Mercurial > hg > nginx-ranges

annotate src/http/modules/ngx_http_ssl_module.c @ 196:8759b346e431 NGINX_0_3_45

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
nginx 0.3.45 *) Feature: the "ssl_verify_client", "ssl_verify_depth", and "ssl_client_certificate" directives. *) Change: the $request_method variable now returns the main request method. *) Change: the ° symbol codes were changed in koi-win conversion table. *) Feature: the euro и N symbols were added to koi-win conversion table. *) Bugfix: if nginx distributed the requests among several backends and some backend failed, then requests intended for this backend was directed to one live backend only instead of being distributed among the rest.
author Igor Sysoev <http://sysoev.ru>
date Sat, 06 May 2006 00:00:00 +0400
parents 54aabf2b0bc6
children fa32d59d9a15
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
0
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
1
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
2 /*
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
3 * Copyright (C) Igor Sysoev
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
4 */
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
5
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
6
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
7 #include <ngx_config.h>
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
8 #include <ngx_core.h>
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
9 #include <ngx_http.h>
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
10
122
d25a1d6034f1 nginx 0.3.8
Igor Sysoev <http://sysoev.ru>
parents: 112
diff changeset
11
160
73e8476f9142 nginx 0.3.27
Igor Sysoev <http://sysoev.ru>
parents: 148
diff changeset
12 typedef u_char *(*ngx_ssl_variable_handler_pt)(ngx_connection_t *);
73e8476f9142 nginx 0.3.27
Igor Sysoev <http://sysoev.ru>
parents: 148
diff changeset
13
73e8476f9142 nginx 0.3.27
Igor Sysoev <http://sysoev.ru>
parents: 148
diff changeset
14
0
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
15 #define NGX_DEFLAUT_CERTIFICATE "cert.pem"
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
16 #define NGX_DEFLAUT_CERTIFICATE_KEY "cert.pem"
96
ca4f70b3ccc6 nginx 0.2.2
Igor Sysoev <http://sysoev.ru>
parents: 92
diff changeset
17 #define NGX_DEFLAUT_CIPHERS "ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP"
0
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
18
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
19
160
73e8476f9142 nginx 0.3.27
Igor Sysoev <http://sysoev.ru>
parents: 148
diff changeset
20 static ngx_int_t ngx_http_ssl_variable(ngx_http_request_t *r,
73e8476f9142 nginx 0.3.27
Igor Sysoev <http://sysoev.ru>
parents: 148
diff changeset
21 ngx_http_variable_value_t *v, uintptr_t data);
196
8759b346e431 nginx 0.3.45
Igor Sysoev <http://sysoev.ru>
parents: 186
diff changeset
22 static ngx_int_t ngx_http_ssl_client_s_dn(ngx_http_request_t *r,
8759b346e431 nginx 0.3.45
Igor Sysoev <http://sysoev.ru>
parents: 186
diff changeset
23 ngx_http_variable_value_t *v, uintptr_t data);
8759b346e431 nginx 0.3.45
Igor Sysoev <http://sysoev.ru>
parents: 186
diff changeset
24 static ngx_int_t ngx_http_ssl_client_i_dn(ngx_http_request_t *r,
8759b346e431 nginx 0.3.45
Igor Sysoev <http://sysoev.ru>
parents: 186
diff changeset
25 ngx_http_variable_value_t *v, uintptr_t data);
160
73e8476f9142 nginx 0.3.27
Igor Sysoev <http://sysoev.ru>
parents: 148
diff changeset
26
73e8476f9142 nginx 0.3.27
Igor Sysoev <http://sysoev.ru>
parents: 148
diff changeset
27 static ngx_int_t ngx_http_ssl_add_variables(ngx_conf_t *cf);
0
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
28 static void *ngx_http_ssl_create_srv_conf(ngx_conf_t *cf);
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
29 static char *ngx_http_ssl_merge_srv_conf(ngx_conf_t *cf,
50
72eb30262aac nginx 0.1.25
Igor Sysoev <http://sysoev.ru>
parents: 34
diff changeset
30 void *parent, void *child);
0
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
31
112
408f195b3482 nginx 0.3.3
Igor Sysoev <http://sysoev.ru>
parents: 96
diff changeset
32 #if !defined (SSL_OP_CIPHER_SERVER_PREFERENCE)
408f195b3482 nginx 0.3.3
Igor Sysoev <http://sysoev.ru>
parents: 96
diff changeset
33
408f195b3482 nginx 0.3.3
Igor Sysoev <http://sysoev.ru>
parents: 96
diff changeset
34 static char *ngx_http_ssl_nosupported(ngx_conf_t *cf, ngx_command_t *cmd,
408f195b3482 nginx 0.3.3
Igor Sysoev <http://sysoev.ru>
parents: 96
diff changeset
35 void *conf);
408f195b3482 nginx 0.3.3
Igor Sysoev <http://sysoev.ru>
parents: 96
diff changeset
36
408f195b3482 nginx 0.3.3
Igor Sysoev <http://sysoev.ru>
parents: 96
diff changeset
37 static char ngx_http_ssl_openssl097[] = "OpenSSL 0.9.7 and higher";
408f195b3482 nginx 0.3.3
Igor Sysoev <http://sysoev.ru>
parents: 96
diff changeset
38
408f195b3482 nginx 0.3.3
Igor Sysoev <http://sysoev.ru>
parents: 96
diff changeset
39 #endif
408f195b3482 nginx 0.3.3
Igor Sysoev <http://sysoev.ru>
parents: 96
diff changeset
40
0
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
41
96
ca4f70b3ccc6 nginx 0.2.2
Igor Sysoev <http://sysoev.ru>
parents: 92
diff changeset
42 static ngx_conf_bitmask_t ngx_http_ssl_protocols[] = {
ca4f70b3ccc6 nginx 0.2.2
Igor Sysoev <http://sysoev.ru>
parents: 92
diff changeset
43 { ngx_string("SSLv2"), NGX_SSL_SSLv2 },
ca4f70b3ccc6 nginx 0.2.2
Igor Sysoev <http://sysoev.ru>
parents: 92
diff changeset
44 { ngx_string("SSLv3"), NGX_SSL_SSLv3 },
ca4f70b3ccc6 nginx 0.2.2
Igor Sysoev <http://sysoev.ru>
parents: 92
diff changeset
45 { ngx_string("TLSv1"), NGX_SSL_TLSv1 },
ca4f70b3ccc6 nginx 0.2.2
Igor Sysoev <http://sysoev.ru>
parents: 92
diff changeset
46 { ngx_null_string, 0 }
ca4f70b3ccc6 nginx 0.2.2
Igor Sysoev <http://sysoev.ru>
parents: 92
diff changeset
47 };
ca4f70b3ccc6 nginx 0.2.2
Igor Sysoev <http://sysoev.ru>
parents: 92
diff changeset
48
ca4f70b3ccc6 nginx 0.2.2
Igor Sysoev <http://sysoev.ru>
parents: 92
diff changeset
49
0
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
50 static ngx_command_t ngx_http_ssl_commands[] = {
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
51
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
52 { ngx_string("ssl"),
148
ea622d8acb38 nginx 0.3.21
Igor Sysoev <http://sysoev.ru>
parents: 122
diff changeset
53 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_FLAG,
0
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
54 ngx_conf_set_flag_slot,
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
55 NGX_HTTP_SRV_CONF_OFFSET,
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
56 offsetof(ngx_http_ssl_srv_conf_t, enable),
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
57 NULL },
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
58
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
59 { ngx_string("ssl_certificate"),
148
ea622d8acb38 nginx 0.3.21
Igor Sysoev <http://sysoev.ru>
parents: 122
diff changeset
60 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_TAKE1,
0
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
61 ngx_conf_set_str_slot,
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
62 NGX_HTTP_SRV_CONF_OFFSET,
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
63 offsetof(ngx_http_ssl_srv_conf_t, certificate),
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
64 NULL },
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
65
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
66 { ngx_string("ssl_certificate_key"),
148
ea622d8acb38 nginx 0.3.21
Igor Sysoev <http://sysoev.ru>
parents: 122
diff changeset
67 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_TAKE1,
0
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
68 ngx_conf_set_str_slot,
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
69 NGX_HTTP_SRV_CONF_OFFSET,
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
70 offsetof(ngx_http_ssl_srv_conf_t, certificate_key),
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
71 NULL },
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
72
96
ca4f70b3ccc6 nginx 0.2.2
Igor Sysoev <http://sysoev.ru>
parents: 92
diff changeset
73 { ngx_string("ssl_protocols"),
112
408f195b3482 nginx 0.3.3
Igor Sysoev <http://sysoev.ru>
parents: 96
diff changeset
74 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_1MORE,
96
ca4f70b3ccc6 nginx 0.2.2
Igor Sysoev <http://sysoev.ru>
parents: 92
diff changeset
75 ngx_conf_set_bitmask_slot,
ca4f70b3ccc6 nginx 0.2.2
Igor Sysoev <http://sysoev.ru>
parents: 92
diff changeset
76 NGX_HTTP_SRV_CONF_OFFSET,
ca4f70b3ccc6 nginx 0.2.2
Igor Sysoev <http://sysoev.ru>
parents: 92
diff changeset
77 offsetof(ngx_http_ssl_srv_conf_t, protocols),
ca4f70b3ccc6 nginx 0.2.2
Igor Sysoev <http://sysoev.ru>
parents: 92
diff changeset
78 &ngx_http_ssl_protocols },
ca4f70b3ccc6 nginx 0.2.2
Igor Sysoev <http://sysoev.ru>
parents: 92
diff changeset
79
28
7ca9bdc82b3f nginx 0.1.14
Igor Sysoev <http://sysoev.ru>
parents: 0
diff changeset
80 { ngx_string("ssl_ciphers"),
112
408f195b3482 nginx 0.3.3
Igor Sysoev <http://sysoev.ru>
parents: 96
diff changeset
81 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_TAKE1,
28
7ca9bdc82b3f nginx 0.1.14
Igor Sysoev <http://sysoev.ru>
parents: 0
diff changeset
82 ngx_conf_set_str_slot,
7ca9bdc82b3f nginx 0.1.14
Igor Sysoev <http://sysoev.ru>
parents: 0
diff changeset
83 NGX_HTTP_SRV_CONF_OFFSET,
7ca9bdc82b3f nginx 0.1.14
Igor Sysoev <http://sysoev.ru>
parents: 0
diff changeset
84 offsetof(ngx_http_ssl_srv_conf_t, ciphers),
7ca9bdc82b3f nginx 0.1.14
Igor Sysoev <http://sysoev.ru>
parents: 0
diff changeset
85 NULL },
7ca9bdc82b3f nginx 0.1.14
Igor Sysoev <http://sysoev.ru>
parents: 0
diff changeset
86
196
8759b346e431 nginx 0.3.45
Igor Sysoev <http://sysoev.ru>
parents: 186
diff changeset
87 { ngx_string("ssl_verify_client"),
8759b346e431 nginx 0.3.45
Igor Sysoev <http://sysoev.ru>
parents: 186
diff changeset
88 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_1MORE,
8759b346e431 nginx 0.3.45
Igor Sysoev <http://sysoev.ru>
parents: 186
diff changeset
89 ngx_conf_set_flag_slot,
8759b346e431 nginx 0.3.45
Igor Sysoev <http://sysoev.ru>
parents: 186
diff changeset
90 NGX_HTTP_SRV_CONF_OFFSET,
8759b346e431 nginx 0.3.45
Igor Sysoev <http://sysoev.ru>
parents: 186
diff changeset
91 offsetof(ngx_http_ssl_srv_conf_t, verify),
8759b346e431 nginx 0.3.45
Igor Sysoev <http://sysoev.ru>
parents: 186
diff changeset
92 NULL },
8759b346e431 nginx 0.3.45
Igor Sysoev <http://sysoev.ru>
parents: 186
diff changeset
93
8759b346e431 nginx 0.3.45
Igor Sysoev <http://sysoev.ru>
parents: 186
diff changeset
94 { ngx_string("ssl_verify_depth"),
8759b346e431 nginx 0.3.45
Igor Sysoev <http://sysoev.ru>
parents: 186
diff changeset
95 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_1MORE,
8759b346e431 nginx 0.3.45
Igor Sysoev <http://sysoev.ru>
parents: 186
diff changeset
96 ngx_conf_set_num_slot,
8759b346e431 nginx 0.3.45
Igor Sysoev <http://sysoev.ru>
parents: 186
diff changeset
97 NGX_HTTP_SRV_CONF_OFFSET,
8759b346e431 nginx 0.3.45
Igor Sysoev <http://sysoev.ru>
parents: 186
diff changeset
98 offsetof(ngx_http_ssl_srv_conf_t, verify_depth),
8759b346e431 nginx 0.3.45
Igor Sysoev <http://sysoev.ru>
parents: 186
diff changeset
99 NULL },
8759b346e431 nginx 0.3.45
Igor Sysoev <http://sysoev.ru>
parents: 186
diff changeset
100
8759b346e431 nginx 0.3.45
Igor Sysoev <http://sysoev.ru>
parents: 186
diff changeset
101 { ngx_string("ssl_client_certificate"),
8759b346e431 nginx 0.3.45
Igor Sysoev <http://sysoev.ru>
parents: 186
diff changeset
102 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_TAKE1,
8759b346e431 nginx 0.3.45
Igor Sysoev <http://sysoev.ru>
parents: 186
diff changeset
103 ngx_conf_set_str_slot,
8759b346e431 nginx 0.3.45
Igor Sysoev <http://sysoev.ru>
parents: 186
diff changeset
104 NGX_HTTP_SRV_CONF_OFFSET,
8759b346e431 nginx 0.3.45
Igor Sysoev <http://sysoev.ru>
parents: 186
diff changeset
105 offsetof(ngx_http_ssl_srv_conf_t, client_certificate),
8759b346e431 nginx 0.3.45
Igor Sysoev <http://sysoev.ru>
parents: 186
diff changeset
106 NULL },
8759b346e431 nginx 0.3.45
Igor Sysoev <http://sysoev.ru>
parents: 186
diff changeset
107
96
ca4f70b3ccc6 nginx 0.2.2
Igor Sysoev <http://sysoev.ru>
parents: 92
diff changeset
108 { ngx_string("ssl_prefer_server_ciphers"),
ca4f70b3ccc6 nginx 0.2.2
Igor Sysoev <http://sysoev.ru>
parents: 92
diff changeset
109 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_FLAG,
112
408f195b3482 nginx 0.3.3
Igor Sysoev <http://sysoev.ru>
parents: 96
diff changeset
110 #ifdef SSL_OP_CIPHER_SERVER_PREFERENCE
96
ca4f70b3ccc6 nginx 0.2.2
Igor Sysoev <http://sysoev.ru>
parents: 92
diff changeset
111 ngx_conf_set_flag_slot,
ca4f70b3ccc6 nginx 0.2.2
Igor Sysoev <http://sysoev.ru>
parents: 92
diff changeset
112 NGX_HTTP_SRV_CONF_OFFSET,
ca4f70b3ccc6 nginx 0.2.2
Igor Sysoev <http://sysoev.ru>
parents: 92
diff changeset
113 offsetof(ngx_http_ssl_srv_conf_t, prefer_server_ciphers),
ca4f70b3ccc6 nginx 0.2.2
Igor Sysoev <http://sysoev.ru>
parents: 92
diff changeset
114 NULL },
112
408f195b3482 nginx 0.3.3
Igor Sysoev <http://sysoev.ru>
parents: 96
diff changeset
115 #else
408f195b3482 nginx 0.3.3
Igor Sysoev <http://sysoev.ru>
parents: 96
diff changeset
116 ngx_http_ssl_nosupported, 0, 0, ngx_http_ssl_openssl097 },
408f195b3482 nginx 0.3.3
Igor Sysoev <http://sysoev.ru>
parents: 96
diff changeset
117 #endif
96
ca4f70b3ccc6 nginx 0.2.2
Igor Sysoev <http://sysoev.ru>
parents: 92
diff changeset
118
122
d25a1d6034f1 nginx 0.3.8
Igor Sysoev <http://sysoev.ru>
parents: 112
diff changeset
119 { ngx_string("ssl_session_timeout"),
d25a1d6034f1 nginx 0.3.8
Igor Sysoev <http://sysoev.ru>
parents: 112
diff changeset
120 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_TAKE1,
d25a1d6034f1 nginx 0.3.8
Igor Sysoev <http://sysoev.ru>
parents: 112
diff changeset
121 ngx_conf_set_sec_slot,
d25a1d6034f1 nginx 0.3.8
Igor Sysoev <http://sysoev.ru>
parents: 112
diff changeset
122 NGX_HTTP_SRV_CONF_OFFSET,
d25a1d6034f1 nginx 0.3.8
Igor Sysoev <http://sysoev.ru>
parents: 112
diff changeset
123 offsetof(ngx_http_ssl_srv_conf_t, session_timeout),
d25a1d6034f1 nginx 0.3.8
Igor Sysoev <http://sysoev.ru>
parents: 112
diff changeset
124 NULL },
d25a1d6034f1 nginx 0.3.8
Igor Sysoev <http://sysoev.ru>
parents: 112
diff changeset
125
0
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
126 ngx_null_command
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
127 };
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
128
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
129
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
130 static ngx_http_module_t ngx_http_ssl_module_ctx = {
160
73e8476f9142 nginx 0.3.27
Igor Sysoev <http://sysoev.ru>
parents: 148
diff changeset
131 ngx_http_ssl_add_variables, /* preconfiguration */
58
b55cbf18157e nginx 0.1.29
Igor Sysoev <http://sysoev.ru>
parents: 56
diff changeset
132 NULL, /* postconfiguration */
0
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
133
90
71c46860eb55 nginx 0.1.45
Igor Sysoev <http://sysoev.ru>
parents: 78
diff changeset
134 NULL, /* create main configuration */
71c46860eb55 nginx 0.1.45
Igor Sysoev <http://sysoev.ru>
parents: 78
diff changeset
135 NULL, /* init main configuration */
0
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
136
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
137 ngx_http_ssl_create_srv_conf, /* create server configuration */
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
138 ngx_http_ssl_merge_srv_conf, /* merge server configuration */
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
139
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
140 NULL, /* create location configuration */
34
aab2ea7c0458 nginx 0.1.17
Igor Sysoev <http://sysoev.ru>
parents: 28
diff changeset
141 NULL /* merge location configuration */
0
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
142 };
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
143
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
144
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
145 ngx_module_t ngx_http_ssl_module = {
58
b55cbf18157e nginx 0.1.29
Igor Sysoev <http://sysoev.ru>
parents: 56
diff changeset
146 NGX_MODULE_V1,
0
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
147 &ngx_http_ssl_module_ctx, /* module context */
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
148 ngx_http_ssl_commands, /* module directives */
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
149 NGX_HTTP_MODULE, /* module type */
90
71c46860eb55 nginx 0.1.45
Igor Sysoev <http://sysoev.ru>
parents: 78
diff changeset
150 NULL, /* init master */
0
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
151 NULL, /* init module */
90
71c46860eb55 nginx 0.1.45
Igor Sysoev <http://sysoev.ru>
parents: 78
diff changeset
152 NULL, /* init process */
71c46860eb55 nginx 0.1.45
Igor Sysoev <http://sysoev.ru>
parents: 78
diff changeset
153 NULL, /* init thread */
71c46860eb55 nginx 0.1.45
Igor Sysoev <http://sysoev.ru>
parents: 78
diff changeset
154 NULL, /* exit thread */
71c46860eb55 nginx 0.1.45
Igor Sysoev <http://sysoev.ru>
parents: 78
diff changeset
155 NULL, /* exit process */
71c46860eb55 nginx 0.1.45
Igor Sysoev <http://sysoev.ru>
parents: 78
diff changeset
156 NULL, /* exit master */
71c46860eb55 nginx 0.1.45
Igor Sysoev <http://sysoev.ru>
parents: 78
diff changeset
157 NGX_MODULE_V1_PADDING
0
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
158 };
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
159
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
160
160
73e8476f9142 nginx 0.3.27
Igor Sysoev <http://sysoev.ru>
parents: 148
diff changeset
161 static ngx_http_variable_t ngx_http_ssl_vars[] = {
73e8476f9142 nginx 0.3.27
Igor Sysoev <http://sysoev.ru>
parents: 148
diff changeset
162
186
54aabf2b0bc6 nginx 0.3.40
Igor Sysoev <http://sysoev.ru>
parents: 160
diff changeset
163 { ngx_string("ssl_protocol"), NULL, ngx_http_ssl_variable,
160
73e8476f9142 nginx 0.3.27
Igor Sysoev <http://sysoev.ru>
parents: 148
diff changeset
164 (uintptr_t) ngx_ssl_get_protocol, NGX_HTTP_VAR_CHANGABLE, 0 },
73e8476f9142 nginx 0.3.27
Igor Sysoev <http://sysoev.ru>
parents: 148
diff changeset
165
186
54aabf2b0bc6 nginx 0.3.40
Igor Sysoev <http://sysoev.ru>
parents: 160
diff changeset
166 { ngx_string("ssl_cipher"), NULL, ngx_http_ssl_variable,
160
73e8476f9142 nginx 0.3.27
Igor Sysoev <http://sysoev.ru>
parents: 148
diff changeset
167 (uintptr_t) ngx_ssl_get_cipher_name, NGX_HTTP_VAR_CHANGABLE, 0 },
73e8476f9142 nginx 0.3.27
Igor Sysoev <http://sysoev.ru>
parents: 148
diff changeset
168
196
8759b346e431 nginx 0.3.45
Igor Sysoev <http://sysoev.ru>
parents: 186
diff changeset
169 { ngx_string("ssl_client_s_dn"), NULL, ngx_http_ssl_client_s_dn,
8759b346e431 nginx 0.3.45
Igor Sysoev <http://sysoev.ru>
parents: 186
diff changeset
170 0, NGX_HTTP_VAR_CHANGABLE, 0 },
8759b346e431 nginx 0.3.45
Igor Sysoev <http://sysoev.ru>
parents: 186
diff changeset
171
8759b346e431 nginx 0.3.45
Igor Sysoev <http://sysoev.ru>
parents: 186
diff changeset
172 { ngx_string("ssl_client_i_dn"), NULL, ngx_http_ssl_client_i_dn,
8759b346e431 nginx 0.3.45
Igor Sysoev <http://sysoev.ru>
parents: 186
diff changeset
173 0, NGX_HTTP_VAR_CHANGABLE, 0 },
8759b346e431 nginx 0.3.45
Igor Sysoev <http://sysoev.ru>
parents: 186
diff changeset
174
186
54aabf2b0bc6 nginx 0.3.40
Igor Sysoev <http://sysoev.ru>
parents: 160
diff changeset
175 { ngx_null_string, NULL, NULL, 0, 0, 0 }
160
73e8476f9142 nginx 0.3.27
Igor Sysoev <http://sysoev.ru>
parents: 148
diff changeset
176 };
73e8476f9142 nginx 0.3.27
Igor Sysoev <http://sysoev.ru>
parents: 148
diff changeset
177
73e8476f9142 nginx 0.3.27
Igor Sysoev <http://sysoev.ru>
parents: 148
diff changeset
178
92
45945fa8b8ba nginx 0.2.0
Igor Sysoev <http://sysoev.ru>
parents: 90
diff changeset
179 static u_char ngx_http_session_id_ctx[] = "HTTP";
45945fa8b8ba nginx 0.2.0
Igor Sysoev <http://sysoev.ru>
parents: 90
diff changeset
180
45945fa8b8ba nginx 0.2.0
Igor Sysoev <http://sysoev.ru>
parents: 90
diff changeset
181
160
73e8476f9142 nginx 0.3.27
Igor Sysoev <http://sysoev.ru>
parents: 148
diff changeset
182 static ngx_int_t
73e8476f9142 nginx 0.3.27
Igor Sysoev <http://sysoev.ru>
parents: 148
diff changeset
183 ngx_http_ssl_variable(ngx_http_request_t *r,
73e8476f9142 nginx 0.3.27
Igor Sysoev <http://sysoev.ru>
parents: 148
diff changeset
184 ngx_http_variable_value_t *v, uintptr_t data)
73e8476f9142 nginx 0.3.27
Igor Sysoev <http://sysoev.ru>
parents: 148
diff changeset
185 {
73e8476f9142 nginx 0.3.27
Igor Sysoev <http://sysoev.ru>
parents: 148
diff changeset
186 ngx_ssl_variable_handler_pt handler = (ngx_ssl_variable_handler_pt) data;
73e8476f9142 nginx 0.3.27
Igor Sysoev <http://sysoev.ru>
parents: 148
diff changeset
187
73e8476f9142 nginx 0.3.27
Igor Sysoev <http://sysoev.ru>
parents: 148
diff changeset
188 size_t len;
73e8476f9142 nginx 0.3.27
Igor Sysoev <http://sysoev.ru>
parents: 148
diff changeset
189 u_char *name;
73e8476f9142 nginx 0.3.27
Igor Sysoev <http://sysoev.ru>
parents: 148
diff changeset
190
73e8476f9142 nginx 0.3.27
Igor Sysoev <http://sysoev.ru>
parents: 148
diff changeset
191 if (r->connection->ssl) {
73e8476f9142 nginx 0.3.27
Igor Sysoev <http://sysoev.ru>
parents: 148
diff changeset
192
73e8476f9142 nginx 0.3.27
Igor Sysoev <http://sysoev.ru>
parents: 148
diff changeset
193 name = handler(r->connection);
73e8476f9142 nginx 0.3.27
Igor Sysoev <http://sysoev.ru>
parents: 148
diff changeset
194
73e8476f9142 nginx 0.3.27
Igor Sysoev <http://sysoev.ru>
parents: 148
diff changeset
195 for (len = 0; name[len]; len++) { /* void */ }
73e8476f9142 nginx 0.3.27
Igor Sysoev <http://sysoev.ru>
parents: 148
diff changeset
196
73e8476f9142 nginx 0.3.27
Igor Sysoev <http://sysoev.ru>
parents: 148
diff changeset
197 v->len = len;
73e8476f9142 nginx 0.3.27
Igor Sysoev <http://sysoev.ru>
parents: 148
diff changeset
198 v->valid = 1;
73e8476f9142 nginx 0.3.27
Igor Sysoev <http://sysoev.ru>
parents: 148
diff changeset
199 v->no_cachable = 0;
73e8476f9142 nginx 0.3.27
Igor Sysoev <http://sysoev.ru>
parents: 148
diff changeset
200 v->not_found = 0;
73e8476f9142 nginx 0.3.27
Igor Sysoev <http://sysoev.ru>
parents: 148
diff changeset
201 v->data = name;
73e8476f9142 nginx 0.3.27
Igor Sysoev <http://sysoev.ru>
parents: 148
diff changeset
202
73e8476f9142 nginx 0.3.27
Igor Sysoev <http://sysoev.ru>
parents: 148
diff changeset
203 return NGX_OK;
73e8476f9142 nginx 0.3.27
Igor Sysoev <http://sysoev.ru>
parents: 148
diff changeset
204 }
73e8476f9142 nginx 0.3.27
Igor Sysoev <http://sysoev.ru>
parents: 148
diff changeset
205
73e8476f9142 nginx 0.3.27
Igor Sysoev <http://sysoev.ru>
parents: 148
diff changeset
206 v->not_found = 1;
73e8476f9142 nginx 0.3.27
Igor Sysoev <http://sysoev.ru>
parents: 148
diff changeset
207
73e8476f9142 nginx 0.3.27
Igor Sysoev <http://sysoev.ru>
parents: 148
diff changeset
208 return NGX_OK;
73e8476f9142 nginx 0.3.27
Igor Sysoev <http://sysoev.ru>
parents: 148
diff changeset
209 }
73e8476f9142 nginx 0.3.27
Igor Sysoev <http://sysoev.ru>
parents: 148
diff changeset
210
73e8476f9142 nginx 0.3.27
Igor Sysoev <http://sysoev.ru>
parents: 148
diff changeset
211
73e8476f9142 nginx 0.3.27
Igor Sysoev <http://sysoev.ru>
parents: 148
diff changeset
212 static ngx_int_t
196
8759b346e431 nginx 0.3.45
Igor Sysoev <http://sysoev.ru>
parents: 186
diff changeset
213 ngx_http_ssl_client_s_dn(ngx_http_request_t *r, ngx_http_variable_value_t *v,
8759b346e431 nginx 0.3.45
Igor Sysoev <http://sysoev.ru>
parents: 186
diff changeset
214 uintptr_t data)
8759b346e431 nginx 0.3.45
Igor Sysoev <http://sysoev.ru>
parents: 186
diff changeset
215 {
8759b346e431 nginx 0.3.45
Igor Sysoev <http://sysoev.ru>
parents: 186
diff changeset
216 if (r->connection->ssl) {
8759b346e431 nginx 0.3.45
Igor Sysoev <http://sysoev.ru>
parents: 186
diff changeset
217 if (ngx_ssl_get_subject_dn(r->connection, r->pool, (ngx_str_t *) v)
8759b346e431 nginx 0.3.45
Igor Sysoev <http://sysoev.ru>
parents: 186
diff changeset
218 != NGX_OK)
8759b346e431 nginx 0.3.45
Igor Sysoev <http://sysoev.ru>
parents: 186
diff changeset
219 {
8759b346e431 nginx 0.3.45
Igor Sysoev <http://sysoev.ru>
parents: 186
diff changeset
220 return NGX_ERROR;
8759b346e431 nginx 0.3.45
Igor Sysoev <http://sysoev.ru>
parents: 186
diff changeset
221 }
8759b346e431 nginx 0.3.45
Igor Sysoev <http://sysoev.ru>
parents: 186
diff changeset
222
8759b346e431 nginx 0.3.45
Igor Sysoev <http://sysoev.ru>
parents: 186
diff changeset
223 if (v->len) {
8759b346e431 nginx 0.3.45
Igor Sysoev <http://sysoev.ru>
parents: 186
diff changeset
224 v->valid = 1;
8759b346e431 nginx 0.3.45
Igor Sysoev <http://sysoev.ru>
parents: 186
diff changeset
225 v->no_cachable = 0;
8759b346e431 nginx 0.3.45
Igor Sysoev <http://sysoev.ru>
parents: 186
diff changeset
226 v->not_found = 0;
8759b346e431 nginx 0.3.45
Igor Sysoev <http://sysoev.ru>
parents: 186
diff changeset
227
8759b346e431 nginx 0.3.45
Igor Sysoev <http://sysoev.ru>
parents: 186
diff changeset
228 return NGX_OK;
8759b346e431 nginx 0.3.45
Igor Sysoev <http://sysoev.ru>
parents: 186
diff changeset
229 }
8759b346e431 nginx 0.3.45
Igor Sysoev <http://sysoev.ru>
parents: 186
diff changeset
230 }
8759b346e431 nginx 0.3.45
Igor Sysoev <http://sysoev.ru>
parents: 186
diff changeset
231
8759b346e431 nginx 0.3.45
Igor Sysoev <http://sysoev.ru>
parents: 186
diff changeset
232 v->not_found = 1;
8759b346e431 nginx 0.3.45
Igor Sysoev <http://sysoev.ru>
parents: 186
diff changeset
233
8759b346e431 nginx 0.3.45
Igor Sysoev <http://sysoev.ru>
parents: 186
diff changeset
234 return NGX_OK;
8759b346e431 nginx 0.3.45
Igor Sysoev <http://sysoev.ru>
parents: 186
diff changeset
235 }
8759b346e431 nginx 0.3.45
Igor Sysoev <http://sysoev.ru>
parents: 186
diff changeset
236
8759b346e431 nginx 0.3.45
Igor Sysoev <http://sysoev.ru>
parents: 186
diff changeset
237
8759b346e431 nginx 0.3.45
Igor Sysoev <http://sysoev.ru>
parents: 186
diff changeset
238 static ngx_int_t
8759b346e431 nginx 0.3.45
Igor Sysoev <http://sysoev.ru>
parents: 186
diff changeset
239 ngx_http_ssl_client_i_dn(ngx_http_request_t *r, ngx_http_variable_value_t *v,
8759b346e431 nginx 0.3.45
Igor Sysoev <http://sysoev.ru>
parents: 186
diff changeset
240 uintptr_t data)
8759b346e431 nginx 0.3.45
Igor Sysoev <http://sysoev.ru>
parents: 186
diff changeset
241 {
8759b346e431 nginx 0.3.45
Igor Sysoev <http://sysoev.ru>
parents: 186
diff changeset
242 if (r->connection->ssl) {
8759b346e431 nginx 0.3.45
Igor Sysoev <http://sysoev.ru>
parents: 186
diff changeset
243 if (ngx_ssl_get_issuer_dn(r->connection, r->pool, (ngx_str_t *) v)
8759b346e431 nginx 0.3.45
Igor Sysoev <http://sysoev.ru>
parents: 186
diff changeset
244 != NGX_OK)
8759b346e431 nginx 0.3.45
Igor Sysoev <http://sysoev.ru>
parents: 186
diff changeset
245 {
8759b346e431 nginx 0.3.45
Igor Sysoev <http://sysoev.ru>
parents: 186
diff changeset
246 return NGX_ERROR;
8759b346e431 nginx 0.3.45
Igor Sysoev <http://sysoev.ru>
parents: 186
diff changeset
247 }
8759b346e431 nginx 0.3.45
Igor Sysoev <http://sysoev.ru>
parents: 186
diff changeset
248
8759b346e431 nginx 0.3.45
Igor Sysoev <http://sysoev.ru>
parents: 186
diff changeset
249 if (v->len) {
8759b346e431 nginx 0.3.45
Igor Sysoev <http://sysoev.ru>
parents: 186
diff changeset
250 v->valid = 1;
8759b346e431 nginx 0.3.45
Igor Sysoev <http://sysoev.ru>
parents: 186
diff changeset
251 v->no_cachable = 0;
8759b346e431 nginx 0.3.45
Igor Sysoev <http://sysoev.ru>
parents: 186
diff changeset
252 v->not_found = 0;
8759b346e431 nginx 0.3.45
Igor Sysoev <http://sysoev.ru>
parents: 186
diff changeset
253
8759b346e431 nginx 0.3.45
Igor Sysoev <http://sysoev.ru>
parents: 186
diff changeset
254 return NGX_OK;
8759b346e431 nginx 0.3.45
Igor Sysoev <http://sysoev.ru>
parents: 186
diff changeset
255 }
8759b346e431 nginx 0.3.45
Igor Sysoev <http://sysoev.ru>
parents: 186
diff changeset
256 }
8759b346e431 nginx 0.3.45
Igor Sysoev <http://sysoev.ru>
parents: 186
diff changeset
257
8759b346e431 nginx 0.3.45
Igor Sysoev <http://sysoev.ru>
parents: 186
diff changeset
258 v->not_found = 1;
8759b346e431 nginx 0.3.45
Igor Sysoev <http://sysoev.ru>
parents: 186
diff changeset
259
8759b346e431 nginx 0.3.45
Igor Sysoev <http://sysoev.ru>
parents: 186
diff changeset
260 return NGX_OK;
8759b346e431 nginx 0.3.45
Igor Sysoev <http://sysoev.ru>
parents: 186
diff changeset
261 }
8759b346e431 nginx 0.3.45
Igor Sysoev <http://sysoev.ru>
parents: 186
diff changeset
262
8759b346e431 nginx 0.3.45
Igor Sysoev <http://sysoev.ru>
parents: 186
diff changeset
263
8759b346e431 nginx 0.3.45
Igor Sysoev <http://sysoev.ru>
parents: 186
diff changeset
264 static ngx_int_t
160
73e8476f9142 nginx 0.3.27
Igor Sysoev <http://sysoev.ru>
parents: 148
diff changeset
265 ngx_http_ssl_add_variables(ngx_conf_t *cf)
73e8476f9142 nginx 0.3.27
Igor Sysoev <http://sysoev.ru>
parents: 148
diff changeset
266 {
73e8476f9142 nginx 0.3.27
Igor Sysoev <http://sysoev.ru>
parents: 148
diff changeset
267 ngx_http_variable_t *var, *v;
73e8476f9142 nginx 0.3.27
Igor Sysoev <http://sysoev.ru>
parents: 148
diff changeset
268
73e8476f9142 nginx 0.3.27
Igor Sysoev <http://sysoev.ru>
parents: 148
diff changeset
269 for (v = ngx_http_ssl_vars; v->name.len; v++) {
73e8476f9142 nginx 0.3.27
Igor Sysoev <http://sysoev.ru>
parents: 148
diff changeset
270 var = ngx_http_add_variable(cf, &v->name, v->flags);
73e8476f9142 nginx 0.3.27
Igor Sysoev <http://sysoev.ru>
parents: 148
diff changeset
271 if (var == NULL) {
73e8476f9142 nginx 0.3.27
Igor Sysoev <http://sysoev.ru>
parents: 148
diff changeset
272 return NGX_ERROR;
73e8476f9142 nginx 0.3.27
Igor Sysoev <http://sysoev.ru>
parents: 148
diff changeset
273 }
73e8476f9142 nginx 0.3.27
Igor Sysoev <http://sysoev.ru>
parents: 148
diff changeset
274
186
54aabf2b0bc6 nginx 0.3.40
Igor Sysoev <http://sysoev.ru>
parents: 160
diff changeset
275 var->get_handler = v->get_handler;
160
73e8476f9142 nginx 0.3.27
Igor Sysoev <http://sysoev.ru>
parents: 148
diff changeset
276 var->data = v->data;
73e8476f9142 nginx 0.3.27
Igor Sysoev <http://sysoev.ru>
parents: 148
diff changeset
277 }
73e8476f9142 nginx 0.3.27
Igor Sysoev <http://sysoev.ru>
parents: 148
diff changeset
278
73e8476f9142 nginx 0.3.27
Igor Sysoev <http://sysoev.ru>
parents: 148
diff changeset
279 return NGX_OK;
73e8476f9142 nginx 0.3.27
Igor Sysoev <http://sysoev.ru>
parents: 148
diff changeset
280 }
73e8476f9142 nginx 0.3.27
Igor Sysoev <http://sysoev.ru>
parents: 148
diff changeset
281
73e8476f9142 nginx 0.3.27
Igor Sysoev <http://sysoev.ru>
parents: 148
diff changeset
282
50
72eb30262aac nginx 0.1.25
Igor Sysoev <http://sysoev.ru>
parents: 34
diff changeset
283 static void *
72eb30262aac nginx 0.1.25
Igor Sysoev <http://sysoev.ru>
parents: 34
diff changeset
284 ngx_http_ssl_create_srv_conf(ngx_conf_t *cf)
0
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
285 {
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
286 ngx_http_ssl_srv_conf_t *scf;
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
287
50
72eb30262aac nginx 0.1.25
Igor Sysoev <http://sysoev.ru>
parents: 34
diff changeset
288 scf = ngx_pcalloc(cf->pool, sizeof(ngx_http_ssl_srv_conf_t));
72eb30262aac nginx 0.1.25
Igor Sysoev <http://sysoev.ru>
parents: 34
diff changeset
289 if (scf == NULL) {
0
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
290 return NGX_CONF_ERROR;
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
291 }
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
292
28
7ca9bdc82b3f nginx 0.1.14
Igor Sysoev <http://sysoev.ru>
parents: 0
diff changeset
293 /*
7ca9bdc82b3f nginx 0.1.14
Igor Sysoev <http://sysoev.ru>
parents: 0
diff changeset
294 * set by ngx_pcalloc():
7ca9bdc82b3f nginx 0.1.14
Igor Sysoev <http://sysoev.ru>
parents: 0
diff changeset
295 *
96
ca4f70b3ccc6 nginx 0.2.2
Igor Sysoev <http://sysoev.ru>
parents: 92
diff changeset
296 * scf->protocols = 0;
ca4f70b3ccc6 nginx 0.2.2
Igor Sysoev <http://sysoev.ru>
parents: 92
diff changeset
297
28
7ca9bdc82b3f nginx 0.1.14
Igor Sysoev <http://sysoev.ru>
parents: 0
diff changeset
298 * scf->certificate.len = 0;
7ca9bdc82b3f nginx 0.1.14
Igor Sysoev <http://sysoev.ru>
parents: 0
diff changeset
299 * scf->certificate.data = NULL;
7ca9bdc82b3f nginx 0.1.14
Igor Sysoev <http://sysoev.ru>
parents: 0
diff changeset
300 * scf->certificate_key.len = 0;
7ca9bdc82b3f nginx 0.1.14
Igor Sysoev <http://sysoev.ru>
parents: 0
diff changeset
301 * scf->certificate_key.data = NULL;
196
8759b346e431 nginx 0.3.45
Igor Sysoev <http://sysoev.ru>
parents: 186
diff changeset
302 * scf->client_certificate.len = 0;
8759b346e431 nginx 0.3.45
Igor Sysoev <http://sysoev.ru>
parents: 186
diff changeset
303 * scf->client_certificate.data = NULL;
28
7ca9bdc82b3f nginx 0.1.14
Igor Sysoev <http://sysoev.ru>
parents: 0
diff changeset
304 * scf->ciphers.len = 0;
7ca9bdc82b3f nginx 0.1.14
Igor Sysoev <http://sysoev.ru>
parents: 0
diff changeset
305 * scf->ciphers.data = NULL;
7ca9bdc82b3f nginx 0.1.14
Igor Sysoev <http://sysoev.ru>
parents: 0
diff changeset
306 */
7ca9bdc82b3f nginx 0.1.14
Igor Sysoev <http://sysoev.ru>
parents: 0
diff changeset
307
0
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
308 scf->enable = NGX_CONF_UNSET;
122
d25a1d6034f1 nginx 0.3.8
Igor Sysoev <http://sysoev.ru>
parents: 112
diff changeset
309 scf->session_timeout = NGX_CONF_UNSET;
196
8759b346e431 nginx 0.3.45
Igor Sysoev <http://sysoev.ru>
parents: 186
diff changeset
310 scf->verify = NGX_CONF_UNSET;
8759b346e431 nginx 0.3.45
Igor Sysoev <http://sysoev.ru>
parents: 186
diff changeset
311 scf->verify_depth = NGX_CONF_UNSET;
96
ca4f70b3ccc6 nginx 0.2.2
Igor Sysoev <http://sysoev.ru>
parents: 92
diff changeset
312 scf->prefer_server_ciphers = NGX_CONF_UNSET;
0
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
313
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
314 return scf;
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
315 }
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
316
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
317
50
72eb30262aac nginx 0.1.25
Igor Sysoev <http://sysoev.ru>
parents: 34
diff changeset
318 static char *
72eb30262aac nginx 0.1.25
Igor Sysoev <http://sysoev.ru>
parents: 34
diff changeset
319 ngx_http_ssl_merge_srv_conf(ngx_conf_t *cf, void *parent, void *child)
0
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
320 {
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
321 ngx_http_ssl_srv_conf_t *prev = parent;
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
322 ngx_http_ssl_srv_conf_t *conf = child;
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
323
112
408f195b3482 nginx 0.3.3
Igor Sysoev <http://sysoev.ru>
parents: 96
diff changeset
324 ngx_pool_cleanup_t *cln;
408f195b3482 nginx 0.3.3
Igor Sysoev <http://sysoev.ru>
parents: 96
diff changeset
325
0
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
326 ngx_conf_merge_value(conf->enable, prev->enable, 0);
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
327
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
328 if (conf->enable == 0) {
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
329 return NGX_CONF_OK;
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
330 }
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
331
122
d25a1d6034f1 nginx 0.3.8
Igor Sysoev <http://sysoev.ru>
parents: 112
diff changeset
332 ngx_conf_merge_value(conf->session_timeout,
d25a1d6034f1 nginx 0.3.8
Igor Sysoev <http://sysoev.ru>
parents: 112
diff changeset
333 prev->session_timeout, 300);
d25a1d6034f1 nginx 0.3.8
Igor Sysoev <http://sysoev.ru>
parents: 112
diff changeset
334
96
ca4f70b3ccc6 nginx 0.2.2
Igor Sysoev <http://sysoev.ru>
parents: 92
diff changeset
335 ngx_conf_merge_value(conf->prefer_server_ciphers,
ca4f70b3ccc6 nginx 0.2.2
Igor Sysoev <http://sysoev.ru>
parents: 92
diff changeset
336 prev->prefer_server_ciphers, 0);
ca4f70b3ccc6 nginx 0.2.2
Igor Sysoev <http://sysoev.ru>
parents: 92
diff changeset
337
ca4f70b3ccc6 nginx 0.2.2
Igor Sysoev <http://sysoev.ru>
parents: 92
diff changeset
338 ngx_conf_merge_bitmask_value(conf->protocols, prev->protocols,
ca4f70b3ccc6 nginx 0.2.2
Igor Sysoev <http://sysoev.ru>
parents: 92
diff changeset
339 (NGX_CONF_BITMASK_SET
ca4f70b3ccc6 nginx 0.2.2
Igor Sysoev <http://sysoev.ru>
parents: 92
diff changeset
340 |NGX_SSL_SSLv2|NGX_SSL_SSLv3|NGX_SSL_TLSv1));
ca4f70b3ccc6 nginx 0.2.2
Igor Sysoev <http://sysoev.ru>
parents: 92
diff changeset
341
196
8759b346e431 nginx 0.3.45
Igor Sysoev <http://sysoev.ru>
parents: 186
diff changeset
342 ngx_conf_merge_value(conf->verify, prev->verify, 0);
8759b346e431 nginx 0.3.45
Igor Sysoev <http://sysoev.ru>
parents: 186
diff changeset
343 ngx_conf_merge_value(conf->verify_depth, prev->verify_depth, 1);
8759b346e431 nginx 0.3.45
Igor Sysoev <http://sysoev.ru>
parents: 186
diff changeset
344
0
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
345 ngx_conf_merge_str_value(conf->certificate, prev->certificate,
96
ca4f70b3ccc6 nginx 0.2.2
Igor Sysoev <http://sysoev.ru>
parents: 92
diff changeset
346 NGX_DEFLAUT_CERTIFICATE);
0
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
347
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
348 ngx_conf_merge_str_value(conf->certificate_key, prev->certificate_key,
96
ca4f70b3ccc6 nginx 0.2.2
Igor Sysoev <http://sysoev.ru>
parents: 92
diff changeset
349 NGX_DEFLAUT_CERTIFICATE_KEY);
0
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
350
196
8759b346e431 nginx 0.3.45
Igor Sysoev <http://sysoev.ru>
parents: 186
diff changeset
351 ngx_conf_merge_str_value(conf->client_certificate, prev->client_certificate,
8759b346e431 nginx 0.3.45
Igor Sysoev <http://sysoev.ru>
parents: 186
diff changeset
352 "");
8759b346e431 nginx 0.3.45
Igor Sysoev <http://sysoev.ru>
parents: 186
diff changeset
353
96
ca4f70b3ccc6 nginx 0.2.2
Igor Sysoev <http://sysoev.ru>
parents: 92
diff changeset
354 ngx_conf_merge_str_value(conf->ciphers, prev->ciphers, NGX_DEFLAUT_CIPHERS);
28
7ca9bdc82b3f nginx 0.1.14
Igor Sysoev <http://sysoev.ru>
parents: 0
diff changeset
355
7ca9bdc82b3f nginx 0.1.14
Igor Sysoev <http://sysoev.ru>
parents: 0
diff changeset
356
96
ca4f70b3ccc6 nginx 0.2.2
Igor Sysoev <http://sysoev.ru>
parents: 92
diff changeset
357 conf->ssl.log = cf->log;
0
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
358
96
ca4f70b3ccc6 nginx 0.2.2
Igor Sysoev <http://sysoev.ru>
parents: 92
diff changeset
359 if (ngx_ssl_create(&conf->ssl, conf->protocols) != NGX_OK) {
0
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
360 return NGX_CONF_ERROR;
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
361 }
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
362
112
408f195b3482 nginx 0.3.3
Igor Sysoev <http://sysoev.ru>
parents: 96
diff changeset
363 cln = ngx_pool_cleanup_add(cf->pool, 0);
408f195b3482 nginx 0.3.3
Igor Sysoev <http://sysoev.ru>
parents: 96
diff changeset
364 if (cln == NULL) {
58
b55cbf18157e nginx 0.1.29
Igor Sysoev <http://sysoev.ru>
parents: 56
diff changeset
365 return NGX_CONF_ERROR;
b55cbf18157e nginx 0.1.29
Igor Sysoev <http://sysoev.ru>
parents: 56
diff changeset
366 }
b55cbf18157e nginx 0.1.29
Igor Sysoev <http://sysoev.ru>
parents: 56
diff changeset
367
112
408f195b3482 nginx 0.3.3
Igor Sysoev <http://sysoev.ru>
parents: 96
diff changeset
368 cln->handler = ngx_ssl_cleanup_ctx;
408f195b3482 nginx 0.3.3
Igor Sysoev <http://sysoev.ru>
parents: 96
diff changeset
369 cln->data = &conf->ssl;
408f195b3482 nginx 0.3.3
Igor Sysoev <http://sysoev.ru>
parents: 96
diff changeset
370
408f195b3482 nginx 0.3.3
Igor Sysoev <http://sysoev.ru>
parents: 96
diff changeset
371 if (ngx_ssl_certificate(cf, &conf->ssl, &conf->certificate,
408f195b3482 nginx 0.3.3
Igor Sysoev <http://sysoev.ru>
parents: 96
diff changeset
372 &conf->certificate_key) != NGX_OK)
78
9db7e0b5b27f nginx 0.1.39
Igor Sysoev <http://sysoev.ru>
parents: 58
diff changeset
373 {
0
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
374 return NGX_CONF_ERROR;
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
375 }
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
376
96
ca4f70b3ccc6 nginx 0.2.2
Igor Sysoev <http://sysoev.ru>
parents: 92
diff changeset
377 if (SSL_CTX_set_cipher_list(conf->ssl.ctx,
112
408f195b3482 nginx 0.3.3
Igor Sysoev <http://sysoev.ru>
parents: 96
diff changeset
378 (const char *) conf->ciphers.data)
408f195b3482 nginx 0.3.3
Igor Sysoev <http://sysoev.ru>
parents: 96
diff changeset
379 == 0)
78
9db7e0b5b27f nginx 0.1.39
Igor Sysoev <http://sysoev.ru>
parents: 58
diff changeset
380 {
0
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
381 ngx_ssl_error(NGX_LOG_EMERG, cf->log, 0,
96
ca4f70b3ccc6 nginx 0.2.2
Igor Sysoev <http://sysoev.ru>
parents: 92
diff changeset
382 "SSL_CTX_set_cipher_list(\"%V\") failed",
ca4f70b3ccc6 nginx 0.2.2
Igor Sysoev <http://sysoev.ru>
parents: 92
diff changeset
383 &conf->ciphers);
ca4f70b3ccc6 nginx 0.2.2
Igor Sysoev <http://sysoev.ru>
parents: 92
diff changeset
384 }
ca4f70b3ccc6 nginx 0.2.2
Igor Sysoev <http://sysoev.ru>
parents: 92
diff changeset
385
196
8759b346e431 nginx 0.3.45
Igor Sysoev <http://sysoev.ru>
parents: 186
diff changeset
386 if (conf->verify) {
8759b346e431 nginx 0.3.45
Igor Sysoev <http://sysoev.ru>
parents: 186
diff changeset
387 SSL_CTX_set_verify(conf->ssl.ctx, NGX_SSL_VERIFY, NULL);
8759b346e431 nginx 0.3.45
Igor Sysoev <http://sysoev.ru>
parents: 186
diff changeset
388
8759b346e431 nginx 0.3.45
Igor Sysoev <http://sysoev.ru>
parents: 186
diff changeset
389 SSL_CTX_set_verify_depth(conf->ssl.ctx, conf->verify_depth);
8759b346e431 nginx 0.3.45
Igor Sysoev <http://sysoev.ru>
parents: 186
diff changeset
390
8759b346e431 nginx 0.3.45
Igor Sysoev <http://sysoev.ru>
parents: 186
diff changeset
391 if (conf->client_certificate.len) {
8759b346e431 nginx 0.3.45
Igor Sysoev <http://sysoev.ru>
parents: 186
diff changeset
392 if (ngx_ssl_client_certificate(cf, &conf->ssl,
8759b346e431 nginx 0.3.45
Igor Sysoev <http://sysoev.ru>
parents: 186
diff changeset
393 &conf->client_certificate)
8759b346e431 nginx 0.3.45
Igor Sysoev <http://sysoev.ru>
parents: 186
diff changeset
394 != NGX_OK)
8759b346e431 nginx 0.3.45
Igor Sysoev <http://sysoev.ru>
parents: 186
diff changeset
395 {
8759b346e431 nginx 0.3.45
Igor Sysoev <http://sysoev.ru>
parents: 186
diff changeset
396 return NGX_CONF_ERROR;
8759b346e431 nginx 0.3.45
Igor Sysoev <http://sysoev.ru>
parents: 186
diff changeset
397 }
8759b346e431 nginx 0.3.45
Igor Sysoev <http://sysoev.ru>
parents: 186
diff changeset
398 }
8759b346e431 nginx 0.3.45
Igor Sysoev <http://sysoev.ru>
parents: 186
diff changeset
399 }
8759b346e431 nginx 0.3.45
Igor Sysoev <http://sysoev.ru>
parents: 186
diff changeset
400
112
408f195b3482 nginx 0.3.3
Igor Sysoev <http://sysoev.ru>
parents: 96
diff changeset
401 #ifdef SSL_OP_CIPHER_SERVER_PREFERENCE
408f195b3482 nginx 0.3.3
Igor Sysoev <http://sysoev.ru>
parents: 96
diff changeset
402
96
ca4f70b3ccc6 nginx 0.2.2
Igor Sysoev <http://sysoev.ru>
parents: 92
diff changeset
403 if (conf->prefer_server_ciphers) {
ca4f70b3ccc6 nginx 0.2.2
Igor Sysoev <http://sysoev.ru>
parents: 92
diff changeset
404 SSL_CTX_set_options(conf->ssl.ctx, SSL_OP_CIPHER_SERVER_PREFERENCE);
ca4f70b3ccc6 nginx 0.2.2
Igor Sysoev <http://sysoev.ru>
parents: 92
diff changeset
405 }
ca4f70b3ccc6 nginx 0.2.2
Igor Sysoev <http://sysoev.ru>
parents: 92
diff changeset
406
112
408f195b3482 nginx 0.3.3
Igor Sysoev <http://sysoev.ru>
parents: 96
diff changeset
407 #endif
408f195b3482 nginx 0.3.3
Igor Sysoev <http://sysoev.ru>
parents: 96
diff changeset
408
96
ca4f70b3ccc6 nginx 0.2.2
Igor Sysoev <http://sysoev.ru>
parents: 92
diff changeset
409 /* a temporary 512-bit RSA key is required for export versions of MSIE */
ca4f70b3ccc6 nginx 0.2.2
Igor Sysoev <http://sysoev.ru>
parents: 92
diff changeset
410 if (ngx_ssl_generate_rsa512_key(&conf->ssl) != NGX_OK) {
0
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
411 return NGX_CONF_ERROR;
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
412 }
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
413
96
ca4f70b3ccc6 nginx 0.2.2
Igor Sysoev <http://sysoev.ru>
parents: 92
diff changeset
414 SSL_CTX_set_session_cache_mode(conf->ssl.ctx, SSL_SESS_CACHE_SERVER);
92
45945fa8b8ba nginx 0.2.0
Igor Sysoev <http://sysoev.ru>
parents: 90
diff changeset
415
96
ca4f70b3ccc6 nginx 0.2.2
Igor Sysoev <http://sysoev.ru>
parents: 92
diff changeset
416 SSL_CTX_set_session_id_context(conf->ssl.ctx, ngx_http_session_id_ctx,
92
45945fa8b8ba nginx 0.2.0
Igor Sysoev <http://sysoev.ru>
parents: 90
diff changeset
417 sizeof(ngx_http_session_id_ctx) - 1);
90
71c46860eb55 nginx 0.1.45
Igor Sysoev <http://sysoev.ru>
parents: 78
diff changeset
418
122
d25a1d6034f1 nginx 0.3.8
Igor Sysoev <http://sysoev.ru>
parents: 112
diff changeset
419 SSL_CTX_set_timeout(conf->ssl.ctx, conf->session_timeout);
d25a1d6034f1 nginx 0.3.8
Igor Sysoev <http://sysoev.ru>
parents: 112
diff changeset
420
0
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
421 return NGX_CONF_OK;
f0b350454894 nginx 0.1.0
Igor Sysoev <http://sysoev.ru>
parents:
diff changeset
422 }
112
408f195b3482 nginx 0.3.3
Igor Sysoev <http://sysoev.ru>
parents: 96
diff changeset
423
408f195b3482 nginx 0.3.3
Igor Sysoev <http://sysoev.ru>
parents: 96
diff changeset
424
408f195b3482 nginx 0.3.3
Igor Sysoev <http://sysoev.ru>
parents: 96
diff changeset
425 #if !defined (SSL_OP_CIPHER_SERVER_PREFERENCE)
408f195b3482 nginx 0.3.3
Igor Sysoev <http://sysoev.ru>
parents: 96
diff changeset
426
408f195b3482 nginx 0.3.3
Igor Sysoev <http://sysoev.ru>
parents: 96
diff changeset
427 static char *
408f195b3482 nginx 0.3.3
Igor Sysoev <http://sysoev.ru>
parents: 96
diff changeset
428 ngx_http_ssl_nosupported(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
408f195b3482 nginx 0.3.3
Igor Sysoev <http://sysoev.ru>
parents: 96
diff changeset
429 {
408f195b3482 nginx 0.3.3
Igor Sysoev <http://sysoev.ru>
parents: 96
diff changeset
430 ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
408f195b3482 nginx 0.3.3
Igor Sysoev <http://sysoev.ru>
parents: 96
diff changeset
431 "\"%V\" directive is available only in %s,",
408f195b3482 nginx 0.3.3
Igor Sysoev <http://sysoev.ru>
parents: 96
diff changeset
432 &cmd->name, cmd->post);
408f195b3482 nginx 0.3.3
Igor Sysoev <http://sysoev.ru>
parents: 96
diff changeset
433
408f195b3482 nginx 0.3.3
Igor Sysoev <http://sysoev.ru>
parents: 96
diff changeset
434 return NGX_CONF_ERROR;
408f195b3482 nginx 0.3.3
Igor Sysoev <http://sysoev.ru>
parents: 96
diff changeset
435 }
408f195b3482 nginx 0.3.3
Igor Sysoev <http://sysoev.ru>
parents: 96
diff changeset
436
408f195b3482 nginx 0.3.3
Igor Sysoev <http://sysoev.ru>
parents: 96
diff changeset
437 #endif