Mercurial > hg > nginx-ranges

comparison src/http/modules/ngx_http_ssl_module.c @ 578:f3a9e57d2e17

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Merge with current.
author Maxim Dounin <mdounin@mdounin.ru>
date Thu, 11 Mar 2010 21:27:17 +0300
parents 1dcf6adad484
children 8246d8a2c2be
comparison
equal deleted inserted replaced
539:5f4de8cf0d9d 578:f3a9e57d2e17
11 11
12 typedef ngx_int_t (*ngx_ssl_variable_handler_pt)(ngx_connection_t *c, 12 typedef ngx_int_t (*ngx_ssl_variable_handler_pt)(ngx_connection_t *c,
13 ngx_pool_t *pool, ngx_str_t *s); 13 ngx_pool_t *pool, ngx_str_t *s);
14 14
15 15
16 #define NGX_DEFAULT_CIPHERS "ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP" 16 #define NGX_DEFAULT_CIPHERS "HIGH:!ADH:!MD5"
17 17
18 18
19 static ngx_int_t ngx_http_ssl_static_variable(ngx_http_request_t *r, 19 static ngx_int_t ngx_http_ssl_static_variable(ngx_http_request_t *r,
20 ngx_http_variable_value_t *v, uintptr_t data); 20 ngx_http_variable_value_t *v, uintptr_t data);
21 static ngx_int_t ngx_http_ssl_variable(ngx_http_request_t *r, 21 static ngx_int_t ngx_http_ssl_variable(ngx_http_request_t *r,
182 (uintptr_t) ngx_ssl_get_protocol, NGX_HTTP_VAR_CHANGEABLE, 0 }, 182 (uintptr_t) ngx_ssl_get_protocol, NGX_HTTP_VAR_CHANGEABLE, 0 },
183 183
184 { ngx_string("ssl_cipher"), NULL, ngx_http_ssl_static_variable, 184 { ngx_string("ssl_cipher"), NULL, ngx_http_ssl_static_variable,
185 (uintptr_t) ngx_ssl_get_cipher_name, NGX_HTTP_VAR_CHANGEABLE, 0 }, 185 (uintptr_t) ngx_ssl_get_cipher_name, NGX_HTTP_VAR_CHANGEABLE, 0 },
186 186
187 { ngx_string("ssl_session_id"), NULL, ngx_http_ssl_variable,
188 (uintptr_t) ngx_ssl_get_session_id, NGX_HTTP_VAR_CHANGEABLE, 0 },
189
187 { ngx_string("ssl_client_cert"), NULL, ngx_http_ssl_variable, 190 { ngx_string("ssl_client_cert"), NULL, ngx_http_ssl_variable,
188 (uintptr_t) ngx_ssl_get_certificate, NGX_HTTP_VAR_CHANGEABLE, 0 }, 191 (uintptr_t) ngx_ssl_get_certificate, NGX_HTTP_VAR_CHANGEABLE, 0 },
189 192
190 { ngx_string("ssl_client_raw_cert"), NULL, ngx_http_ssl_variable, 193 { ngx_string("ssl_client_raw_cert"), NULL, ngx_http_ssl_variable,
191 (uintptr_t) ngx_ssl_get_raw_certificate, 194 (uintptr_t) ngx_ssl_get_raw_certificate,
342 345
343 ngx_conf_merge_value(conf->prefer_server_ciphers, 346 ngx_conf_merge_value(conf->prefer_server_ciphers,
344 prev->prefer_server_ciphers, 0); 347 prev->prefer_server_ciphers, 0);
345 348
346 ngx_conf_merge_bitmask_value(conf->protocols, prev->protocols, 349 ngx_conf_merge_bitmask_value(conf->protocols, prev->protocols,
347 (NGX_CONF_BITMASK_SET 350 (NGX_CONF_BITMASK_SET|NGX_SSL_SSLv3|NGX_SSL_TLSv1));
348 |NGX_SSL_SSLv2|NGX_SSL_SSLv3|NGX_SSL_TLSv1));
349 351
350 ngx_conf_merge_uint_value(conf->verify, prev->verify, 0); 352 ngx_conf_merge_uint_value(conf->verify, prev->verify, 0);
351 ngx_conf_merge_uint_value(conf->verify_depth, prev->verify_depth, 1); 353 ngx_conf_merge_uint_value(conf->verify_depth, prev->verify_depth, 1);
352 354
353 ngx_conf_merge_str_value(conf->certificate, prev->certificate, ""); 355 ngx_conf_merge_str_value(conf->certificate, prev->certificate, "");
404 406
405 if (SSL_CTX_set_tlsext_servername_callback(conf->ssl.ctx, 407 if (SSL_CTX_set_tlsext_servername_callback(conf->ssl.ctx,
406 ngx_http_ssl_servername) 408 ngx_http_ssl_servername)
407 == 0) 409 == 0)
408 { 410 {
409 ngx_ssl_error(NGX_LOG_EMERG, cf->log, 0, 411 ngx_log_error(NGX_LOG_WARN, cf->log, 0,
410 "SSL_CTX_set_tlsext_servername_callback() failed"); 412 "nginx was built with SNI support, however, now it is linked "
411 return NGX_CONF_ERROR; 413 "dynamically to an OpenSSL library which has no tlsext support, "
414 "therefore SNI is not available");
412 } 415 }
413 416
414 #endif 417 #endif
415 418
416 cln = ngx_pool_cleanup_add(cf->pool, 0); 419 cln = ngx_pool_cleanup_add(cf->pool, 0);