Mercurial > hg > nginx-quic
view docs/GNUmakefile @ 4033:4e1a489c26cd
Better handling of various per-server ssl options with SNI.
SSL_set_SSL_CTX() doesn't touch values cached within ssl connection
structure, it only changes certificates (at least as of now, OpenSSL
1.0.0d and earlier).
As a result settings like ssl_verify_client, ssl_verify_depth,
ssl_prefer_server_ciphers are only configurable on per-socket basis while
with SNI it should be possible to specify them different for two servers
listening on the same socket.
Workaround is to explicitly re-apply settings we care about from context
to ssl connection in servername callback.
Note that SSL_clear_options() is only available in OpenSSL 0.9.8m+. I.e.
with older versions it is not possible to clear ssl_prefer_server_ciphers
option if it's set in default server for a socket.
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Tue, 23 Aug 2011 14:36:31 +0000 |
parents | b427290fb6bc |
children | 22364b1f61c9 |
line wrap: on
line source
VER= $(shell grep 'define NGINX_VERSION' src/core/nginx.h \ | sed -e 's/^.*\"\(.*\)\"/\1/') NGINX= nginx-$(VER) TEMP= tmp CP= $(HOME)/java define XSLScript java -cp $(CP)/xsls/saxon.jar:$(CP)/xsls/xsls.jar \ com.pault.StyleSheet \ -x com.pault.XX -y com.pault.XX \ $(1) docs/xsls/dump.xsls \ | sed 's/ *$$//;/^ *$$/N;/\n *$$/D' > $(2) if [ ! -s $(2) ]; then rm $(2); fi; test -s $(2) endef define XSLT xmllint --noout --valid $2 xsltproc -o $3 \ $(shell echo $4 \\ | sed -e "s/\([^= ]*\)=\([^= ]*\)/--param \1 \"'\2'\"/g") \ $1 $2 endef changes: $(TEMP)/$(NGINX)/CHANGES.ru \ $(TEMP)/$(NGINX)/CHANGES $(TEMP)/$(NGINX)/CHANGES.ru: docs/xml/nginx/changes.xml \ docs/xml/change_log_conf.xml \ docs/xslt/changes.xslt test -d $(TEMP)/$(NGINX) || mkdir -p $(TEMP)/$(NGINX) xsltproc --stringparam lang ru \ -o $(TEMP)/$(NGINX)/CHANGES.ru \ docs/xslt/changes.xslt docs/xml/nginx/changes.xml $(TEMP)/$(NGINX)/CHANGES: docs/xml/nginx/changes.xml \ docs/xml/change_log_conf.xml \ docs/xslt/changes.xslt test -d $(TEMP)/$(NGINX) || mkdir -p $(TEMP)/$(NGINX) xsltproc --stringparam lang en \ -o $(TEMP)/$(NGINX)/CHANGES \ docs/xslt/changes.xslt docs/xml/nginx/changes.xml docs/xslt/changes.xslt: docs/xsls/changes.xsls $(call XSLScript, docs/xsls/changes.xsls, $@) html: \ docs/html/http/ngx_http_core_module.html docs/html/http/%.html: \ docs/xml/http/%.xml \ docs/xslt/module.xslt \ docs/dtd/module.dtd $(call XSLT, docs/xslt/module.xslt, $<, $@) docs/xslt/module.xslt: \ docs/xslt/directive.xslt \ docs/xslt/content.xslt docs/xslt/%.xslt: docs/xsls/%.xsls $(call XSLScript, $<, $@)