Mercurial > hg > nginx-quic
annotate src/http/modules/ngx_http_ssl_module.c @ 4622:0dfdc3f732cb
Upstream: fixed ip_hash rebalancing with the "down" flag.
Due to weight being set to 0 for down peers, order of peers after sorting
wasn't the same as without the "down" flag (with down peers at the end),
resulting in client rebalancing for clients on other servers. The only
rebalancing which should happen after adding "down" to a server is one
for clients on the server.
The problem was introduced in r1377 (which fixed endless loop by setting
weight to 0 for down servers). The loop is no longer possible with new
smooth algorithm, so preserving original weight is safe.
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Mon, 14 May 2012 09:58:07 +0000 |
parents | d620f497c50f |
children | 7c3cca603438 c3b276283e4a |
rev | line source |
---|---|
441
da8c5707af39
nginx-0.1.0-2004-09-28-12:34:51 import; set copyright and remove unused files
Igor Sysoev <igor@sysoev.ru>
parents:
396
diff
changeset
|
1 |
da8c5707af39
nginx-0.1.0-2004-09-28-12:34:51 import; set copyright and remove unused files
Igor Sysoev <igor@sysoev.ru>
parents:
396
diff
changeset
|
2 /* |
444
42d11f017717
nginx-0.1.0-2004-09-29-20:00:49 import; remove years from copyright
Igor Sysoev <igor@sysoev.ru>
parents:
441
diff
changeset
|
3 * Copyright (C) Igor Sysoev |
4412 | 4 * Copyright (C) Nginx, Inc. |
441
da8c5707af39
nginx-0.1.0-2004-09-28-12:34:51 import; set copyright and remove unused files
Igor Sysoev <igor@sysoev.ru>
parents:
396
diff
changeset
|
5 */ |
da8c5707af39
nginx-0.1.0-2004-09-28-12:34:51 import; set copyright and remove unused files
Igor Sysoev <igor@sysoev.ru>
parents:
396
diff
changeset
|
6 |
383
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
7 |
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
8 #include <ngx_config.h> |
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
9 #include <ngx_core.h> |
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
10 #include <ngx_http.h> |
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
11 |
573 | 12 |
671 | 13 typedef ngx_int_t (*ngx_ssl_variable_handler_pt)(ngx_connection_t *c, |
14 ngx_pool_t *pool, ngx_str_t *s); | |
611 | 15 |
16 | |
3960 | 17 #define NGX_DEFAULT_CIPHERS "HIGH:!aNULL:!MD5" |
18 #define NGX_DEFAULT_ECDH_CURVE "prime256v1" | |
383
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
19 |
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
20 |
671 | 21 static ngx_int_t ngx_http_ssl_static_variable(ngx_http_request_t *r, |
611 | 22 ngx_http_variable_value_t *v, uintptr_t data); |
671 | 23 static ngx_int_t ngx_http_ssl_variable(ngx_http_request_t *r, |
647 | 24 ngx_http_variable_value_t *v, uintptr_t data); |
611 | 25 |
26 static ngx_int_t ngx_http_ssl_add_variables(ngx_conf_t *cf); | |
383
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
27 static void *ngx_http_ssl_create_srv_conf(ngx_conf_t *cf); |
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
28 static char *ngx_http_ssl_merge_srv_conf(ngx_conf_t *cf, |
501 | 29 void *parent, void *child); |
383
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
30 |
2224 | 31 static char *ngx_http_ssl_enable(ngx_conf_t *cf, ngx_command_t *cmd, |
32 void *conf); | |
973 | 33 static char *ngx_http_ssl_session_cache(ngx_conf_t *cf, ngx_command_t *cmd, |
34 void *conf); | |
35 | |
383
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
36 |
547 | 37 static ngx_conf_bitmask_t ngx_http_ssl_protocols[] = { |
38 { ngx_string("SSLv2"), NGX_SSL_SSLv2 }, | |
39 { ngx_string("SSLv3"), NGX_SSL_SSLv3 }, | |
40 { ngx_string("TLSv1"), NGX_SSL_TLSv1 }, | |
4400
a0505851e70c
Added support for TLSv1.1, TLSv1.2 in ssl_protocols directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4273
diff
changeset
|
41 { ngx_string("TLSv1.1"), NGX_SSL_TLSv1_1 }, |
a0505851e70c
Added support for TLSv1.1, TLSv1.2 in ssl_protocols directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4273
diff
changeset
|
42 { ngx_string("TLSv1.2"), NGX_SSL_TLSv1_2 }, |
547 | 43 { ngx_null_string, 0 } |
44 }; | |
45 | |
46 | |
2123 | 47 static ngx_conf_enum_t ngx_http_ssl_verify[] = { |
48 { ngx_string("off"), 0 }, | |
49 { ngx_string("on"), 1 }, | |
2994 | 50 { ngx_string("optional"), 2 }, |
2123 | 51 { ngx_null_string, 0 } |
52 }; | |
53 | |
54 | |
395
f8f0f1834266
nginx-0.0.7-2004-07-16-21:11:43 import
Igor Sysoev <igor@sysoev.ru>
parents:
394
diff
changeset
|
55 static ngx_command_t ngx_http_ssl_commands[] = { |
383
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
56 |
393
5659d773cfa8
nginx-0.0.7-2004-07-15-20:35:51 import
Igor Sysoev <igor@sysoev.ru>
parents:
392
diff
changeset
|
57 { ngx_string("ssl"), |
599 | 58 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_FLAG, |
2224 | 59 ngx_http_ssl_enable, |
383
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
60 NGX_HTTP_SRV_CONF_OFFSET, |
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
61 offsetof(ngx_http_ssl_srv_conf_t, enable), |
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
62 NULL }, |
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
63 |
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
64 { ngx_string("ssl_certificate"), |
599 | 65 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_TAKE1, |
383
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
66 ngx_conf_set_str_slot, |
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
67 NGX_HTTP_SRV_CONF_OFFSET, |
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
68 offsetof(ngx_http_ssl_srv_conf_t, certificate), |
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
69 NULL }, |
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
70 |
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
71 { ngx_string("ssl_certificate_key"), |
599 | 72 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_TAKE1, |
383
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
73 ngx_conf_set_str_slot, |
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
74 NGX_HTTP_SRV_CONF_OFFSET, |
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
75 offsetof(ngx_http_ssl_srv_conf_t, certificate_key), |
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
76 NULL }, |
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
77 |
2044 | 78 { ngx_string("ssl_dhparam"), |
79 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_TAKE1, | |
80 ngx_conf_set_str_slot, | |
81 NGX_HTTP_SRV_CONF_OFFSET, | |
82 offsetof(ngx_http_ssl_srv_conf_t, dhparam), | |
83 NULL }, | |
84 | |
3960 | 85 { ngx_string("ssl_ecdh_curve"), |
86 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_TAKE1, | |
87 ngx_conf_set_str_slot, | |
88 NGX_HTTP_SRV_CONF_OFFSET, | |
89 offsetof(ngx_http_ssl_srv_conf_t, ecdh_curve), | |
90 NULL }, | |
91 | |
547 | 92 { ngx_string("ssl_protocols"), |
563 | 93 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_1MORE, |
547 | 94 ngx_conf_set_bitmask_slot, |
95 NGX_HTTP_SRV_CONF_OFFSET, | |
96 offsetof(ngx_http_ssl_srv_conf_t, protocols), | |
97 &ngx_http_ssl_protocols }, | |
98 | |
479 | 99 { ngx_string("ssl_ciphers"), |
563 | 100 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_TAKE1, |
479 | 101 ngx_conf_set_str_slot, |
102 NGX_HTTP_SRV_CONF_OFFSET, | |
103 offsetof(ngx_http_ssl_srv_conf_t, ciphers), | |
104 NULL }, | |
105 | |
647 | 106 { ngx_string("ssl_verify_client"), |
4273
e444e8f6538b
Fixed NGX_CONF_TAKE1/NGX_CONF_FLAG misuse.
Sergey Budnevitch <sb@waeme.net>
parents:
4234
diff
changeset
|
107 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_TAKE1, |
2123 | 108 ngx_conf_set_enum_slot, |
647 | 109 NGX_HTTP_SRV_CONF_OFFSET, |
110 offsetof(ngx_http_ssl_srv_conf_t, verify), | |
2123 | 111 &ngx_http_ssl_verify }, |
647 | 112 |
113 { ngx_string("ssl_verify_depth"), | |
114 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_1MORE, | |
115 ngx_conf_set_num_slot, | |
116 NGX_HTTP_SRV_CONF_OFFSET, | |
117 offsetof(ngx_http_ssl_srv_conf_t, verify_depth), | |
118 NULL }, | |
119 | |
120 { ngx_string("ssl_client_certificate"), | |
121 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_TAKE1, | |
122 ngx_conf_set_str_slot, | |
123 NGX_HTTP_SRV_CONF_OFFSET, | |
124 offsetof(ngx_http_ssl_srv_conf_t, client_certificate), | |
125 NULL }, | |
126 | |
547 | 127 { ngx_string("ssl_prefer_server_ciphers"), |
128 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_FLAG, | |
129 ngx_conf_set_flag_slot, | |
130 NGX_HTTP_SRV_CONF_OFFSET, | |
131 offsetof(ngx_http_ssl_srv_conf_t, prefer_server_ciphers), | |
132 NULL }, | |
133 | |
973 | 134 { ngx_string("ssl_session_cache"), |
135 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_TAKE12, | |
136 ngx_http_ssl_session_cache, | |
137 NGX_HTTP_SRV_CONF_OFFSET, | |
138 0, | |
139 NULL }, | |
140 | |
573 | 141 { ngx_string("ssl_session_timeout"), |
142 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_TAKE1, | |
143 ngx_conf_set_sec_slot, | |
144 NGX_HTTP_SRV_CONF_OFFSET, | |
145 offsetof(ngx_http_ssl_srv_conf_t, session_timeout), | |
146 NULL }, | |
147 | |
2995 | 148 { ngx_string("ssl_crl"), |
149 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_TAKE1, | |
150 ngx_conf_set_str_slot, | |
151 NGX_HTTP_SRV_CONF_OFFSET, | |
152 offsetof(ngx_http_ssl_srv_conf_t, crl), | |
153 NULL }, | |
154 | |
383
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
155 ngx_null_command |
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
156 }; |
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
157 |
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
158 |
395
f8f0f1834266
nginx-0.0.7-2004-07-16-21:11:43 import
Igor Sysoev <igor@sysoev.ru>
parents:
394
diff
changeset
|
159 static ngx_http_module_t ngx_http_ssl_module_ctx = { |
611 | 160 ngx_http_ssl_add_variables, /* preconfiguration */ |
509 | 161 NULL, /* postconfiguration */ |
383
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
162 |
541 | 163 NULL, /* create main configuration */ |
164 NULL, /* init main configuration */ | |
383
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
165 |
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
166 ngx_http_ssl_create_srv_conf, /* create server configuration */ |
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
167 ngx_http_ssl_merge_srv_conf, /* merge server configuration */ |
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
168 |
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
169 NULL, /* create location configuration */ |
485 | 170 NULL /* merge location configuration */ |
383
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
171 }; |
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
172 |
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
173 |
395
f8f0f1834266
nginx-0.0.7-2004-07-16-21:11:43 import
Igor Sysoev <igor@sysoev.ru>
parents:
394
diff
changeset
|
174 ngx_module_t ngx_http_ssl_module = { |
509 | 175 NGX_MODULE_V1, |
395
f8f0f1834266
nginx-0.0.7-2004-07-16-21:11:43 import
Igor Sysoev <igor@sysoev.ru>
parents:
394
diff
changeset
|
176 &ngx_http_ssl_module_ctx, /* module context */ |
f8f0f1834266
nginx-0.0.7-2004-07-16-21:11:43 import
Igor Sysoev <igor@sysoev.ru>
parents:
394
diff
changeset
|
177 ngx_http_ssl_commands, /* module directives */ |
383
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
178 NGX_HTTP_MODULE, /* module type */ |
541 | 179 NULL, /* init master */ |
393
5659d773cfa8
nginx-0.0.7-2004-07-15-20:35:51 import
Igor Sysoev <igor@sysoev.ru>
parents:
392
diff
changeset
|
180 NULL, /* init module */ |
541 | 181 NULL, /* init process */ |
182 NULL, /* init thread */ | |
183 NULL, /* exit thread */ | |
184 NULL, /* exit process */ | |
185 NULL, /* exit master */ | |
186 NGX_MODULE_V1_PADDING | |
383
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
187 }; |
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
188 |
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
189 |
611 | 190 static ngx_http_variable_t ngx_http_ssl_vars[] = { |
191 | |
671 | 192 { ngx_string("ssl_protocol"), NULL, ngx_http_ssl_static_variable, |
1565 | 193 (uintptr_t) ngx_ssl_get_protocol, NGX_HTTP_VAR_CHANGEABLE, 0 }, |
611 | 194 |
671 | 195 { ngx_string("ssl_cipher"), NULL, ngx_http_ssl_static_variable, |
1565 | 196 (uintptr_t) ngx_ssl_get_cipher_name, NGX_HTTP_VAR_CHANGEABLE, 0 }, |
611 | 197 |
3154 | 198 { ngx_string("ssl_session_id"), NULL, ngx_http_ssl_variable, |
199 (uintptr_t) ngx_ssl_get_session_id, NGX_HTTP_VAR_CHANGEABLE, 0 }, | |
200 | |
2045 | 201 { ngx_string("ssl_client_cert"), NULL, ngx_http_ssl_variable, |
202 (uintptr_t) ngx_ssl_get_certificate, NGX_HTTP_VAR_CHANGEABLE, 0 }, | |
203 | |
2123 | 204 { ngx_string("ssl_client_raw_cert"), NULL, ngx_http_ssl_variable, |
205 (uintptr_t) ngx_ssl_get_raw_certificate, | |
206 NGX_HTTP_VAR_CHANGEABLE, 0 }, | |
207 | |
671 | 208 { ngx_string("ssl_client_s_dn"), NULL, ngx_http_ssl_variable, |
1565 | 209 (uintptr_t) ngx_ssl_get_subject_dn, NGX_HTTP_VAR_CHANGEABLE, 0 }, |
647 | 210 |
671 | 211 { ngx_string("ssl_client_i_dn"), NULL, ngx_http_ssl_variable, |
1565 | 212 (uintptr_t) ngx_ssl_get_issuer_dn, NGX_HTTP_VAR_CHANGEABLE, 0 }, |
671 | 213 |
214 { ngx_string("ssl_client_serial"), NULL, ngx_http_ssl_variable, | |
1565 | 215 (uintptr_t) ngx_ssl_get_serial_number, NGX_HTTP_VAR_CHANGEABLE, 0 }, |
647 | 216 |
2994 | 217 { ngx_string("ssl_client_verify"), NULL, ngx_http_ssl_variable, |
218 (uintptr_t) ngx_ssl_get_client_verify, NGX_HTTP_VAR_CHANGEABLE, 0 }, | |
219 | |
637 | 220 { ngx_null_string, NULL, NULL, 0, 0, 0 } |
611 | 221 }; |
222 | |
223 | |
974
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
973
diff
changeset
|
224 static ngx_str_t ngx_http_ssl_sess_id_ctx = ngx_string("HTTP"); |
973 | 225 |
226 | |
227 static ngx_int_t | |
671 | 228 ngx_http_ssl_static_variable(ngx_http_request_t *r, |
611 | 229 ngx_http_variable_value_t *v, uintptr_t data) |
230 { | |
671 | 231 ngx_ssl_variable_handler_pt handler = (ngx_ssl_variable_handler_pt) data; |
611 | 232 |
1310
33d6c994a0b2
Sun Studio on sparc uses different bit order
Igor Sysoev <igor@sysoev.ru>
parents:
1219
diff
changeset
|
233 size_t len; |
33d6c994a0b2
Sun Studio on sparc uses different bit order
Igor Sysoev <igor@sysoev.ru>
parents:
1219
diff
changeset
|
234 ngx_str_t s; |
611 | 235 |
236 if (r->connection->ssl) { | |
237 | |
1310
33d6c994a0b2
Sun Studio on sparc uses different bit order
Igor Sysoev <igor@sysoev.ru>
parents:
1219
diff
changeset
|
238 (void) handler(r->connection, NULL, &s); |
33d6c994a0b2
Sun Studio on sparc uses different bit order
Igor Sysoev <igor@sysoev.ru>
parents:
1219
diff
changeset
|
239 |
33d6c994a0b2
Sun Studio on sparc uses different bit order
Igor Sysoev <igor@sysoev.ru>
parents:
1219
diff
changeset
|
240 v->data = s.data; |
611 | 241 |
671 | 242 for (len = 0; v->data[len]; len++) { /* void */ } |
611 | 243 |
244 v->len = len; | |
245 v->valid = 1; | |
1565 | 246 v->no_cacheable = 0; |
611 | 247 v->not_found = 0; |
248 | |
249 return NGX_OK; | |
250 } | |
251 | |
252 v->not_found = 1; | |
253 | |
254 return NGX_OK; | |
255 } | |
256 | |
257 | |
258 static ngx_int_t | |
671 | 259 ngx_http_ssl_variable(ngx_http_request_t *r, ngx_http_variable_value_t *v, |
647 | 260 uintptr_t data) |
261 { | |
671 | 262 ngx_ssl_variable_handler_pt handler = (ngx_ssl_variable_handler_pt) data; |
647 | 263 |
1310
33d6c994a0b2
Sun Studio on sparc uses different bit order
Igor Sysoev <igor@sysoev.ru>
parents:
1219
diff
changeset
|
264 ngx_str_t s; |
33d6c994a0b2
Sun Studio on sparc uses different bit order
Igor Sysoev <igor@sysoev.ru>
parents:
1219
diff
changeset
|
265 |
647 | 266 if (r->connection->ssl) { |
1310
33d6c994a0b2
Sun Studio on sparc uses different bit order
Igor Sysoev <igor@sysoev.ru>
parents:
1219
diff
changeset
|
267 |
33d6c994a0b2
Sun Studio on sparc uses different bit order
Igor Sysoev <igor@sysoev.ru>
parents:
1219
diff
changeset
|
268 if (handler(r->connection, r->pool, &s) != NGX_OK) { |
647 | 269 return NGX_ERROR; |
270 } | |
271 | |
1310
33d6c994a0b2
Sun Studio on sparc uses different bit order
Igor Sysoev <igor@sysoev.ru>
parents:
1219
diff
changeset
|
272 v->len = s.len; |
33d6c994a0b2
Sun Studio on sparc uses different bit order
Igor Sysoev <igor@sysoev.ru>
parents:
1219
diff
changeset
|
273 v->data = s.data; |
33d6c994a0b2
Sun Studio on sparc uses different bit order
Igor Sysoev <igor@sysoev.ru>
parents:
1219
diff
changeset
|
274 |
647 | 275 if (v->len) { |
276 v->valid = 1; | |
1565 | 277 v->no_cacheable = 0; |
647 | 278 v->not_found = 0; |
279 | |
280 return NGX_OK; | |
281 } | |
282 } | |
283 | |
284 v->not_found = 1; | |
285 | |
286 return NGX_OK; | |
287 } | |
288 | |
289 | |
290 static ngx_int_t | |
611 | 291 ngx_http_ssl_add_variables(ngx_conf_t *cf) |
292 { | |
293 ngx_http_variable_t *var, *v; | |
294 | |
295 for (v = ngx_http_ssl_vars; v->name.len; v++) { | |
296 var = ngx_http_add_variable(cf, &v->name, v->flags); | |
297 if (var == NULL) { | |
298 return NGX_ERROR; | |
299 } | |
300 | |
637 | 301 var->get_handler = v->get_handler; |
611 | 302 var->data = v->data; |
303 } | |
304 | |
305 return NGX_OK; | |
306 } | |
307 | |
308 | |
501 | 309 static void * |
310 ngx_http_ssl_create_srv_conf(ngx_conf_t *cf) | |
383
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
311 { |
971 | 312 ngx_http_ssl_srv_conf_t *sscf; |
383
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
313 |
971 | 314 sscf = ngx_pcalloc(cf->pool, sizeof(ngx_http_ssl_srv_conf_t)); |
315 if (sscf == NULL) { | |
2912
c7d57b539248
return NULL instead of NGX_CONF_ERROR on a create conf failure
Igor Sysoev <igor@sysoev.ru>
parents:
2716
diff
changeset
|
316 return NULL; |
383
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
317 } |
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
318 |
479 | 319 /* |
320 * set by ngx_pcalloc(): | |
321 * | |
971 | 322 * sscf->protocols = 0; |
2044 | 323 * sscf->certificate = { 0, NULL }; |
324 * sscf->certificate_key = { 0, NULL }; | |
325 * sscf->dhparam = { 0, NULL }; | |
3960 | 326 * sscf->ecdh_curve = { 0, NULL }; |
2044 | 327 * sscf->client_certificate = { 0, NULL }; |
2995 | 328 * sscf->crl = { 0, NULL }; |
3516
dd1570b6f237
ngx_str_set() and ngx_str_null()
Igor Sysoev <igor@sysoev.ru>
parents:
3209
diff
changeset
|
329 * sscf->ciphers = { 0, NULL }; |
973 | 330 * sscf->shm_zone = NULL; |
479 | 331 */ |
332 | |
971 | 333 sscf->enable = NGX_CONF_UNSET; |
2123 | 334 sscf->prefer_server_ciphers = NGX_CONF_UNSET; |
2710 | 335 sscf->verify = NGX_CONF_UNSET_UINT; |
336 sscf->verify_depth = NGX_CONF_UNSET_UINT; | |
973 | 337 sscf->builtin_session_cache = NGX_CONF_UNSET; |
338 sscf->session_timeout = NGX_CONF_UNSET; | |
383
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
339 |
971 | 340 return sscf; |
383
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
341 } |
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
342 |
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
343 |
501 | 344 static char * |
345 ngx_http_ssl_merge_srv_conf(ngx_conf_t *cf, void *parent, void *child) | |
383
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
346 { |
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
347 ngx_http_ssl_srv_conf_t *prev = parent; |
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
348 ngx_http_ssl_srv_conf_t *conf = child; |
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
349 |
563 | 350 ngx_pool_cleanup_t *cln; |
351 | |
4234
d5462eab1440
Fixed segfault on configuration testing with ssl (ticket #37).
Maxim Dounin <mdounin@mdounin.ru>
parents:
4153
diff
changeset
|
352 if (conf->enable == NGX_CONF_UNSET) { |
d5462eab1440
Fixed segfault on configuration testing with ssl (ticket #37).
Maxim Dounin <mdounin@mdounin.ru>
parents:
4153
diff
changeset
|
353 if (prev->enable == NGX_CONF_UNSET) { |
d5462eab1440
Fixed segfault on configuration testing with ssl (ticket #37).
Maxim Dounin <mdounin@mdounin.ru>
parents:
4153
diff
changeset
|
354 conf->enable = 0; |
d5462eab1440
Fixed segfault on configuration testing with ssl (ticket #37).
Maxim Dounin <mdounin@mdounin.ru>
parents:
4153
diff
changeset
|
355 |
d5462eab1440
Fixed segfault on configuration testing with ssl (ticket #37).
Maxim Dounin <mdounin@mdounin.ru>
parents:
4153
diff
changeset
|
356 } else { |
d5462eab1440
Fixed segfault on configuration testing with ssl (ticket #37).
Maxim Dounin <mdounin@mdounin.ru>
parents:
4153
diff
changeset
|
357 conf->enable = prev->enable; |
d5462eab1440
Fixed segfault on configuration testing with ssl (ticket #37).
Maxim Dounin <mdounin@mdounin.ru>
parents:
4153
diff
changeset
|
358 conf->file = prev->file; |
d5462eab1440
Fixed segfault on configuration testing with ssl (ticket #37).
Maxim Dounin <mdounin@mdounin.ru>
parents:
4153
diff
changeset
|
359 conf->line = prev->line; |
d5462eab1440
Fixed segfault on configuration testing with ssl (ticket #37).
Maxim Dounin <mdounin@mdounin.ru>
parents:
4153
diff
changeset
|
360 } |
d5462eab1440
Fixed segfault on configuration testing with ssl (ticket #37).
Maxim Dounin <mdounin@mdounin.ru>
parents:
4153
diff
changeset
|
361 } |
383
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
362 |
573 | 363 ngx_conf_merge_value(conf->session_timeout, |
364 prev->session_timeout, 300); | |
365 | |
547 | 366 ngx_conf_merge_value(conf->prefer_server_ciphers, |
367 prev->prefer_server_ciphers, 0); | |
368 | |
369 ngx_conf_merge_bitmask_value(conf->protocols, prev->protocols, | |
4400
a0505851e70c
Added support for TLSv1.1, TLSv1.2 in ssl_protocols directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4273
diff
changeset
|
370 (NGX_CONF_BITMASK_SET|NGX_SSL_SSLv3|NGX_SSL_TLSv1 |
a0505851e70c
Added support for TLSv1.1, TLSv1.2 in ssl_protocols directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4273
diff
changeset
|
371 |NGX_SSL_TLSv1_1|NGX_SSL_TLSv1_2)); |
547 | 372 |
2123 | 373 ngx_conf_merge_uint_value(conf->verify, prev->verify, 0); |
374 ngx_conf_merge_uint_value(conf->verify_depth, prev->verify_depth, 1); | |
647 | 375 |
2224 | 376 ngx_conf_merge_str_value(conf->certificate, prev->certificate, ""); |
377 ngx_conf_merge_str_value(conf->certificate_key, prev->certificate_key, ""); | |
383
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
378 |
2044 | 379 ngx_conf_merge_str_value(conf->dhparam, prev->dhparam, ""); |
380 | |
647 | 381 ngx_conf_merge_str_value(conf->client_certificate, prev->client_certificate, |
382 ""); | |
2995 | 383 ngx_conf_merge_str_value(conf->crl, prev->crl, ""); |
647 | 384 |
3960 | 385 ngx_conf_merge_str_value(conf->ecdh_curve, prev->ecdh_curve, |
386 NGX_DEFAULT_ECDH_CURVE); | |
387 | |
2124 | 388 ngx_conf_merge_str_value(conf->ciphers, prev->ciphers, NGX_DEFAULT_CIPHERS); |
479 | 389 |
390 | |
547 | 391 conf->ssl.log = cf->log; |
386
fa72605e7089
nginx-0.0.7-2004-07-12-01:03:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
385
diff
changeset
|
392 |
2224 | 393 if (conf->enable) { |
394 | |
395 if (conf->certificate.len == 0) { | |
396 ngx_log_error(NGX_LOG_EMERG, cf->log, 0, | |
397 "no \"ssl_certificate\" is defined for " | |
398 "the \"ssl\" directive in %s:%ui", | |
399 conf->file, conf->line); | |
400 return NGX_CONF_ERROR; | |
401 } | |
402 | |
403 if (conf->certificate_key.len == 0) { | |
404 ngx_log_error(NGX_LOG_EMERG, cf->log, 0, | |
405 "no \"ssl_certificate_key\" is defined for " | |
406 "the \"ssl\" directive in %s:%ui", | |
407 conf->file, conf->line); | |
408 return NGX_CONF_ERROR; | |
409 } | |
410 | |
411 } else { | |
412 | |
413 if (conf->certificate.len == 0) { | |
414 return NGX_CONF_OK; | |
415 } | |
416 | |
417 if (conf->certificate_key.len == 0) { | |
418 ngx_log_error(NGX_LOG_EMERG, cf->log, 0, | |
419 "no \"ssl_certificate_key\" is defined " | |
420 "for certificate \"%V\"", &conf->certificate); | |
421 return NGX_CONF_ERROR; | |
422 } | |
423 } | |
424 | |
969 | 425 if (ngx_ssl_create(&conf->ssl, conf->protocols, conf) != NGX_OK) { |
386
fa72605e7089
nginx-0.0.7-2004-07-12-01:03:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
385
diff
changeset
|
426 return NGX_CONF_ERROR; |
fa72605e7089
nginx-0.0.7-2004-07-12-01:03:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
385
diff
changeset
|
427 } |
fa72605e7089
nginx-0.0.7-2004-07-12-01:03:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
385
diff
changeset
|
428 |
1219 | 429 #ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME |
430 | |
431 if (SSL_CTX_set_tlsext_servername_callback(conf->ssl.ctx, | |
432 ngx_http_ssl_servername) | |
433 == 0) | |
434 { | |
3140
ba9a8ba4207e
*) issue warning instead of failure: this is too common case
Igor Sysoev <igor@sysoev.ru>
parents:
2996
diff
changeset
|
435 ngx_log_error(NGX_LOG_WARN, cf->log, 0, |
3209 | 436 "nginx was built with SNI support, however, now it is linked " |
3140
ba9a8ba4207e
*) issue warning instead of failure: this is too common case
Igor Sysoev <igor@sysoev.ru>
parents:
2996
diff
changeset
|
437 "dynamically to an OpenSSL library which has no tlsext support, " |
ba9a8ba4207e
*) issue warning instead of failure: this is too common case
Igor Sysoev <igor@sysoev.ru>
parents:
2996
diff
changeset
|
438 "therefore SNI is not available"); |
1219 | 439 } |
440 | |
441 #endif | |
442 | |
563 | 443 cln = ngx_pool_cleanup_add(cf->pool, 0); |
444 if (cln == NULL) { | |
509 | 445 return NGX_CONF_ERROR; |
446 } | |
447 | |
563 | 448 cln->handler = ngx_ssl_cleanup_ctx; |
449 cln->data = &conf->ssl; | |
450 | |
451 if (ngx_ssl_certificate(cf, &conf->ssl, &conf->certificate, | |
970 | 452 &conf->certificate_key) |
453 != NGX_OK) | |
529 | 454 { |
386
fa72605e7089
nginx-0.0.7-2004-07-12-01:03:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
385
diff
changeset
|
455 return NGX_CONF_ERROR; |
fa72605e7089
nginx-0.0.7-2004-07-12-01:03:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
385
diff
changeset
|
456 } |
fa72605e7089
nginx-0.0.7-2004-07-12-01:03:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
385
diff
changeset
|
457 |
547 | 458 if (SSL_CTX_set_cipher_list(conf->ssl.ctx, |
563 | 459 (const char *) conf->ciphers.data) |
460 == 0) | |
529 | 461 { |
395
f8f0f1834266
nginx-0.0.7-2004-07-16-21:11:43 import
Igor Sysoev <igor@sysoev.ru>
parents:
394
diff
changeset
|
462 ngx_ssl_error(NGX_LOG_EMERG, cf->log, 0, |
547 | 463 "SSL_CTX_set_cipher_list(\"%V\") failed", |
464 &conf->ciphers); | |
465 } | |
466 | |
647 | 467 if (conf->verify) { |
2123 | 468 |
469 if (conf->client_certificate.len == 0) { | |
470 ngx_log_error(NGX_LOG_EMERG, cf->log, 0, | |
471 "no ssl_client_certificate for ssl_client_verify"); | |
472 return NGX_CONF_ERROR; | |
473 } | |
474 | |
671 | 475 if (ngx_ssl_client_certificate(cf, &conf->ssl, |
970 | 476 &conf->client_certificate, |
477 conf->verify_depth) | |
671 | 478 != NGX_OK) |
479 { | |
480 return NGX_CONF_ERROR; | |
647 | 481 } |
2995 | 482 |
483 if (ngx_ssl_crl(cf, &conf->ssl, &conf->crl) != NGX_OK) { | |
484 return NGX_CONF_ERROR; | |
485 } | |
647 | 486 } |
487 | |
547 | 488 if (conf->prefer_server_ciphers) { |
489 SSL_CTX_set_options(conf->ssl.ctx, SSL_OP_CIPHER_SERVER_PREFERENCE); | |
490 } | |
491 | |
492 /* a temporary 512-bit RSA key is required for export versions of MSIE */ | |
3959
b1f48fa31e6c
MSIE export versions are rare now, so RSA 512 key is generated on demand
Igor Sysoev <igor@sysoev.ru>
parents:
3938
diff
changeset
|
493 SSL_CTX_set_tmp_rsa_callback(conf->ssl.ctx, ngx_ssl_rsa512_key_callback); |
386
fa72605e7089
nginx-0.0.7-2004-07-12-01:03:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
385
diff
changeset
|
494 |
2044 | 495 if (ngx_ssl_dhparam(cf, &conf->ssl, &conf->dhparam) != NGX_OK) { |
496 return NGX_CONF_ERROR; | |
497 } | |
498 | |
3960 | 499 if (ngx_ssl_ecdh_curve(cf, &conf->ssl, &conf->ecdh_curve) != NGX_OK) { |
500 return NGX_CONF_ERROR; | |
501 } | |
502 | |
973 | 503 ngx_conf_merge_value(conf->builtin_session_cache, |
2032 | 504 prev->builtin_session_cache, NGX_SSL_NONE_SCACHE); |
973 | 505 |
506 if (conf->shm_zone == NULL) { | |
507 conf->shm_zone = prev->shm_zone; | |
508 } | |
509 | |
974
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
973
diff
changeset
|
510 if (ngx_ssl_session_cache(&conf->ssl, &ngx_http_ssl_sess_id_ctx, |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
973
diff
changeset
|
511 conf->builtin_session_cache, |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
973
diff
changeset
|
512 conf->shm_zone, conf->session_timeout) |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
973
diff
changeset
|
513 != NGX_OK) |
973 | 514 { |
974
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
973
diff
changeset
|
515 return NGX_CONF_ERROR; |
973 | 516 } |
573 | 517 |
383
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
518 return NGX_CONF_OK; |
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
519 } |
563 | 520 |
521 | |
973 | 522 static char * |
2224 | 523 ngx_http_ssl_enable(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) |
524 { | |
525 ngx_http_ssl_srv_conf_t *sscf = conf; | |
526 | |
527 char *rv; | |
528 | |
529 rv = ngx_conf_set_flag_slot(cf, cmd, conf); | |
530 | |
531 if (rv != NGX_CONF_OK) { | |
532 return rv; | |
533 } | |
534 | |
535 sscf->file = cf->conf_file->file.name.data; | |
536 sscf->line = cf->conf_file->line; | |
537 | |
538 return NGX_CONF_OK; | |
539 } | |
540 | |
541 | |
542 static char * | |
973 | 543 ngx_http_ssl_session_cache(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) |
544 { | |
545 ngx_http_ssl_srv_conf_t *sscf = conf; | |
546 | |
547 size_t len; | |
548 ngx_str_t *value, name, size; | |
549 ngx_int_t n; | |
550 ngx_uint_t i, j; | |
551 | |
552 value = cf->args->elts; | |
553 | |
554 for (i = 1; i < cf->args->nelts; i++) { | |
555 | |
1778 | 556 if (ngx_strcmp(value[i].data, "off") == 0) { |
557 sscf->builtin_session_cache = NGX_SSL_NO_SCACHE; | |
558 continue; | |
559 } | |
560 | |
2032 | 561 if (ngx_strcmp(value[i].data, "none") == 0) { |
562 sscf->builtin_session_cache = NGX_SSL_NONE_SCACHE; | |
563 continue; | |
564 } | |
565 | |
973 | 566 if (ngx_strcmp(value[i].data, "builtin") == 0) { |
974
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
973
diff
changeset
|
567 sscf->builtin_session_cache = NGX_SSL_DFLT_BUILTIN_SCACHE; |
973 | 568 continue; |
569 } | |
570 | |
571 if (value[i].len > sizeof("builtin:") - 1 | |
572 && ngx_strncmp(value[i].data, "builtin:", sizeof("builtin:") - 1) | |
573 == 0) | |
574 { | |
575 n = ngx_atoi(value[i].data + sizeof("builtin:") - 1, | |
576 value[i].len - (sizeof("builtin:") - 1)); | |
577 | |
578 if (n == NGX_ERROR) { | |
579 goto invalid; | |
580 } | |
581 | |
582 sscf->builtin_session_cache = n; | |
583 | |
584 continue; | |
585 } | |
586 | |
587 if (value[i].len > sizeof("shared:") - 1 | |
588 && ngx_strncmp(value[i].data, "shared:", sizeof("shared:") - 1) | |
589 == 0) | |
590 { | |
591 len = 0; | |
592 | |
593 for (j = sizeof("shared:") - 1; j < value[i].len; j++) { | |
594 if (value[i].data[j] == ':') { | |
2716
d5896f6608e8
move zone name from ngx_shm_zone_t to ngx_shm_t to use Win32 shared memory
Igor Sysoev <igor@sysoev.ru>
parents:
2710
diff
changeset
|
595 value[i].data[j] = '\0'; |
973 | 596 break; |
597 } | |
598 | |
599 len++; | |
600 } | |
601 | |
602 if (len == 0) { | |
603 goto invalid; | |
604 } | |
605 | |
606 name.len = len; | |
607 name.data = value[i].data + sizeof("shared:") - 1; | |
608 | |
609 size.len = value[i].len - j - 1; | |
610 size.data = name.data + len + 1; | |
611 | |
612 n = ngx_parse_size(&size); | |
613 | |
614 if (n == NGX_ERROR) { | |
615 goto invalid; | |
616 } | |
617 | |
618 if (n < (ngx_int_t) (8 * ngx_pagesize)) { | |
619 ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, | |
974
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
973
diff
changeset
|
620 "session cache \"%V\" is too small", |
973 | 621 &value[i]); |
622 | |
623 return NGX_CONF_ERROR; | |
624 } | |
625 | |
626 sscf->shm_zone = ngx_shared_memory_add(cf, &name, n, | |
627 &ngx_http_ssl_module); | |
628 if (sscf->shm_zone == NULL) { | |
629 return NGX_CONF_ERROR; | |
630 } | |
631 | |
4153
7de74ed694c8
Fix for "ssl_session_cache builtin" (broken since 1.1.1, r3993).
Maxim Dounin <mdounin@mdounin.ru>
parents:
3992
diff
changeset
|
632 sscf->shm_zone->init = ngx_ssl_session_cache_init; |
7de74ed694c8
Fix for "ssl_session_cache builtin" (broken since 1.1.1, r3993).
Maxim Dounin <mdounin@mdounin.ru>
parents:
3992
diff
changeset
|
633 |
973 | 634 continue; |
635 } | |
636 | |
637 goto invalid; | |
638 } | |
639 | |
640 if (sscf->shm_zone && sscf->builtin_session_cache == NGX_CONF_UNSET) { | |
974
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
973
diff
changeset
|
641 sscf->builtin_session_cache = NGX_SSL_NO_BUILTIN_SCACHE; |
973 | 642 } |
643 | |
644 return NGX_CONF_OK; | |
645 | |
646 invalid: | |
647 | |
648 ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, | |
649 "invalid session cache \"%V\"", &value[i]); | |
650 | |
651 return NGX_CONF_ERROR; | |
652 } |