Mercurial > hg > nginx-quic
comparison src/event/ngx_event_openssl.c @ 2650:117442ab7c47 stable-0.6
r2505 merge:
load SSL engine before certificates,
otherwise RSA keys will use built-in RSA methods
author | Igor Sysoev <igor@sysoev.ru> |
---|---|
date | Wed, 01 Apr 2009 16:32:47 +0000 |
parents | be8c6159590b |
children |
comparison
equal
deleted
inserted
replaced
2649:0434fd856a2f | 2650:117442ab7c47 |
---|---|
8 #include <ngx_core.h> | 8 #include <ngx_core.h> |
9 #include <ngx_event.h> | 9 #include <ngx_event.h> |
10 | 10 |
11 | 11 |
12 typedef struct { | 12 typedef struct { |
13 ngx_str_t engine; | 13 ngx_uint_t engine; /* unsigned engine:1; */ |
14 } ngx_openssl_conf_t; | 14 } ngx_openssl_conf_t; |
15 | 15 |
16 | 16 |
17 static int ngx_http_ssl_verify_callback(int ok, X509_STORE_CTX *x509_store); | 17 static int ngx_http_ssl_verify_callback(int ok, X509_STORE_CTX *x509_store); |
18 static void ngx_ssl_handshake_handler(ngx_event_t *ev); | 18 static void ngx_ssl_handshake_handler(ngx_event_t *ev); |
35 ngx_slab_pool_t *shpool, ngx_uint_t n); | 35 ngx_slab_pool_t *shpool, ngx_uint_t n); |
36 static void ngx_ssl_session_rbtree_insert_value(ngx_rbtree_node_t *temp, | 36 static void ngx_ssl_session_rbtree_insert_value(ngx_rbtree_node_t *temp, |
37 ngx_rbtree_node_t *node, ngx_rbtree_node_t *sentinel); | 37 ngx_rbtree_node_t *node, ngx_rbtree_node_t *sentinel); |
38 | 38 |
39 static void *ngx_openssl_create_conf(ngx_cycle_t *cycle); | 39 static void *ngx_openssl_create_conf(ngx_cycle_t *cycle); |
40 static char *ngx_openssl_init_conf(ngx_cycle_t *cycle, void *conf); | 40 static char *ngx_openssl_engine(ngx_conf_t *cf, ngx_command_t *cmd, void *conf); |
41 static void ngx_openssl_exit(ngx_cycle_t *cycle); | 41 static void ngx_openssl_exit(ngx_cycle_t *cycle); |
42 | |
43 #if !(NGX_SSL_ENGINE) | |
44 static char *ngx_openssl_noengine(ngx_conf_t *cf, ngx_command_t *cmd, | |
45 void *conf); | |
46 #endif | |
47 | 42 |
48 | 43 |
49 static ngx_command_t ngx_openssl_commands[] = { | 44 static ngx_command_t ngx_openssl_commands[] = { |
50 | 45 |
51 { ngx_string("ssl_engine"), | 46 { ngx_string("ssl_engine"), |
52 NGX_MAIN_CONF|NGX_DIRECT_CONF|NGX_CONF_TAKE1, | 47 NGX_MAIN_CONF|NGX_DIRECT_CONF|NGX_CONF_TAKE1, |
53 #if (NGX_SSL_ENGINE) | 48 ngx_openssl_engine, |
54 ngx_conf_set_str_slot, | |
55 #else | |
56 ngx_openssl_noengine, | |
57 #endif | |
58 0, | 49 0, |
59 offsetof(ngx_openssl_conf_t, engine), | 50 0, |
60 NULL }, | 51 NULL }, |
61 | 52 |
62 ngx_null_command | 53 ngx_null_command |
63 }; | 54 }; |
64 | 55 |
65 | 56 |
66 static ngx_core_module_t ngx_openssl_module_ctx = { | 57 static ngx_core_module_t ngx_openssl_module_ctx = { |
67 ngx_string("openssl"), | 58 ngx_string("openssl"), |
68 ngx_openssl_create_conf, | 59 ngx_openssl_create_conf, |
69 ngx_openssl_init_conf | 60 NULL |
70 }; | 61 }; |
71 | 62 |
72 | 63 |
73 ngx_module_t ngx_openssl_module = { | 64 ngx_module_t ngx_openssl_module = { |
74 NGX_MODULE_V1, | 65 NGX_MODULE_V1, |
1919 } | 1910 } |
1920 | 1911 |
1921 /* | 1912 /* |
1922 * set by ngx_pcalloc(): | 1913 * set by ngx_pcalloc(): |
1923 * | 1914 * |
1924 * oscf->engine.len = 0; | 1915 * oscf->engine = 0; |
1925 * oscf->engine.data = NULL; | |
1926 */ | 1916 */ |
1927 | 1917 |
1928 return oscf; | 1918 return oscf; |
1929 } | 1919 } |
1930 | 1920 |
1931 | 1921 |
1932 static char * | 1922 static char * |
1933 ngx_openssl_init_conf(ngx_cycle_t *cycle, void *conf) | 1923 ngx_openssl_engine(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) |
1934 { | 1924 { |
1935 #if (NGX_SSL_ENGINE) | 1925 #if (NGX_SSL_ENGINE) |
1936 ngx_openssl_conf_t *oscf = conf; | 1926 ngx_openssl_conf_t *oscf = conf; |
1937 | 1927 |
1938 ENGINE *engine; | 1928 ENGINE *engine; |
1939 | 1929 ngx_str_t *value; |
1940 if (oscf->engine.len == 0) { | 1930 |
1941 return NGX_CONF_OK; | 1931 if (oscf->engine) { |
1942 } | 1932 return "is duplicate"; |
1943 | 1933 } |
1944 engine = ENGINE_by_id((const char *) oscf->engine.data); | 1934 |
1935 oscf->engine = 1; | |
1936 | |
1937 value = cf->args->elts; | |
1938 | |
1939 engine = ENGINE_by_id((const char *) value[1].data); | |
1945 | 1940 |
1946 if (engine == NULL) { | 1941 if (engine == NULL) { |
1947 ngx_ssl_error(NGX_LOG_WARN, cycle->log, 0, | 1942 ngx_ssl_error(NGX_LOG_WARN, cf->log, 0, |
1948 "ENGINE_by_id(\"%V\") failed", &oscf->engine); | 1943 "ENGINE_by_id(\"%V\") failed", &value[1]); |
1949 return NGX_CONF_ERROR; | 1944 return NGX_CONF_ERROR; |
1950 } | 1945 } |
1951 | 1946 |
1952 if (ENGINE_set_default(engine, ENGINE_METHOD_ALL) == 0) { | 1947 if (ENGINE_set_default(engine, ENGINE_METHOD_ALL) == 0) { |
1953 ngx_ssl_error(NGX_LOG_WARN, cycle->log, 0, | 1948 ngx_ssl_error(NGX_LOG_WARN, cf->log, 0, |
1954 "ENGINE_set_default(\"%V\", ENGINE_METHOD_ALL) failed", | 1949 "ENGINE_set_default(\"%V\", ENGINE_METHOD_ALL) failed", |
1955 &oscf->engine); | 1950 &value[1]); |
1951 | |
1952 ENGINE_free(engine); | |
1953 | |
1956 return NGX_CONF_ERROR; | 1954 return NGX_CONF_ERROR; |
1957 } | 1955 } |
1958 | 1956 |
1959 ENGINE_free(engine); | 1957 ENGINE_free(engine); |
1960 | 1958 |
1961 #endif | |
1962 | |
1963 return NGX_CONF_OK; | 1959 return NGX_CONF_OK; |
1964 } | 1960 |
1965 | 1961 #else |
1966 | 1962 |
1967 #if !(NGX_SSL_ENGINE) | |
1968 | |
1969 static char * | |
1970 ngx_openssl_noengine(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) | |
1971 { | |
1972 ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, | 1963 ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, |
1973 "\"ssl_engine\" directive is available only in " | 1964 "\"ssl_engine\" directive is available only in " |
1974 "OpenSSL 0.9.7 and higher,"); | 1965 "OpenSSL 0.9.7 and higher,"); |
1975 | 1966 |
1976 return NGX_CONF_ERROR; | 1967 return NGX_CONF_ERROR; |
1977 } | |
1978 | 1968 |
1979 #endif | 1969 #endif |
1970 } | |
1980 | 1971 |
1981 | 1972 |
1982 static void | 1973 static void |
1983 ngx_openssl_exit(ngx_cycle_t *cycle) | 1974 ngx_openssl_exit(ngx_cycle_t *cycle) |
1984 { | 1975 { |