Mercurial > hg > nginx-quic
annotate src/event/ngx_event_openssl.c @ 1439:36548ad85be1
style fix
author | Igor Sysoev <igor@sysoev.ru> |
---|---|
date | Fri, 31 Aug 2007 09:22:53 +0000 |
parents | adbafd129d06 |
children | 4fc402c3ec73 |
rev | line source |
---|---|
441
da8c5707af39
nginx-0.1.0-2004-09-28-12:34:51 import; set copyright and remove unused files
Igor Sysoev <igor@sysoev.ru>
parents:
399
diff
changeset
|
1 |
da8c5707af39
nginx-0.1.0-2004-09-28-12:34:51 import; set copyright and remove unused files
Igor Sysoev <igor@sysoev.ru>
parents:
399
diff
changeset
|
2 /* |
444
42d11f017717
nginx-0.1.0-2004-09-29-20:00:49 import; remove years from copyright
Igor Sysoev <igor@sysoev.ru>
parents:
441
diff
changeset
|
3 * Copyright (C) Igor Sysoev |
441
da8c5707af39
nginx-0.1.0-2004-09-28-12:34:51 import; set copyright and remove unused files
Igor Sysoev <igor@sysoev.ru>
parents:
399
diff
changeset
|
4 */ |
da8c5707af39
nginx-0.1.0-2004-09-28-12:34:51 import; set copyright and remove unused files
Igor Sysoev <igor@sysoev.ru>
parents:
399
diff
changeset
|
5 |
394
e7a68e14ccd3
nginx-0.0.7-2004-07-16-10:33:35 import
Igor Sysoev <igor@sysoev.ru>
parents:
393
diff
changeset
|
6 |
393
5659d773cfa8
nginx-0.0.7-2004-07-15-20:35:51 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
7 #include <ngx_config.h> |
5659d773cfa8
nginx-0.0.7-2004-07-15-20:35:51 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
8 #include <ngx_core.h> |
394
e7a68e14ccd3
nginx-0.0.7-2004-07-16-10:33:35 import
Igor Sysoev <igor@sysoev.ru>
parents:
393
diff
changeset
|
9 #include <ngx_event.h> |
393
5659d773cfa8
nginx-0.0.7-2004-07-15-20:35:51 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
10 |
541 | 11 |
12 typedef struct { | |
13 ngx_str_t engine; | |
14 } ngx_openssl_conf_t; | |
479 | 15 |
393
5659d773cfa8
nginx-0.0.7-2004-07-15-20:35:51 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
16 |
671 | 17 static int ngx_http_ssl_verify_callback(int ok, X509_STORE_CTX *x509_store); |
547 | 18 static void ngx_ssl_handshake_handler(ngx_event_t *ev); |
489 | 19 static ngx_int_t ngx_ssl_handle_recv(ngx_connection_t *c, int n); |
473 | 20 static void ngx_ssl_write_handler(ngx_event_t *wev); |
21 static void ngx_ssl_read_handler(ngx_event_t *rev); | |
577 | 22 static void ngx_ssl_shutdown_handler(ngx_event_t *ev); |
547 | 23 static void ngx_ssl_connection_error(ngx_connection_t *c, int sslerr, |
24 ngx_err_t err, char *text); | |
974
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
25 |
993
1b9a4d92173f
pass the inherited shm_zone data
Igor Sysoev <igor@sysoev.ru>
parents:
989
diff
changeset
|
26 static ngx_int_t ngx_ssl_session_cache_init(ngx_shm_zone_t *shm_zone, |
1b9a4d92173f
pass the inherited shm_zone data
Igor Sysoev <igor@sysoev.ru>
parents:
989
diff
changeset
|
27 void *data); |
974
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
28 static int ngx_ssl_new_session(ngx_ssl_conn_t *ssl_conn, |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
29 ngx_ssl_session_t *sess); |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
30 static ngx_ssl_session_t *ngx_ssl_get_cached_session(ngx_ssl_conn_t *ssl_conn, |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
31 u_char *id, int len, int *copy); |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
32 static void ngx_ssl_remove_session(SSL_CTX *ssl, ngx_ssl_session_t *sess); |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
33 static void ngx_ssl_expire_sessions(ngx_ssl_session_cache_t *cache, |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
34 ngx_slab_pool_t *shpool, ngx_uint_t n); |
1027
ff07ccfaad50
fix duplicate rbtree keys case
Igor Sysoev <igor@sysoev.ru>
parents:
1025
diff
changeset
|
35 static void ngx_ssl_session_rbtree_insert_value(ngx_rbtree_node_t *temp, |
ff07ccfaad50
fix duplicate rbtree keys case
Igor Sysoev <igor@sysoev.ru>
parents:
1025
diff
changeset
|
36 ngx_rbtree_node_t *node, ngx_rbtree_node_t *sentinel); |
974
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
37 |
541 | 38 static void *ngx_openssl_create_conf(ngx_cycle_t *cycle); |
39 static char *ngx_openssl_init_conf(ngx_cycle_t *cycle, void *conf); | |
571 | 40 static void ngx_openssl_exit(ngx_cycle_t *cycle); |
541 | 41 |
42 #if !(NGX_SSL_ENGINE) | |
43 static char *ngx_openssl_noengine(ngx_conf_t *cf, ngx_command_t *cmd, | |
44 void *conf); | |
45 #endif | |
46 | |
47 | |
48 static ngx_command_t ngx_openssl_commands[] = { | |
49 | |
50 { ngx_string("ssl_engine"), | |
51 NGX_MAIN_CONF|NGX_DIRECT_CONF|NGX_CONF_TAKE1, | |
52 #if (NGX_SSL_ENGINE) | |
53 ngx_conf_set_str_slot, | |
54 #else | |
55 ngx_openssl_noengine, | |
56 #endif | |
57 0, | |
58 offsetof(ngx_openssl_conf_t, engine), | |
59 NULL }, | |
60 | |
61 ngx_null_command | |
62 }; | |
63 | |
64 | |
65 static ngx_core_module_t ngx_openssl_module_ctx = { | |
66 ngx_string("openssl"), | |
67 ngx_openssl_create_conf, | |
68 ngx_openssl_init_conf | |
577 | 69 }; |
541 | 70 |
71 | |
72 ngx_module_t ngx_openssl_module = { | |
73 NGX_MODULE_V1, | |
74 &ngx_openssl_module_ctx, /* module context */ | |
75 ngx_openssl_commands, /* module directives */ | |
76 NGX_CORE_MODULE, /* module type */ | |
77 NULL, /* init master */ | |
78 NULL, /* init module */ | |
79 NULL, /* init process */ | |
80 NULL, /* init thread */ | |
81 NULL, /* exit thread */ | |
82 NULL, /* exit process */ | |
571 | 83 ngx_openssl_exit, /* exit master */ |
541 | 84 NGX_MODULE_V1_PADDING |
547 | 85 }; |
86 | |
87 | |
88 static long ngx_ssl_protocols[] = { | |
89 SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3|SSL_OP_NO_TLSv1, | |
90 SSL_OP_NO_SSLv3|SSL_OP_NO_TLSv1, | |
91 SSL_OP_NO_SSLv2|SSL_OP_NO_TLSv1, | |
92 SSL_OP_NO_TLSv1, | |
93 SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3, | |
94 SSL_OP_NO_SSLv3, | |
95 SSL_OP_NO_SSLv2, | |
96 0, | |
97 }; | |
397
de797f3b4c27
nginx-0.0.7-2004-07-23-09:37:29 import
Igor Sysoev <igor@sysoev.ru>
parents:
396
diff
changeset
|
98 |
de797f3b4c27
nginx-0.0.7-2004-07-23-09:37:29 import
Igor Sysoev <igor@sysoev.ru>
parents:
396
diff
changeset
|
99 |
969 | 100 int ngx_ssl_connection_index; |
101 int ngx_ssl_server_conf_index; | |
974
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
102 int ngx_ssl_session_cache_index; |
671 | 103 |
104 | |
489 | 105 ngx_int_t |
106 ngx_ssl_init(ngx_log_t *log) | |
393
5659d773cfa8
nginx-0.0.7-2004-07-15-20:35:51 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
107 { |
968 | 108 #if OPENSSL_VERSION_NUMBER >= 0x00907000 |
109 OPENSSL_config(NULL); | |
110 #endif | |
111 | |
393
5659d773cfa8
nginx-0.0.7-2004-07-15-20:35:51 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
112 SSL_library_init(); |
5659d773cfa8
nginx-0.0.7-2004-07-15-20:35:51 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
113 SSL_load_error_strings(); |
541 | 114 |
115 #if (NGX_SSL_ENGINE) | |
479 | 116 ENGINE_load_builtin_engines(); |
541 | 117 #endif |
393
5659d773cfa8
nginx-0.0.7-2004-07-15-20:35:51 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
118 |
969 | 119 ngx_ssl_connection_index = SSL_get_ex_new_index(0, NULL, NULL, NULL, NULL); |
671 | 120 |
969 | 121 if (ngx_ssl_connection_index == -1) { |
671 | 122 ngx_ssl_error(NGX_LOG_ALERT, log, 0, "SSL_get_ex_new_index() failed"); |
123 return NGX_ERROR; | |
124 } | |
125 | |
969 | 126 ngx_ssl_server_conf_index = SSL_CTX_get_ex_new_index(0, NULL, NULL, NULL, |
127 NULL); | |
128 if (ngx_ssl_server_conf_index == -1) { | |
129 ngx_ssl_error(NGX_LOG_ALERT, log, 0, | |
130 "SSL_CTX_get_ex_new_index() failed"); | |
131 return NGX_ERROR; | |
132 } | |
133 | |
974
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
134 ngx_ssl_session_cache_index = SSL_CTX_get_ex_new_index(0, NULL, NULL, NULL, |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
135 NULL); |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
136 if (ngx_ssl_session_cache_index == -1) { |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
137 ngx_ssl_error(NGX_LOG_ALERT, log, 0, |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
138 "SSL_CTX_get_ex_new_index() failed"); |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
139 return NGX_ERROR; |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
140 } |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
141 |
393
5659d773cfa8
nginx-0.0.7-2004-07-15-20:35:51 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
142 return NGX_OK; |
5659d773cfa8
nginx-0.0.7-2004-07-15-20:35:51 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
143 } |
5659d773cfa8
nginx-0.0.7-2004-07-15-20:35:51 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
144 |
5659d773cfa8
nginx-0.0.7-2004-07-15-20:35:51 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
145 |
489 | 146 ngx_int_t |
969 | 147 ngx_ssl_create(ngx_ssl_t *ssl, ngx_uint_t protocols, void *data) |
547 | 148 { |
577 | 149 ssl->ctx = SSL_CTX_new(SSLv23_method()); |
547 | 150 |
151 if (ssl->ctx == NULL) { | |
152 ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0, "SSL_CTX_new() failed"); | |
153 return NGX_ERROR; | |
154 } | |
155 | |
969 | 156 if (SSL_CTX_set_ex_data(ssl->ctx, ngx_ssl_server_conf_index, data) == 0) { |
157 ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0, | |
158 "SSL_CTX_set_ex_data() failed"); | |
159 return NGX_ERROR; | |
160 } | |
161 | |
577 | 162 /* client side options */ |
163 | |
164 SSL_CTX_set_options(ssl->ctx, SSL_OP_MICROSOFT_SESS_ID_BUG); | |
165 SSL_CTX_set_options(ssl->ctx, SSL_OP_NETSCAPE_CHALLENGE_BUG); | |
166 SSL_CTX_set_options(ssl->ctx, SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG); | |
167 | |
168 /* server side options */ | |
563 | 169 |
170 SSL_CTX_set_options(ssl->ctx, SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG); | |
171 SSL_CTX_set_options(ssl->ctx, SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER); | |
172 | |
173 /* this option allow a potential SSL 2.0 rollback (CAN-2005-2969) */ | |
174 SSL_CTX_set_options(ssl->ctx, SSL_OP_MSIE_SSLV2_RSA_PADDING); | |
175 | |
176 SSL_CTX_set_options(ssl->ctx, SSL_OP_SSLEAY_080_CLIENT_DH_BUG); | |
177 SSL_CTX_set_options(ssl->ctx, SSL_OP_TLS_D5_BUG); | |
178 SSL_CTX_set_options(ssl->ctx, SSL_OP_TLS_BLOCK_PADDING_BUG); | |
179 | |
180 #ifdef SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS | |
181 SSL_CTX_set_options(ssl->ctx, SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS); | |
182 #endif | |
183 | |
547 | 184 |
185 if (ngx_ssl_protocols[protocols >> 1] != 0) { | |
186 SSL_CTX_set_options(ssl->ctx, ngx_ssl_protocols[protocols >> 1]); | |
187 } | |
188 | |
189 SSL_CTX_set_mode(ssl->ctx, SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER); | |
190 | |
191 SSL_CTX_set_read_ahead(ssl->ctx, 1); | |
192 | |
193 return NGX_OK; | |
194 } | |
195 | |
196 | |
197 ngx_int_t | |
563 | 198 ngx_ssl_certificate(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *cert, |
199 ngx_str_t *key) | |
547 | 200 { |
1352 | 201 if (ngx_conf_full_name(cf->cycle, cert, 1) == NGX_ERROR) { |
547 | 202 return NGX_ERROR; |
203 } | |
204 | |
563 | 205 if (SSL_CTX_use_certificate_chain_file(ssl->ctx, (char *) cert->data) |
547 | 206 == 0) |
207 { | |
208 ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0, | |
563 | 209 "SSL_CTX_use_certificate_chain_file(\"%s\") failed", |
210 cert->data); | |
211 return NGX_ERROR; | |
212 } | |
213 | |
1352 | 214 if (ngx_conf_full_name(cf->cycle, key, 1) == NGX_ERROR) { |
563 | 215 return NGX_ERROR; |
216 } | |
217 | |
218 if (SSL_CTX_use_PrivateKey_file(ssl->ctx, (char *) key->data, | |
647 | 219 SSL_FILETYPE_PEM) |
220 == 0) | |
563 | 221 { |
222 ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0, | |
223 "SSL_CTX_use_PrivateKey_file(\"%s\") failed", key->data); | |
547 | 224 return NGX_ERROR; |
225 } | |
226 | |
227 return NGX_OK; | |
228 } | |
229 | |
230 | |
231 ngx_int_t | |
671 | 232 ngx_ssl_client_certificate(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *cert, |
233 ngx_int_t depth) | |
647 | 234 { |
671 | 235 STACK_OF(X509_NAME) *list; |
236 | |
237 SSL_CTX_set_verify(ssl->ctx, SSL_VERIFY_PEER, ngx_http_ssl_verify_callback); | |
238 | |
239 SSL_CTX_set_verify_depth(ssl->ctx, depth); | |
240 | |
241 if (cert->len == 0) { | |
242 return NGX_OK; | |
243 } | |
244 | |
1352 | 245 if (ngx_conf_full_name(cf->cycle, cert, 1) == NGX_ERROR) { |
647 | 246 return NGX_ERROR; |
247 } | |
248 | |
249 if (SSL_CTX_load_verify_locations(ssl->ctx, (char *) cert->data, NULL) | |
250 == 0) | |
251 { | |
252 ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0, | |
253 "SSL_CTX_load_verify_locations(\"%s\") failed", | |
254 cert->data); | |
255 return NGX_ERROR; | |
256 } | |
257 | |
671 | 258 list = SSL_load_client_CA_file((char *) cert->data); |
259 | |
260 if (list == NULL) { | |
261 ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0, | |
262 "SSL_load_client_CA_file(\"%s\") failed", cert->data); | |
263 return NGX_ERROR; | |
264 } | |
265 | |
266 /* | |
267 * before 0.9.7h and 0.9.8 SSL_load_client_CA_file() | |
268 * always leaved an error in the error queue | |
269 */ | |
270 | |
271 ERR_clear_error(); | |
272 | |
273 SSL_CTX_set_client_CA_list(ssl->ctx, list); | |
274 | |
647 | 275 return NGX_OK; |
276 } | |
277 | |
278 | |
671 | 279 static int |
280 ngx_http_ssl_verify_callback(int ok, X509_STORE_CTX *x509_store) | |
281 { | |
282 char *subject, *issuer; | |
283 int err, depth; | |
284 X509 *cert; | |
285 X509_NAME *name; | |
286 ngx_connection_t *c; | |
287 ngx_ssl_conn_t *ssl_conn; | |
288 | |
289 ssl_conn = X509_STORE_CTX_get_ex_data(x509_store, | |
290 SSL_get_ex_data_X509_STORE_CTX_idx()); | |
291 | |
292 c = ngx_ssl_get_connection(ssl_conn); | |
293 | |
294 cert = X509_STORE_CTX_get_current_cert(x509_store); | |
295 err = X509_STORE_CTX_get_error(x509_store); | |
296 depth = X509_STORE_CTX_get_error_depth(x509_store); | |
297 | |
298 name = X509_get_subject_name(cert); | |
299 subject = name ? X509_NAME_oneline(name, NULL, 0) : "(none)"; | |
300 | |
301 name = X509_get_issuer_name(cert); | |
302 issuer = name ? X509_NAME_oneline(name, NULL, 0) : "(none)"; | |
303 | |
974
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
304 ngx_log_debug5(NGX_LOG_DEBUG_EVENT, c->log, 0, |
671 | 305 "verify:%d, error:%d, depth:%d, " |
306 "subject:\"%s\",issuer: \"%s\"", | |
307 ok, err, depth, subject, issuer); | |
308 | |
309 return 1; | |
310 } | |
311 | |
312 | |
647 | 313 ngx_int_t |
547 | 314 ngx_ssl_generate_rsa512_key(ngx_ssl_t *ssl) |
315 { | |
671 | 316 RSA *key; |
317 | |
559 | 318 if (SSL_CTX_need_tmp_RSA(ssl->ctx) == 0) { |
319 return NGX_OK; | |
320 } | |
321 | |
671 | 322 key = RSA_generate_key(512, RSA_F4, NULL, NULL); |
547 | 323 |
671 | 324 if (key) { |
325 SSL_CTX_set_tmp_rsa(ssl->ctx, key); | |
326 | |
327 RSA_free(key); | |
328 | |
547 | 329 return NGX_OK; |
330 } | |
331 | |
332 ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0, "RSA_generate_key(512) failed"); | |
333 | |
334 return NGX_ERROR; | |
335 } | |
336 | |
337 | |
338 ngx_int_t | |
339 ngx_ssl_create_connection(ngx_ssl_t *ssl, ngx_connection_t *c, ngx_uint_t flags) | |
577 | 340 { |
547 | 341 ngx_ssl_connection_t *sc; |
393
5659d773cfa8
nginx-0.0.7-2004-07-15-20:35:51 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
342 |
547 | 343 sc = ngx_pcalloc(c->pool, sizeof(ngx_ssl_connection_t)); |
344 if (sc == NULL) { | |
393
5659d773cfa8
nginx-0.0.7-2004-07-15-20:35:51 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
345 return NGX_ERROR; |
5659d773cfa8
nginx-0.0.7-2004-07-15-20:35:51 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
346 } |
5659d773cfa8
nginx-0.0.7-2004-07-15-20:35:51 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
347 |
543 | 348 if (flags & NGX_SSL_BUFFER) { |
547 | 349 sc->buffer = 1; |
543 | 350 |
547 | 351 sc->buf = ngx_create_temp_buf(c->pool, NGX_SSL_BUFSIZE); |
352 if (sc->buf == NULL) { | |
543 | 353 return NGX_ERROR; |
354 } | |
397
de797f3b4c27
nginx-0.0.7-2004-07-23-09:37:29 import
Igor Sysoev <igor@sysoev.ru>
parents:
396
diff
changeset
|
355 } |
de797f3b4c27
nginx-0.0.7-2004-07-23-09:37:29 import
Igor Sysoev <igor@sysoev.ru>
parents:
396
diff
changeset
|
356 |
547 | 357 sc->connection = SSL_new(ssl->ctx); |
395
f8f0f1834266
nginx-0.0.7-2004-07-16-21:11:43 import
Igor Sysoev <igor@sysoev.ru>
parents:
394
diff
changeset
|
358 |
547 | 359 if (sc->connection == NULL) { |
395
f8f0f1834266
nginx-0.0.7-2004-07-16-21:11:43 import
Igor Sysoev <igor@sysoev.ru>
parents:
394
diff
changeset
|
360 ngx_ssl_error(NGX_LOG_ALERT, c->log, 0, "SSL_new() failed"); |
393
5659d773cfa8
nginx-0.0.7-2004-07-15-20:35:51 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
361 return NGX_ERROR; |
5659d773cfa8
nginx-0.0.7-2004-07-15-20:35:51 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
362 } |
5659d773cfa8
nginx-0.0.7-2004-07-15-20:35:51 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
363 |
547 | 364 if (SSL_set_fd(sc->connection, c->fd) == 0) { |
395
f8f0f1834266
nginx-0.0.7-2004-07-16-21:11:43 import
Igor Sysoev <igor@sysoev.ru>
parents:
394
diff
changeset
|
365 ngx_ssl_error(NGX_LOG_ALERT, c->log, 0, "SSL_set_fd() failed"); |
f8f0f1834266
nginx-0.0.7-2004-07-16-21:11:43 import
Igor Sysoev <igor@sysoev.ru>
parents:
394
diff
changeset
|
366 return NGX_ERROR; |
f8f0f1834266
nginx-0.0.7-2004-07-16-21:11:43 import
Igor Sysoev <igor@sysoev.ru>
parents:
394
diff
changeset
|
367 } |
f8f0f1834266
nginx-0.0.7-2004-07-16-21:11:43 import
Igor Sysoev <igor@sysoev.ru>
parents:
394
diff
changeset
|
368 |
577 | 369 if (flags & NGX_SSL_CLIENT) { |
370 SSL_set_connect_state(sc->connection); | |
371 | |
372 } else { | |
373 SSL_set_accept_state(sc->connection); | |
374 } | |
393
5659d773cfa8
nginx-0.0.7-2004-07-15-20:35:51 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
375 |
969 | 376 if (SSL_set_ex_data(sc->connection, ngx_ssl_connection_index, c) == 0) { |
671 | 377 ngx_ssl_error(NGX_LOG_ALERT, c->log, 0, "SSL_set_ex_data() failed"); |
378 return NGX_ERROR; | |
379 } | |
380 | |
547 | 381 c->ssl = sc; |
393
5659d773cfa8
nginx-0.0.7-2004-07-15-20:35:51 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
382 |
5659d773cfa8
nginx-0.0.7-2004-07-15-20:35:51 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
383 return NGX_OK; |
5659d773cfa8
nginx-0.0.7-2004-07-15-20:35:51 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
384 } |
5659d773cfa8
nginx-0.0.7-2004-07-15-20:35:51 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
385 |
5659d773cfa8
nginx-0.0.7-2004-07-15-20:35:51 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
386 |
547 | 387 ngx_int_t |
577 | 388 ngx_ssl_set_session(ngx_connection_t *c, ngx_ssl_session_t *session) |
389 { | |
390 if (session) { | |
391 if (SSL_set_session(c->ssl->connection, session) == 0) { | |
392 ngx_ssl_error(NGX_LOG_ALERT, c->log, 0, "SSL_set_session() failed"); | |
393 return NGX_ERROR; | |
394 } | |
395 } | |
396 | |
397 return NGX_OK; | |
398 } | |
399 | |
400 | |
401 ngx_int_t | |
547 | 402 ngx_ssl_handshake(ngx_connection_t *c) |
403 { | |
404 int n, sslerr; | |
405 ngx_err_t err; | |
406 | |
407 n = SSL_do_handshake(c->ssl->connection); | |
408 | |
577 | 409 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL_do_handshake: %d", n); |
547 | 410 |
411 if (n == 1) { | |
412 | |
413 if (ngx_handle_read_event(c->read, 0) == NGX_ERROR) { | |
414 return NGX_ERROR; | |
415 } | |
416 | |
417 if (ngx_handle_write_event(c->write, 0) == NGX_ERROR) { | |
418 return NGX_ERROR; | |
419 } | |
420 | |
421 #if (NGX_DEBUG) | |
422 { | |
423 char buf[129], *s, *d; | |
424 SSL_CIPHER *cipher; | |
425 | |
426 cipher = SSL_get_current_cipher(c->ssl->connection); | |
427 | |
428 if (cipher) { | |
429 SSL_CIPHER_description(cipher, &buf[1], 128); | |
430 | |
431 for (s = &buf[1], d = buf; *s; s++) { | |
432 if (*s == ' ' && *d == ' ') { | |
433 continue; | |
434 } | |
435 | |
436 if (*s == LF || *s == CR) { | |
437 continue; | |
438 } | |
439 | |
440 *++d = *s; | |
441 } | |
442 | |
443 if (*d != ' ') { | |
444 d++; | |
445 } | |
446 | |
447 *d = '\0'; | |
448 | |
583 | 449 ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0, |
547 | 450 "SSL: %s, cipher: \"%s\"", |
577 | 451 SSL_get_version(c->ssl->connection), &buf[1]); |
547 | 452 |
453 if (SSL_session_reused(c->ssl->connection)) { | |
583 | 454 ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0, |
547 | 455 "SSL reused session"); |
456 } | |
457 | |
458 } else { | |
459 ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0, | |
577 | 460 "SSL no shared ciphers"); |
547 | 461 } |
462 } | |
463 #endif | |
464 | |
465 c->ssl->handshaked = 1; | |
466 | |
467 c->recv = ngx_ssl_recv; | |
468 c->send = ngx_ssl_write; | |
577 | 469 c->recv_chain = ngx_ssl_recv_chain; |
470 c->send_chain = ngx_ssl_send_chain; | |
547 | 471 |
472 return NGX_OK; | |
473 } | |
474 | |
475 sslerr = SSL_get_error(c->ssl->connection, n); | |
476 | |
477 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL_get_error: %d", sslerr); | |
478 | |
479 if (sslerr == SSL_ERROR_WANT_READ) { | |
480 c->read->ready = 0; | |
481 c->read->handler = ngx_ssl_handshake_handler; | |
591 | 482 c->write->handler = ngx_ssl_handshake_handler; |
547 | 483 |
484 if (ngx_handle_read_event(c->read, 0) == NGX_ERROR) { | |
485 return NGX_ERROR; | |
486 } | |
487 | |
488 return NGX_AGAIN; | |
489 } | |
490 | |
491 if (sslerr == SSL_ERROR_WANT_WRITE) { | |
492 c->write->ready = 0; | |
591 | 493 c->read->handler = ngx_ssl_handshake_handler; |
547 | 494 c->write->handler = ngx_ssl_handshake_handler; |
495 | |
496 if (ngx_handle_write_event(c->write, 0) == NGX_ERROR) { | |
497 return NGX_ERROR; | |
498 } | |
499 | |
500 return NGX_AGAIN; | |
501 } | |
502 | |
503 err = (sslerr == SSL_ERROR_SYSCALL) ? ngx_errno : 0; | |
504 | |
505 c->ssl->no_wait_shutdown = 1; | |
506 c->ssl->no_send_shutdown = 1; | |
591 | 507 c->read->eof = 1; |
547 | 508 |
509 if (sslerr == SSL_ERROR_ZERO_RETURN || ERR_peek_error() == 0) { | |
510 ngx_log_error(NGX_LOG_INFO, c->log, err, | |
577 | 511 "peer closed connection in SSL handshake"); |
547 | 512 |
513 return NGX_ERROR; | |
514 } | |
515 | |
591 | 516 c->read->error = 1; |
517 | |
547 | 518 ngx_ssl_connection_error(c, sslerr, err, "SSL_do_handshake() failed"); |
519 | |
520 return NGX_ERROR; | |
521 } | |
522 | |
523 | |
524 static void | |
525 ngx_ssl_handshake_handler(ngx_event_t *ev) | |
526 { | |
527 ngx_connection_t *c; | |
528 | |
529 c = ev->data; | |
530 | |
549 | 531 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, |
577 | 532 "SSL handshake handler: %d", ev->write); |
547 | 533 |
591 | 534 if (ev->timedout) { |
535 c->ssl->handler(c); | |
536 return; | |
537 } | |
538 | |
547 | 539 if (ngx_ssl_handshake(c) == NGX_AGAIN) { |
540 return; | |
541 } | |
542 | |
543 c->ssl->handler(c); | |
544 } | |
545 | |
546 | |
489 | 547 ssize_t |
577 | 548 ngx_ssl_recv_chain(ngx_connection_t *c, ngx_chain_t *cl) |
549 { | |
1154
427de53e45c2
ngx_ssl_recv_chain() must not update buf->last,
Igor Sysoev <igor@sysoev.ru>
parents:
1043
diff
changeset
|
550 u_char *last; |
577 | 551 ssize_t n, bytes; |
552 ngx_buf_t *b; | |
553 | |
554 bytes = 0; | |
555 | |
1154
427de53e45c2
ngx_ssl_recv_chain() must not update buf->last,
Igor Sysoev <igor@sysoev.ru>
parents:
1043
diff
changeset
|
556 b = cl->buf; |
427de53e45c2
ngx_ssl_recv_chain() must not update buf->last,
Igor Sysoev <igor@sysoev.ru>
parents:
1043
diff
changeset
|
557 last = b->last; |
427de53e45c2
ngx_ssl_recv_chain() must not update buf->last,
Igor Sysoev <igor@sysoev.ru>
parents:
1043
diff
changeset
|
558 |
427de53e45c2
ngx_ssl_recv_chain() must not update buf->last,
Igor Sysoev <igor@sysoev.ru>
parents:
1043
diff
changeset
|
559 for ( ;; ) { |
427de53e45c2
ngx_ssl_recv_chain() must not update buf->last,
Igor Sysoev <igor@sysoev.ru>
parents:
1043
diff
changeset
|
560 |
427de53e45c2
ngx_ssl_recv_chain() must not update buf->last,
Igor Sysoev <igor@sysoev.ru>
parents:
1043
diff
changeset
|
561 n = ngx_ssl_recv(c, last, b->end - last); |
577 | 562 |
563 if (n > 0) { | |
1154
427de53e45c2
ngx_ssl_recv_chain() must not update buf->last,
Igor Sysoev <igor@sysoev.ru>
parents:
1043
diff
changeset
|
564 last += n; |
577 | 565 bytes += n; |
566 | |
1154
427de53e45c2
ngx_ssl_recv_chain() must not update buf->last,
Igor Sysoev <igor@sysoev.ru>
parents:
1043
diff
changeset
|
567 if (last == b->end) { |
577 | 568 cl = cl->next; |
1154
427de53e45c2
ngx_ssl_recv_chain() must not update buf->last,
Igor Sysoev <igor@sysoev.ru>
parents:
1043
diff
changeset
|
569 |
427de53e45c2
ngx_ssl_recv_chain() must not update buf->last,
Igor Sysoev <igor@sysoev.ru>
parents:
1043
diff
changeset
|
570 if (cl == NULL) { |
427de53e45c2
ngx_ssl_recv_chain() must not update buf->last,
Igor Sysoev <igor@sysoev.ru>
parents:
1043
diff
changeset
|
571 return bytes; |
427de53e45c2
ngx_ssl_recv_chain() must not update buf->last,
Igor Sysoev <igor@sysoev.ru>
parents:
1043
diff
changeset
|
572 } |
427de53e45c2
ngx_ssl_recv_chain() must not update buf->last,
Igor Sysoev <igor@sysoev.ru>
parents:
1043
diff
changeset
|
573 |
427de53e45c2
ngx_ssl_recv_chain() must not update buf->last,
Igor Sysoev <igor@sysoev.ru>
parents:
1043
diff
changeset
|
574 b = cl->buf; |
427de53e45c2
ngx_ssl_recv_chain() must not update buf->last,
Igor Sysoev <igor@sysoev.ru>
parents:
1043
diff
changeset
|
575 last = b->last; |
577 | 576 } |
577 | |
578 continue; | |
579 } | |
580 | |
581 if (bytes) { | |
582 return bytes; | |
583 } | |
584 | |
585 return n; | |
586 } | |
587 } | |
588 | |
589 | |
590 ssize_t | |
489 | 591 ngx_ssl_recv(ngx_connection_t *c, u_char *buf, size_t size) |
393
5659d773cfa8
nginx-0.0.7-2004-07-15-20:35:51 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
592 { |
489 | 593 int n, bytes; |
594 | |
595 if (c->ssl->last == NGX_ERROR) { | |
1426
adbafd129d06
do not set read->eof, ready, and error prematurely
Igor Sysoev <igor@sysoev.ru>
parents:
1421
diff
changeset
|
596 c->read->error = 1; |
489 | 597 return NGX_ERROR; |
598 } | |
599 | |
577 | 600 if (c->ssl->last == NGX_DONE) { |
1426
adbafd129d06
do not set read->eof, ready, and error prematurely
Igor Sysoev <igor@sysoev.ru>
parents:
1421
diff
changeset
|
601 c->read->ready = 0; |
adbafd129d06
do not set read->eof, ready, and error prematurely
Igor Sysoev <igor@sysoev.ru>
parents:
1421
diff
changeset
|
602 c->read->eof = 1; |
577 | 603 return 0; |
604 } | |
605 | |
489 | 606 bytes = 0; |
393
5659d773cfa8
nginx-0.0.7-2004-07-15-20:35:51 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
607 |
489 | 608 /* |
609 * SSL_read() may return data in parts, so try to read | |
610 * until SSL_read() would return no data | |
611 */ | |
612 | |
613 for ( ;; ) { | |
393
5659d773cfa8
nginx-0.0.7-2004-07-15-20:35:51 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
614 |
543 | 615 n = SSL_read(c->ssl->connection, buf, size); |
489 | 616 |
577 | 617 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL_read: %d", n); |
393
5659d773cfa8
nginx-0.0.7-2004-07-15-20:35:51 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
618 |
489 | 619 if (n > 0) { |
620 bytes += n; | |
621 } | |
622 | |
623 c->ssl->last = ngx_ssl_handle_recv(c, n); | |
624 | |
1426
adbafd129d06
do not set read->eof, ready, and error prematurely
Igor Sysoev <igor@sysoev.ru>
parents:
1421
diff
changeset
|
625 if (c->ssl->last == NGX_OK) { |
adbafd129d06
do not set read->eof, ready, and error prematurely
Igor Sysoev <igor@sysoev.ru>
parents:
1421
diff
changeset
|
626 |
adbafd129d06
do not set read->eof, ready, and error prematurely
Igor Sysoev <igor@sysoev.ru>
parents:
1421
diff
changeset
|
627 size -= n; |
adbafd129d06
do not set read->eof, ready, and error prematurely
Igor Sysoev <igor@sysoev.ru>
parents:
1421
diff
changeset
|
628 |
adbafd129d06
do not set read->eof, ready, and error prematurely
Igor Sysoev <igor@sysoev.ru>
parents:
1421
diff
changeset
|
629 if (size == 0) { |
489 | 630 return bytes; |
577 | 631 } |
489 | 632 |
1426
adbafd129d06
do not set read->eof, ready, and error prematurely
Igor Sysoev <igor@sysoev.ru>
parents:
1421
diff
changeset
|
633 buf += n; |
adbafd129d06
do not set read->eof, ready, and error prematurely
Igor Sysoev <igor@sysoev.ru>
parents:
1421
diff
changeset
|
634 |
adbafd129d06
do not set read->eof, ready, and error prematurely
Igor Sysoev <igor@sysoev.ru>
parents:
1421
diff
changeset
|
635 continue; |
adbafd129d06
do not set read->eof, ready, and error prematurely
Igor Sysoev <igor@sysoev.ru>
parents:
1421
diff
changeset
|
636 } |
adbafd129d06
do not set read->eof, ready, and error prematurely
Igor Sysoev <igor@sysoev.ru>
parents:
1421
diff
changeset
|
637 |
adbafd129d06
do not set read->eof, ready, and error prematurely
Igor Sysoev <igor@sysoev.ru>
parents:
1421
diff
changeset
|
638 if (bytes) { |
adbafd129d06
do not set read->eof, ready, and error prematurely
Igor Sysoev <igor@sysoev.ru>
parents:
1421
diff
changeset
|
639 return bytes; |
adbafd129d06
do not set read->eof, ready, and error prematurely
Igor Sysoev <igor@sysoev.ru>
parents:
1421
diff
changeset
|
640 } |
adbafd129d06
do not set read->eof, ready, and error prematurely
Igor Sysoev <igor@sysoev.ru>
parents:
1421
diff
changeset
|
641 |
adbafd129d06
do not set read->eof, ready, and error prematurely
Igor Sysoev <igor@sysoev.ru>
parents:
1421
diff
changeset
|
642 switch (c->ssl->last) { |
adbafd129d06
do not set read->eof, ready, and error prematurely
Igor Sysoev <igor@sysoev.ru>
parents:
1421
diff
changeset
|
643 |
adbafd129d06
do not set read->eof, ready, and error prematurely
Igor Sysoev <igor@sysoev.ru>
parents:
1421
diff
changeset
|
644 case NGX_DONE: |
adbafd129d06
do not set read->eof, ready, and error prematurely
Igor Sysoev <igor@sysoev.ru>
parents:
1421
diff
changeset
|
645 c->read->ready = 0; |
adbafd129d06
do not set read->eof, ready, and error prematurely
Igor Sysoev <igor@sysoev.ru>
parents:
1421
diff
changeset
|
646 c->read->eof = 1; |
adbafd129d06
do not set read->eof, ready, and error prematurely
Igor Sysoev <igor@sysoev.ru>
parents:
1421
diff
changeset
|
647 return 0; |
adbafd129d06
do not set read->eof, ready, and error prematurely
Igor Sysoev <igor@sysoev.ru>
parents:
1421
diff
changeset
|
648 |
adbafd129d06
do not set read->eof, ready, and error prematurely
Igor Sysoev <igor@sysoev.ru>
parents:
1421
diff
changeset
|
649 case NGX_ERROR: |
adbafd129d06
do not set read->eof, ready, and error prematurely
Igor Sysoev <igor@sysoev.ru>
parents:
1421
diff
changeset
|
650 c->read->error = 1; |
adbafd129d06
do not set read->eof, ready, and error prematurely
Igor Sysoev <igor@sysoev.ru>
parents:
1421
diff
changeset
|
651 |
adbafd129d06
do not set read->eof, ready, and error prematurely
Igor Sysoev <igor@sysoev.ru>
parents:
1421
diff
changeset
|
652 /* fall thruogh */ |
adbafd129d06
do not set read->eof, ready, and error prematurely
Igor Sysoev <igor@sysoev.ru>
parents:
1421
diff
changeset
|
653 |
adbafd129d06
do not set read->eof, ready, and error prematurely
Igor Sysoev <igor@sysoev.ru>
parents:
1421
diff
changeset
|
654 case NGX_AGAIN: |
577 | 655 return c->ssl->last; |
479 | 656 } |
489 | 657 } |
658 } | |
659 | |
660 | |
661 static ngx_int_t | |
662 ngx_ssl_handle_recv(ngx_connection_t *c, int n) | |
663 { | |
547 | 664 int sslerr; |
665 ngx_err_t err; | |
489 | 666 |
667 if (n > 0) { | |
479 | 668 |
473 | 669 if (c->ssl->saved_write_handler) { |
670 | |
509 | 671 c->write->handler = c->ssl->saved_write_handler; |
473 | 672 c->ssl->saved_write_handler = NULL; |
673 c->write->ready = 1; | |
674 | |
675 if (ngx_handle_write_event(c->write, 0) == NGX_ERROR) { | |
676 return NGX_ERROR; | |
677 } | |
678 | |
563 | 679 ngx_post_event(c->write, &ngx_posted_events); |
473 | 680 } |
681 | |
489 | 682 return NGX_OK; |
393
5659d773cfa8
nginx-0.0.7-2004-07-15-20:35:51 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
683 } |
5659d773cfa8
nginx-0.0.7-2004-07-15-20:35:51 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
684 |
543 | 685 sslerr = SSL_get_error(c->ssl->connection, n); |
395
f8f0f1834266
nginx-0.0.7-2004-07-16-21:11:43 import
Igor Sysoev <igor@sysoev.ru>
parents:
394
diff
changeset
|
686 |
396
6f3b20c1ac50
nginx-0.0.7-2004-07-18-23:11:20 import
Igor Sysoev <igor@sysoev.ru>
parents:
395
diff
changeset
|
687 err = (sslerr == SSL_ERROR_SYSCALL) ? ngx_errno : 0; |
393
5659d773cfa8
nginx-0.0.7-2004-07-15-20:35:51 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
688 |
396
6f3b20c1ac50
nginx-0.0.7-2004-07-18-23:11:20 import
Igor Sysoev <igor@sysoev.ru>
parents:
395
diff
changeset
|
689 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL_get_error: %d", sslerr); |
393
5659d773cfa8
nginx-0.0.7-2004-07-15-20:35:51 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
690 |
395
f8f0f1834266
nginx-0.0.7-2004-07-16-21:11:43 import
Igor Sysoev <igor@sysoev.ru>
parents:
394
diff
changeset
|
691 if (sslerr == SSL_ERROR_WANT_READ) { |
455 | 692 c->read->ready = 0; |
393
5659d773cfa8
nginx-0.0.7-2004-07-15-20:35:51 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
693 return NGX_AGAIN; |
5659d773cfa8
nginx-0.0.7-2004-07-15-20:35:51 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
694 } |
394
e7a68e14ccd3
nginx-0.0.7-2004-07-16-10:33:35 import
Igor Sysoev <igor@sysoev.ru>
parents:
393
diff
changeset
|
695 |
445
f26432a1935a
nginx-0.1.0-2004-09-30-10:38:49 import
Igor Sysoev <igor@sysoev.ru>
parents:
444
diff
changeset
|
696 if (sslerr == SSL_ERROR_WANT_WRITE) { |
539 | 697 |
547 | 698 ngx_log_error(NGX_LOG_INFO, c->log, 0, |
577 | 699 "peer started SSL renegotiation"); |
473 | 700 |
701 c->write->ready = 0; | |
702 | |
703 if (ngx_handle_write_event(c->write, 0) == NGX_ERROR) { | |
704 return NGX_ERROR; | |
705 } | |
706 | |
707 /* | |
708 * we do not set the timer because there is already the read event timer | |
709 */ | |
710 | |
711 if (c->ssl->saved_write_handler == NULL) { | |
509 | 712 c->ssl->saved_write_handler = c->write->handler; |
713 c->write->handler = ngx_ssl_write_handler; | |
473 | 714 } |
715 | |
393
5659d773cfa8
nginx-0.0.7-2004-07-15-20:35:51 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
716 return NGX_AGAIN; |
5659d773cfa8
nginx-0.0.7-2004-07-15-20:35:51 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
717 } |
5659d773cfa8
nginx-0.0.7-2004-07-15-20:35:51 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
718 |
547 | 719 c->ssl->no_wait_shutdown = 1; |
720 c->ssl->no_send_shutdown = 1; | |
396
6f3b20c1ac50
nginx-0.0.7-2004-07-18-23:11:20 import
Igor Sysoev <igor@sysoev.ru>
parents:
395
diff
changeset
|
721 |
395
f8f0f1834266
nginx-0.0.7-2004-07-16-21:11:43 import
Igor Sysoev <igor@sysoev.ru>
parents:
394
diff
changeset
|
722 if (sslerr == SSL_ERROR_ZERO_RETURN || ERR_peek_error() == 0) { |
577 | 723 ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0, |
724 "peer shutdown SSL cleanly"); | |
725 return NGX_DONE; | |
393
5659d773cfa8
nginx-0.0.7-2004-07-15-20:35:51 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
726 } |
5659d773cfa8
nginx-0.0.7-2004-07-15-20:35:51 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
727 |
547 | 728 ngx_ssl_connection_error(c, sslerr, err, "SSL_read() failed"); |
393
5659d773cfa8
nginx-0.0.7-2004-07-15-20:35:51 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
729 |
5659d773cfa8
nginx-0.0.7-2004-07-15-20:35:51 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
730 return NGX_ERROR; |
5659d773cfa8
nginx-0.0.7-2004-07-15-20:35:51 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
731 } |
5659d773cfa8
nginx-0.0.7-2004-07-15-20:35:51 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
732 |
5659d773cfa8
nginx-0.0.7-2004-07-15-20:35:51 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
733 |
489 | 734 static void |
735 ngx_ssl_write_handler(ngx_event_t *wev) | |
473 | 736 { |
737 ngx_connection_t *c; | |
738 | |
739 c = wev->data; | |
547 | 740 |
509 | 741 c->read->handler(c->read); |
473 | 742 } |
743 | |
744 | |
398
201b5f68b59f
nginx-0.0.7-2004-07-23-21:05:37 import
Igor Sysoev <igor@sysoev.ru>
parents:
397
diff
changeset
|
745 /* |
201b5f68b59f
nginx-0.0.7-2004-07-23-21:05:37 import
Igor Sysoev <igor@sysoev.ru>
parents:
397
diff
changeset
|
746 * OpenSSL has no SSL_writev() so we copy several bufs into our 16K buffer |
473 | 747 * before the SSL_write() call to decrease a SSL overhead. |
398
201b5f68b59f
nginx-0.0.7-2004-07-23-21:05:37 import
Igor Sysoev <igor@sysoev.ru>
parents:
397
diff
changeset
|
748 * |
201b5f68b59f
nginx-0.0.7-2004-07-23-21:05:37 import
Igor Sysoev <igor@sysoev.ru>
parents:
397
diff
changeset
|
749 * Besides for protocols such as HTTP it is possible to always buffer |
201b5f68b59f
nginx-0.0.7-2004-07-23-21:05:37 import
Igor Sysoev <igor@sysoev.ru>
parents:
397
diff
changeset
|
750 * the output to decrease a SSL overhead some more. |
201b5f68b59f
nginx-0.0.7-2004-07-23-21:05:37 import
Igor Sysoev <igor@sysoev.ru>
parents:
397
diff
changeset
|
751 */ |
201b5f68b59f
nginx-0.0.7-2004-07-23-21:05:37 import
Igor Sysoev <igor@sysoev.ru>
parents:
397
diff
changeset
|
752 |
489 | 753 ngx_chain_t * |
754 ngx_ssl_send_chain(ngx_connection_t *c, ngx_chain_t *in, off_t limit) | |
394
e7a68e14ccd3
nginx-0.0.7-2004-07-16-10:33:35 import
Igor Sysoev <igor@sysoev.ru>
parents:
393
diff
changeset
|
755 { |
397
de797f3b4c27
nginx-0.0.7-2004-07-23-09:37:29 import
Igor Sysoev <igor@sysoev.ru>
parents:
396
diff
changeset
|
756 int n; |
399
4e21d1291a14
nginx-0.0.7-2004-07-25-22:34:14 import
Igor Sysoev <igor@sysoev.ru>
parents:
398
diff
changeset
|
757 ngx_uint_t flush; |
397
de797f3b4c27
nginx-0.0.7-2004-07-23-09:37:29 import
Igor Sysoev <igor@sysoev.ru>
parents:
396
diff
changeset
|
758 ssize_t send, size; |
de797f3b4c27
nginx-0.0.7-2004-07-23-09:37:29 import
Igor Sysoev <igor@sysoev.ru>
parents:
396
diff
changeset
|
759 ngx_buf_t *buf; |
394
e7a68e14ccd3
nginx-0.0.7-2004-07-16-10:33:35 import
Igor Sysoev <igor@sysoev.ru>
parents:
393
diff
changeset
|
760 |
597 | 761 if (!c->ssl->buffer |
762 || (in && in->next == NULL && !(c->buffered & NGX_SSL_BUFFERED))) | |
763 { | |
397
de797f3b4c27
nginx-0.0.7-2004-07-23-09:37:29 import
Igor Sysoev <igor@sysoev.ru>
parents:
396
diff
changeset
|
764 /* |
577 | 765 * we avoid a buffer copy if |
766 * we do not need to buffer the output | |
767 * or the incoming buf is a single and our buffer is empty | |
397
de797f3b4c27
nginx-0.0.7-2004-07-23-09:37:29 import
Igor Sysoev <igor@sysoev.ru>
parents:
396
diff
changeset
|
768 */ |
395
f8f0f1834266
nginx-0.0.7-2004-07-16-21:11:43 import
Igor Sysoev <igor@sysoev.ru>
parents:
394
diff
changeset
|
769 |
577 | 770 while (in) { |
771 if (ngx_buf_special(in->buf)) { | |
772 in = in->next; | |
773 continue; | |
774 } | |
397
de797f3b4c27
nginx-0.0.7-2004-07-23-09:37:29 import
Igor Sysoev <igor@sysoev.ru>
parents:
396
diff
changeset
|
775 |
577 | 776 n = ngx_ssl_write(c, in->buf->pos, in->buf->last - in->buf->pos); |
777 | |
778 if (n == NGX_ERROR) { | |
779 return NGX_CHAIN_ERROR; | |
780 } | |
398
201b5f68b59f
nginx-0.0.7-2004-07-23-21:05:37 import
Igor Sysoev <igor@sysoev.ru>
parents:
397
diff
changeset
|
781 |
577 | 782 if (n == NGX_AGAIN) { |
597 | 783 c->buffered |= NGX_SSL_BUFFERED; |
577 | 784 return in; |
785 } | |
786 | |
787 in->buf->pos += n; | |
788 | |
789 if (in->buf->pos == in->buf->last) { | |
790 in = in->next; | |
791 } | |
397
de797f3b4c27
nginx-0.0.7-2004-07-23-09:37:29 import
Igor Sysoev <igor@sysoev.ru>
parents:
396
diff
changeset
|
792 } |
395
f8f0f1834266
nginx-0.0.7-2004-07-16-21:11:43 import
Igor Sysoev <igor@sysoev.ru>
parents:
394
diff
changeset
|
793 |
397
de797f3b4c27
nginx-0.0.7-2004-07-23-09:37:29 import
Igor Sysoev <igor@sysoev.ru>
parents:
396
diff
changeset
|
794 return in; |
de797f3b4c27
nginx-0.0.7-2004-07-23-09:37:29 import
Igor Sysoev <igor@sysoev.ru>
parents:
396
diff
changeset
|
795 } |
395
f8f0f1834266
nginx-0.0.7-2004-07-16-21:11:43 import
Igor Sysoev <igor@sysoev.ru>
parents:
394
diff
changeset
|
796 |
473 | 797 |
798 /* the maximum limit size is the maximum uint32_t value - the page size */ | |
799 | |
1354
f69d1aab6a0f
make 64-bit ngx_int_t on 64-bit platforms
Igor Sysoev <igor@sysoev.ru>
parents:
1352
diff
changeset
|
800 if (limit == 0 || limit > (off_t) (NGX_MAX_UINT32_VALUE - ngx_pagesize)) { |
473 | 801 limit = NGX_MAX_UINT32_VALUE - ngx_pagesize; |
802 } | |
803 | |
804 | |
577 | 805 buf = c->ssl->buf; |
397
de797f3b4c27
nginx-0.0.7-2004-07-23-09:37:29 import
Igor Sysoev <igor@sysoev.ru>
parents:
396
diff
changeset
|
806 send = 0; |
de797f3b4c27
nginx-0.0.7-2004-07-23-09:37:29 import
Igor Sysoev <igor@sysoev.ru>
parents:
396
diff
changeset
|
807 flush = (in == NULL) ? 1 : 0; |
395
f8f0f1834266
nginx-0.0.7-2004-07-16-21:11:43 import
Igor Sysoev <igor@sysoev.ru>
parents:
394
diff
changeset
|
808 |
397
de797f3b4c27
nginx-0.0.7-2004-07-23-09:37:29 import
Igor Sysoev <igor@sysoev.ru>
parents:
396
diff
changeset
|
809 for ( ;; ) { |
395
f8f0f1834266
nginx-0.0.7-2004-07-16-21:11:43 import
Igor Sysoev <igor@sysoev.ru>
parents:
394
diff
changeset
|
810 |
397
de797f3b4c27
nginx-0.0.7-2004-07-23-09:37:29 import
Igor Sysoev <igor@sysoev.ru>
parents:
396
diff
changeset
|
811 while (in && buf->last < buf->end) { |
583 | 812 if (in->buf->last_buf || in->buf->flush) { |
397
de797f3b4c27
nginx-0.0.7-2004-07-23-09:37:29 import
Igor Sysoev <igor@sysoev.ru>
parents:
396
diff
changeset
|
813 flush = 1; |
395
f8f0f1834266
nginx-0.0.7-2004-07-16-21:11:43 import
Igor Sysoev <igor@sysoev.ru>
parents:
394
diff
changeset
|
814 } |
f8f0f1834266
nginx-0.0.7-2004-07-16-21:11:43 import
Igor Sysoev <igor@sysoev.ru>
parents:
394
diff
changeset
|
815 |
397
de797f3b4c27
nginx-0.0.7-2004-07-23-09:37:29 import
Igor Sysoev <igor@sysoev.ru>
parents:
396
diff
changeset
|
816 if (ngx_buf_special(in->buf)) { |
398
201b5f68b59f
nginx-0.0.7-2004-07-23-21:05:37 import
Igor Sysoev <igor@sysoev.ru>
parents:
397
diff
changeset
|
817 in = in->next; |
397
de797f3b4c27
nginx-0.0.7-2004-07-23-09:37:29 import
Igor Sysoev <igor@sysoev.ru>
parents:
396
diff
changeset
|
818 continue; |
de797f3b4c27
nginx-0.0.7-2004-07-23-09:37:29 import
Igor Sysoev <igor@sysoev.ru>
parents:
396
diff
changeset
|
819 } |
de797f3b4c27
nginx-0.0.7-2004-07-23-09:37:29 import
Igor Sysoev <igor@sysoev.ru>
parents:
396
diff
changeset
|
820 |
de797f3b4c27
nginx-0.0.7-2004-07-23-09:37:29 import
Igor Sysoev <igor@sysoev.ru>
parents:
396
diff
changeset
|
821 size = in->buf->last - in->buf->pos; |
de797f3b4c27
nginx-0.0.7-2004-07-23-09:37:29 import
Igor Sysoev <igor@sysoev.ru>
parents:
396
diff
changeset
|
822 |
de797f3b4c27
nginx-0.0.7-2004-07-23-09:37:29 import
Igor Sysoev <igor@sysoev.ru>
parents:
396
diff
changeset
|
823 if (size > buf->end - buf->last) { |
de797f3b4c27
nginx-0.0.7-2004-07-23-09:37:29 import
Igor Sysoev <igor@sysoev.ru>
parents:
396
diff
changeset
|
824 size = buf->end - buf->last; |
de797f3b4c27
nginx-0.0.7-2004-07-23-09:37:29 import
Igor Sysoev <igor@sysoev.ru>
parents:
396
diff
changeset
|
825 } |
de797f3b4c27
nginx-0.0.7-2004-07-23-09:37:29 import
Igor Sysoev <igor@sysoev.ru>
parents:
396
diff
changeset
|
826 |
395
f8f0f1834266
nginx-0.0.7-2004-07-16-21:11:43 import
Igor Sysoev <igor@sysoev.ru>
parents:
394
diff
changeset
|
827 if (send + size > limit) { |
577 | 828 size = (ssize_t) (limit - send); |
397
de797f3b4c27
nginx-0.0.7-2004-07-23-09:37:29 import
Igor Sysoev <igor@sysoev.ru>
parents:
396
diff
changeset
|
829 flush = 1; |
395
f8f0f1834266
nginx-0.0.7-2004-07-16-21:11:43 import
Igor Sysoev <igor@sysoev.ru>
parents:
394
diff
changeset
|
830 } |
f8f0f1834266
nginx-0.0.7-2004-07-16-21:11:43 import
Igor Sysoev <igor@sysoev.ru>
parents:
394
diff
changeset
|
831 |
f8f0f1834266
nginx-0.0.7-2004-07-16-21:11:43 import
Igor Sysoev <igor@sysoev.ru>
parents:
394
diff
changeset
|
832 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, |
397
de797f3b4c27
nginx-0.0.7-2004-07-23-09:37:29 import
Igor Sysoev <igor@sysoev.ru>
parents:
396
diff
changeset
|
833 "SSL buf copy: %d", size); |
395
f8f0f1834266
nginx-0.0.7-2004-07-16-21:11:43 import
Igor Sysoev <igor@sysoev.ru>
parents:
394
diff
changeset
|
834 |
397
de797f3b4c27
nginx-0.0.7-2004-07-23-09:37:29 import
Igor Sysoev <igor@sysoev.ru>
parents:
396
diff
changeset
|
835 ngx_memcpy(buf->last, in->buf->pos, size); |
395
f8f0f1834266
nginx-0.0.7-2004-07-16-21:11:43 import
Igor Sysoev <igor@sysoev.ru>
parents:
394
diff
changeset
|
836 |
397
de797f3b4c27
nginx-0.0.7-2004-07-23-09:37:29 import
Igor Sysoev <igor@sysoev.ru>
parents:
396
diff
changeset
|
837 buf->last += size; |
395
f8f0f1834266
nginx-0.0.7-2004-07-16-21:11:43 import
Igor Sysoev <igor@sysoev.ru>
parents:
394
diff
changeset
|
838 |
397
de797f3b4c27
nginx-0.0.7-2004-07-23-09:37:29 import
Igor Sysoev <igor@sysoev.ru>
parents:
396
diff
changeset
|
839 in->buf->pos += size; |
577 | 840 |
397
de797f3b4c27
nginx-0.0.7-2004-07-23-09:37:29 import
Igor Sysoev <igor@sysoev.ru>
parents:
396
diff
changeset
|
841 if (in->buf->pos == in->buf->last) { |
de797f3b4c27
nginx-0.0.7-2004-07-23-09:37:29 import
Igor Sysoev <igor@sysoev.ru>
parents:
396
diff
changeset
|
842 in = in->next; |
395
f8f0f1834266
nginx-0.0.7-2004-07-16-21:11:43 import
Igor Sysoev <igor@sysoev.ru>
parents:
394
diff
changeset
|
843 } |
f8f0f1834266
nginx-0.0.7-2004-07-16-21:11:43 import
Igor Sysoev <igor@sysoev.ru>
parents:
394
diff
changeset
|
844 } |
f8f0f1834266
nginx-0.0.7-2004-07-16-21:11:43 import
Igor Sysoev <igor@sysoev.ru>
parents:
394
diff
changeset
|
845 |
397
de797f3b4c27
nginx-0.0.7-2004-07-23-09:37:29 import
Igor Sysoev <igor@sysoev.ru>
parents:
396
diff
changeset
|
846 size = buf->last - buf->pos; |
de797f3b4c27
nginx-0.0.7-2004-07-23-09:37:29 import
Igor Sysoev <igor@sysoev.ru>
parents:
396
diff
changeset
|
847 |
398
201b5f68b59f
nginx-0.0.7-2004-07-23-21:05:37 import
Igor Sysoev <igor@sysoev.ru>
parents:
397
diff
changeset
|
848 if (!flush && buf->last < buf->end && c->ssl->buffer) { |
201b5f68b59f
nginx-0.0.7-2004-07-23-21:05:37 import
Igor Sysoev <igor@sysoev.ru>
parents:
397
diff
changeset
|
849 break; |
201b5f68b59f
nginx-0.0.7-2004-07-23-21:05:37 import
Igor Sysoev <igor@sysoev.ru>
parents:
397
diff
changeset
|
850 } |
397
de797f3b4c27
nginx-0.0.7-2004-07-23-09:37:29 import
Igor Sysoev <igor@sysoev.ru>
parents:
396
diff
changeset
|
851 |
398
201b5f68b59f
nginx-0.0.7-2004-07-23-21:05:37 import
Igor Sysoev <igor@sysoev.ru>
parents:
397
diff
changeset
|
852 n = ngx_ssl_write(c, buf->pos, size); |
201b5f68b59f
nginx-0.0.7-2004-07-23-21:05:37 import
Igor Sysoev <igor@sysoev.ru>
parents:
397
diff
changeset
|
853 |
201b5f68b59f
nginx-0.0.7-2004-07-23-21:05:37 import
Igor Sysoev <igor@sysoev.ru>
parents:
397
diff
changeset
|
854 if (n == NGX_ERROR) { |
201b5f68b59f
nginx-0.0.7-2004-07-23-21:05:37 import
Igor Sysoev <igor@sysoev.ru>
parents:
397
diff
changeset
|
855 return NGX_CHAIN_ERROR; |
397
de797f3b4c27
nginx-0.0.7-2004-07-23-09:37:29 import
Igor Sysoev <igor@sysoev.ru>
parents:
396
diff
changeset
|
856 } |
de797f3b4c27
nginx-0.0.7-2004-07-23-09:37:29 import
Igor Sysoev <igor@sysoev.ru>
parents:
396
diff
changeset
|
857 |
511 | 858 if (n == NGX_AGAIN) { |
597 | 859 c->buffered |= NGX_SSL_BUFFERED; |
511 | 860 return in; |
397
de797f3b4c27
nginx-0.0.7-2004-07-23-09:37:29 import
Igor Sysoev <igor@sysoev.ru>
parents:
396
diff
changeset
|
861 } |
de797f3b4c27
nginx-0.0.7-2004-07-23-09:37:29 import
Igor Sysoev <igor@sysoev.ru>
parents:
396
diff
changeset
|
862 |
de797f3b4c27
nginx-0.0.7-2004-07-23-09:37:29 import
Igor Sysoev <igor@sysoev.ru>
parents:
396
diff
changeset
|
863 buf->pos += n; |
de797f3b4c27
nginx-0.0.7-2004-07-23-09:37:29 import
Igor Sysoev <igor@sysoev.ru>
parents:
396
diff
changeset
|
864 send += n; |
de797f3b4c27
nginx-0.0.7-2004-07-23-09:37:29 import
Igor Sysoev <igor@sysoev.ru>
parents:
396
diff
changeset
|
865 c->sent += n; |
de797f3b4c27
nginx-0.0.7-2004-07-23-09:37:29 import
Igor Sysoev <igor@sysoev.ru>
parents:
396
diff
changeset
|
866 |
de797f3b4c27
nginx-0.0.7-2004-07-23-09:37:29 import
Igor Sysoev <igor@sysoev.ru>
parents:
396
diff
changeset
|
867 if (n < size) { |
de797f3b4c27
nginx-0.0.7-2004-07-23-09:37:29 import
Igor Sysoev <igor@sysoev.ru>
parents:
396
diff
changeset
|
868 break; |
395
f8f0f1834266
nginx-0.0.7-2004-07-16-21:11:43 import
Igor Sysoev <igor@sysoev.ru>
parents:
394
diff
changeset
|
869 } |
f8f0f1834266
nginx-0.0.7-2004-07-16-21:11:43 import
Igor Sysoev <igor@sysoev.ru>
parents:
394
diff
changeset
|
870 |
f8f0f1834266
nginx-0.0.7-2004-07-16-21:11:43 import
Igor Sysoev <igor@sysoev.ru>
parents:
394
diff
changeset
|
871 if (buf->pos == buf->last) { |
397
de797f3b4c27
nginx-0.0.7-2004-07-23-09:37:29 import
Igor Sysoev <igor@sysoev.ru>
parents:
396
diff
changeset
|
872 buf->pos = buf->start; |
de797f3b4c27
nginx-0.0.7-2004-07-23-09:37:29 import
Igor Sysoev <igor@sysoev.ru>
parents:
396
diff
changeset
|
873 buf->last = buf->start; |
de797f3b4c27
nginx-0.0.7-2004-07-23-09:37:29 import
Igor Sysoev <igor@sysoev.ru>
parents:
396
diff
changeset
|
874 } |
395
f8f0f1834266
nginx-0.0.7-2004-07-16-21:11:43 import
Igor Sysoev <igor@sysoev.ru>
parents:
394
diff
changeset
|
875 |
397
de797f3b4c27
nginx-0.0.7-2004-07-23-09:37:29 import
Igor Sysoev <igor@sysoev.ru>
parents:
396
diff
changeset
|
876 if (in == NULL || send == limit) { |
de797f3b4c27
nginx-0.0.7-2004-07-23-09:37:29 import
Igor Sysoev <igor@sysoev.ru>
parents:
396
diff
changeset
|
877 break; |
395
f8f0f1834266
nginx-0.0.7-2004-07-16-21:11:43 import
Igor Sysoev <igor@sysoev.ru>
parents:
394
diff
changeset
|
878 } |
f8f0f1834266
nginx-0.0.7-2004-07-16-21:11:43 import
Igor Sysoev <igor@sysoev.ru>
parents:
394
diff
changeset
|
879 } |
f8f0f1834266
nginx-0.0.7-2004-07-16-21:11:43 import
Igor Sysoev <igor@sysoev.ru>
parents:
394
diff
changeset
|
880 |
597 | 881 if (buf->pos < buf->last) { |
882 c->buffered |= NGX_SSL_BUFFERED; | |
883 | |
884 } else { | |
885 c->buffered &= ~NGX_SSL_BUFFERED; | |
886 } | |
397
de797f3b4c27
nginx-0.0.7-2004-07-23-09:37:29 import
Igor Sysoev <igor@sysoev.ru>
parents:
396
diff
changeset
|
887 |
399
4e21d1291a14
nginx-0.0.7-2004-07-25-22:34:14 import
Igor Sysoev <igor@sysoev.ru>
parents:
398
diff
changeset
|
888 return in; |
397
de797f3b4c27
nginx-0.0.7-2004-07-23-09:37:29 import
Igor Sysoev <igor@sysoev.ru>
parents:
396
diff
changeset
|
889 } |
de797f3b4c27
nginx-0.0.7-2004-07-23-09:37:29 import
Igor Sysoev <igor@sysoev.ru>
parents:
396
diff
changeset
|
890 |
de797f3b4c27
nginx-0.0.7-2004-07-23-09:37:29 import
Igor Sysoev <igor@sysoev.ru>
parents:
396
diff
changeset
|
891 |
539 | 892 ssize_t |
489 | 893 ngx_ssl_write(ngx_connection_t *c, u_char *data, size_t size) |
397
de797f3b4c27
nginx-0.0.7-2004-07-23-09:37:29 import
Igor Sysoev <igor@sysoev.ru>
parents:
396
diff
changeset
|
894 { |
547 | 895 int n, sslerr; |
896 ngx_err_t err; | |
397
de797f3b4c27
nginx-0.0.7-2004-07-23-09:37:29 import
Igor Sysoev <igor@sysoev.ru>
parents:
396
diff
changeset
|
897 |
de797f3b4c27
nginx-0.0.7-2004-07-23-09:37:29 import
Igor Sysoev <igor@sysoev.ru>
parents:
396
diff
changeset
|
898 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL to write: %d", size); |
de797f3b4c27
nginx-0.0.7-2004-07-23-09:37:29 import
Igor Sysoev <igor@sysoev.ru>
parents:
396
diff
changeset
|
899 |
543 | 900 n = SSL_write(c->ssl->connection, data, size); |
397
de797f3b4c27
nginx-0.0.7-2004-07-23-09:37:29 import
Igor Sysoev <igor@sysoev.ru>
parents:
396
diff
changeset
|
901 |
de797f3b4c27
nginx-0.0.7-2004-07-23-09:37:29 import
Igor Sysoev <igor@sysoev.ru>
parents:
396
diff
changeset
|
902 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL_write: %d", n); |
de797f3b4c27
nginx-0.0.7-2004-07-23-09:37:29 import
Igor Sysoev <igor@sysoev.ru>
parents:
396
diff
changeset
|
903 |
de797f3b4c27
nginx-0.0.7-2004-07-23-09:37:29 import
Igor Sysoev <igor@sysoev.ru>
parents:
396
diff
changeset
|
904 if (n > 0) { |
539 | 905 |
473 | 906 if (c->ssl->saved_read_handler) { |
907 | |
509 | 908 c->read->handler = c->ssl->saved_read_handler; |
473 | 909 c->ssl->saved_read_handler = NULL; |
910 c->read->ready = 1; | |
911 | |
912 if (ngx_handle_read_event(c->read, 0) == NGX_ERROR) { | |
913 return NGX_ERROR; | |
914 } | |
915 | |
563 | 916 ngx_post_event(c->read, &ngx_posted_events); |
473 | 917 } |
918 | |
397
de797f3b4c27
nginx-0.0.7-2004-07-23-09:37:29 import
Igor Sysoev <igor@sysoev.ru>
parents:
396
diff
changeset
|
919 return n; |
de797f3b4c27
nginx-0.0.7-2004-07-23-09:37:29 import
Igor Sysoev <igor@sysoev.ru>
parents:
396
diff
changeset
|
920 } |
de797f3b4c27
nginx-0.0.7-2004-07-23-09:37:29 import
Igor Sysoev <igor@sysoev.ru>
parents:
396
diff
changeset
|
921 |
543 | 922 sslerr = SSL_get_error(c->ssl->connection, n); |
397
de797f3b4c27
nginx-0.0.7-2004-07-23-09:37:29 import
Igor Sysoev <igor@sysoev.ru>
parents:
396
diff
changeset
|
923 |
de797f3b4c27
nginx-0.0.7-2004-07-23-09:37:29 import
Igor Sysoev <igor@sysoev.ru>
parents:
396
diff
changeset
|
924 err = (sslerr == SSL_ERROR_SYSCALL) ? ngx_errno : 0; |
de797f3b4c27
nginx-0.0.7-2004-07-23-09:37:29 import
Igor Sysoev <igor@sysoev.ru>
parents:
396
diff
changeset
|
925 |
de797f3b4c27
nginx-0.0.7-2004-07-23-09:37:29 import
Igor Sysoev <igor@sysoev.ru>
parents:
396
diff
changeset
|
926 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL_get_error: %d", sslerr); |
de797f3b4c27
nginx-0.0.7-2004-07-23-09:37:29 import
Igor Sysoev <igor@sysoev.ru>
parents:
396
diff
changeset
|
927 |
de797f3b4c27
nginx-0.0.7-2004-07-23-09:37:29 import
Igor Sysoev <igor@sysoev.ru>
parents:
396
diff
changeset
|
928 if (sslerr == SSL_ERROR_WANT_WRITE) { |
de797f3b4c27
nginx-0.0.7-2004-07-23-09:37:29 import
Igor Sysoev <igor@sysoev.ru>
parents:
396
diff
changeset
|
929 c->write->ready = 0; |
de797f3b4c27
nginx-0.0.7-2004-07-23-09:37:29 import
Igor Sysoev <igor@sysoev.ru>
parents:
396
diff
changeset
|
930 return NGX_AGAIN; |
de797f3b4c27
nginx-0.0.7-2004-07-23-09:37:29 import
Igor Sysoev <igor@sysoev.ru>
parents:
396
diff
changeset
|
931 } |
de797f3b4c27
nginx-0.0.7-2004-07-23-09:37:29 import
Igor Sysoev <igor@sysoev.ru>
parents:
396
diff
changeset
|
932 |
445
f26432a1935a
nginx-0.1.0-2004-09-30-10:38:49 import
Igor Sysoev <igor@sysoev.ru>
parents:
444
diff
changeset
|
933 if (sslerr == SSL_ERROR_WANT_READ) { |
452 | 934 |
547 | 935 ngx_log_error(NGX_LOG_INFO, c->log, 0, |
577 | 936 "peer started SSL renegotiation"); |
473 | 937 |
938 c->read->ready = 0; | |
939 | |
940 if (ngx_handle_read_event(c->read, 0) == NGX_ERROR) { | |
941 return NGX_ERROR; | |
942 } | |
943 | |
944 /* | |
945 * we do not set the timer because there is already | |
946 * the write event timer | |
947 */ | |
948 | |
949 if (c->ssl->saved_read_handler == NULL) { | |
509 | 950 c->ssl->saved_read_handler = c->read->handler; |
951 c->read->handler = ngx_ssl_read_handler; | |
473 | 952 } |
953 | |
397
de797f3b4c27
nginx-0.0.7-2004-07-23-09:37:29 import
Igor Sysoev <igor@sysoev.ru>
parents:
396
diff
changeset
|
954 return NGX_AGAIN; |
de797f3b4c27
nginx-0.0.7-2004-07-23-09:37:29 import
Igor Sysoev <igor@sysoev.ru>
parents:
396
diff
changeset
|
955 } |
395
f8f0f1834266
nginx-0.0.7-2004-07-16-21:11:43 import
Igor Sysoev <igor@sysoev.ru>
parents:
394
diff
changeset
|
956 |
547 | 957 c->ssl->no_wait_shutdown = 1; |
958 c->ssl->no_send_shutdown = 1; | |
591 | 959 c->write->error = 1; |
543 | 960 |
547 | 961 ngx_ssl_connection_error(c, sslerr, err, "SSL_write() failed"); |
394
e7a68e14ccd3
nginx-0.0.7-2004-07-16-10:33:35 import
Igor Sysoev <igor@sysoev.ru>
parents:
393
diff
changeset
|
962 |
397
de797f3b4c27
nginx-0.0.7-2004-07-23-09:37:29 import
Igor Sysoev <igor@sysoev.ru>
parents:
396
diff
changeset
|
963 return NGX_ERROR; |
394
e7a68e14ccd3
nginx-0.0.7-2004-07-16-10:33:35 import
Igor Sysoev <igor@sysoev.ru>
parents:
393
diff
changeset
|
964 } |
e7a68e14ccd3
nginx-0.0.7-2004-07-16-10:33:35 import
Igor Sysoev <igor@sysoev.ru>
parents:
393
diff
changeset
|
965 |
e7a68e14ccd3
nginx-0.0.7-2004-07-16-10:33:35 import
Igor Sysoev <igor@sysoev.ru>
parents:
393
diff
changeset
|
966 |
489 | 967 static void |
968 ngx_ssl_read_handler(ngx_event_t *rev) | |
473 | 969 { |
970 ngx_connection_t *c; | |
971 | |
972 c = rev->data; | |
547 | 973 |
509 | 974 c->write->handler(c->write); |
473 | 975 } |
976 | |
977 | |
489 | 978 ngx_int_t |
979 ngx_ssl_shutdown(ngx_connection_t *c) | |
394
e7a68e14ccd3
nginx-0.0.7-2004-07-16-10:33:35 import
Igor Sysoev <igor@sysoev.ru>
parents:
393
diff
changeset
|
980 { |
473 | 981 int n, sslerr, mode; |
591 | 982 ngx_err_t err; |
394
e7a68e14ccd3
nginx-0.0.7-2004-07-16-10:33:35 import
Igor Sysoev <igor@sysoev.ru>
parents:
393
diff
changeset
|
983 ngx_uint_t again; |
e7a68e14ccd3
nginx-0.0.7-2004-07-16-10:33:35 import
Igor Sysoev <igor@sysoev.ru>
parents:
393
diff
changeset
|
984 |
577 | 985 if (c->timedout) { |
547 | 986 mode = SSL_RECEIVED_SHUTDOWN|SSL_SENT_SHUTDOWN; |
396
6f3b20c1ac50
nginx-0.0.7-2004-07-18-23:11:20 import
Igor Sysoev <igor@sysoev.ru>
parents:
395
diff
changeset
|
987 |
547 | 988 } else { |
989 mode = SSL_get_shutdown(c->ssl->connection); | |
473 | 990 |
547 | 991 if (c->ssl->no_wait_shutdown) { |
992 mode |= SSL_RECEIVED_SHUTDOWN; | |
396
6f3b20c1ac50
nginx-0.0.7-2004-07-18-23:11:20 import
Igor Sysoev <igor@sysoev.ru>
parents:
395
diff
changeset
|
993 } |
6f3b20c1ac50
nginx-0.0.7-2004-07-18-23:11:20 import
Igor Sysoev <igor@sysoev.ru>
parents:
395
diff
changeset
|
994 |
547 | 995 if (c->ssl->no_send_shutdown) { |
996 mode |= SSL_SENT_SHUTDOWN; | |
396
6f3b20c1ac50
nginx-0.0.7-2004-07-18-23:11:20 import
Igor Sysoev <igor@sysoev.ru>
parents:
395
diff
changeset
|
997 } |
394
e7a68e14ccd3
nginx-0.0.7-2004-07-16-10:33:35 import
Igor Sysoev <igor@sysoev.ru>
parents:
393
diff
changeset
|
998 } |
e7a68e14ccd3
nginx-0.0.7-2004-07-16-10:33:35 import
Igor Sysoev <igor@sysoev.ru>
parents:
393
diff
changeset
|
999 |
547 | 1000 SSL_set_shutdown(c->ssl->connection, mode); |
1001 | |
394
e7a68e14ccd3
nginx-0.0.7-2004-07-16-10:33:35 import
Igor Sysoev <igor@sysoev.ru>
parents:
393
diff
changeset
|
1002 again = 0; |
461 | 1003 sslerr = 0; |
394
e7a68e14ccd3
nginx-0.0.7-2004-07-16-10:33:35 import
Igor Sysoev <igor@sysoev.ru>
parents:
393
diff
changeset
|
1004 |
e7a68e14ccd3
nginx-0.0.7-2004-07-16-10:33:35 import
Igor Sysoev <igor@sysoev.ru>
parents:
393
diff
changeset
|
1005 for ( ;; ) { |
543 | 1006 n = SSL_shutdown(c->ssl->connection); |
394
e7a68e14ccd3
nginx-0.0.7-2004-07-16-10:33:35 import
Igor Sysoev <igor@sysoev.ru>
parents:
393
diff
changeset
|
1007 |
e7a68e14ccd3
nginx-0.0.7-2004-07-16-10:33:35 import
Igor Sysoev <igor@sysoev.ru>
parents:
393
diff
changeset
|
1008 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL_shutdown: %d", n); |
e7a68e14ccd3
nginx-0.0.7-2004-07-16-10:33:35 import
Igor Sysoev <igor@sysoev.ru>
parents:
393
diff
changeset
|
1009 |
577 | 1010 if (n == 1 || (n == 0 && c->timedout)) { |
543 | 1011 SSL_free(c->ssl->connection); |
473 | 1012 c->ssl = NULL; |
543 | 1013 |
473 | 1014 return NGX_OK; |
1015 } | |
1016 | |
394
e7a68e14ccd3
nginx-0.0.7-2004-07-16-10:33:35 import
Igor Sysoev <igor@sysoev.ru>
parents:
393
diff
changeset
|
1017 if (n == 0) { |
e7a68e14ccd3
nginx-0.0.7-2004-07-16-10:33:35 import
Igor Sysoev <igor@sysoev.ru>
parents:
393
diff
changeset
|
1018 again = 1; |
e7a68e14ccd3
nginx-0.0.7-2004-07-16-10:33:35 import
Igor Sysoev <igor@sysoev.ru>
parents:
393
diff
changeset
|
1019 break; |
e7a68e14ccd3
nginx-0.0.7-2004-07-16-10:33:35 import
Igor Sysoev <igor@sysoev.ru>
parents:
393
diff
changeset
|
1020 } |
e7a68e14ccd3
nginx-0.0.7-2004-07-16-10:33:35 import
Igor Sysoev <igor@sysoev.ru>
parents:
393
diff
changeset
|
1021 |
e7a68e14ccd3
nginx-0.0.7-2004-07-16-10:33:35 import
Igor Sysoev <igor@sysoev.ru>
parents:
393
diff
changeset
|
1022 break; |
e7a68e14ccd3
nginx-0.0.7-2004-07-16-10:33:35 import
Igor Sysoev <igor@sysoev.ru>
parents:
393
diff
changeset
|
1023 } |
e7a68e14ccd3
nginx-0.0.7-2004-07-16-10:33:35 import
Igor Sysoev <igor@sysoev.ru>
parents:
393
diff
changeset
|
1024 |
e7a68e14ccd3
nginx-0.0.7-2004-07-16-10:33:35 import
Igor Sysoev <igor@sysoev.ru>
parents:
393
diff
changeset
|
1025 if (!again) { |
543 | 1026 sslerr = SSL_get_error(c->ssl->connection, n); |
394
e7a68e14ccd3
nginx-0.0.7-2004-07-16-10:33:35 import
Igor Sysoev <igor@sysoev.ru>
parents:
393
diff
changeset
|
1027 |
396
6f3b20c1ac50
nginx-0.0.7-2004-07-18-23:11:20 import
Igor Sysoev <igor@sysoev.ru>
parents:
395
diff
changeset
|
1028 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, |
6f3b20c1ac50
nginx-0.0.7-2004-07-18-23:11:20 import
Igor Sysoev <igor@sysoev.ru>
parents:
395
diff
changeset
|
1029 "SSL_get_error: %d", sslerr); |
394
e7a68e14ccd3
nginx-0.0.7-2004-07-16-10:33:35 import
Igor Sysoev <igor@sysoev.ru>
parents:
393
diff
changeset
|
1030 } |
e7a68e14ccd3
nginx-0.0.7-2004-07-16-10:33:35 import
Igor Sysoev <igor@sysoev.ru>
parents:
393
diff
changeset
|
1031 |
589 | 1032 if (again |
1033 || sslerr == SSL_ERROR_WANT_READ | |
1034 || sslerr == SSL_ERROR_WANT_WRITE) | |
1035 { | |
577 | 1036 c->read->handler = ngx_ssl_shutdown_handler; |
589 | 1037 c->write->handler = ngx_ssl_shutdown_handler; |
577 | 1038 |
394
e7a68e14ccd3
nginx-0.0.7-2004-07-16-10:33:35 import
Igor Sysoev <igor@sysoev.ru>
parents:
393
diff
changeset
|
1039 if (ngx_handle_read_event(c->read, 0) == NGX_ERROR) { |
e7a68e14ccd3
nginx-0.0.7-2004-07-16-10:33:35 import
Igor Sysoev <igor@sysoev.ru>
parents:
393
diff
changeset
|
1040 return NGX_ERROR; |
e7a68e14ccd3
nginx-0.0.7-2004-07-16-10:33:35 import
Igor Sysoev <igor@sysoev.ru>
parents:
393
diff
changeset
|
1041 } |
e7a68e14ccd3
nginx-0.0.7-2004-07-16-10:33:35 import
Igor Sysoev <igor@sysoev.ru>
parents:
393
diff
changeset
|
1042 |
e7a68e14ccd3
nginx-0.0.7-2004-07-16-10:33:35 import
Igor Sysoev <igor@sysoev.ru>
parents:
393
diff
changeset
|
1043 if (ngx_handle_write_event(c->write, 0) == NGX_ERROR) { |
e7a68e14ccd3
nginx-0.0.7-2004-07-16-10:33:35 import
Igor Sysoev <igor@sysoev.ru>
parents:
393
diff
changeset
|
1044 return NGX_ERROR; |
e7a68e14ccd3
nginx-0.0.7-2004-07-16-10:33:35 import
Igor Sysoev <igor@sysoev.ru>
parents:
393
diff
changeset
|
1045 } |
e7a68e14ccd3
nginx-0.0.7-2004-07-16-10:33:35 import
Igor Sysoev <igor@sysoev.ru>
parents:
393
diff
changeset
|
1046 |
589 | 1047 if (again || sslerr == SSL_ERROR_WANT_READ) { |
1048 ngx_add_timer(c->read, 30000); | |
1049 } | |
1050 | |
394
e7a68e14ccd3
nginx-0.0.7-2004-07-16-10:33:35 import
Igor Sysoev <igor@sysoev.ru>
parents:
393
diff
changeset
|
1051 return NGX_AGAIN; |
e7a68e14ccd3
nginx-0.0.7-2004-07-16-10:33:35 import
Igor Sysoev <igor@sysoev.ru>
parents:
393
diff
changeset
|
1052 } |
e7a68e14ccd3
nginx-0.0.7-2004-07-16-10:33:35 import
Igor Sysoev <igor@sysoev.ru>
parents:
393
diff
changeset
|
1053 |
591 | 1054 err = (sslerr == SSL_ERROR_SYSCALL) ? ngx_errno : 0; |
1055 | |
1056 ngx_ssl_connection_error(c, sslerr, err, "SSL_shutdown() failed"); | |
394
e7a68e14ccd3
nginx-0.0.7-2004-07-16-10:33:35 import
Igor Sysoev <igor@sysoev.ru>
parents:
393
diff
changeset
|
1057 |
543 | 1058 SSL_free(c->ssl->connection); |
1059 c->ssl = NULL; | |
1060 | |
394
e7a68e14ccd3
nginx-0.0.7-2004-07-16-10:33:35 import
Igor Sysoev <igor@sysoev.ru>
parents:
393
diff
changeset
|
1061 return NGX_ERROR; |
e7a68e14ccd3
nginx-0.0.7-2004-07-16-10:33:35 import
Igor Sysoev <igor@sysoev.ru>
parents:
393
diff
changeset
|
1062 } |
e7a68e14ccd3
nginx-0.0.7-2004-07-16-10:33:35 import
Igor Sysoev <igor@sysoev.ru>
parents:
393
diff
changeset
|
1063 |
e7a68e14ccd3
nginx-0.0.7-2004-07-16-10:33:35 import
Igor Sysoev <igor@sysoev.ru>
parents:
393
diff
changeset
|
1064 |
547 | 1065 static void |
577 | 1066 ngx_ssl_shutdown_handler(ngx_event_t *ev) |
1067 { | |
1068 ngx_connection_t *c; | |
1069 ngx_connection_handler_pt handler; | |
1070 | |
1071 c = ev->data; | |
1072 handler = c->ssl->handler; | |
1073 | |
1074 if (ev->timedout) { | |
1075 c->timedout = 1; | |
1076 } | |
1077 | |
974
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1078 ngx_log_debug0(NGX_LOG_DEBUG_EVENT, ev->log, 0, "SSL shutdown handler"); |
577 | 1079 |
1080 if (ngx_ssl_shutdown(c) == NGX_AGAIN) { | |
1081 return; | |
1082 } | |
1083 | |
1084 handler(c); | |
1085 } | |
1086 | |
1087 | |
1088 static void | |
547 | 1089 ngx_ssl_connection_error(ngx_connection_t *c, int sslerr, ngx_err_t err, |
1090 char *text) | |
1091 { | |
1092 ngx_uint_t level; | |
1093 | |
1094 level = NGX_LOG_CRIT; | |
1095 | |
1096 if (sslerr == SSL_ERROR_SYSCALL) { | |
1097 | |
1098 if (err == NGX_ECONNRESET | |
1099 || err == NGX_EPIPE | |
1100 || err == NGX_ENOTCONN | |
589 | 1101 #if !(NGX_CRIT_ETIMEDOUT) |
1102 || err == NGX_ETIMEDOUT | |
1103 #endif | |
547 | 1104 || err == NGX_ECONNREFUSED |
1105 || err == NGX_EHOSTUNREACH) | |
1106 { | |
1107 switch (c->log_error) { | |
1108 | |
1109 case NGX_ERROR_IGNORE_ECONNRESET: | |
1110 case NGX_ERROR_INFO: | |
1111 level = NGX_LOG_INFO; | |
1112 break; | |
1113 | |
1114 case NGX_ERROR_ERR: | |
1115 level = NGX_LOG_ERR; | |
1116 break; | |
1117 | |
1118 default: | |
1119 break; | |
1120 } | |
1121 } | |
1122 } | |
1123 | |
1124 ngx_ssl_error(level, c->log, err, text); | |
1125 } | |
1126 | |
1127 | |
583 | 1128 void ngx_cdecl |
489 | 1129 ngx_ssl_error(ngx_uint_t level, ngx_log_t *log, ngx_err_t err, char *fmt, ...) |
577 | 1130 { |
547 | 1131 u_long n; |
1132 va_list args; | |
461 | 1133 u_char errstr[NGX_MAX_CONF_ERRSTR], *p, *last; |
1134 | |
1135 last = errstr + NGX_MAX_CONF_ERRSTR; | |
393
5659d773cfa8
nginx-0.0.7-2004-07-15-20:35:51 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
1136 |
5659d773cfa8
nginx-0.0.7-2004-07-15-20:35:51 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
1137 va_start(args, fmt); |
461 | 1138 p = ngx_vsnprintf(errstr, sizeof(errstr) - 1, fmt, args); |
393
5659d773cfa8
nginx-0.0.7-2004-07-15-20:35:51 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
1139 va_end(args); |
5659d773cfa8
nginx-0.0.7-2004-07-15-20:35:51 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
1140 |
547 | 1141 p = ngx_cpystrn(p, (u_char *) " (SSL:", last - p); |
1142 | |
583 | 1143 while (p < last) { |
1144 | |
1145 n = ERR_get_error(); | |
1146 | |
1147 if (n == 0) { | |
1148 break; | |
1149 } | |
547 | 1150 |
1151 *p++ = ' '; | |
393
5659d773cfa8
nginx-0.0.7-2004-07-15-20:35:51 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
1152 |
547 | 1153 ERR_error_string_n(n, (char *) p, last - p); |
1154 | |
1155 while (p < last && *p) { | |
1156 p++; | |
1157 } | |
1158 } | |
393
5659d773cfa8
nginx-0.0.7-2004-07-15-20:35:51 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
1159 |
395
f8f0f1834266
nginx-0.0.7-2004-07-16-21:11:43 import
Igor Sysoev <igor@sysoev.ru>
parents:
394
diff
changeset
|
1160 ngx_log_error(level, log, err, "%s)", errstr); |
393
5659d773cfa8
nginx-0.0.7-2004-07-15-20:35:51 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
1161 } |
509 | 1162 |
1163 | |
974
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1164 ngx_int_t |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1165 ngx_ssl_session_cache(ngx_ssl_t *ssl, ngx_str_t *sess_ctx, |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1166 ssize_t builtin_session_cache, ngx_shm_zone_t *shm_zone, time_t timeout) |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1167 { |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1168 long cache_mode; |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1169 |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1170 cache_mode = SSL_SESS_CACHE_SERVER; |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1171 |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1172 if (shm_zone && builtin_session_cache == NGX_SSL_NO_BUILTIN_SCACHE) { |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1173 cache_mode |= SSL_SESS_CACHE_NO_INTERNAL; |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1174 } |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1175 |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1176 SSL_CTX_set_session_cache_mode(ssl->ctx, cache_mode); |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1177 |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1178 SSL_CTX_set_session_id_context(ssl->ctx, sess_ctx->data, sess_ctx->len); |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1179 |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1180 if (builtin_session_cache != NGX_SSL_NO_BUILTIN_SCACHE) { |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1181 |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1182 if (builtin_session_cache != NGX_SSL_DFLT_BUILTIN_SCACHE) { |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1183 SSL_CTX_sess_set_cache_size(ssl->ctx, builtin_session_cache); |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1184 } |
1015
32ebb6b13ff3
ssl_session_timeout was set only if builtin cache was used
Igor Sysoev <igor@sysoev.ru>
parents:
1014
diff
changeset
|
1185 } |
974
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1186 |
1015
32ebb6b13ff3
ssl_session_timeout was set only if builtin cache was used
Igor Sysoev <igor@sysoev.ru>
parents:
1014
diff
changeset
|
1187 SSL_CTX_set_timeout(ssl->ctx, timeout); |
974
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1188 |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1189 if (shm_zone) { |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1190 shm_zone->init = ngx_ssl_session_cache_init; |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1191 |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1192 SSL_CTX_sess_set_new_cb(ssl->ctx, ngx_ssl_new_session); |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1193 SSL_CTX_sess_set_get_cb(ssl->ctx, ngx_ssl_get_cached_session); |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1194 SSL_CTX_sess_set_remove_cb(ssl->ctx, ngx_ssl_remove_session); |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1195 |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1196 if (SSL_CTX_set_ex_data(ssl->ctx, ngx_ssl_session_cache_index, shm_zone) |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1197 == 0) |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1198 { |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1199 ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0, |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1200 "SSL_CTX_set_ex_data() failed"); |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1201 return NGX_ERROR; |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1202 } |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1203 } |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1204 |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1205 return NGX_OK; |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1206 } |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1207 |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1208 |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1209 static ngx_int_t |
993
1b9a4d92173f
pass the inherited shm_zone data
Igor Sysoev <igor@sysoev.ru>
parents:
989
diff
changeset
|
1210 ngx_ssl_session_cache_init(ngx_shm_zone_t *shm_zone, void *data) |
974
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1211 { |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1212 ngx_slab_pool_t *shpool; |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1213 ngx_rbtree_node_t *sentinel; |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1214 ngx_ssl_session_cache_t *cache; |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1215 |
993
1b9a4d92173f
pass the inherited shm_zone data
Igor Sysoev <igor@sysoev.ru>
parents:
989
diff
changeset
|
1216 if (data) { |
1b9a4d92173f
pass the inherited shm_zone data
Igor Sysoev <igor@sysoev.ru>
parents:
989
diff
changeset
|
1217 shm_zone->data = data; |
1b9a4d92173f
pass the inherited shm_zone data
Igor Sysoev <igor@sysoev.ru>
parents:
989
diff
changeset
|
1218 return NGX_OK; |
1b9a4d92173f
pass the inherited shm_zone data
Igor Sysoev <igor@sysoev.ru>
parents:
989
diff
changeset
|
1219 } |
1b9a4d92173f
pass the inherited shm_zone data
Igor Sysoev <igor@sysoev.ru>
parents:
989
diff
changeset
|
1220 |
974
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1221 shpool = (ngx_slab_pool_t *) shm_zone->shm.addr; |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1222 |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1223 cache = ngx_slab_alloc(shpool, sizeof(ngx_ssl_session_cache_t)); |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1224 if (cache == NULL) { |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1225 return NGX_ERROR; |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1226 } |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1227 |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1228 cache->session_cache_head.prev = NULL; |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1229 cache->session_cache_head.next = &cache->session_cache_tail; |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1230 |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1231 cache->session_cache_tail.prev = &cache->session_cache_head; |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1232 cache->session_cache_tail.next = NULL; |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1233 |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1234 cache->session_rbtree = ngx_slab_alloc(shpool, sizeof(ngx_rbtree_t)); |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1235 if (cache->session_rbtree == NULL) { |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1236 return NGX_ERROR; |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1237 } |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1238 |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1239 sentinel = ngx_slab_alloc(shpool, sizeof(ngx_rbtree_node_t)); |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1240 if (sentinel == NULL) { |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1241 return NGX_ERROR; |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1242 } |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1243 |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1244 ngx_rbtree_sentinel_init(sentinel); |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1245 |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1246 cache->session_rbtree->root = sentinel; |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1247 cache->session_rbtree->sentinel = sentinel; |
1027
ff07ccfaad50
fix duplicate rbtree keys case
Igor Sysoev <igor@sysoev.ru>
parents:
1025
diff
changeset
|
1248 cache->session_rbtree->insert = ngx_ssl_session_rbtree_insert_value; |
974
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1249 |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1250 shm_zone->data = cache; |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1251 |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1252 return NGX_OK; |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1253 } |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1254 |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1255 |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1256 /* |
1014
5ffd76a9ccf3
optimize the SSL session cache allocations
Igor Sysoev <igor@sysoev.ru>
parents:
1013
diff
changeset
|
1257 * The length of the session id is 16 bytes for SSLv2 sessions and |
5ffd76a9ccf3
optimize the SSL session cache allocations
Igor Sysoev <igor@sysoev.ru>
parents:
1013
diff
changeset
|
1258 * between 1 and 32 bytes for SSLv3/TLSv1, typically 32 bytes. |
5ffd76a9ccf3
optimize the SSL session cache allocations
Igor Sysoev <igor@sysoev.ru>
parents:
1013
diff
changeset
|
1259 * It seems that the typical length of the external ASN1 representation |
5ffd76a9ccf3
optimize the SSL session cache allocations
Igor Sysoev <igor@sysoev.ru>
parents:
1013
diff
changeset
|
1260 * of a session is 118 or 119 bytes for SSLv3/TSLv1. |
1017
ee25c79bea34
optimize the SSL session cache allocations on 64-bit platforms
Igor Sysoev <igor@sysoev.ru>
parents:
1015
diff
changeset
|
1261 * |
ee25c79bea34
optimize the SSL session cache allocations on 64-bit platforms
Igor Sysoev <igor@sysoev.ru>
parents:
1015
diff
changeset
|
1262 * Thus on 32-bit platforms we allocate separately an rbtree node, |
ee25c79bea34
optimize the SSL session cache allocations on 64-bit platforms
Igor Sysoev <igor@sysoev.ru>
parents:
1015
diff
changeset
|
1263 * a session id, and an ASN1 representation, they take accordingly |
ee25c79bea34
optimize the SSL session cache allocations on 64-bit platforms
Igor Sysoev <igor@sysoev.ru>
parents:
1015
diff
changeset
|
1264 * 64, 32, and 128 bytes. |
ee25c79bea34
optimize the SSL session cache allocations on 64-bit platforms
Igor Sysoev <igor@sysoev.ru>
parents:
1015
diff
changeset
|
1265 * |
ee25c79bea34
optimize the SSL session cache allocations on 64-bit platforms
Igor Sysoev <igor@sysoev.ru>
parents:
1015
diff
changeset
|
1266 * On 64-bit platforms we allocate separately an rbtree node + session_id, |
ee25c79bea34
optimize the SSL session cache allocations on 64-bit platforms
Igor Sysoev <igor@sysoev.ru>
parents:
1015
diff
changeset
|
1267 * and an ASN1 representation, they take accordingly 128 and 128 bytes. |
1014
5ffd76a9ccf3
optimize the SSL session cache allocations
Igor Sysoev <igor@sysoev.ru>
parents:
1013
diff
changeset
|
1268 * |
974
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1269 * OpenSSL's i2d_SSL_SESSION() and d2i_SSL_SESSION are slow, |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1270 * so they are outside the code locked by shared pool mutex |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1271 */ |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1272 |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1273 static int |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1274 ngx_ssl_new_session(ngx_ssl_conn_t *ssl_conn, ngx_ssl_session_t *sess) |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1275 { |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1276 int len; |
1014
5ffd76a9ccf3
optimize the SSL session cache allocations
Igor Sysoev <igor@sysoev.ru>
parents:
1013
diff
changeset
|
1277 u_char *p, *id, *cached_sess; |
974
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1278 uint32_t hash; |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1279 SSL_CTX *ssl_ctx; |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1280 ngx_time_t *tp; |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1281 ngx_shm_zone_t *shm_zone; |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1282 ngx_connection_t *c; |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1283 ngx_slab_pool_t *shpool; |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1284 ngx_ssl_sess_id_t *sess_id; |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1285 ngx_ssl_session_cache_t *cache; |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1286 u_char buf[NGX_SSL_MAX_SESSION_SIZE]; |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1287 |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1288 len = i2d_SSL_SESSION(sess, NULL); |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1289 |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1290 /* do not cache too big session */ |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1291 |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1292 if (len > (int) NGX_SSL_MAX_SESSION_SIZE) { |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1293 return 0; |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1294 } |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1295 |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1296 p = buf; |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1297 i2d_SSL_SESSION(sess, &p); |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1298 |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1299 c = ngx_ssl_get_connection(ssl_conn); |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1300 |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1301 ssl_ctx = SSL_get_SSL_CTX(ssl_conn); |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1302 shm_zone = SSL_CTX_get_ex_data(ssl_ctx, ngx_ssl_session_cache_index); |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1303 |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1304 cache = shm_zone->data; |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1305 shpool = (ngx_slab_pool_t *) shm_zone->shm.addr; |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1306 |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1307 ngx_shmtx_lock(&shpool->mutex); |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1308 |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1309 /* drop one or two expired sessions */ |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1310 ngx_ssl_expire_sessions(cache, shpool, 1); |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1311 |
1014
5ffd76a9ccf3
optimize the SSL session cache allocations
Igor Sysoev <igor@sysoev.ru>
parents:
1013
diff
changeset
|
1312 cached_sess = ngx_slab_alloc_locked(shpool, len); |
974
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1313 |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1314 if (cached_sess == NULL) { |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1315 |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1316 /* drop the oldest non-expired session and try once more */ |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1317 |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1318 ngx_ssl_expire_sessions(cache, shpool, 0); |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1319 |
1014
5ffd76a9ccf3
optimize the SSL session cache allocations
Igor Sysoev <igor@sysoev.ru>
parents:
1013
diff
changeset
|
1320 cached_sess = ngx_slab_alloc_locked(shpool, len); |
974
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1321 |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1322 if (cached_sess == NULL) { |
1017
ee25c79bea34
optimize the SSL session cache allocations on 64-bit platforms
Igor Sysoev <igor@sysoev.ru>
parents:
1015
diff
changeset
|
1323 sess_id = NULL; |
974
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1324 goto failed; |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1325 } |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1326 } |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1327 |
1017
ee25c79bea34
optimize the SSL session cache allocations on 64-bit platforms
Igor Sysoev <igor@sysoev.ru>
parents:
1015
diff
changeset
|
1328 sess_id = ngx_slab_alloc_locked(shpool, sizeof(ngx_ssl_sess_id_t)); |
ee25c79bea34
optimize the SSL session cache allocations on 64-bit platforms
Igor Sysoev <igor@sysoev.ru>
parents:
1015
diff
changeset
|
1329 if (sess_id == NULL) { |
ee25c79bea34
optimize the SSL session cache allocations on 64-bit platforms
Igor Sysoev <igor@sysoev.ru>
parents:
1015
diff
changeset
|
1330 goto failed; |
ee25c79bea34
optimize the SSL session cache allocations on 64-bit platforms
Igor Sysoev <igor@sysoev.ru>
parents:
1015
diff
changeset
|
1331 } |
ee25c79bea34
optimize the SSL session cache allocations on 64-bit platforms
Igor Sysoev <igor@sysoev.ru>
parents:
1015
diff
changeset
|
1332 |
ee25c79bea34
optimize the SSL session cache allocations on 64-bit platforms
Igor Sysoev <igor@sysoev.ru>
parents:
1015
diff
changeset
|
1333 #if (NGX_PTR_SIZE == 8) |
ee25c79bea34
optimize the SSL session cache allocations on 64-bit platforms
Igor Sysoev <igor@sysoev.ru>
parents:
1015
diff
changeset
|
1334 |
ee25c79bea34
optimize the SSL session cache allocations on 64-bit platforms
Igor Sysoev <igor@sysoev.ru>
parents:
1015
diff
changeset
|
1335 id = sess_id->sess_id; |
ee25c79bea34
optimize the SSL session cache allocations on 64-bit platforms
Igor Sysoev <igor@sysoev.ru>
parents:
1015
diff
changeset
|
1336 |
ee25c79bea34
optimize the SSL session cache allocations on 64-bit platforms
Igor Sysoev <igor@sysoev.ru>
parents:
1015
diff
changeset
|
1337 #else |
ee25c79bea34
optimize the SSL session cache allocations on 64-bit platforms
Igor Sysoev <igor@sysoev.ru>
parents:
1015
diff
changeset
|
1338 |
974
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1339 id = ngx_slab_alloc_locked(shpool, sess->session_id_length); |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1340 if (id == NULL) { |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1341 goto failed; |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1342 } |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1343 |
1017
ee25c79bea34
optimize the SSL session cache allocations on 64-bit platforms
Igor Sysoev <igor@sysoev.ru>
parents:
1015
diff
changeset
|
1344 #endif |
974
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1345 |
1014
5ffd76a9ccf3
optimize the SSL session cache allocations
Igor Sysoev <igor@sysoev.ru>
parents:
1013
diff
changeset
|
1346 ngx_memcpy(cached_sess, buf, len); |
974
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1347 |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1348 ngx_memcpy(id, sess->session_id, sess->session_id_length); |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1349 |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1350 hash = ngx_crc32_short(sess->session_id, sess->session_id_length); |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1351 |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1352 ngx_log_debug3(NGX_LOG_DEBUG_EVENT, c->log, 0, |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1353 "http ssl new session: %08XD:%d:%d", |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1354 hash, sess->session_id_length, len); |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1355 |
1014
5ffd76a9ccf3
optimize the SSL session cache allocations
Igor Sysoev <igor@sysoev.ru>
parents:
1013
diff
changeset
|
1356 tp = ngx_timeofday(); |
5ffd76a9ccf3
optimize the SSL session cache allocations
Igor Sysoev <igor@sysoev.ru>
parents:
1013
diff
changeset
|
1357 |
974
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1358 sess_id->node.key = hash; |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1359 sess_id->node.data = (u_char) sess->session_id_length; |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1360 sess_id->id = id; |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1361 sess_id->len = len; |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1362 sess_id->session = cached_sess; |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1363 |
1014
5ffd76a9ccf3
optimize the SSL session cache allocations
Igor Sysoev <igor@sysoev.ru>
parents:
1013
diff
changeset
|
1364 sess_id->expire = tp->sec + SSL_CTX_get_timeout(ssl_ctx); |
974
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1365 |
1014
5ffd76a9ccf3
optimize the SSL session cache allocations
Igor Sysoev <igor@sysoev.ru>
parents:
1013
diff
changeset
|
1366 sess_id->next = cache->session_cache_head.next; |
5ffd76a9ccf3
optimize the SSL session cache allocations
Igor Sysoev <igor@sysoev.ru>
parents:
1013
diff
changeset
|
1367 sess_id->next->prev = sess_id; |
5ffd76a9ccf3
optimize the SSL session cache allocations
Igor Sysoev <igor@sysoev.ru>
parents:
1013
diff
changeset
|
1368 sess_id->prev = &cache->session_cache_head; |
5ffd76a9ccf3
optimize the SSL session cache allocations
Igor Sysoev <igor@sysoev.ru>
parents:
1013
diff
changeset
|
1369 cache->session_cache_head.next = sess_id; |
974
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1370 |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1371 ngx_rbtree_insert(cache->session_rbtree, &sess_id->node); |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1372 |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1373 ngx_shmtx_unlock(&shpool->mutex); |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1374 |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1375 return 0; |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1376 |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1377 failed: |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1378 |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1379 if (cached_sess) { |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1380 ngx_slab_free_locked(shpool, cached_sess); |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1381 } |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1382 |
1017
ee25c79bea34
optimize the SSL session cache allocations on 64-bit platforms
Igor Sysoev <igor@sysoev.ru>
parents:
1015
diff
changeset
|
1383 if (sess_id) { |
ee25c79bea34
optimize the SSL session cache allocations on 64-bit platforms
Igor Sysoev <igor@sysoev.ru>
parents:
1015
diff
changeset
|
1384 ngx_slab_free_locked(shpool, sess_id); |
974
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1385 } |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1386 |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1387 ngx_shmtx_unlock(&shpool->mutex); |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1388 |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1389 ngx_log_error(NGX_LOG_ALERT, c->log, 0, |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1390 "could not add new SSL session to the session cache"); |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1391 |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1392 return 0; |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1393 } |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1394 |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1395 |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1396 static ngx_ssl_session_t * |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1397 ngx_ssl_get_cached_session(ngx_ssl_conn_t *ssl_conn, u_char *id, int len, |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1398 int *copy) |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1399 { |
989
5595e47d4f17
d2i_SSL_SESSION() was changed in 0.9.7f
Igor Sysoev <igor@sysoev.ru>
parents:
974
diff
changeset
|
1400 #if OPENSSL_VERSION_NUMBER >= 0x0090707fL |
974
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1401 const |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1402 #endif |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1403 u_char *p; |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1404 uint32_t hash; |
1027
ff07ccfaad50
fix duplicate rbtree keys case
Igor Sysoev <igor@sysoev.ru>
parents:
1025
diff
changeset
|
1405 ngx_int_t rc; |
974
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1406 ngx_time_t *tp; |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1407 ngx_shm_zone_t *shm_zone; |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1408 ngx_slab_pool_t *shpool; |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1409 ngx_connection_t *c; |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1410 ngx_rbtree_node_t *node, *sentinel; |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1411 ngx_ssl_session_t *sess; |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1412 ngx_ssl_sess_id_t *sess_id; |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1413 ngx_ssl_session_cache_t *cache; |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1414 u_char buf[NGX_SSL_MAX_SESSION_SIZE]; |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1415 |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1416 c = ngx_ssl_get_connection(ssl_conn); |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1417 |
1027
ff07ccfaad50
fix duplicate rbtree keys case
Igor Sysoev <igor@sysoev.ru>
parents:
1025
diff
changeset
|
1418 hash = ngx_crc32_short(id, (size_t) len); |
974
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1419 *copy = 0; |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1420 |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1421 ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0, |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1422 "http ssl get session: %08XD:%d", hash, len); |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1423 |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1424 shm_zone = SSL_CTX_get_ex_data(SSL_get_SSL_CTX(ssl_conn), |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1425 ngx_ssl_session_cache_index); |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1426 |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1427 cache = shm_zone->data; |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1428 |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1429 if (cache->session_rbtree == NULL) { |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1430 return NULL; |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1431 } |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1432 |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1433 sess = NULL; |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1434 |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1435 shpool = (ngx_slab_pool_t *) shm_zone->shm.addr; |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1436 |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1437 ngx_shmtx_lock(&shpool->mutex); |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1438 |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1439 node = cache->session_rbtree->root; |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1440 sentinel = cache->session_rbtree->sentinel; |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1441 |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1442 while (node != sentinel) { |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1443 |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1444 if (hash < node->key) { |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1445 node = node->left; |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1446 continue; |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1447 } |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1448 |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1449 if (hash > node->key) { |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1450 node = node->right; |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1451 continue; |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1452 } |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1453 |
1013
7dd987e09701
stop rbtree search early if equal hash was found
Igor Sysoev <igor@sysoev.ru>
parents:
993
diff
changeset
|
1454 /* hash == node->key */ |
7dd987e09701
stop rbtree search early if equal hash was found
Igor Sysoev <igor@sysoev.ru>
parents:
993
diff
changeset
|
1455 |
7dd987e09701
stop rbtree search early if equal hash was found
Igor Sysoev <igor@sysoev.ru>
parents:
993
diff
changeset
|
1456 do { |
1027
ff07ccfaad50
fix duplicate rbtree keys case
Igor Sysoev <igor@sysoev.ru>
parents:
1025
diff
changeset
|
1457 sess_id = (ngx_ssl_sess_id_t *) node; |
ff07ccfaad50
fix duplicate rbtree keys case
Igor Sysoev <igor@sysoev.ru>
parents:
1025
diff
changeset
|
1458 |
1029
ce08bc4cb97b
ngx_strn2cmp() > ngx_memn2cmp()
Igor Sysoev <igor@sysoev.ru>
parents:
1027
diff
changeset
|
1459 rc = ngx_memn2cmp(id, sess_id->id, |
1027
ff07ccfaad50
fix duplicate rbtree keys case
Igor Sysoev <igor@sysoev.ru>
parents:
1025
diff
changeset
|
1460 (size_t) len, (size_t) node->data); |
ff07ccfaad50
fix duplicate rbtree keys case
Igor Sysoev <igor@sysoev.ru>
parents:
1025
diff
changeset
|
1461 if (rc == 0) { |
ff07ccfaad50
fix duplicate rbtree keys case
Igor Sysoev <igor@sysoev.ru>
parents:
1025
diff
changeset
|
1462 |
ff07ccfaad50
fix duplicate rbtree keys case
Igor Sysoev <igor@sysoev.ru>
parents:
1025
diff
changeset
|
1463 tp = ngx_timeofday(); |
ff07ccfaad50
fix duplicate rbtree keys case
Igor Sysoev <igor@sysoev.ru>
parents:
1025
diff
changeset
|
1464 |
ff07ccfaad50
fix duplicate rbtree keys case
Igor Sysoev <igor@sysoev.ru>
parents:
1025
diff
changeset
|
1465 if (sess_id->expire > tp->sec) { |
ff07ccfaad50
fix duplicate rbtree keys case
Igor Sysoev <igor@sysoev.ru>
parents:
1025
diff
changeset
|
1466 ngx_memcpy(buf, sess_id->session, sess_id->len); |
ff07ccfaad50
fix duplicate rbtree keys case
Igor Sysoev <igor@sysoev.ru>
parents:
1025
diff
changeset
|
1467 |
ff07ccfaad50
fix duplicate rbtree keys case
Igor Sysoev <igor@sysoev.ru>
parents:
1025
diff
changeset
|
1468 ngx_shmtx_unlock(&shpool->mutex); |
ff07ccfaad50
fix duplicate rbtree keys case
Igor Sysoev <igor@sysoev.ru>
parents:
1025
diff
changeset
|
1469 |
ff07ccfaad50
fix duplicate rbtree keys case
Igor Sysoev <igor@sysoev.ru>
parents:
1025
diff
changeset
|
1470 p = buf; |
ff07ccfaad50
fix duplicate rbtree keys case
Igor Sysoev <igor@sysoev.ru>
parents:
1025
diff
changeset
|
1471 sess = d2i_SSL_SESSION(NULL, &p, sess_id->len); |
ff07ccfaad50
fix duplicate rbtree keys case
Igor Sysoev <igor@sysoev.ru>
parents:
1025
diff
changeset
|
1472 |
ff07ccfaad50
fix duplicate rbtree keys case
Igor Sysoev <igor@sysoev.ru>
parents:
1025
diff
changeset
|
1473 return sess; |
ff07ccfaad50
fix duplicate rbtree keys case
Igor Sysoev <igor@sysoev.ru>
parents:
1025
diff
changeset
|
1474 } |
ff07ccfaad50
fix duplicate rbtree keys case
Igor Sysoev <igor@sysoev.ru>
parents:
1025
diff
changeset
|
1475 |
ff07ccfaad50
fix duplicate rbtree keys case
Igor Sysoev <igor@sysoev.ru>
parents:
1025
diff
changeset
|
1476 sess_id->next->prev = sess_id->prev; |
ff07ccfaad50
fix duplicate rbtree keys case
Igor Sysoev <igor@sysoev.ru>
parents:
1025
diff
changeset
|
1477 sess_id->prev->next = sess_id->next; |
ff07ccfaad50
fix duplicate rbtree keys case
Igor Sysoev <igor@sysoev.ru>
parents:
1025
diff
changeset
|
1478 |
ff07ccfaad50
fix duplicate rbtree keys case
Igor Sysoev <igor@sysoev.ru>
parents:
1025
diff
changeset
|
1479 ngx_rbtree_delete(cache->session_rbtree, node); |
ff07ccfaad50
fix duplicate rbtree keys case
Igor Sysoev <igor@sysoev.ru>
parents:
1025
diff
changeset
|
1480 |
ff07ccfaad50
fix duplicate rbtree keys case
Igor Sysoev <igor@sysoev.ru>
parents:
1025
diff
changeset
|
1481 ngx_slab_free_locked(shpool, sess_id->session); |
1017
ee25c79bea34
optimize the SSL session cache allocations on 64-bit platforms
Igor Sysoev <igor@sysoev.ru>
parents:
1015
diff
changeset
|
1482 #if (NGX_PTR_SIZE == 4) |
1027
ff07ccfaad50
fix duplicate rbtree keys case
Igor Sysoev <igor@sysoev.ru>
parents:
1025
diff
changeset
|
1483 ngx_slab_free_locked(shpool, sess_id->id); |
1017
ee25c79bea34
optimize the SSL session cache allocations on 64-bit platforms
Igor Sysoev <igor@sysoev.ru>
parents:
1015
diff
changeset
|
1484 #endif |
1027
ff07ccfaad50
fix duplicate rbtree keys case
Igor Sysoev <igor@sysoev.ru>
parents:
1025
diff
changeset
|
1485 ngx_slab_free_locked(shpool, sess_id); |
ff07ccfaad50
fix duplicate rbtree keys case
Igor Sysoev <igor@sysoev.ru>
parents:
1025
diff
changeset
|
1486 |
ff07ccfaad50
fix duplicate rbtree keys case
Igor Sysoev <igor@sysoev.ru>
parents:
1025
diff
changeset
|
1487 sess = NULL; |
ff07ccfaad50
fix duplicate rbtree keys case
Igor Sysoev <igor@sysoev.ru>
parents:
1025
diff
changeset
|
1488 |
ff07ccfaad50
fix duplicate rbtree keys case
Igor Sysoev <igor@sysoev.ru>
parents:
1025
diff
changeset
|
1489 goto done; |
1013
7dd987e09701
stop rbtree search early if equal hash was found
Igor Sysoev <igor@sysoev.ru>
parents:
993
diff
changeset
|
1490 } |
974
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1491 |
1027
ff07ccfaad50
fix duplicate rbtree keys case
Igor Sysoev <igor@sysoev.ru>
parents:
1025
diff
changeset
|
1492 node = (rc < 0) ? node->left : node->right; |
974
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1493 |
1013
7dd987e09701
stop rbtree search early if equal hash was found
Igor Sysoev <igor@sysoev.ru>
parents:
993
diff
changeset
|
1494 } while (node != sentinel && hash == node->key); |
974
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1495 |
1013
7dd987e09701
stop rbtree search early if equal hash was found
Igor Sysoev <igor@sysoev.ru>
parents:
993
diff
changeset
|
1496 break; |
7dd987e09701
stop rbtree search early if equal hash was found
Igor Sysoev <igor@sysoev.ru>
parents:
993
diff
changeset
|
1497 } |
974
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1498 |
1013
7dd987e09701
stop rbtree search early if equal hash was found
Igor Sysoev <igor@sysoev.ru>
parents:
993
diff
changeset
|
1499 done: |
974
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1500 |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1501 ngx_shmtx_unlock(&shpool->mutex); |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1502 |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1503 return sess; |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1504 } |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1505 |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1506 |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1507 static void |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1508 ngx_ssl_remove_session(SSL_CTX *ssl, ngx_ssl_session_t *sess) |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1509 { |
1027
ff07ccfaad50
fix duplicate rbtree keys case
Igor Sysoev <igor@sysoev.ru>
parents:
1025
diff
changeset
|
1510 size_t len; |
ff07ccfaad50
fix duplicate rbtree keys case
Igor Sysoev <igor@sysoev.ru>
parents:
1025
diff
changeset
|
1511 u_char *id; |
974
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1512 uint32_t hash; |
1027
ff07ccfaad50
fix duplicate rbtree keys case
Igor Sysoev <igor@sysoev.ru>
parents:
1025
diff
changeset
|
1513 ngx_int_t rc; |
974
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1514 ngx_shm_zone_t *shm_zone; |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1515 ngx_slab_pool_t *shpool; |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1516 ngx_rbtree_node_t *node, *sentinel; |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1517 ngx_ssl_sess_id_t *sess_id; |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1518 ngx_ssl_session_cache_t *cache; |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1519 |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1520 shm_zone = SSL_CTX_get_ex_data(ssl, ngx_ssl_session_cache_index); |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1521 |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1522 cache = shm_zone->data; |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1523 |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1524 id = sess->session_id; |
1027
ff07ccfaad50
fix duplicate rbtree keys case
Igor Sysoev <igor@sysoev.ru>
parents:
1025
diff
changeset
|
1525 len = (size_t) sess->session_id_length; |
ff07ccfaad50
fix duplicate rbtree keys case
Igor Sysoev <igor@sysoev.ru>
parents:
1025
diff
changeset
|
1526 |
ff07ccfaad50
fix duplicate rbtree keys case
Igor Sysoev <igor@sysoev.ru>
parents:
1025
diff
changeset
|
1527 hash = ngx_crc32_short(id, len); |
974
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1528 |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1529 ngx_log_debug2(NGX_LOG_DEBUG_EVENT, ngx_cycle->log, 0, |
1027
ff07ccfaad50
fix duplicate rbtree keys case
Igor Sysoev <igor@sysoev.ru>
parents:
1025
diff
changeset
|
1530 "http ssl remove session: %08XD:%uz", hash, len); |
974
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1531 |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1532 shpool = (ngx_slab_pool_t *) shm_zone->shm.addr; |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1533 |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1534 ngx_shmtx_lock(&shpool->mutex); |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1535 |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1536 node = cache->session_rbtree->root; |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1537 sentinel = cache->session_rbtree->sentinel; |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1538 |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1539 while (node != sentinel) { |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1540 |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1541 if (hash < node->key) { |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1542 node = node->left; |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1543 continue; |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1544 } |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1545 |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1546 if (hash > node->key) { |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1547 node = node->right; |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1548 continue; |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1549 } |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1550 |
1013
7dd987e09701
stop rbtree search early if equal hash was found
Igor Sysoev <igor@sysoev.ru>
parents:
993
diff
changeset
|
1551 /* hash == node->key */ |
974
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1552 |
1013
7dd987e09701
stop rbtree search early if equal hash was found
Igor Sysoev <igor@sysoev.ru>
parents:
993
diff
changeset
|
1553 do { |
1027
ff07ccfaad50
fix duplicate rbtree keys case
Igor Sysoev <igor@sysoev.ru>
parents:
1025
diff
changeset
|
1554 sess_id = (ngx_ssl_sess_id_t *) node; |
ff07ccfaad50
fix duplicate rbtree keys case
Igor Sysoev <igor@sysoev.ru>
parents:
1025
diff
changeset
|
1555 |
1029
ce08bc4cb97b
ngx_strn2cmp() > ngx_memn2cmp()
Igor Sysoev <igor@sysoev.ru>
parents:
1027
diff
changeset
|
1556 rc = ngx_memn2cmp(id, sess_id->id, len, (size_t) node->data); |
1027
ff07ccfaad50
fix duplicate rbtree keys case
Igor Sysoev <igor@sysoev.ru>
parents:
1025
diff
changeset
|
1557 |
ff07ccfaad50
fix duplicate rbtree keys case
Igor Sysoev <igor@sysoev.ru>
parents:
1025
diff
changeset
|
1558 if (rc == 0) { |
ff07ccfaad50
fix duplicate rbtree keys case
Igor Sysoev <igor@sysoev.ru>
parents:
1025
diff
changeset
|
1559 sess_id->next->prev = sess_id->prev; |
ff07ccfaad50
fix duplicate rbtree keys case
Igor Sysoev <igor@sysoev.ru>
parents:
1025
diff
changeset
|
1560 sess_id->prev->next = sess_id->next; |
ff07ccfaad50
fix duplicate rbtree keys case
Igor Sysoev <igor@sysoev.ru>
parents:
1025
diff
changeset
|
1561 |
ff07ccfaad50
fix duplicate rbtree keys case
Igor Sysoev <igor@sysoev.ru>
parents:
1025
diff
changeset
|
1562 ngx_rbtree_delete(cache->session_rbtree, node); |
ff07ccfaad50
fix duplicate rbtree keys case
Igor Sysoev <igor@sysoev.ru>
parents:
1025
diff
changeset
|
1563 |
ff07ccfaad50
fix duplicate rbtree keys case
Igor Sysoev <igor@sysoev.ru>
parents:
1025
diff
changeset
|
1564 ngx_slab_free_locked(shpool, sess_id->session); |
1017
ee25c79bea34
optimize the SSL session cache allocations on 64-bit platforms
Igor Sysoev <igor@sysoev.ru>
parents:
1015
diff
changeset
|
1565 #if (NGX_PTR_SIZE == 4) |
1027
ff07ccfaad50
fix duplicate rbtree keys case
Igor Sysoev <igor@sysoev.ru>
parents:
1025
diff
changeset
|
1566 ngx_slab_free_locked(shpool, sess_id->id); |
1017
ee25c79bea34
optimize the SSL session cache allocations on 64-bit platforms
Igor Sysoev <igor@sysoev.ru>
parents:
1015
diff
changeset
|
1567 #endif |
1027
ff07ccfaad50
fix duplicate rbtree keys case
Igor Sysoev <igor@sysoev.ru>
parents:
1025
diff
changeset
|
1568 ngx_slab_free_locked(shpool, sess_id); |
ff07ccfaad50
fix duplicate rbtree keys case
Igor Sysoev <igor@sysoev.ru>
parents:
1025
diff
changeset
|
1569 |
ff07ccfaad50
fix duplicate rbtree keys case
Igor Sysoev <igor@sysoev.ru>
parents:
1025
diff
changeset
|
1570 goto done; |
1025 | 1571 } |
974
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1572 |
1027
ff07ccfaad50
fix duplicate rbtree keys case
Igor Sysoev <igor@sysoev.ru>
parents:
1025
diff
changeset
|
1573 node = (rc < 0) ? node->left : node->right; |
1013
7dd987e09701
stop rbtree search early if equal hash was found
Igor Sysoev <igor@sysoev.ru>
parents:
993
diff
changeset
|
1574 |
7dd987e09701
stop rbtree search early if equal hash was found
Igor Sysoev <igor@sysoev.ru>
parents:
993
diff
changeset
|
1575 } while (node != sentinel && hash == node->key); |
974
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1576 |
1013
7dd987e09701
stop rbtree search early if equal hash was found
Igor Sysoev <igor@sysoev.ru>
parents:
993
diff
changeset
|
1577 break; |
974
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1578 } |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1579 |
1013
7dd987e09701
stop rbtree search early if equal hash was found
Igor Sysoev <igor@sysoev.ru>
parents:
993
diff
changeset
|
1580 done: |
7dd987e09701
stop rbtree search early if equal hash was found
Igor Sysoev <igor@sysoev.ru>
parents:
993
diff
changeset
|
1581 |
974
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1582 ngx_shmtx_unlock(&shpool->mutex); |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1583 } |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1584 |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1585 |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1586 static void |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1587 ngx_ssl_expire_sessions(ngx_ssl_session_cache_t *cache, |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1588 ngx_slab_pool_t *shpool, ngx_uint_t n) |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1589 { |
1014
5ffd76a9ccf3
optimize the SSL session cache allocations
Igor Sysoev <igor@sysoev.ru>
parents:
1013
diff
changeset
|
1590 ngx_time_t *tp; |
5ffd76a9ccf3
optimize the SSL session cache allocations
Igor Sysoev <igor@sysoev.ru>
parents:
1013
diff
changeset
|
1591 ngx_ssl_sess_id_t *sess_id; |
974
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1592 |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1593 tp = ngx_timeofday(); |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1594 |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1595 while (n < 3) { |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1596 |
1014
5ffd76a9ccf3
optimize the SSL session cache allocations
Igor Sysoev <igor@sysoev.ru>
parents:
1013
diff
changeset
|
1597 sess_id = cache->session_cache_tail.prev; |
974
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1598 |
1014
5ffd76a9ccf3
optimize the SSL session cache allocations
Igor Sysoev <igor@sysoev.ru>
parents:
1013
diff
changeset
|
1599 if (sess_id == &cache->session_cache_head) { |
974
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1600 return; |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1601 } |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1602 |
1014
5ffd76a9ccf3
optimize the SSL session cache allocations
Igor Sysoev <igor@sysoev.ru>
parents:
1013
diff
changeset
|
1603 if (n++ != 0 && sess_id->expire > tp->sec) { |
1439 | 1604 return; |
974
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1605 } |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1606 |
1014
5ffd76a9ccf3
optimize the SSL session cache allocations
Igor Sysoev <igor@sysoev.ru>
parents:
1013
diff
changeset
|
1607 sess_id->next->prev = sess_id->prev; |
5ffd76a9ccf3
optimize the SSL session cache allocations
Igor Sysoev <igor@sysoev.ru>
parents:
1013
diff
changeset
|
1608 sess_id->prev->next = sess_id->next; |
974
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1609 |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1610 ngx_rbtree_delete(cache->session_rbtree, &sess_id->node); |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1611 |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1612 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, ngx_cycle->log, 0, |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1613 "expire session: %08Xi", sess_id->node.key); |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1614 |
1014
5ffd76a9ccf3
optimize the SSL session cache allocations
Igor Sysoev <igor@sysoev.ru>
parents:
1013
diff
changeset
|
1615 ngx_slab_free_locked(shpool, sess_id->session); |
1017
ee25c79bea34
optimize the SSL session cache allocations on 64-bit platforms
Igor Sysoev <igor@sysoev.ru>
parents:
1015
diff
changeset
|
1616 #if (NGX_PTR_SIZE == 4) |
974
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1617 ngx_slab_free_locked(shpool, sess_id->id); |
1017
ee25c79bea34
optimize the SSL session cache allocations on 64-bit platforms
Igor Sysoev <igor@sysoev.ru>
parents:
1015
diff
changeset
|
1618 #endif |
974
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1619 ngx_slab_free_locked(shpool, sess_id); |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1620 } |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1621 } |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1622 |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
969
diff
changeset
|
1623 |
1027
ff07ccfaad50
fix duplicate rbtree keys case
Igor Sysoev <igor@sysoev.ru>
parents:
1025
diff
changeset
|
1624 static void |
ff07ccfaad50
fix duplicate rbtree keys case
Igor Sysoev <igor@sysoev.ru>
parents:
1025
diff
changeset
|
1625 ngx_ssl_session_rbtree_insert_value(ngx_rbtree_node_t *temp, |
ff07ccfaad50
fix duplicate rbtree keys case
Igor Sysoev <igor@sysoev.ru>
parents:
1025
diff
changeset
|
1626 ngx_rbtree_node_t *node, ngx_rbtree_node_t *sentinel) |
ff07ccfaad50
fix duplicate rbtree keys case
Igor Sysoev <igor@sysoev.ru>
parents:
1025
diff
changeset
|
1627 { |
ff07ccfaad50
fix duplicate rbtree keys case
Igor Sysoev <igor@sysoev.ru>
parents:
1025
diff
changeset
|
1628 ngx_ssl_sess_id_t *sess_id, *sess_id_temp; |
ff07ccfaad50
fix duplicate rbtree keys case
Igor Sysoev <igor@sysoev.ru>
parents:
1025
diff
changeset
|
1629 |
ff07ccfaad50
fix duplicate rbtree keys case
Igor Sysoev <igor@sysoev.ru>
parents:
1025
diff
changeset
|
1630 for ( ;; ) { |
ff07ccfaad50
fix duplicate rbtree keys case
Igor Sysoev <igor@sysoev.ru>
parents:
1025
diff
changeset
|
1631 |
ff07ccfaad50
fix duplicate rbtree keys case
Igor Sysoev <igor@sysoev.ru>
parents:
1025
diff
changeset
|
1632 if (node->key < temp->key) { |
ff07ccfaad50
fix duplicate rbtree keys case
Igor Sysoev <igor@sysoev.ru>
parents:
1025
diff
changeset
|
1633 |
ff07ccfaad50
fix duplicate rbtree keys case
Igor Sysoev <igor@sysoev.ru>
parents:
1025
diff
changeset
|
1634 if (temp->left == sentinel) { |
ff07ccfaad50
fix duplicate rbtree keys case
Igor Sysoev <igor@sysoev.ru>
parents:
1025
diff
changeset
|
1635 temp->left = node; |
ff07ccfaad50
fix duplicate rbtree keys case
Igor Sysoev <igor@sysoev.ru>
parents:
1025
diff
changeset
|
1636 break; |
ff07ccfaad50
fix duplicate rbtree keys case
Igor Sysoev <igor@sysoev.ru>
parents:
1025
diff
changeset
|
1637 } |
ff07ccfaad50
fix duplicate rbtree keys case
Igor Sysoev <igor@sysoev.ru>
parents:
1025
diff
changeset
|
1638 |
ff07ccfaad50
fix duplicate rbtree keys case
Igor Sysoev <igor@sysoev.ru>
parents:
1025
diff
changeset
|
1639 temp = temp->left; |
ff07ccfaad50
fix duplicate rbtree keys case
Igor Sysoev <igor@sysoev.ru>
parents:
1025
diff
changeset
|
1640 |
ff07ccfaad50
fix duplicate rbtree keys case
Igor Sysoev <igor@sysoev.ru>
parents:
1025
diff
changeset
|
1641 } else if (node->key > temp->key) { |
ff07ccfaad50
fix duplicate rbtree keys case
Igor Sysoev <igor@sysoev.ru>
parents:
1025
diff
changeset
|
1642 |
1043
7073b87fa8e9
style fix: remove trailing spaces
Igor Sysoev <igor@sysoev.ru>
parents:
1029
diff
changeset
|
1643 if (temp->right == sentinel) { |
1027
ff07ccfaad50
fix duplicate rbtree keys case
Igor Sysoev <igor@sysoev.ru>
parents:
1025
diff
changeset
|
1644 temp->right = node; |
ff07ccfaad50
fix duplicate rbtree keys case
Igor Sysoev <igor@sysoev.ru>
parents:
1025
diff
changeset
|
1645 break; |
ff07ccfaad50
fix duplicate rbtree keys case
Igor Sysoev <igor@sysoev.ru>
parents:
1025
diff
changeset
|
1646 } |
ff07ccfaad50
fix duplicate rbtree keys case
Igor Sysoev <igor@sysoev.ru>
parents:
1025
diff
changeset
|
1647 |
ff07ccfaad50
fix duplicate rbtree keys case
Igor Sysoev <igor@sysoev.ru>
parents:
1025
diff
changeset
|
1648 temp = temp->right; |
ff07ccfaad50
fix duplicate rbtree keys case
Igor Sysoev <igor@sysoev.ru>
parents:
1025
diff
changeset
|
1649 |
ff07ccfaad50
fix duplicate rbtree keys case
Igor Sysoev <igor@sysoev.ru>
parents:
1025
diff
changeset
|
1650 } else { /* node->key == temp->key */ |
ff07ccfaad50
fix duplicate rbtree keys case
Igor Sysoev <igor@sysoev.ru>
parents:
1025
diff
changeset
|
1651 |
ff07ccfaad50
fix duplicate rbtree keys case
Igor Sysoev <igor@sysoev.ru>
parents:
1025
diff
changeset
|
1652 sess_id = (ngx_ssl_sess_id_t *) node; |
ff07ccfaad50
fix duplicate rbtree keys case
Igor Sysoev <igor@sysoev.ru>
parents:
1025
diff
changeset
|
1653 sess_id_temp = (ngx_ssl_sess_id_t *) temp; |
ff07ccfaad50
fix duplicate rbtree keys case
Igor Sysoev <igor@sysoev.ru>
parents:
1025
diff
changeset
|
1654 |
1029
ce08bc4cb97b
ngx_strn2cmp() > ngx_memn2cmp()
Igor Sysoev <igor@sysoev.ru>
parents:
1027
diff
changeset
|
1655 if (ngx_memn2cmp(sess_id->id, sess_id_temp->id, |
1027
ff07ccfaad50
fix duplicate rbtree keys case
Igor Sysoev <igor@sysoev.ru>
parents:
1025
diff
changeset
|
1656 (size_t) node->data, (size_t) temp->data) |
ff07ccfaad50
fix duplicate rbtree keys case
Igor Sysoev <igor@sysoev.ru>
parents:
1025
diff
changeset
|
1657 < 0) |
ff07ccfaad50
fix duplicate rbtree keys case
Igor Sysoev <igor@sysoev.ru>
parents:
1025
diff
changeset
|
1658 { |
ff07ccfaad50
fix duplicate rbtree keys case
Igor Sysoev <igor@sysoev.ru>
parents:
1025
diff
changeset
|
1659 if (temp->left == sentinel) { |
ff07ccfaad50
fix duplicate rbtree keys case
Igor Sysoev <igor@sysoev.ru>
parents:
1025
diff
changeset
|
1660 temp->left = node; |
ff07ccfaad50
fix duplicate rbtree keys case
Igor Sysoev <igor@sysoev.ru>
parents:
1025
diff
changeset
|
1661 break; |
ff07ccfaad50
fix duplicate rbtree keys case
Igor Sysoev <igor@sysoev.ru>
parents:
1025
diff
changeset
|
1662 } |
ff07ccfaad50
fix duplicate rbtree keys case
Igor Sysoev <igor@sysoev.ru>
parents:
1025
diff
changeset
|
1663 |
ff07ccfaad50
fix duplicate rbtree keys case
Igor Sysoev <igor@sysoev.ru>
parents:
1025
diff
changeset
|
1664 temp = temp->left; |
1043
7073b87fa8e9
style fix: remove trailing spaces
Igor Sysoev <igor@sysoev.ru>
parents:
1029
diff
changeset
|
1665 |
1027
ff07ccfaad50
fix duplicate rbtree keys case
Igor Sysoev <igor@sysoev.ru>
parents:
1025
diff
changeset
|
1666 } else { |
1043
7073b87fa8e9
style fix: remove trailing spaces
Igor Sysoev <igor@sysoev.ru>
parents:
1029
diff
changeset
|
1667 |
1027
ff07ccfaad50
fix duplicate rbtree keys case
Igor Sysoev <igor@sysoev.ru>
parents:
1025
diff
changeset
|
1668 if (temp->right == sentinel) { |
ff07ccfaad50
fix duplicate rbtree keys case
Igor Sysoev <igor@sysoev.ru>
parents:
1025
diff
changeset
|
1669 temp->right = node; |
ff07ccfaad50
fix duplicate rbtree keys case
Igor Sysoev <igor@sysoev.ru>
parents:
1025
diff
changeset
|
1670 break; |
ff07ccfaad50
fix duplicate rbtree keys case
Igor Sysoev <igor@sysoev.ru>
parents:
1025
diff
changeset
|
1671 } |
ff07ccfaad50
fix duplicate rbtree keys case
Igor Sysoev <igor@sysoev.ru>
parents:
1025
diff
changeset
|
1672 |
ff07ccfaad50
fix duplicate rbtree keys case
Igor Sysoev <igor@sysoev.ru>
parents:
1025
diff
changeset
|
1673 temp = temp->right; |
ff07ccfaad50
fix duplicate rbtree keys case
Igor Sysoev <igor@sysoev.ru>
parents:
1025
diff
changeset
|
1674 } |
ff07ccfaad50
fix duplicate rbtree keys case
Igor Sysoev <igor@sysoev.ru>
parents:
1025
diff
changeset
|
1675 } |
ff07ccfaad50
fix duplicate rbtree keys case
Igor Sysoev <igor@sysoev.ru>
parents:
1025
diff
changeset
|
1676 } |
ff07ccfaad50
fix duplicate rbtree keys case
Igor Sysoev <igor@sysoev.ru>
parents:
1025
diff
changeset
|
1677 |
ff07ccfaad50
fix duplicate rbtree keys case
Igor Sysoev <igor@sysoev.ru>
parents:
1025
diff
changeset
|
1678 node->parent = temp; |
ff07ccfaad50
fix duplicate rbtree keys case
Igor Sysoev <igor@sysoev.ru>
parents:
1025
diff
changeset
|
1679 node->left = sentinel; |
ff07ccfaad50
fix duplicate rbtree keys case
Igor Sysoev <igor@sysoev.ru>
parents:
1025
diff
changeset
|
1680 node->right = sentinel; |
ff07ccfaad50
fix duplicate rbtree keys case
Igor Sysoev <igor@sysoev.ru>
parents:
1025
diff
changeset
|
1681 ngx_rbt_red(node); |
1043
7073b87fa8e9
style fix: remove trailing spaces
Igor Sysoev <igor@sysoev.ru>
parents:
1029
diff
changeset
|
1682 } |
1027
ff07ccfaad50
fix duplicate rbtree keys case
Igor Sysoev <igor@sysoev.ru>
parents:
1025
diff
changeset
|
1683 |
ff07ccfaad50
fix duplicate rbtree keys case
Igor Sysoev <igor@sysoev.ru>
parents:
1025
diff
changeset
|
1684 |
509 | 1685 void |
1686 ngx_ssl_cleanup_ctx(void *data) | |
1687 { | |
589 | 1688 ngx_ssl_t *ssl = data; |
509 | 1689 |
589 | 1690 SSL_CTX_free(ssl->ctx); |
509 | 1691 } |
541 | 1692 |
1693 | |
671 | 1694 ngx_int_t |
1695 ngx_ssl_get_protocol(ngx_connection_t *c, ngx_pool_t *pool, ngx_str_t *s) | |
611 | 1696 { |
671 | 1697 s->data = (u_char *) SSL_get_version(c->ssl->connection); |
1698 return NGX_OK; | |
611 | 1699 } |
1700 | |
1701 | |
671 | 1702 ngx_int_t |
1703 ngx_ssl_get_cipher_name(ngx_connection_t *c, ngx_pool_t *pool, ngx_str_t *s) | |
611 | 1704 { |
671 | 1705 s->data = (u_char *) SSL_get_cipher_name(c->ssl->connection); |
1706 return NGX_OK; | |
611 | 1707 } |
1708 | |
1709 | |
647 | 1710 ngx_int_t |
1711 ngx_ssl_get_subject_dn(ngx_connection_t *c, ngx_pool_t *pool, ngx_str_t *s) | |
1712 { | |
1713 char *p; | |
1714 size_t len; | |
1715 X509 *cert; | |
1716 X509_NAME *name; | |
1717 | |
1718 s->len = 0; | |
1719 | |
1720 cert = SSL_get_peer_certificate(c->ssl->connection); | |
1721 if (cert == NULL) { | |
1722 return NGX_OK; | |
1723 } | |
1724 | |
1725 name = X509_get_subject_name(cert); | |
1726 if (name == NULL) { | |
1727 return NGX_ERROR; | |
1728 } | |
1729 | |
1730 p = X509_NAME_oneline(name, NULL, 0); | |
1731 | |
1732 for (len = 0; p[len]; len++) { /* void */ } | |
1733 | |
1734 s->len = len; | |
1735 s->data = ngx_palloc(pool, len); | |
1736 if (s->data == NULL) { | |
1737 OPENSSL_free(p); | |
1738 return NGX_ERROR; | |
1739 } | |
1740 | |
1741 ngx_memcpy(s->data, p, len); | |
1742 | |
1743 OPENSSL_free(p); | |
1744 | |
1745 return NGX_OK; | |
1746 } | |
1747 | |
1748 | |
1749 ngx_int_t | |
1750 ngx_ssl_get_issuer_dn(ngx_connection_t *c, ngx_pool_t *pool, ngx_str_t *s) | |
1751 { | |
1752 char *p; | |
1753 size_t len; | |
1754 X509 *cert; | |
1755 X509_NAME *name; | |
1756 | |
1757 s->len = 0; | |
1758 | |
1759 cert = SSL_get_peer_certificate(c->ssl->connection); | |
1760 if (cert == NULL) { | |
1761 return NGX_OK; | |
1762 } | |
1763 | |
1764 name = X509_get_issuer_name(cert); | |
1765 if (name == NULL) { | |
1766 return NGX_ERROR; | |
1767 } | |
1768 | |
1769 p = X509_NAME_oneline(name, NULL, 0); | |
1770 | |
1771 for (len = 0; p[len]; len++) { /* void */ } | |
1772 | |
1773 s->len = len; | |
1774 s->data = ngx_palloc(pool, len); | |
1775 if (s->data == NULL) { | |
1776 OPENSSL_free(p); | |
1777 return NGX_ERROR; | |
1778 } | |
1779 | |
1780 ngx_memcpy(s->data, p, len); | |
1781 | |
1782 OPENSSL_free(p); | |
1783 | |
1784 return NGX_OK; | |
1785 } | |
1786 | |
1787 | |
671 | 1788 ngx_int_t |
1789 ngx_ssl_get_serial_number(ngx_connection_t *c, ngx_pool_t *pool, ngx_str_t *s) | |
1790 { | |
1791 size_t len; | |
1792 X509 *cert; | |
1793 BIO *bio; | |
1794 | |
1795 s->len = 0; | |
1796 | |
1797 cert = SSL_get_peer_certificate(c->ssl->connection); | |
1798 if (cert == NULL) { | |
1799 return NGX_OK; | |
1800 } | |
1801 | |
1802 bio = BIO_new(BIO_s_mem()); | |
1803 if (bio == NULL) { | |
1804 return NGX_ERROR; | |
1805 } | |
1806 | |
1807 i2a_ASN1_INTEGER(bio, X509_get_serialNumber(cert)); | |
1808 len = BIO_pending(bio); | |
1809 | |
1810 s->len = len; | |
1811 s->data = ngx_palloc(pool, len); | |
1812 if (s->data == NULL) { | |
1813 BIO_free(bio); | |
1814 return NGX_ERROR; | |
1815 } | |
1816 | |
1817 BIO_read(bio, s->data, len); | |
1818 BIO_free(bio); | |
1819 | |
1820 return NGX_OK; | |
1821 } | |
1822 | |
1823 | |
541 | 1824 static void * |
1825 ngx_openssl_create_conf(ngx_cycle_t *cycle) | |
1826 { | |
1827 ngx_openssl_conf_t *oscf; | |
577 | 1828 |
541 | 1829 oscf = ngx_pcalloc(cycle->pool, sizeof(ngx_openssl_conf_t)); |
1830 if (oscf == NULL) { | |
1831 return NGX_CONF_ERROR; | |
1832 } | |
577 | 1833 |
541 | 1834 /* |
1835 * set by ngx_pcalloc(): | |
577 | 1836 * |
541 | 1837 * oscf->engine.len = 0; |
1838 * oscf->engine.data = NULL; | |
577 | 1839 */ |
541 | 1840 |
1841 return oscf; | |
1842 } | |
1843 | |
1844 | |
1845 static char * | |
1846 ngx_openssl_init_conf(ngx_cycle_t *cycle, void *conf) | |
1847 { | |
1848 #if (NGX_SSL_ENGINE) | |
1849 ngx_openssl_conf_t *oscf = conf; | |
571 | 1850 |
541 | 1851 ENGINE *engine; |
1852 | |
1853 if (oscf->engine.len == 0) { | |
1854 return NGX_CONF_OK; | |
1855 } | |
577 | 1856 |
541 | 1857 engine = ENGINE_by_id((const char *) oscf->engine.data); |
1858 | |
1859 if (engine == NULL) { | |
1860 ngx_ssl_error(NGX_LOG_WARN, cycle->log, 0, | |
1861 "ENGINE_by_id(\"%V\") failed", &oscf->engine); | |
1862 return NGX_CONF_ERROR; | |
1863 } | |
1864 | |
1865 if (ENGINE_set_default(engine, ENGINE_METHOD_ALL) == 0) { | |
1866 ngx_ssl_error(NGX_LOG_WARN, cycle->log, 0, | |
1867 "ENGINE_set_default(\"%V\", ENGINE_METHOD_ALL) failed", | |
1868 &oscf->engine); | |
1869 return NGX_CONF_ERROR; | |
1870 } | |
1871 | |
1872 ENGINE_free(engine); | |
1873 | |
1874 #endif | |
1875 | |
1876 return NGX_CONF_OK; | |
1877 } | |
1878 | |
1879 | |
1880 #if !(NGX_SSL_ENGINE) | |
1881 | |
1882 static char * | |
1883 ngx_openssl_noengine(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) | |
1884 { | |
1885 ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, | |
563 | 1886 "\"ssl_engine\" directive is available only in " |
1887 "OpenSSL 0.9.7 and higher,"); | |
541 | 1888 |
1889 return NGX_CONF_ERROR; | |
1890 } | |
1891 | |
1892 #endif | |
571 | 1893 |
1894 | |
1895 static void | |
1896 ngx_openssl_exit(ngx_cycle_t *cycle) | |
1897 { | |
1898 #if (NGX_SSL_ENGINE) | |
1899 ENGINE_cleanup(); | |
1900 #endif | |
1901 } |