Mercurial > hg > nginx-quic
comparison src/event/ngx_event_openssl.c @ 8750:3443c02ca1d1
SSL: $ssl_curve (ticket #2135).
The variable contains a negotiated curve used for the handshake key
exchange process. Known curves are listed by their names, unknown
ones are shown in hex.
Note that for resumed sessions in TLSv1.2 and older protocols,
$ssl_curve contains the curve used during the initial handshake,
while in TLSv1.3 it contains the curve used during the session
resumption (see the SSL_get_negotiated_group manual page for
details).
The variable is only meaningful when using OpenSSL 3.0 and above.
With older versions the variable is empty.
author | Sergey Kandaurov <pluknet@nginx.com> |
---|---|
date | Mon, 01 Nov 2021 18:09:34 +0300 |
parents | 65946a191197 |
children | 5c86189a1c1b f1fcb0fe6975 |
comparison
equal
deleted
inserted
replaced
8749:284f03d6f154 | 8750:3443c02ca1d1 |
---|---|
4732 return NGX_OK; | 4732 return NGX_OK; |
4733 } | 4733 } |
4734 | 4734 |
4735 | 4735 |
4736 ngx_int_t | 4736 ngx_int_t |
4737 ngx_ssl_get_curve(ngx_connection_t *c, ngx_pool_t *pool, ngx_str_t *s) | |
4738 { | |
4739 #ifdef SSL_get_negotiated_group | |
4740 | |
4741 int nid; | |
4742 | |
4743 nid = SSL_get_negotiated_group(c->ssl->connection); | |
4744 | |
4745 if (nid != NID_undef) { | |
4746 | |
4747 if ((nid & TLSEXT_nid_unknown) == 0) { | |
4748 s->len = ngx_strlen(OBJ_nid2sn(nid)); | |
4749 s->data = (u_char *) OBJ_nid2sn(nid); | |
4750 return NGX_OK; | |
4751 } | |
4752 | |
4753 s->len = sizeof("0x0000") - 1; | |
4754 | |
4755 s->data = ngx_pnalloc(pool, s->len); | |
4756 if (s->data == NULL) { | |
4757 return NGX_ERROR; | |
4758 } | |
4759 | |
4760 ngx_sprintf(s->data, "0x%04xd", nid & 0xffff); | |
4761 | |
4762 return NGX_OK; | |
4763 } | |
4764 | |
4765 #endif | |
4766 | |
4767 s->len = 0; | |
4768 return NGX_OK; | |
4769 } | |
4770 | |
4771 | |
4772 ngx_int_t | |
4737 ngx_ssl_get_curves(ngx_connection_t *c, ngx_pool_t *pool, ngx_str_t *s) | 4773 ngx_ssl_get_curves(ngx_connection_t *c, ngx_pool_t *pool, ngx_str_t *s) |
4738 { | 4774 { |
4739 #ifdef SSL_CTRL_GET_CURVES | 4775 #ifdef SSL_CTRL_GET_CURVES |
4740 | 4776 |
4741 int *curves, n, i, nid; | 4777 int *curves, n, i, nid; |