sscf->ciphers.data = NULL; | |
316 * sscf->shm_zone = NULL; | 318 * sscf->shm_zone = NULL; |
317 */ | 319 */ |
318 | 320 |
319 sscf->enable = NGX_CONF_UNSET; | 321 sscf->enable = NGX_CONF_UNSET; |
320 sscf->prefer_server_ciphers = NGX_CONF_UNSET; | 322 sscf->prefer_server_ciphers = NGX_CONF_UNSET; |
342 | 344 |
343 ngx_conf_merge_value(conf->prefer_server_ciphers, | 345 ngx_conf_merge_value(conf->prefer_server_ciphers, |
344 prev->prefer_server_ciphers, 0); | 346 prev->prefer_server_ciphers, 0); |
345 | 347 |
346 ngx_conf_merge_bitmask_value(conf->protocols, prev->protocols, | 348 ngx_conf_merge_bitmask_value(conf->protocols, prev->protocols, |
347 (NGX_CONF_BITMASK_SET | 349 (NGX_CONF_BITMASK_SET|NGX_SSL_SSLv3|NGX_SSL_TLSv1)); |
348 |NGX_SSL_SSLv2|NGX_SSL_SSLv3|NGX_SSL_TLSv1)); | |
349 | 350 |
350 ngx_conf_merge_uint_value(conf->verify, prev->verify, 0); | 351 ngx_conf_merge_uint_value(conf->verify, prev->verify, 0); |
351 ngx_conf_merge_uint_value(conf->verify_depth, prev->verify_depth, 1); | 352 ngx_conf_merge_uint_value(conf->verify_depth, prev->verify_depth, 1); |
352 | 353 |
353 ngx_conf_merge_str_value(conf->certificate, prev->certificate, ""); | 354 ngx_conf_merge_str_value(conf->certificate, prev->certificate, ""); |
405 if (SSL_CTX_set_tlsext_servername_callback(conf->ssl.ctx, | 406 if (SSL_CTX_set_tlsext_servername_callback(conf->ssl.ctx, |
406 ngx_http_ssl_servername) | 407 ngx_http_ssl_servername) |
407 == 0) | 408 == 0) |
408 { | 409 { |
409 ngx_log_error(NGX_LOG_WARN, cf->log, 0, | 410 ngx_log_error(NGX_LOG_WARN, cf->log, 0, |
410 "nginx was build with SNI support, however, now it is linked " | 411 "nginx was built with SNI support, however, now it is linked " |
411 "dynamically to an OpenSSL library which has no tlsext support, " | 412 "dynamically to an OpenSSL library which has no tlsext support, " |
412 "therefore SNI is not available"); | 413 "therefore SNI is not available"); |
413 } | 414 } |
414 | 415 |
415 #endif | 416 #endif |