Mercurial > hg > nginx-ranges

comparison src/http/modules/ngx_http_ssl_module.c @ 112:408f195b3482 NGINX_0_3_3

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
nginx 0.3.3 *) Change: the "bl" and "af" parameters of the "listen" directive was renamed to the "backlog" and "accept_filter". *) Feature: the "rcvbuf" and "sndbuf" parameters of the "listen" directive. *) Change: the "$msec" log parameter does not require now the additional the gettimeofday() system call. *) Feature: the -t switch now tests the "listen" directives. *) Bugfix: if the invalid address was specified in the "listen" directive, then after the -HUP signal nginx left an open socket in the CLOSED state. *) Bugfix: the mime type may be incorrectly set to default value for index file with variable in the name; bug appeared in 0.3.0. *) Feature: the "timer_resolution" directive. *) Feature: the millisecond "$upstream_response_time" log parameter. *) Bugfix: a temporary file with client request body now is removed just after the response header was transferred to a client. *) Bugfix: OpenSSL 0.9.6 compatibility. *) Bugfix: the SSL certificate and key file paths could not be relative. *) Bugfix: the "ssl_prefer_server_ciphers" directive did not work in the ngx_imap_ssl_module. *) Bugfix: the "ssl_protocols" directive allowed to specify the single protocol only.
author Igor Sysoev <http://sysoev.ru>
date Wed, 19 Oct 2005 00:00:00 +0400
parents ca4f70b3ccc6
children d25a1d6034f1
comparison
equal deleted inserted replaced
111:a175b609c76d 112:408f195b3482
14 14
15 15
16 static void *ngx_http_ssl_create_srv_conf(ngx_conf_t *cf); 16 static void *ngx_http_ssl_create_srv_conf(ngx_conf_t *cf);
17 static char *ngx_http_ssl_merge_srv_conf(ngx_conf_t *cf, 17 static char *ngx_http_ssl_merge_srv_conf(ngx_conf_t *cf,
18 void *parent, void *child); 18 void *parent, void *child);
19
20 #if !defined (SSL_OP_CIPHER_SERVER_PREFERENCE)
21
22 static char *ngx_http_ssl_nosupported(ngx_conf_t *cf, ngx_command_t *cmd,
23 void *conf);
24
25 static char ngx_http_ssl_openssl097[] = "OpenSSL 0.9.7 and higher";
26
27 #endif
19 28
20 29
21 static ngx_conf_bitmask_t ngx_http_ssl_protocols[] = { 30 static ngx_conf_bitmask_t ngx_http_ssl_protocols[] = {
22 { ngx_string("SSLv2"), NGX_SSL_SSLv2 }, 31 { ngx_string("SSLv2"), NGX_SSL_SSLv2 },
23 { ngx_string("SSLv3"), NGX_SSL_SSLv3 }, 32 { ngx_string("SSLv3"), NGX_SSL_SSLv3 },
24 { ngx_string("TLSv1"), NGX_SSL_TLSv1 }, 33 { ngx_string("TLSv1"), NGX_SSL_TLSv1 },
25 { ngx_null_string, 0 } 34 { ngx_null_string, 0 }
26 }; 35 };
27 36
28 37
38
29 static ngx_command_t ngx_http_ssl_commands[] = { 39 static ngx_command_t ngx_http_ssl_commands[] = {
30 40
31 { ngx_string("ssl"), 41 { ngx_string("ssl"),
32 NGX_HTTP_SRV_CONF|NGX_CONF_FLAG, 42 NGX_HTTP_SRV_CONF|NGX_CONF_FLAG,
33 ngx_conf_set_flag_slot, 43 ngx_conf_set_flag_slot,
48 NGX_HTTP_SRV_CONF_OFFSET, 58 NGX_HTTP_SRV_CONF_OFFSET,
49 offsetof(ngx_http_ssl_srv_conf_t, certificate_key), 59 offsetof(ngx_http_ssl_srv_conf_t, certificate_key),
50 NULL }, 60 NULL },
51 61
52 { ngx_string("ssl_protocols"), 62 { ngx_string("ssl_protocols"),
53 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_TAKE1, 63 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_1MORE,
54 ngx_conf_set_bitmask_slot, 64 ngx_conf_set_bitmask_slot,
55 NGX_HTTP_SRV_CONF_OFFSET, 65 NGX_HTTP_SRV_CONF_OFFSET,
56 offsetof(ngx_http_ssl_srv_conf_t, protocols), 66 offsetof(ngx_http_ssl_srv_conf_t, protocols),
57 &ngx_http_ssl_protocols }, 67 &ngx_http_ssl_protocols },
58 68
59 { ngx_string("ssl_ciphers"), 69 { ngx_string("ssl_ciphers"),
60 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_1MORE, 70 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_TAKE1,
61 ngx_conf_set_str_slot, 71 ngx_conf_set_str_slot,
62 NGX_HTTP_SRV_CONF_OFFSET, 72 NGX_HTTP_SRV_CONF_OFFSET,
63 offsetof(ngx_http_ssl_srv_conf_t, ciphers), 73 offsetof(ngx_http_ssl_srv_conf_t, ciphers),
64 NULL }, 74 NULL },
65 75
66 { ngx_string("ssl_prefer_server_ciphers"), 76 { ngx_string("ssl_prefer_server_ciphers"),
67 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_FLAG, 77 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_FLAG,
78 #ifdef SSL_OP_CIPHER_SERVER_PREFERENCE
68 ngx_conf_set_flag_slot, 79 ngx_conf_set_flag_slot,
69 NGX_HTTP_SRV_CONF_OFFSET, 80 NGX_HTTP_SRV_CONF_OFFSET,
70 offsetof(ngx_http_ssl_srv_conf_t, prefer_server_ciphers), 81 offsetof(ngx_http_ssl_srv_conf_t, prefer_server_ciphers),
71 NULL }, 82 NULL },
83 #else
84 ngx_http_ssl_nosupported, 0, 0, ngx_http_ssl_openssl097 },
85 #endif
72 86
73 ngx_null_command 87 ngx_null_command
74 }; 88 };
75 89
76 90
142 ngx_http_ssl_merge_srv_conf(ngx_conf_t *cf, void *parent, void *child) 156 ngx_http_ssl_merge_srv_conf(ngx_conf_t *cf, void *parent, void *child)
143 { 157 {
144 ngx_http_ssl_srv_conf_t *prev = parent; 158 ngx_http_ssl_srv_conf_t *prev = parent;
145 ngx_http_ssl_srv_conf_t *conf = child; 159 ngx_http_ssl_srv_conf_t *conf = child;
146 160
161 ngx_pool_cleanup_t *cln;
162
147 ngx_conf_merge_value(conf->enable, prev->enable, 0); 163 ngx_conf_merge_value(conf->enable, prev->enable, 0);
148 164
149 if (conf->enable == 0) { 165 if (conf->enable == 0) {
150 return NGX_CONF_OK; 166 return NGX_CONF_OK;
151 } 167 }
170 186
171 if (ngx_ssl_create(&conf->ssl, conf->protocols) != NGX_OK) { 187 if (ngx_ssl_create(&conf->ssl, conf->protocols) != NGX_OK) {
172 return NGX_CONF_ERROR; 188 return NGX_CONF_ERROR;
173 } 189 }
174 190
175 if (ngx_pool_cleanup_add(cf->pool, ngx_ssl_cleanup_ctx, &conf->ssl) == NULL) 191 cln = ngx_pool_cleanup_add(cf->pool, 0);
192 if (cln == NULL) {
193 return NGX_CONF_ERROR;
194 }
195
196 cln->handler = ngx_ssl_cleanup_ctx;
197 cln->data = &conf->ssl;
198
199 if (ngx_ssl_certificate(cf, &conf->ssl, &conf->certificate,
200 &conf->certificate_key) != NGX_OK)
176 { 201 {
177 return NGX_CONF_ERROR; 202 return NGX_CONF_ERROR;
178 } 203 }
179 204
180 if (ngx_ssl_certificate(&conf->ssl, conf->certificate.data,
181 conf->certificate_key.data) != NGX_OK)
182 {
183 return NGX_CONF_ERROR;
184 }
185
186 if (SSL_CTX_set_cipher_list(conf->ssl.ctx, 205 if (SSL_CTX_set_cipher_list(conf->ssl.ctx,
187 (const char *) conf->ciphers.data) == 0) 206 (const char *) conf->ciphers.data)
207 == 0)
188 { 208 {
189 ngx_ssl_error(NGX_LOG_EMERG, cf->log, 0, 209 ngx_ssl_error(NGX_LOG_EMERG, cf->log, 0,
190 "SSL_CTX_set_cipher_list(\"%V\") failed", 210 "SSL_CTX_set_cipher_list(\"%V\") failed",
191 &conf->ciphers); 211 &conf->ciphers);
192 } 212 }
193 213
214 #ifdef SSL_OP_CIPHER_SERVER_PREFERENCE
215
194 if (conf->prefer_server_ciphers) { 216 if (conf->prefer_server_ciphers) {
195 SSL_CTX_set_options(conf->ssl.ctx, SSL_OP_CIPHER_SERVER_PREFERENCE); 217 SSL_CTX_set_options(conf->ssl.ctx, SSL_OP_CIPHER_SERVER_PREFERENCE);
196 } 218 }
197 219
220 #endif
221
198 /* a temporary 512-bit RSA key is required for export versions of MSIE */ 222 /* a temporary 512-bit RSA key is required for export versions of MSIE */
199 if (ngx_ssl_generate_rsa512_key(&conf->ssl) != NGX_OK) { 223 if (ngx_ssl_generate_rsa512_key(&conf->ssl) != NGX_OK) {
200 return NGX_CONF_ERROR; 224 return NGX_CONF_ERROR;
201 } 225 }
202 226
205 SSL_CTX_set_session_id_context(conf->ssl.ctx, ngx_http_session_id_ctx, 229 SSL_CTX_set_session_id_context(conf->ssl.ctx, ngx_http_session_id_ctx,
206 sizeof(ngx_http_session_id_ctx) - 1); 230 sizeof(ngx_http_session_id_ctx) - 1);
207 231
208 return NGX_CONF_OK; 232 return NGX_CONF_OK;
209 } 233 }
234
235
236 #if !defined (SSL_OP_CIPHER_SERVER_PREFERENCE)
237
238 static char *
239 ngx_http_ssl_nosupported(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
240 {
241 ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
242 "\"%V\" directive is available only in %s,",
243 &cmd->name, cmd->post);
244
245 return NGX_CONF_ERROR;
246 }
247
248 #endif