Mercurial > hg > nginx-quic
comparison src/http/modules/ngx_http_ssl_filter.c @ 383:c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
author | Igor Sysoev <igor@sysoev.ru> |
---|---|
date | Thu, 08 Jul 2004 15:17:47 +0000 |
parents | |
children | e7054aaedf68 |
comparison
equal
deleted
inserted
replaced
382:449c4885dcd1 | 383:c05876036128 |
---|---|
1 | |
2 #include <ngx_config.h> | |
3 #include <ngx_core.h> | |
4 #include <ngx_http.h> | |
5 | |
6 #include <openssl/ssl.h> | |
7 #include <openssl/err.h> | |
8 | |
9 | |
10 #define NGX_DEFLAUT_CERTIFICATE "cert.pem" | |
11 #define NGX_DEFLAUT_CERTIFICATE_KEY "cert.pem" | |
12 | |
13 | |
14 typedef struct { | |
15 ngx_flag_t enable; | |
16 ngx_str_t certificate; | |
17 ngx_str_t certificate_key; | |
18 } ngx_http_ssl_srv_conf_t; | |
19 | |
20 | |
21 typedef struct { | |
22 SSL *ssl; | |
23 SSL_CTX *ssl_ctx; | |
24 | |
25 unsigned accepted; | |
26 } ngx_http_ssl_ctx_t; | |
27 | |
28 | |
29 static ngx_http_ssl_ctx_t *ngx_http_ssl_create_ctx(ngx_http_request_t *r); | |
30 static void ngx_http_ssl_error(ngx_uint_t level, ngx_log_t *log, int err, | |
31 char *fmt, ...); | |
32 static void *ngx_http_ssl_create_srv_conf(ngx_conf_t *cf); | |
33 static char *ngx_http_ssl_merge_srv_conf(ngx_conf_t *cf, | |
34 void *parent, void *child); | |
35 static ngx_int_t ngx_http_ssl_filter_init(ngx_cycle_t *cycle); | |
36 | |
37 | |
38 static ngx_command_t ngx_http_charset_filter_commands[] = { | |
39 | |
40 { ngx_string("ssl_"), | |
41 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_FLAG, | |
42 ngx_conf_set_flag_slot, | |
43 NGX_HTTP_SRV_CONF_OFFSET, | |
44 offsetof(ngx_http_ssl_srv_conf_t, enable), | |
45 NULL }, | |
46 | |
47 { ngx_string("ssl_certificate"), | |
48 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_TAKE1, | |
49 ngx_conf_set_str_slot, | |
50 NGX_HTTP_SRV_CONF_OFFSET, | |
51 offsetof(ngx_http_ssl_srv_conf_t, certificate), | |
52 NULL }, | |
53 | |
54 { ngx_string("ssl_certificate_key"), | |
55 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_TAKE1, | |
56 ngx_conf_set_str_slot, | |
57 NGX_HTTP_SRV_CONF_OFFSET, | |
58 offsetof(ngx_http_ssl_srv_conf_t, certificate_key), | |
59 NULL }, | |
60 | |
61 ngx_null_command | |
62 }; | |
63 | |
64 | |
65 static ngx_http_module_t ngx_http_ssl_filter_module_ctx = { | |
66 NULL, /* pre conf */ | |
67 | |
68 NULL, /* create main configuration */ | |
69 NULL, /* init main configuration */ | |
70 | |
71 ngx_http_ssl_create_srv_conf, /* create server configuration */ | |
72 ngx_http_ssl_merge_srv_conf, /* merge server configuration */ | |
73 | |
74 NULL, /* create location configuration */ | |
75 NULL, /* merge location configuration */ | |
76 }; | |
77 | |
78 | |
79 ngx_module_t ngx_http_ssl_filter_module = { | |
80 NGX_MODULE, | |
81 &ngx_http_ssl_filter_module_ctx, /* module context */ | |
82 NULL, /* module directives */ | |
83 NGX_HTTP_MODULE, /* module type */ | |
84 ngx_http_ssl_filter_init, /* init module */ | |
85 NULL /* init process */ | |
86 }; | |
87 | |
88 | |
89 ngx_int_t ngx_http_ssl_read(ngx_http_request_t *r) | |
90 { | |
91 int rc; | |
92 ngx_http_ssl_ctx_t *ctx; | |
93 | |
94 ctx = ngx_http_get_module_ctx(r, ngx_http_ssl_filter_module); | |
95 | |
96 if (ctx == NULL) { | |
97 ctx = ngx_http_ssl_create_ctx(r); | |
98 | |
99 if (ctx == NULL) { | |
100 return NGX_HTTP_INTERNAL_SERVER_ERROR; | |
101 } | |
102 } | |
103 | |
104 if (!ctx->accepted) { | |
105 rc = SSL_accept(ctx->ssl); | |
106 | |
107 if (rc != 1) { | |
108 rc = SSL_get_error(ctx->ssl, rc); | |
109 | |
110 if (rc == SSL_ERROR_WANT_READ || rc == SSL_ERROR_WANT_WRITE) { | |
111 return NGX_AGAIN; | |
112 } | |
113 | |
114 ngx_http_ssl_error(NGX_LOG_ALERT, r->connection->log, rc, | |
115 "SSL_accept() failed"); | |
116 return NGX_ERROR; | |
117 } | |
118 | |
119 ctx->accepted = 1; | |
120 } | |
121 | |
122 return NGX_OK; | |
123 } | |
124 | |
125 | |
126 static ngx_http_ssl_ctx_t *ngx_http_ssl_create_ctx(ngx_http_request_t *r) | |
127 { | |
128 ngx_http_ssl_ctx_t *ctx; | |
129 ngx_http_ssl_srv_conf_t *scf; | |
130 | |
131 ngx_http_create_ctx(r, ctx, ngx_http_ssl_filter_module, | |
132 sizeof(ngx_http_ssl_ctx_t), NULL); | |
133 | |
134 /* TODO: configure methods */ | |
135 ctx->ssl_ctx = SSL_CTX_new(SSLv23_server_method()); | |
136 | |
137 if (ctx->ssl_ctx == NULL) { | |
138 ngx_http_ssl_error(NGX_LOG_ALERT, r->connection->log, 0, | |
139 "SSL_CTX_new() failed"); | |
140 return NULL; | |
141 } | |
142 | |
143 scf = ngx_http_get_module_srv_conf(r, ngx_http_ssl_filter_module); | |
144 | |
145 if (SSL_CTX_use_certificate_file(ctx->ssl_ctx, scf->certificate.data, | |
146 SSL_FILETYPE_PEM) == 0) { | |
147 ngx_http_ssl_error(NGX_LOG_ALERT, r->connection->log, 0, | |
148 "SSL_CTX_use_certificate_file() failed"); | |
149 return NULL; | |
150 } | |
151 | |
152 if (SSL_CTX_use_PrivateKey_file(ctx->ssl_ctx, scf->certificate_key.data, | |
153 SSL_FILETYPE_PEM) == 0) { | |
154 ngx_http_ssl_error(NGX_LOG_ALERT, r->connection->log, 0, | |
155 "SSL_CTX_use_PrivateKey_file() failed"); | |
156 return NULL; | |
157 } | |
158 | |
159 ctx->ssl = SSL_new(ctx->ssl_ctx); | |
160 | |
161 if (ctx->ssl == NULL) { | |
162 ngx_http_ssl_error(NGX_LOG_ALERT, r->connection->log, 0, | |
163 "SSL_new() failed"); | |
164 return NULL; | |
165 } | |
166 | |
167 if (SSL_set_fd(ctx->ssl, r->connection->fd) == 0) { | |
168 ngx_http_ssl_error(NGX_LOG_ALERT, r->connection->log, 0, | |
169 "SSL_set_fd() failed"); | |
170 return NULL; | |
171 } | |
172 | |
173 return ctx; | |
174 } | |
175 | |
176 | |
177 static void ngx_http_ssl_error(ngx_uint_t level, ngx_log_t *log, int err, | |
178 char *fmt, ...) | |
179 { | |
180 int len; | |
181 char errstr[NGX_MAX_CONF_ERRSTR]; | |
182 va_list args; | |
183 | |
184 va_start(args, fmt); | |
185 len = ngx_vsnprintf(errstr, sizeof(errstr) - 1, fmt, args); | |
186 va_end(args); | |
187 | |
188 errstr[len++] = ' '; | |
189 errstr[len++] = '('; | |
190 errstr[len++] = 'S'; | |
191 errstr[len++] = 'S'; | |
192 errstr[len++] = 'L'; | |
193 errstr[len++] = ':'; | |
194 errstr[len++] = ' '; | |
195 | |
196 ERR_error_string_n(ERR_get_error(), errstr + len, sizeof(errstr) - len - 1); | |
197 | |
198 ngx_log_error(level, log, 0, "%s)", errstr); | |
199 } | |
200 | |
201 | |
202 static void *ngx_http_ssl_create_srv_conf(ngx_conf_t *cf) | |
203 { | |
204 ngx_http_ssl_srv_conf_t *scf; | |
205 | |
206 if (!(scf = ngx_pcalloc(cf->pool, sizeof(ngx_http_ssl_srv_conf_t)))) { | |
207 return NGX_CONF_ERROR; | |
208 } | |
209 | |
210 scf->enable = NGX_CONF_UNSET; | |
211 | |
212 return scf; | |
213 } | |
214 | |
215 | |
216 static char *ngx_http_ssl_merge_srv_conf(ngx_conf_t *cf, | |
217 void *parent, void *child) | |
218 { | |
219 ngx_http_ssl_srv_conf_t *prev = parent; | |
220 ngx_http_ssl_srv_conf_t *conf = child; | |
221 | |
222 ngx_conf_merge_value(conf->enable, prev->enable, 0); | |
223 | |
224 ngx_conf_merge_str_value(conf->certificate, prev->certificate, | |
225 NGX_DEFLAUT_CERTIFICATE); | |
226 | |
227 ngx_conf_merge_str_value(conf->certificate_key, prev->certificate_key, | |
228 NGX_DEFLAUT_CERTIFICATE_KEY); | |
229 | |
230 return NGX_CONF_OK; | |
231 } | |
232 | |
233 | |
234 static ngx_int_t ngx_http_ssl_filter_init(ngx_cycle_t *cycle) | |
235 { | |
236 SSL_library_init(); | |
237 SSL_load_error_strings(); | |
238 | |
239 #if 0 | |
240 ngx_http_next_header_filter = ngx_http_top_header_filter; | |
241 ngx_http_top_header_filter = ngx_http_ssl_header_filter; | |
242 | |
243 ngx_http_next_body_filter = ngx_http_top_body_filter; | |
244 ngx_http_top_body_filter = ngx_http_ssl_body_filter; | |
245 #endif | |
246 | |
247 return NGX_OK; | |
248 } |