Mercurial > hg > nginx-quic
annotate src/mail/ngx_mail_ssl_module.c @ 4915:e62219793beb
Upstream: better detection of connect() failures with kqueue.
Pending EOF might be reported on both read and write events, whichever
comes first, so check both of them.
Patch by Yichun Zhang (agentzh), slightly modified.
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Fri, 16 Nov 2012 18:29:19 +0000 |
parents | d620f497c50f |
children | 32fe021911c9 3ff1e663fa08 |
rev | line source |
---|---|
539 | 1 |
2 /* | |
3 * Copyright (C) Igor Sysoev | |
4412 | 4 * Copyright (C) Nginx, Inc. |
539 | 5 */ |
6 | |
7 | |
8 #include <ngx_config.h> | |
9 #include <ngx_core.h> | |
1136 | 10 #include <ngx_mail.h> |
539 | 11 |
12 | |
3960 | 13 #define NGX_DEFAULT_CIPHERS "HIGH:!aNULL:!MD5" |
14 #define NGX_DEFAULT_ECDH_CURVE "prime256v1" | |
539 | 15 |
16 | |
1136 | 17 static void *ngx_mail_ssl_create_conf(ngx_conf_t *cf); |
18 static char *ngx_mail_ssl_merge_conf(ngx_conf_t *cf, void *parent, void *child); | |
2224 | 19 |
20 static char *ngx_mail_ssl_enable(ngx_conf_t *cf, ngx_command_t *cmd, | |
21 void *conf); | |
22 static char *ngx_mail_ssl_starttls(ngx_conf_t *cf, ngx_command_t *cmd, | |
23 void *conf); | |
1136 | 24 static char *ngx_mail_ssl_session_cache(ngx_conf_t *cf, ngx_command_t *cmd, |
976 | 25 void *conf); |
539 | 26 |
27 | |
583 | 28 static ngx_conf_enum_t ngx_http_starttls_state[] = { |
1136 | 29 { ngx_string("off"), NGX_MAIL_STARTTLS_OFF }, |
30 { ngx_string("on"), NGX_MAIL_STARTTLS_ON }, | |
31 { ngx_string("only"), NGX_MAIL_STARTTLS_ONLY }, | |
583 | 32 { ngx_null_string, 0 } |
33 }; | |
34 | |
35 | |
36 | |
1136 | 37 static ngx_conf_bitmask_t ngx_mail_ssl_protocols[] = { |
547 | 38 { ngx_string("SSLv2"), NGX_SSL_SSLv2 }, |
39 { ngx_string("SSLv3"), NGX_SSL_SSLv3 }, | |
40 { ngx_string("TLSv1"), NGX_SSL_TLSv1 }, | |
4400
a0505851e70c
Added support for TLSv1.1, TLSv1.2 in ssl_protocols directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4153
diff
changeset
|
41 { ngx_string("TLSv1.1"), NGX_SSL_TLSv1_1 }, |
a0505851e70c
Added support for TLSv1.1, TLSv1.2 in ssl_protocols directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4153
diff
changeset
|
42 { ngx_string("TLSv1.2"), NGX_SSL_TLSv1_2 }, |
547 | 43 { ngx_null_string, 0 } |
44 }; | |
45 | |
46 | |
1136 | 47 static ngx_command_t ngx_mail_ssl_commands[] = { |
539 | 48 |
49 { ngx_string("ssl"), | |
1136 | 50 NGX_MAIL_MAIN_CONF|NGX_MAIL_SRV_CONF|NGX_CONF_FLAG, |
2224 | 51 ngx_mail_ssl_enable, |
1136 | 52 NGX_MAIL_SRV_CONF_OFFSET, |
53 offsetof(ngx_mail_ssl_conf_t, enable), | |
539 | 54 NULL }, |
55 | |
583 | 56 { ngx_string("starttls"), |
1136 | 57 NGX_MAIL_MAIN_CONF|NGX_MAIL_SRV_CONF|NGX_CONF_TAKE1, |
2224 | 58 ngx_mail_ssl_starttls, |
1136 | 59 NGX_MAIL_SRV_CONF_OFFSET, |
60 offsetof(ngx_mail_ssl_conf_t, starttls), | |
583 | 61 ngx_http_starttls_state }, |
62 | |
539 | 63 { ngx_string("ssl_certificate"), |
1136 | 64 NGX_MAIL_MAIN_CONF|NGX_MAIL_SRV_CONF|NGX_CONF_TAKE1, |
539 | 65 ngx_conf_set_str_slot, |
1136 | 66 NGX_MAIL_SRV_CONF_OFFSET, |
67 offsetof(ngx_mail_ssl_conf_t, certificate), | |
539 | 68 NULL }, |
69 | |
70 { ngx_string("ssl_certificate_key"), | |
1136 | 71 NGX_MAIL_MAIN_CONF|NGX_MAIL_SRV_CONF|NGX_CONF_TAKE1, |
539 | 72 ngx_conf_set_str_slot, |
1136 | 73 NGX_MAIL_SRV_CONF_OFFSET, |
74 offsetof(ngx_mail_ssl_conf_t, certificate_key), | |
539 | 75 NULL }, |
76 | |
2044 | 77 { ngx_string("ssl_dhparam"), |
78 NGX_MAIL_MAIN_CONF|NGX_MAIL_SRV_CONF|NGX_CONF_TAKE1, | |
79 ngx_conf_set_str_slot, | |
80 NGX_MAIL_SRV_CONF_OFFSET, | |
81 offsetof(ngx_mail_ssl_conf_t, dhparam), | |
82 NULL }, | |
83 | |
3960 | 84 { ngx_string("ssl_ecdh_curve"), |
85 NGX_MAIL_MAIN_CONF|NGX_MAIL_SRV_CONF|NGX_CONF_TAKE1, | |
86 ngx_conf_set_str_slot, | |
87 NGX_MAIL_SRV_CONF_OFFSET, | |
88 offsetof(ngx_mail_ssl_conf_t, ecdh_curve), | |
89 NULL }, | |
90 | |
547 | 91 { ngx_string("ssl_protocols"), |
1136 | 92 NGX_MAIL_MAIN_CONF|NGX_MAIL_SRV_CONF|NGX_CONF_1MORE, |
547 | 93 ngx_conf_set_bitmask_slot, |
1136 | 94 NGX_MAIL_SRV_CONF_OFFSET, |
95 offsetof(ngx_mail_ssl_conf_t, protocols), | |
96 &ngx_mail_ssl_protocols }, | |
547 | 97 |
539 | 98 { ngx_string("ssl_ciphers"), |
1136 | 99 NGX_MAIL_MAIN_CONF|NGX_MAIL_SRV_CONF|NGX_CONF_TAKE1, |
539 | 100 ngx_conf_set_str_slot, |
1136 | 101 NGX_MAIL_SRV_CONF_OFFSET, |
102 offsetof(ngx_mail_ssl_conf_t, ciphers), | |
539 | 103 NULL }, |
104 | |
547 | 105 { ngx_string("ssl_prefer_server_ciphers"), |
1136 | 106 NGX_MAIL_MAIN_CONF|NGX_MAIL_SRV_CONF|NGX_CONF_FLAG, |
547 | 107 ngx_conf_set_flag_slot, |
1136 | 108 NGX_MAIL_SRV_CONF_OFFSET, |
109 offsetof(ngx_mail_ssl_conf_t, prefer_server_ciphers), | |
547 | 110 NULL }, |
563 | 111 |
976 | 112 { ngx_string("ssl_session_cache"), |
1136 | 113 NGX_MAIL_MAIN_CONF|NGX_MAIL_SRV_CONF|NGX_CONF_TAKE12, |
114 ngx_mail_ssl_session_cache, | |
115 NGX_MAIL_SRV_CONF_OFFSET, | |
976 | 116 0, |
117 NULL }, | |
118 | |
573 | 119 { ngx_string("ssl_session_timeout"), |
1136 | 120 NGX_MAIL_MAIN_CONF|NGX_MAIL_SRV_CONF|NGX_CONF_TAKE1, |
573 | 121 ngx_conf_set_sec_slot, |
1136 | 122 NGX_MAIL_SRV_CONF_OFFSET, |
123 offsetof(ngx_mail_ssl_conf_t, session_timeout), | |
573 | 124 NULL }, |
547 | 125 |
539 | 126 ngx_null_command |
127 }; | |
128 | |
129 | |
1136 | 130 static ngx_mail_module_t ngx_mail_ssl_module_ctx = { |
1487
f69493e8faab
ngx_mail_pop3_module, ngx_mail_imap_module, and ngx_mail_smtp_module
Igor Sysoev <igor@sysoev.ru>
parents:
1136
diff
changeset
|
131 NULL, /* protocol */ |
f69493e8faab
ngx_mail_pop3_module, ngx_mail_imap_module, and ngx_mail_smtp_module
Igor Sysoev <igor@sysoev.ru>
parents:
1136
diff
changeset
|
132 |
539 | 133 NULL, /* create main configuration */ |
134 NULL, /* init main configuration */ | |
135 | |
1136 | 136 ngx_mail_ssl_create_conf, /* create server configuration */ |
137 ngx_mail_ssl_merge_conf /* merge server configuration */ | |
539 | 138 }; |
139 | |
140 | |
1136 | 141 ngx_module_t ngx_mail_ssl_module = { |
539 | 142 NGX_MODULE_V1, |
1136 | 143 &ngx_mail_ssl_module_ctx, /* module context */ |
144 ngx_mail_ssl_commands, /* module directives */ | |
145 NGX_MAIL_MODULE, /* module type */ | |
541 | 146 NULL, /* init master */ |
539 | 147 NULL, /* init module */ |
541 | 148 NULL, /* init process */ |
149 NULL, /* init thread */ | |
150 NULL, /* exit thread */ | |
151 NULL, /* exit process */ | |
152 NULL, /* exit master */ | |
153 NGX_MODULE_V1_PADDING | |
539 | 154 }; |
155 | |
156 | |
1136 | 157 static ngx_str_t ngx_mail_ssl_sess_id_ctx = ngx_string("MAIL"); |
543 | 158 |
159 | |
539 | 160 static void * |
1136 | 161 ngx_mail_ssl_create_conf(ngx_conf_t *cf) |
577 | 162 { |
1136 | 163 ngx_mail_ssl_conf_t *scf; |
577 | 164 |
1136 | 165 scf = ngx_pcalloc(cf->pool, sizeof(ngx_mail_ssl_conf_t)); |
539 | 166 if (scf == NULL) { |
2912
c7d57b539248
return NULL instead of NGX_CONF_ERROR on a create conf failure
Igor Sysoev <igor@sysoev.ru>
parents:
2759
diff
changeset
|
167 return NULL; |
539 | 168 } |
169 | |
170 /* | |
577 | 171 * set by ngx_pcalloc(): |
539 | 172 * |
547 | 173 * scf->protocols = 0; |
2044 | 174 * scf->certificate = { 0, NULL }; |
175 * scf->certificate_key = { 0, NULL }; | |
176 * scf->dhparam = { 0, NULL }; | |
3960 | 177 * scf->ecdh_curve = { 0, NULL }; |
3516
dd1570b6f237
ngx_str_set() and ngx_str_null()
Igor Sysoev <igor@sysoev.ru>
parents:
3196
diff
changeset
|
178 * scf->ciphers = { 0, NULL }; |
976 | 179 * scf->shm_zone = NULL; |
539 | 180 */ |
181 | |
182 scf->enable = NGX_CONF_UNSET; | |
2759 | 183 scf->starttls = NGX_CONF_UNSET_UINT; |
976 | 184 scf->prefer_server_ciphers = NGX_CONF_UNSET; |
185 scf->builtin_session_cache = NGX_CONF_UNSET; | |
573 | 186 scf->session_timeout = NGX_CONF_UNSET; |
539 | 187 |
188 return scf; | |
189 } | |
190 | |
191 | |
192 static char * | |
1136 | 193 ngx_mail_ssl_merge_conf(ngx_conf_t *cf, void *parent, void *child) |
539 | 194 { |
1136 | 195 ngx_mail_ssl_conf_t *prev = parent; |
196 ngx_mail_ssl_conf_t *conf = child; | |
539 | 197 |
2224 | 198 char *mode; |
563 | 199 ngx_pool_cleanup_t *cln; |
200 | |
539 | 201 ngx_conf_merge_value(conf->enable, prev->enable, 0); |
2224 | 202 ngx_conf_merge_uint_value(conf->starttls, prev->starttls, |
203 NGX_MAIL_STARTTLS_OFF); | |
539 | 204 |
573 | 205 ngx_conf_merge_value(conf->session_timeout, |
206 prev->session_timeout, 300); | |
207 | |
547 | 208 ngx_conf_merge_value(conf->prefer_server_ciphers, |
209 prev->prefer_server_ciphers, 0); | |
210 | |
211 ngx_conf_merge_bitmask_value(conf->protocols, prev->protocols, | |
4400
a0505851e70c
Added support for TLSv1.1, TLSv1.2 in ssl_protocols directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4153
diff
changeset
|
212 (NGX_CONF_BITMASK_SET|NGX_SSL_SSLv3|NGX_SSL_TLSv1 |
a0505851e70c
Added support for TLSv1.1, TLSv1.2 in ssl_protocols directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4153
diff
changeset
|
213 |NGX_SSL_TLSv1_1|NGX_SSL_TLSv1_2)); |
547 | 214 |
2224 | 215 ngx_conf_merge_str_value(conf->certificate, prev->certificate, ""); |
216 ngx_conf_merge_str_value(conf->certificate_key, prev->certificate_key, ""); | |
539 | 217 |
2044 | 218 ngx_conf_merge_str_value(conf->dhparam, prev->dhparam, ""); |
219 | |
3960 | 220 ngx_conf_merge_str_value(conf->ecdh_curve, prev->ecdh_curve, |
221 NGX_DEFAULT_ECDH_CURVE); | |
222 | |
2124 | 223 ngx_conf_merge_str_value(conf->ciphers, prev->ciphers, NGX_DEFAULT_CIPHERS); |
539 | 224 |
225 | |
547 | 226 conf->ssl.log = cf->log; |
539 | 227 |
2224 | 228 if (conf->enable) { |
229 mode = "ssl"; | |
230 | |
231 } else if (conf->starttls != NGX_MAIL_STARTTLS_OFF) { | |
232 mode = "starttls"; | |
233 | |
234 } else { | |
235 mode = ""; | |
236 } | |
237 | |
238 if (*mode) { | |
239 | |
240 if (conf->certificate.len == 0) { | |
241 ngx_log_error(NGX_LOG_EMERG, cf->log, 0, | |
242 "no \"ssl_certificate\" is defined for " | |
243 "the \"%s\" directive in %s:%ui", | |
244 mode, conf->file, conf->line); | |
245 return NGX_CONF_ERROR; | |
246 } | |
247 | |
248 if (conf->certificate_key.len == 0) { | |
249 ngx_log_error(NGX_LOG_EMERG, cf->log, 0, | |
250 "no \"ssl_certificate_key\" is defined for " | |
251 "the \"%s\" directive in %s:%ui", | |
252 mode, conf->file, conf->line); | |
253 return NGX_CONF_ERROR; | |
254 } | |
255 | |
256 } else { | |
257 | |
258 if (conf->certificate.len == 0) { | |
259 return NGX_CONF_OK; | |
260 } | |
261 | |
262 if (conf->certificate_key.len == 0) { | |
263 ngx_log_error(NGX_LOG_EMERG, cf->log, 0, | |
264 "no \"ssl_certificate_key\" is defined " | |
265 "for certificate \"%V\"", | |
266 &conf->certificate); | |
267 return NGX_CONF_ERROR; | |
268 } | |
269 } | |
270 | |
969 | 271 if (ngx_ssl_create(&conf->ssl, conf->protocols, NULL) != NGX_OK) { |
539 | 272 return NGX_CONF_ERROR; |
273 } | |
274 | |
563 | 275 cln = ngx_pool_cleanup_add(cf->pool, 0); |
276 if (cln == NULL) { | |
539 | 277 return NGX_CONF_ERROR; |
278 } | |
279 | |
563 | 280 cln->handler = ngx_ssl_cleanup_ctx; |
281 cln->data = &conf->ssl; | |
282 | |
283 if (ngx_ssl_certificate(cf, &conf->ssl, &conf->certificate, | |
284 &conf->certificate_key) | |
285 != NGX_OK) | |
547 | 286 { |
287 return NGX_CONF_ERROR; | |
288 } | |
539 | 289 |
290 if (conf->ciphers.len) { | |
547 | 291 if (SSL_CTX_set_cipher_list(conf->ssl.ctx, |
563 | 292 (const char *) conf->ciphers.data) |
293 == 0) | |
539 | 294 { |
295 ngx_ssl_error(NGX_LOG_EMERG, cf->log, 0, | |
296 "SSL_CTX_set_cipher_list(\"%V\") failed", | |
297 &conf->ciphers); | |
298 } | |
299 } | |
300 | |
563 | 301 if (conf->prefer_server_ciphers) { |
302 SSL_CTX_set_options(conf->ssl.ctx, SSL_OP_CIPHER_SERVER_PREFERENCE); | |
303 } | |
304 | |
3959
b1f48fa31e6c
MSIE export versions are rare now, so RSA 512 key is generated on demand
Igor Sysoev <igor@sysoev.ru>
parents:
3938
diff
changeset
|
305 SSL_CTX_set_tmp_rsa_callback(conf->ssl.ctx, ngx_ssl_rsa512_key_callback); |
539 | 306 |
2044 | 307 if (ngx_ssl_dhparam(cf, &conf->ssl, &conf->dhparam) != NGX_OK) { |
308 return NGX_CONF_ERROR; | |
309 } | |
310 | |
976 | 311 ngx_conf_merge_value(conf->builtin_session_cache, |
2032 | 312 prev->builtin_session_cache, NGX_SSL_NONE_SCACHE); |
976 | 313 |
314 if (conf->shm_zone == NULL) { | |
315 conf->shm_zone = prev->shm_zone; | |
316 } | |
539 | 317 |
1136 | 318 if (ngx_ssl_session_cache(&conf->ssl, &ngx_mail_ssl_sess_id_ctx, |
976 | 319 conf->builtin_session_cache, |
320 conf->shm_zone, conf->session_timeout) | |
321 != NGX_OK) | |
322 { | |
323 return NGX_CONF_ERROR; | |
324 } | |
573 | 325 |
539 | 326 return NGX_CONF_OK; |
327 } | |
563 | 328 |
577 | 329 |
976 | 330 static char * |
2224 | 331 ngx_mail_ssl_enable(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) |
332 { | |
333 ngx_mail_ssl_conf_t *scf = conf; | |
334 | |
335 char *rv; | |
336 | |
337 rv = ngx_conf_set_flag_slot(cf, cmd, conf); | |
338 | |
339 if (rv != NGX_CONF_OK) { | |
340 return rv; | |
341 } | |
342 | |
343 if (scf->enable && (ngx_int_t) scf->starttls > NGX_MAIL_STARTTLS_OFF) { | |
344 ngx_conf_log_error(NGX_LOG_WARN, cf, 0, | |
345 "\"starttls\" directive conflicts with \"ssl on\""); | |
346 return NGX_CONF_ERROR; | |
347 } | |
348 | |
349 scf->file = cf->conf_file->file.name.data; | |
350 scf->line = cf->conf_file->line; | |
351 | |
352 return NGX_CONF_OK; | |
353 } | |
354 | |
355 | |
356 static char * | |
357 ngx_mail_ssl_starttls(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) | |
358 { | |
359 ngx_mail_ssl_conf_t *scf = conf; | |
360 | |
361 char *rv; | |
362 | |
363 rv = ngx_conf_set_enum_slot(cf, cmd, conf); | |
364 | |
365 if (rv != NGX_CONF_OK) { | |
366 return rv; | |
367 } | |
368 | |
369 if (scf->enable == 1 && (ngx_int_t) scf->starttls > NGX_MAIL_STARTTLS_OFF) { | |
370 ngx_conf_log_error(NGX_LOG_WARN, cf, 0, | |
371 "\"ssl\" directive conflicts with \"starttls\""); | |
372 return NGX_CONF_ERROR; | |
373 } | |
374 | |
375 scf->file = cf->conf_file->file.name.data; | |
376 scf->line = cf->conf_file->line; | |
377 | |
378 return NGX_CONF_OK; | |
379 } | |
380 | |
381 | |
382 static char * | |
1136 | 383 ngx_mail_ssl_session_cache(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) |
976 | 384 { |
1136 | 385 ngx_mail_ssl_conf_t *scf = conf; |
976 | 386 |
387 size_t len; | |
388 ngx_str_t *value, name, size; | |
389 ngx_int_t n; | |
390 ngx_uint_t i, j; | |
391 | |
392 value = cf->args->elts; | |
393 | |
394 for (i = 1; i < cf->args->nelts; i++) { | |
395 | |
1778 | 396 if (ngx_strcmp(value[i].data, "off") == 0) { |
397 scf->builtin_session_cache = NGX_SSL_NO_SCACHE; | |
398 continue; | |
399 } | |
400 | |
2032 | 401 if (ngx_strcmp(value[i].data, "none") == 0) { |
402 scf->builtin_session_cache = NGX_SSL_NONE_SCACHE; | |
403 continue; | |
404 } | |
405 | |
976 | 406 if (ngx_strcmp(value[i].data, "builtin") == 0) { |
407 scf->builtin_session_cache = NGX_SSL_DFLT_BUILTIN_SCACHE; | |
408 continue; | |
409 } | |
410 | |
411 if (value[i].len > sizeof("builtin:") - 1 | |
412 && ngx_strncmp(value[i].data, "builtin:", sizeof("builtin:") - 1) | |
413 == 0) | |
414 { | |
415 n = ngx_atoi(value[i].data + sizeof("builtin:") - 1, | |
416 value[i].len - (sizeof("builtin:") - 1)); | |
417 | |
418 if (n == NGX_ERROR) { | |
419 goto invalid; | |
420 } | |
421 | |
422 scf->builtin_session_cache = n; | |
423 | |
424 continue; | |
425 } | |
426 | |
427 if (value[i].len > sizeof("shared:") - 1 | |
428 && ngx_strncmp(value[i].data, "shared:", sizeof("shared:") - 1) | |
429 == 0) | |
430 { | |
431 len = 0; | |
432 | |
433 for (j = sizeof("shared:") - 1; j < value[i].len; j++) { | |
434 if (value[i].data[j] == ':') { | |
435 break; | |
436 } | |
437 | |
438 len++; | |
439 } | |
440 | |
441 if (len == 0) { | |
442 goto invalid; | |
443 } | |
444 | |
445 name.len = len; | |
446 name.data = value[i].data + sizeof("shared:") - 1; | |
447 | |
448 size.len = value[i].len - j - 1; | |
449 size.data = name.data + len + 1; | |
450 | |
451 n = ngx_parse_size(&size); | |
452 | |
453 if (n == NGX_ERROR) { | |
454 goto invalid; | |
455 } | |
456 | |
457 if (n < (ngx_int_t) (8 * ngx_pagesize)) { | |
458 ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, | |
459 "session cache \"%V\" is too small", | |
460 &value[i]); | |
461 | |
462 return NGX_CONF_ERROR; | |
463 } | |
464 | |
465 scf->shm_zone = ngx_shared_memory_add(cf, &name, n, | |
1136 | 466 &ngx_mail_ssl_module); |
976 | 467 if (scf->shm_zone == NULL) { |
468 return NGX_CONF_ERROR; | |
469 } | |
470 | |
4153
7de74ed694c8
Fix for "ssl_session_cache builtin" (broken since 1.1.1, r3993).
Maxim Dounin <mdounin@mdounin.ru>
parents:
3992
diff
changeset
|
471 scf->shm_zone->init = ngx_ssl_session_cache_init; |
7de74ed694c8
Fix for "ssl_session_cache builtin" (broken since 1.1.1, r3993).
Maxim Dounin <mdounin@mdounin.ru>
parents:
3992
diff
changeset
|
472 |
976 | 473 continue; |
474 } | |
475 | |
476 goto invalid; | |
477 } | |
478 | |
479 if (scf->shm_zone && scf->builtin_session_cache == NGX_CONF_UNSET) { | |
480 scf->builtin_session_cache = NGX_SSL_NO_BUILTIN_SCACHE; | |
481 } | |
482 | |
483 return NGX_CONF_OK; | |
484 | |
485 invalid: | |
486 | |
487 ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, | |
488 "invalid session cache \"%V\"", &value[i]); | |
489 | |
490 return NGX_CONF_ERROR; | |
491 } |