Mercurial > hg > nginx-quic

comparison src/http/ngx_http_request.c @ 7462:be2af41d3620

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
SSL: variables support in ssl_certificate and ssl_certificate_key. To evaluate variables, a request is created in the certificate callback, and then freed. To do this without side effects on the stub_status counters and connection state, an additional function was introduced, ngx_http_alloc_request(). Only works with OpenSSL 1.0.2+, since there is no SSL_CTX_set_cert_cb() in older versions.
author Maxim Dounin <mdounin@mdounin.ru>
date Mon, 25 Feb 2019 16:42:05 +0300
parents 0f0c75caa038
children 180df83473a4
comparison
equal deleted inserted replaced
7461:a68799465b19 7462:be2af41d3620
9 #include <ngx_core.h> 9 #include <ngx_core.h>
10 #include <ngx_http.h> 10 #include <ngx_http.h>
11 11
12 12
13 static void ngx_http_wait_request_handler(ngx_event_t *ev); 13 static void ngx_http_wait_request_handler(ngx_event_t *ev);
14 static ngx_http_request_t *ngx_http_alloc_request(ngx_connection_t *c);
14 static void ngx_http_process_request_line(ngx_event_t *rev); 15 static void ngx_http_process_request_line(ngx_event_t *rev);
15 static void ngx_http_process_request_headers(ngx_event_t *rev); 16 static void ngx_http_process_request_headers(ngx_event_t *rev);
16 static ssize_t ngx_http_read_request_header(ngx_http_request_t *r); 17 static ssize_t ngx_http_read_request_header(ngx_http_request_t *r);
17 static ngx_int_t ngx_http_alloc_large_header_buffer(ngx_http_request_t *r, 18 static ngx_int_t ngx_http_alloc_large_header_buffer(ngx_http_request_t *r,
18 ngx_uint_t request_line); 19 ngx_uint_t request_line);
501 502
502 503
503 ngx_http_request_t * 504 ngx_http_request_t *
504 ngx_http_create_request(ngx_connection_t *c) 505 ngx_http_create_request(ngx_connection_t *c)
505 { 506 {
507 ngx_http_request_t *r;
508 ngx_http_log_ctx_t *ctx;
509 ngx_http_core_loc_conf_t *clcf;
510
511 r = ngx_http_alloc_request(c);
512 if (r == NULL) {
513 return NULL;
514 }
515
516 c->requests++;
517
518 clcf = ngx_http_get_module_loc_conf(r, ngx_http_core_module);
519
520 ngx_set_connection_log(c, clcf->error_log);
521
522 ctx = c->log->data;
523 ctx->request = r;
524 ctx->current_request = r;
525
526 #if (NGX_STAT_STUB)
527 (void) ngx_atomic_fetch_add(ngx_stat_reading, 1);
528 r->stat_reading = 1;
529 (void) ngx_atomic_fetch_add(ngx_stat_requests, 1);
530 #endif
531
532 return r;
533 }
534
535
536 static ngx_http_request_t *
537 ngx_http_alloc_request(ngx_connection_t *c)
538 {
506 ngx_pool_t *pool; 539 ngx_pool_t *pool;
507 ngx_time_t *tp; 540 ngx_time_t *tp;
508 ngx_http_request_t *r; 541 ngx_http_request_t *r;
509 ngx_http_log_ctx_t *ctx;
510 ngx_http_connection_t *hc; 542 ngx_http_connection_t *hc;
511 ngx_http_core_srv_conf_t *cscf; 543 ngx_http_core_srv_conf_t *cscf;
512 ngx_http_core_loc_conf_t *clcf;
513 ngx_http_core_main_conf_t *cmcf; 544 ngx_http_core_main_conf_t *cmcf;
514
515 c->requests++;
516 545
517 hc = c->data; 546 hc = c->data;
518 547
519 cscf = ngx_http_get_module_srv_conf(hc->conf_ctx, ngx_http_core_module); 548 cscf = ngx_http_get_module_srv_conf(hc->conf_ctx, ngx_http_core_module);
520 549
538 r->main_conf = hc->conf_ctx->main_conf; 567 r->main_conf = hc->conf_ctx->main_conf;
539 r->srv_conf = hc->conf_ctx->srv_conf; 568 r->srv_conf = hc->conf_ctx->srv_conf;
540 r->loc_conf = hc->conf_ctx->loc_conf; 569 r->loc_conf = hc->conf_ctx->loc_conf;
541 570
542 r->read_event_handler = ngx_http_block_reading; 571 r->read_event_handler = ngx_http_block_reading;
543
544 clcf = ngx_http_get_module_loc_conf(r, ngx_http_core_module);
545
546 ngx_set_connection_log(r->connection, clcf->error_log);
547 572
548 r->header_in = hc->busy ? hc->busy->buf : c->buffer; 573 r->header_in = hc->busy ? hc->busy->buf : c->buffer;
549 574
550 if (ngx_list_init(&r->headers_out.headers, r->pool, 20, 575 if (ngx_list_init(&r->headers_out.headers, r->pool, 20,
551 sizeof(ngx_table_elt_t)) 576 sizeof(ngx_table_elt_t))
602 r->uri_changes = NGX_HTTP_MAX_URI_CHANGES + 1; 627 r->uri_changes = NGX_HTTP_MAX_URI_CHANGES + 1;
603 r->subrequests = NGX_HTTP_MAX_SUBREQUESTS + 1; 628 r->subrequests = NGX_HTTP_MAX_SUBREQUESTS + 1;
604 629
605 r->http_state = NGX_HTTP_READING_REQUEST_STATE; 630 r->http_state = NGX_HTTP_READING_REQUEST_STATE;
606 631
607 ctx = c->log->data;
608 ctx->request = r;
609 ctx->current_request = r;
610 r->log_handler = ngx_http_log_error_handler; 632 r->log_handler = ngx_http_log_error_handler;
611
612 #if (NGX_STAT_STUB)
613 (void) ngx_atomic_fetch_add(ngx_stat_reading, 1);
614 r->stat_reading = 1;
615 (void) ngx_atomic_fetch_add(ngx_stat_requests, 1);
616 #endif
617 633
618 return r; 634 return r;
619 } 635 }
620 636
621 637
925 SSL_set_options(ssl_conn, SSL_OP_NO_RENEGOTIATION); 941 SSL_set_options(ssl_conn, SSL_OP_NO_RENEGOTIATION);
926 #endif 942 #endif
927 } 943 }
928 944
929 return SSL_TLSEXT_ERR_OK; 945 return SSL_TLSEXT_ERR_OK;
946 }
947
948 #endif
949
950
951 #ifdef SSL_R_CERT_CB_ERROR
952
953 int
954 ngx_http_ssl_certificate(ngx_ssl_conn_t *ssl_conn, void *arg)
955 {
956 ngx_str_t cert, key;
957 ngx_uint_t i, nelts;
958 ngx_connection_t *c;
959 ngx_http_request_t *r;
960 ngx_http_ssl_srv_conf_t *sscf;
961 ngx_http_complex_value_t *certs, *keys;
962
963 c = ngx_ssl_get_connection(ssl_conn);
964
965 if (c->ssl->handshaked) {
966 return 0;
967 }
968
969 r = ngx_http_alloc_request(c);
970 if (r == NULL) {
971 return 0;
972 }
973
974 r->logged = 1;
975
976 sscf = ngx_http_get_module_srv_conf(r, ngx_http_ssl_module);
977
978 nelts = sscf->certificate_values->nelts;
979 certs = sscf->certificate_values->elts;
980 keys = sscf->certificate_key_values->elts;
981
982 for (i = 0; i < nelts; i++) {
983
984 if (ngx_http_complex_value(r, &certs[i], &cert) != NGX_OK) {
985 goto failed;
986 }
987
988 ngx_log_debug1(NGX_LOG_DEBUG_HTTP, c->log, 0,
989 "ssl cert: \"%s\"", cert.data);
990
991 if (ngx_http_complex_value(r, &keys[i], &key) != NGX_OK) {
992 goto failed;
993 }
994
995 ngx_log_debug1(NGX_LOG_DEBUG_HTTP, c->log, 0,
996 "ssl key: \"%s\"", key.data);
997
998 if (ngx_ssl_connection_certificate(c, r->pool, &cert, &key, NULL)
999 != NGX_OK)
1000 {
1001 goto failed;
1002 }
1003 }
1004
1005 ngx_http_free_request(r, 0);
1006 c->destroyed = 0;
1007 return 1;
1008
1009 failed:
1010
1011 ngx_http_free_request(r, 0);
1012 c->destroyed = 0;
1013 return 0;
930 } 1014 }
931 1015
932 #endif 1016 #endif
933 1017
934 #endif 1018 #endif
3512 3596
3513 if (rc > 0 && (r->headers_out.status == 0 || r->connection->sent == 0)) { 3597 if (rc > 0 && (r->headers_out.status == 0 || r->connection->sent == 0)) {
3514 r->headers_out.status = rc; 3598 r->headers_out.status = rc;
3515 } 3599 }
3516 3600
3517 log->action = "logging request"; 3601 if (!r->logged) {
3518 3602 log->action = "logging request";
3519 ngx_http_log_request(r); 3603
3604 ngx_http_log_request(r);
3605 }
3520 3606
3521 log->action = "closing request"; 3607 log->action = "closing request";
3522 3608
3523 if (r->connection->timedout) { 3609 if (r->connection->timedout) {
3524 clcf = ngx_http_get_module_loc_conf(r, ngx_http_core_module); 3610 clcf = ngx_http_get_module_loc_conf(r, ngx_http_core_module);