Mercurial > hg > nginx-quic
view auto/os/freebsd @ 5425:1356a3b96924
SSL: added ability to set keys used for Session Tickets (RFC5077).
In order to support key rollover, ssl_session_ticket_key can be defined
multiple times. The first key will be used to issue and resume Session
Tickets, while the rest will be used only to resume them.
ssl_session_ticket_key session_tickets/current.key;
ssl_session_ticket_key session_tickets/prev-1h.key;
ssl_session_ticket_key session_tickets/prev-2h.key;
Please note that nginx supports Session Tickets even without explicit
configuration of the keys and this feature should be only used in setups
where SSL traffic is distributed across multiple nginx servers.
Signed-off-by: Piotr Sikora <piotr@cloudflare.com>
| author | Piotr Sikora <piotr@cloudflare.com> |
|---|---|
| date | Fri, 11 Oct 2013 16:05:24 -0700 |
| parents | f31162fefe01 |
| children | 0f234ee664f7 |
line wrap: on
line source
# Copyright (C) Igor Sysoev # Copyright (C) Nginx, Inc. have=NGX_FREEBSD . auto/have_headers CORE_INCS="$UNIX_INCS" CORE_DEPS="$UNIX_DEPS $FREEBSD_DEPS" CORE_SRCS="$UNIX_SRCS $FREEBSD_SRCS" ngx_spacer=' ' # __FreeBSD_version and sysctl kern.osreldate are the best ways # to determine whether some capability exists and is safe to use. # __FreeBSD_version is used for the testing of the build environment. # sysctl kern.osreldate is used for the testing of the kernel capabilities. version=`grep "#define __FreeBSD_version" /usr/include/osreldate.h \ | sed -e 's/^.* \(.*\)$/\1/'` osreldate=`/sbin/sysctl -n kern.osreldate` # setproctitle() in libutil if [ \( $version -ge 500000 -a $version -lt 500012 \) \ -o $version -lt 410002 ] then echo " + setproctitle() in libutil" CORE_LIBS="$CORE_LIBS -lutil" NGX_SETPROCTITLE_LIB="-lutil" fi # sendfile if [ $osreldate -gt 300007 ]; then echo " + sendfile() found" have=NGX_HAVE_SENDFILE . auto/have CORE_SRCS="$CORE_SRCS $FREEBSD_SENDFILE_SRCS" fi if [ $osreldate -gt 502103 ]; then echo " + sendfile()'s SF_NODISKIO found" have=NGX_HAVE_AIO_SENDFILE . auto/have fi # POSIX semaphores # http://www.freebsd.org/cgi/query-pr.cgi?pr=kern/127545 if [ $osreldate -ge 701106 ]; then echo " + POSIX semaphores should work" else have=NGX_HAVE_POSIX_SEM . auto/nohave fi # kqueue if [ \( $osreldate -lt 500000 -a $osreldate -ge 410000 \) \ -o $osreldate -ge 500011 ] then echo " + kqueue found" have=NGX_HAVE_KQUEUE . auto/have have=NGX_HAVE_CLEAR_EVENT . auto/have EVENT_MODULES="$EVENT_MODULES $KQUEUE_MODULE" CORE_SRCS="$CORE_SRCS $KQUEUE_SRCS" EVENT_FOUND=YES fi NGX_KQUEUE_CHECKED=YES # kqueue's NOTE_LAWAT if [ \( $version -lt 500000 -a $version -ge 430000 \) \ -o $version -ge 500018 ] then echo " + kqueue's NOTE_LOWAT found" have=NGX_HAVE_LOWAT_EVENT . auto/have fi # kqueue's EVFILT_TIMER if [ \( $version -lt 500000 -a $version -ge 440001 \) \ -o $version -ge 500023 ] then echo " + kqueue's EVFILT_TIMER found" have=NGX_HAVE_TIMER_EVENT . auto/have fi if [ $USE_THREADS = "rfork" ]; then echo " + using rfork()" # # kqueue's EVFILT_SIGNAL is safe # # if [ $version -gt 460101 ]; then # echo " + kqueue's EVFILT_SIGNAL is safe" # have=NGX_HAVE_SAFE_EVFILT_SIGNAL . auto/have # else # echo "$0: error: the kqueue's EVFILT_SIGNAL is unsafe on this" # echo "FreeBSD version, so --with-threads=rfork could not be used" # echo # # exit 1 # fi fi if [ $EVENT_AIO = YES ]; then if [ \( $version -lt 500000 -a $version -ge 430000 \) \ -o $version -ge 500014 ] then have=NGX_HAVE_AIO . auto/have EVENT_MODULES="$EVENT_MODULES $AIO_MODULE" CORE_SRCS="$CORE_SRCS $AIO_SRCS" else cat << END $0: error: the kqueue does not support AIO on this FreeBSD version END exit 1 fi fi # cpuset_setaffinity() if [ $version -ge 701000 ]; then echo " + cpuset_setaffinity() found" have=NGX_HAVE_CPUSET_SETAFFINITY . auto/have fi