Mercurial > hg > nginx-quic
comparison src/event/ngx_event_openssl.c @ 3959:b1f48fa31e6c
MSIE export versions are rare now, so RSA 512 key is generated on demand
and is shared among all hosts instead of pregenerating for every HTTPS host
on configuraiton phase. This decreases start time for configuration with
large number of HTTPS hosts.
| author | Igor Sysoev <igor@sysoev.ru> |
|---|---|
| date | Wed, 20 Jul 2011 12:59:24 +0000 |
| parents | 033015e01eec |
| children | 0832a6997227 |
comparison
equal
deleted
inserted
replaced
| 3958:9223a0753e36 | 3959:b1f48fa31e6c |
|---|---|
| 369 } | 369 } |
| 370 } | 370 } |
| 371 } | 371 } |
| 372 | 372 |
| 373 | 373 |
| 374 ngx_int_t | 374 RSA * |
| 375 ngx_ssl_generate_rsa512_key(ngx_ssl_t *ssl) | 375 ngx_ssl_rsa512_key_callback(SSL *ssl, int is_export, int key_length) |
| 376 { | 376 { |
| 377 RSA *key; | 377 static RSA *key; |
| 378 | 378 |
| 379 if (SSL_CTX_need_tmp_RSA(ssl->ctx) == 0) { | 379 if (key_length == 512) { |
| 380 return NGX_OK; | 380 if (key == NULL) { |
| 381 } | 381 key = RSA_generate_key(512, RSA_F4, NULL, NULL); |
| 382 | 382 } |
| 383 key = RSA_generate_key(512, RSA_F4, NULL, NULL); | 383 } |
| 384 | 384 |
| 385 if (key) { | 385 return key; |
| 386 SSL_CTX_set_tmp_rsa(ssl->ctx, key); | |
| 387 | |
| 388 RSA_free(key); | |
| 389 | |
| 390 return NGX_OK; | |
| 391 } | |
| 392 | |
| 393 ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0, "RSA_generate_key(512) failed"); | |
| 394 | |
| 395 return NGX_ERROR; | |
| 396 } | 386 } |
| 397 | 387 |
| 398 | 388 |
| 399 ngx_int_t | 389 ngx_int_t |
| 400 ngx_ssl_dhparam(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *file) | 390 ngx_ssl_dhparam(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *file) |