Mercurial > hg > nginx-quic
comparison src/http/modules/ngx_http_ssl_filter.c @ 394:e7a68e14ccd3
nginx-0.0.7-2004-07-16-10:33:35 import
author | Igor Sysoev <igor@sysoev.ru> |
---|---|
date | Fri, 16 Jul 2004 06:33:35 +0000 |
parents | 5659d773cfa8 |
children |
comparison
equal
deleted
inserted
replaced
393:5659d773cfa8 | 394:e7a68e14ccd3 |
---|---|
1 | 1 |
2 #include <ngx_config.h> | 2 #include <ngx_config.h> |
3 #include <ngx_core.h> | 3 #include <ngx_core.h> |
4 #include <ngx_http.h> | 4 #include <ngx_http.h> |
5 | |
6 /* STUB */ | |
7 #define NGX_SSL_ERROR -11 | |
8 | 5 |
9 | 6 |
10 #define NGX_DEFLAUT_CERTIFICATE "cert.pem" | 7 #define NGX_DEFLAUT_CERTIFICATE "cert.pem" |
11 #define NGX_DEFLAUT_CERTIFICATE_KEY "cert.pem" | 8 #define NGX_DEFLAUT_CERTIFICATE_KEY "cert.pem" |
12 | 9 |
13 | 10 |
14 static ngx_int_t ngx_http_ssl_create_ssl(ngx_http_request_t *r); | |
15 static void ngx_http_ssl_error(ngx_uint_t level, ngx_log_t *log, int err, | |
16 char *fmt, ...); | |
17 static void *ngx_http_ssl_create_srv_conf(ngx_conf_t *cf); | 11 static void *ngx_http_ssl_create_srv_conf(ngx_conf_t *cf); |
18 static char *ngx_http_ssl_merge_srv_conf(ngx_conf_t *cf, | 12 static char *ngx_http_ssl_merge_srv_conf(ngx_conf_t *cf, |
19 void *parent, void *child); | 13 void *parent, void *child); |
20 static ngx_int_t ngx_http_ssl_init_process(ngx_cycle_t *cycle); | 14 static ngx_int_t ngx_http_ssl_init_process(ngx_cycle_t *cycle); |
21 | 15 |
69 NULL, /* init module */ | 63 NULL, /* init module */ |
70 ngx_http_ssl_init_process /* init process */ | 64 ngx_http_ssl_init_process /* init process */ |
71 }; | 65 }; |
72 | 66 |
73 | 67 |
74 ngx_int_t ngx_http_ssl_read(ngx_http_request_t *r, u_char *buf, size_t size) | |
75 { | |
76 int n; | |
77 SSL *ssl; | |
78 ngx_http_log_ctx_t *log_ctx; | |
79 | |
80 if (r->connection->ssl == NULL) { | |
81 if (ngx_http_ssl_create_ssl(r) == NGX_ERROR) { | |
82 return NGX_HTTP_INTERNAL_SERVER_ERROR; | |
83 } | |
84 } | |
85 | |
86 ssl = r->connection->ssl; | |
87 | |
88 n = SSL_read(ssl, buf, size); | |
89 | |
90 ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, | |
91 "SSL_read: %d", n); | |
92 | |
93 if (n > 0) { | |
94 return n; | |
95 } | |
96 | |
97 n = SSL_get_error(ssl, n); | |
98 | |
99 ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, | |
100 "SSL_get_error: %d", n); | |
101 | |
102 if (n == SSL_ERROR_WANT_READ) { | |
103 return NGX_AGAIN; | |
104 } | |
105 | |
106 #if 0 | |
107 if (n == SSL_ERROR_WANT_WRITE) { | |
108 return NGX_AGAIN; | |
109 } | |
110 #endif | |
111 | |
112 if (!SSL_is_init_finished(ssl)) { | |
113 log_ctx = (ngx_http_log_ctx_t *) r->connection->log->data; | |
114 log_ctx->action = "SSL handshake"; | |
115 } | |
116 | |
117 if (n == SSL_ERROR_ZERO_RETURN) { | |
118 ngx_log_error(NGX_LOG_INFO, r->connection->log, 0, | |
119 "client closed connection"); | |
120 | |
121 SSL_set_shutdown(ssl, SSL_RECEIVED_SHUTDOWN); | |
122 | |
123 return NGX_SSL_ERROR; | |
124 } | |
125 | |
126 if (ERR_GET_REASON(ERR_peek_error()) == SSL_R_HTTP_REQUEST) { | |
127 ngx_log_error(NGX_LOG_ERR, r->connection->log, 0, | |
128 "client sent plain HTTP request to HTTPS port"); | |
129 | |
130 SSL_set_shutdown(ssl, SSL_RECEIVED_SHUTDOWN|SSL_SENT_SHUTDOWN); | |
131 | |
132 return NGX_SSL_HTTP_ERROR; | |
133 } | |
134 | |
135 ngx_http_ssl_error(NGX_LOG_ALERT, r->connection->log, n, | |
136 "SSL_read() failed"); | |
137 | |
138 SSL_set_shutdown(ssl, SSL_RECEIVED_SHUTDOWN); | |
139 | |
140 return NGX_SSL_ERROR; | |
141 } | |
142 | |
143 | |
144 ngx_chain_t *ngx_http_ssl_write(ngx_connection_t *c, ngx_chain_t *in, | |
145 off_t limit) | |
146 { | |
147 int n; | |
148 ssize_t send, size; | |
149 | |
150 send = 0; | |
151 | |
152 for (/* void */; in; in = in->next) { | |
153 if (ngx_buf_special(in->buf)) { | |
154 continue; | |
155 } | |
156 | |
157 size = in->buf->last - in->buf->pos; | |
158 | |
159 if (send + size > limit) { | |
160 size = limit - send; | |
161 } | |
162 | |
163 ngx_log_debug1(NGX_LOG_DEBUG_HTTP, c->log, 0, "SSL to write: %d", size); | |
164 | |
165 n = SSL_write(c->ssl, in->buf->pos, size); | |
166 | |
167 ngx_log_debug1(NGX_LOG_DEBUG_HTTP, c->log, 0, "SSL_write: %d", n); | |
168 | |
169 if (n > 0) { | |
170 in->buf->pos += n; | |
171 send += n; | |
172 | |
173 if (n == size) { | |
174 if (send < limit) { | |
175 continue; | |
176 } | |
177 | |
178 return in; | |
179 } | |
180 | |
181 c->write->ready = 0; | |
182 return in; | |
183 } | |
184 | |
185 n = SSL_get_error(c->ssl, n); | |
186 | |
187 ngx_log_debug1(NGX_LOG_DEBUG_HTTP, c->log, 0, "SSL_get_error: %d", n); | |
188 | |
189 if (n == SSL_ERROR_WANT_WRITE) { | |
190 c->write->ready = 0; | |
191 return in; | |
192 } | |
193 | |
194 ngx_http_ssl_error(NGX_LOG_ALERT, c->log, n, "SSL_write() failed"); | |
195 | |
196 return NGX_CHAIN_ERROR; | |
197 } | |
198 | |
199 return in; | |
200 } | |
201 | |
202 | |
203 ngx_int_t ngx_http_ssl_shutdown(ngx_http_request_t *r) | |
204 { | |
205 int n; | |
206 SSL *ssl; | |
207 | |
208 ssl = r->connection->ssl; | |
209 | |
210 n = SSL_shutdown(ssl); | |
211 | |
212 ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, | |
213 "SSL_shutdown: %d", n); | |
214 | |
215 if (n == 0) { | |
216 return NGX_AGAIN; | |
217 } | |
218 | |
219 if (n == 1) { | |
220 SSL_free(ssl); | |
221 r->connection->ssl = NULL; | |
222 return NGX_OK; | |
223 } | |
224 | |
225 n = SSL_get_error(ssl, n); | |
226 | |
227 ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, | |
228 "SSL_get_error: %d", n); | |
229 | |
230 if (n == SSL_ERROR_WANT_WRITE) { | |
231 return NGX_AGAIN; | |
232 } | |
233 | |
234 ngx_http_ssl_error(NGX_LOG_ALERT, r->connection->log, n, | |
235 "SSL_shutdown() failed"); | |
236 | |
237 return NGX_ERROR; | |
238 } | |
239 | |
240 | |
241 static ngx_int_t ngx_http_ssl_create_ssl(ngx_http_request_t *r) | |
242 { | |
243 SSL *ssl; | |
244 ngx_http_ssl_srv_conf_t *scf; | |
245 | |
246 scf = ngx_http_get_module_srv_conf(r, ngx_http_ssl_filter_module); | |
247 | |
248 ssl = SSL_new(scf->ssl_ctx); | |
249 | |
250 if (ssl == NULL) { | |
251 ngx_http_ssl_error(NGX_LOG_ALERT, r->connection->log, 0, | |
252 "SSL_new() failed"); | |
253 return NGX_ERROR; | |
254 } | |
255 | |
256 if (SSL_set_fd(ssl, r->connection->fd) == 0) { | |
257 ngx_http_ssl_error(NGX_LOG_ALERT, r->connection->log, 0, | |
258 "SSL_set_fd() failed"); | |
259 return NGX_ERROR; | |
260 } | |
261 | |
262 SSL_set_accept_state(ssl); | |
263 | |
264 r->connection->ssl = ssl; | |
265 | |
266 return NGX_OK; | |
267 } | |
268 | |
269 | |
270 void ngx_http_ssl_close_connection(SSL *ssl, ngx_log_t *log) | |
271 { | |
272 int rc; | |
273 | |
274 SSL_free(ssl); | |
275 } | |
276 | |
277 | |
278 static void ngx_http_ssl_error(ngx_uint_t level, ngx_log_t *log, int err, | |
279 char *fmt, ...) | |
280 { | |
281 int len; | |
282 char errstr[NGX_MAX_CONF_ERRSTR]; | |
283 va_list args; | |
284 | |
285 va_start(args, fmt); | |
286 len = ngx_vsnprintf(errstr, sizeof(errstr) - 1, fmt, args); | |
287 va_end(args); | |
288 | |
289 errstr[len++] = ' '; | |
290 errstr[len++] = '('; | |
291 errstr[len++] = 'S'; | |
292 errstr[len++] = 'S'; | |
293 errstr[len++] = 'L'; | |
294 errstr[len++] = ':'; | |
295 errstr[len++] = ' '; | |
296 | |
297 ERR_error_string_n(ERR_get_error(), errstr + len, sizeof(errstr) - len - 1); | |
298 | |
299 ngx_log_error(level, log, 0, "%s)", errstr); | |
300 } | |
301 | |
302 | |
303 static void *ngx_http_ssl_create_srv_conf(ngx_conf_t *cf) | 68 static void *ngx_http_ssl_create_srv_conf(ngx_conf_t *cf) |
304 { | 69 { |
305 ngx_http_ssl_srv_conf_t *scf; | 70 ngx_http_ssl_srv_conf_t *scf; |
306 | 71 |
307 if (!(scf = ngx_pcalloc(cf->pool, sizeof(ngx_http_ssl_srv_conf_t)))) { | 72 if (!(scf = ngx_pcalloc(cf->pool, sizeof(ngx_http_ssl_srv_conf_t)))) { |
335 /* TODO: configure methods */ | 100 /* TODO: configure methods */ |
336 | 101 |
337 conf->ssl_ctx = SSL_CTX_new(SSLv23_server_method()); | 102 conf->ssl_ctx = SSL_CTX_new(SSLv23_server_method()); |
338 | 103 |
339 if (conf->ssl_ctx == NULL) { | 104 if (conf->ssl_ctx == NULL) { |
340 ngx_http_ssl_error(NGX_LOG_EMERG, cf->log, 0, "SSL_CTX_new() failed"); | 105 ngx_ssl_error(NGX_LOG_EMERG, cf->log, "SSL_CTX_new() failed"); |
341 return NGX_CONF_ERROR; | 106 return NGX_CONF_ERROR; |
342 } | 107 } |
343 | 108 |
344 if (SSL_CTX_use_certificate_file(conf->ssl_ctx, conf->certificate.data, | 109 if (SSL_CTX_use_certificate_file(conf->ssl_ctx, conf->certificate.data, |
345 SSL_FILETYPE_PEM) == 0) { | 110 SSL_FILETYPE_PEM) == 0) { |
346 ngx_http_ssl_error(NGX_LOG_EMERG, cf->log, 0, | 111 ngx_ssl_error(NGX_LOG_EMERG, cf->log, |
347 "SSL_CTX_use_certificate_file(\"%s\") failed", | 112 "SSL_CTX_use_certificate_file(\"%s\") failed", |
348 conf->certificate.data); | 113 conf->certificate.data); |
349 return NGX_CONF_ERROR; | 114 return NGX_CONF_ERROR; |
350 } | 115 } |
351 | 116 |
352 if (SSL_CTX_use_PrivateKey_file(conf->ssl_ctx, conf->certificate_key.data, | 117 if (SSL_CTX_use_PrivateKey_file(conf->ssl_ctx, conf->certificate_key.data, |
353 SSL_FILETYPE_PEM) == 0) { | 118 SSL_FILETYPE_PEM) == 0) { |
354 ngx_http_ssl_error(NGX_LOG_EMERG, cf->log, 0, | 119 ngx_ssl_error(NGX_LOG_EMERG, cf->log, |
355 "SSL_CTX_use_PrivateKey_file(\"%s\") failed", | 120 "SSL_CTX_use_PrivateKey_file(\"%s\") failed", |
356 conf->certificate_key.data); | 121 conf->certificate_key.data); |
357 return NGX_CONF_ERROR; | 122 return NGX_CONF_ERROR; |
358 } | 123 } |
359 | 124 |
360 return NGX_CONF_OK; | 125 return NGX_CONF_OK; |
361 } | 126 } |
375 for (i = 0; i < cmcf->servers.nelts; i++) { | 140 for (i = 0; i < cmcf->servers.nelts; i++) { |
376 sscf = cscfp[i]->ctx->srv_conf[ngx_http_ssl_filter_module.ctx_index]; | 141 sscf = cscfp[i]->ctx->srv_conf[ngx_http_ssl_filter_module.ctx_index]; |
377 | 142 |
378 if (sscf->enable) { | 143 if (sscf->enable) { |
379 cscfp[i]->recv = ngx_ssl_recv; | 144 cscfp[i]->recv = ngx_ssl_recv; |
380 #if 0 | |
381 cscfp[i]->send_chain = ngx_ssl_send_chain; | 145 cscfp[i]->send_chain = ngx_ssl_send_chain; |
382 #endif | |
383 } | 146 } |
384 } | 147 } |
385 | 148 |
386 return NGX_OK; | 149 return NGX_OK; |
387 } | 150 } |