Mercurial > hg > nginx-ranges
comparison src/http/modules/ngx_http_ssl_module.c @ 578:f3a9e57d2e17
Merge with current.
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Thu, 11 Mar 2010 21:27:17 +0300 |
parents | 1dcf6adad484 |
children | 8246d8a2c2be |
comparison
equal
deleted
inserted
replaced
539:5f4de8cf0d9d | 578:f3a9e57d2e17 |
---|---|
11 | 11 |
12 typedef ngx_int_t (*ngx_ssl_variable_handler_pt)(ngx_connection_t *c, | 12 typedef ngx_int_t (*ngx_ssl_variable_handler_pt)(ngx_connection_t *c, |
13 ngx_pool_t *pool, ngx_str_t *s); | 13 ngx_pool_t *pool, ngx_str_t *s); |
14 | 14 |
15 | 15 |
16 #define NGX_DEFAULT_CIPHERS "ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP" | 16 #define NGX_DEFAULT_CIPHERS "HIGH:!ADH:!MD5" |
17 | 17 |
18 | 18 |
19 static ngx_int_t ngx_http_ssl_static_variable(ngx_http_request_t *r, | 19 static ngx_int_t ngx_http_ssl_static_variable(ngx_http_request_t *r, |
20 ngx_http_variable_value_t *v, uintptr_t data); | 20 ngx_http_variable_value_t *v, uintptr_t data); |
21 static ngx_int_t ngx_http_ssl_variable(ngx_http_request_t *r, | 21 static ngx_int_t ngx_http_ssl_variable(ngx_http_request_t *r, |
182 (uintptr_t) ngx_ssl_get_protocol, NGX_HTTP_VAR_CHANGEABLE, 0 }, | 182 (uintptr_t) ngx_ssl_get_protocol, NGX_HTTP_VAR_CHANGEABLE, 0 }, |
183 | 183 |
184 { ngx_string("ssl_cipher"), NULL, ngx_http_ssl_static_variable, | 184 { ngx_string("ssl_cipher"), NULL, ngx_http_ssl_static_variable, |
185 (uintptr_t) ngx_ssl_get_cipher_name, NGX_HTTP_VAR_CHANGEABLE, 0 }, | 185 (uintptr_t) ngx_ssl_get_cipher_name, NGX_HTTP_VAR_CHANGEABLE, 0 }, |
186 | 186 |
187 { ngx_string("ssl_session_id"), NULL, ngx_http_ssl_variable, | |
188 (uintptr_t) ngx_ssl_get_session_id, NGX_HTTP_VAR_CHANGEABLE, 0 }, | |
189 | |
187 { ngx_string("ssl_client_cert"), NULL, ngx_http_ssl_variable, | 190 { ngx_string("ssl_client_cert"), NULL, ngx_http_ssl_variable, |
188 (uintptr_t) ngx_ssl_get_certificate, NGX_HTTP_VAR_CHANGEABLE, 0 }, | 191 (uintptr_t) ngx_ssl_get_certificate, NGX_HTTP_VAR_CHANGEABLE, 0 }, |
189 | 192 |
190 { ngx_string("ssl_client_raw_cert"), NULL, ngx_http_ssl_variable, | 193 { ngx_string("ssl_client_raw_cert"), NULL, ngx_http_ssl_variable, |
191 (uintptr_t) ngx_ssl_get_raw_certificate, | 194 (uintptr_t) ngx_ssl_get_raw_certificate, |
342 | 345 |
343 ngx_conf_merge_value(conf->prefer_server_ciphers, | 346 ngx_conf_merge_value(conf->prefer_server_ciphers, |
344 prev->prefer_server_ciphers, 0); | 347 prev->prefer_server_ciphers, 0); |
345 | 348 |
346 ngx_conf_merge_bitmask_value(conf->protocols, prev->protocols, | 349 ngx_conf_merge_bitmask_value(conf->protocols, prev->protocols, |
347 (NGX_CONF_BITMASK_SET | 350 (NGX_CONF_BITMASK_SET|NGX_SSL_SSLv3|NGX_SSL_TLSv1)); |
348 |NGX_SSL_SSLv2|NGX_SSL_SSLv3|NGX_SSL_TLSv1)); | |
349 | 351 |
350 ngx_conf_merge_uint_value(conf->verify, prev->verify, 0); | 352 ngx_conf_merge_uint_value(conf->verify, prev->verify, 0); |
351 ngx_conf_merge_uint_value(conf->verify_depth, prev->verify_depth, 1); | 353 ngx_conf_merge_uint_value(conf->verify_depth, prev->verify_depth, 1); |
352 | 354 |
353 ngx_conf_merge_str_value(conf->certificate, prev->certificate, ""); | 355 ngx_conf_merge_str_value(conf->certificate, prev->certificate, ""); |
404 | 406 |
405 if (SSL_CTX_set_tlsext_servername_callback(conf->ssl.ctx, | 407 if (SSL_CTX_set_tlsext_servername_callback(conf->ssl.ctx, |
406 ngx_http_ssl_servername) | 408 ngx_http_ssl_servername) |
407 == 0) | 409 == 0) |
408 { | 410 { |
409 ngx_ssl_error(NGX_LOG_EMERG, cf->log, 0, | 411 ngx_log_error(NGX_LOG_WARN, cf->log, 0, |
410 "SSL_CTX_set_tlsext_servername_callback() failed"); | 412 "nginx was built with SNI support, however, now it is linked " |
411 return NGX_CONF_ERROR; | 413 "dynamically to an OpenSSL library which has no tlsext support, " |
414 "therefore SNI is not available"); | |
412 } | 415 } |
413 | 416 |
414 #endif | 417 #endif |
415 | 418 |
416 cln = ngx_pool_cleanup_add(cf->pool, 0); | 419 cln = ngx_pool_cleanup_add(cf->pool, 0); |