nginx-vendor-0-6: src/event/ngx_event

annotate src/event/ngx_event_openssl.c @ 376:d13234035cad NGINX_0_6_32

nginx 0.6.32 *) Change: the "none" parameter in the "ssl_session_cache" directive; now this is default parameter. Thanks to Rob Mueller. *) Change: now the 0x00-0x1F, '"' and '\' characters are escaped as \xXX in an access_log. Thanks to Maxim Dounin. *) Change: now nginx allows several "Host" request header line. *) Feature: the "modified" flag in the "expires" directive. *) Feature: the $uid_got and $uid_set variables may be used at any request processing stage. *) Feature: the $hostname variable. Thanks to Andrei Nigmatulin. *) Feature: DESTDIR support. Thanks to Todd A. Fisher and Andras Voroskoi. *) Bugfix: if sub_filter and SSI were used together, then responses might were transferred incorrectly. *) Bugfix: large SSI inclusions might be truncated. *) Bugfix: the "proxy_pass" directive did not work with the HTTPS protocol; the bug had appeared in 0.6.9. *) Bugfix: worker processes might not catch reconfiguration and log rotation signals. *) Bugfix: nginx could not be built on latest Fedora 9 Linux. Thanks to Roxis. *) Bugfix: a segmentation fault might occur in worker process on Linux, if keepalive was enabled.

author	Igor Sysoev <http://sysoev.ru>
date	Mon, 07 Jul 2008 00:00:00 +0400
parents	6639b93e81b2
children	fc497c1dfb7c

rev	line source
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	2 /*
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	3 * Copyright (C) Igor Sysoev
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	4 */
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	5
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	6
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	7 #include <ngx_config.h>
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	8 #include <ngx_core.h>
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	9 #include <ngx_event.h>
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	10
90 71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	11
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	12 typedef struct {
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	13 ngx_str_t engine;
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	14 } ngx_openssl_conf_t;
28 7ca9bdc82b3f nginx 0.1.14 Igor Sysoev <http://sysoev.ru> parents: 22 diff changeset	15
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	16
220 559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	17 static int ngx_http_ssl_verify_callback(int ok, X509_STORE_CTX *x509_store);
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	18 static void ngx_ssl_handshake_handler(ngx_event_t *ev);
38 2879cd3a40cb nginx 0.1.19 Igor Sysoev <http://sysoev.ru> parents: 28 diff changeset	19 static ngx_int_t ngx_ssl_handle_recv(ngx_connection_t *c, int n);
22 8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	20 static void ngx_ssl_write_handler(ngx_event_t *wev);
8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	21 static void ngx_ssl_read_handler(ngx_event_t *rev);
126 df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	22 static void ngx_ssl_shutdown_handler(ngx_event_t *ev);
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	23 static void ngx_ssl_connection_error(ngx_connection_t *c, int sslerr,
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	24 ngx_err_t err, char *text);
358 9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	25 static void ngx_ssl_clear_error(ngx_log_t *log);
272 29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	26
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	27 static ngx_int_t ngx_ssl_session_cache_init(ngx_shm_zone_t *shm_zone,
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	28 void *data);
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	29 static int ngx_ssl_new_session(ngx_ssl_conn_t *ssl_conn,
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	30 ngx_ssl_session_t *sess);
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	31 static ngx_ssl_session_t ngx_ssl_get_cached_session(ngx_ssl_conn_t ssl_conn,
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	32 u_char id, int len, int copy);
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	33 static void ngx_ssl_remove_session(SSL_CTX ssl, ngx_ssl_session_t sess);
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	34 static void ngx_ssl_expire_sessions(ngx_ssl_session_cache_t *cache,
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	35 ngx_slab_pool_t *shpool, ngx_uint_t n);
274 052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	36 static void ngx_ssl_session_rbtree_insert_value(ngx_rbtree_node_t *temp,
052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	37 ngx_rbtree_node_t node, ngx_rbtree_node_t sentinel);
272 29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	38
90 71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	39 static void ngx_openssl_create_conf(ngx_cycle_t cycle);
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	40 static char ngx_openssl_init_conf(ngx_cycle_t cycle, void *conf);
120 e85dca77c46a nginx 0.3.7 Igor Sysoev <http://sysoev.ru> parents: 112 diff changeset	41 static void ngx_openssl_exit(ngx_cycle_t *cycle);
90 71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	42
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	43 #if !(NGX_SSL_ENGINE)
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	44 static char ngx_openssl_noengine(ngx_conf_t cf, ngx_command_t *cmd,
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	45 void *conf);
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	46 #endif
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	47
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	48
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	49 static ngx_command_t ngx_openssl_commands[] = {
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	50
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	51 { ngx_string("ssl_engine"),
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	52 NGX_MAIN_CONF\|NGX_DIRECT_CONF\|NGX_CONF_TAKE1,
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	53 #if (NGX_SSL_ENGINE)
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	54 ngx_conf_set_str_slot,
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	55 #else
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	56 ngx_openssl_noengine,
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	57 #endif
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	58 0,
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	59 offsetof(ngx_openssl_conf_t, engine),
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	60 NULL },
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	61
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	62 ngx_null_command
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	63 };
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	64
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	65
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	66 static ngx_core_module_t ngx_openssl_module_ctx = {
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	67 ngx_string("openssl"),
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	68 ngx_openssl_create_conf,
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	69 ngx_openssl_init_conf
126 df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	70 };
90 71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	71
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	72
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	73 ngx_module_t ngx_openssl_module = {
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	74 NGX_MODULE_V1,
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	75 &ngx_openssl_module_ctx, /* module context */
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	76 ngx_openssl_commands, /* module directives */
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	77 NGX_CORE_MODULE, /* module type */
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	78 NULL, /* init master */
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	79 NULL, /* init module */
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	80 NULL, /* init process */
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	81 NULL, /* init thread */
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	82 NULL, /* exit thread */
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	83 NULL, /* exit process */
120 e85dca77c46a nginx 0.3.7 Igor Sysoev <http://sysoev.ru> parents: 112 diff changeset	84 ngx_openssl_exit, /* exit master */
90 71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	85 NGX_MODULE_V1_PADDING
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	86 };
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	87
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	88
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	89 static long ngx_ssl_protocols[] = {
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	90 SSL_OP_NO_SSLv2\|SSL_OP_NO_SSLv3\|SSL_OP_NO_TLSv1,
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	91 SSL_OP_NO_SSLv3\|SSL_OP_NO_TLSv1,
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	92 SSL_OP_NO_SSLv2\|SSL_OP_NO_TLSv1,
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	93 SSL_OP_NO_TLSv1,
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	94 SSL_OP_NO_SSLv2\|SSL_OP_NO_SSLv3,
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	95 SSL_OP_NO_SSLv3,
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	96 SSL_OP_NO_SSLv2,
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	97 0,
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	98 };
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	99
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	100
272 29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	101 int ngx_ssl_connection_index;
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	102 int ngx_ssl_server_conf_index;
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	103 int ngx_ssl_session_cache_index;
220 559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	104
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	105
38 2879cd3a40cb nginx 0.1.19 Igor Sysoev <http://sysoev.ru> parents: 28 diff changeset	106 ngx_int_t
2879cd3a40cb nginx 0.1.19 Igor Sysoev <http://sysoev.ru> parents: 28 diff changeset	107 ngx_ssl_init(ngx_log_t *log)
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	108 {
272 29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	109 #if OPENSSL_VERSION_NUMBER >= 0x00907000
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	110 OPENSSL_config(NULL);
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	111 #endif
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	112
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	113 SSL_library_init();
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	114 SSL_load_error_strings();
90 71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	115
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	116 #if (NGX_SSL_ENGINE)
28 7ca9bdc82b3f nginx 0.1.14 Igor Sysoev <http://sysoev.ru> parents: 22 diff changeset	117 ENGINE_load_builtin_engines();
90 71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	118 #endif
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	119
272 29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	120 ngx_ssl_connection_index = SSL_get_ex_new_index(0, NULL, NULL, NULL, NULL);
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	121
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	122 if (ngx_ssl_connection_index == -1) {
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	123 ngx_ssl_error(NGX_LOG_ALERT, log, 0, "SSL_get_ex_new_index() failed");
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	124 return NGX_ERROR;
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	125 }
220 559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	126
272 29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	127 ngx_ssl_server_conf_index = SSL_CTX_get_ex_new_index(0, NULL, NULL, NULL,
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	128 NULL);
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	129 if (ngx_ssl_server_conf_index == -1) {
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	130 ngx_ssl_error(NGX_LOG_ALERT, log, 0,
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	131 "SSL_CTX_get_ex_new_index() failed");
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	132 return NGX_ERROR;
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	133 }
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	134
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	135 ngx_ssl_session_cache_index = SSL_CTX_get_ex_new_index(0, NULL, NULL, NULL,
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	136 NULL);
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	137 if (ngx_ssl_session_cache_index == -1) {
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	138 ngx_ssl_error(NGX_LOG_ALERT, log, 0,
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	139 "SSL_CTX_get_ex_new_index() failed");
220 559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	140 return NGX_ERROR;
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	141 }
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	142
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	143 return NGX_OK;
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	144 }
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	145
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	146
38 2879cd3a40cb nginx 0.1.19 Igor Sysoev <http://sysoev.ru> parents: 28 diff changeset	147 ngx_int_t
272 29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	148 ngx_ssl_create(ngx_ssl_t ssl, ngx_uint_t protocols, void data)
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	149 {
126 df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	150 ssl->ctx = SSL_CTX_new(SSLv23_method());
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	151
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	152 if (ssl->ctx == NULL) {
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	153 ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0, "SSL_CTX_new() failed");
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	154 return NGX_ERROR;
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	155 }
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	156
272 29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	157 if (SSL_CTX_set_ex_data(ssl->ctx, ngx_ssl_server_conf_index, data) == 0) {
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	158 ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0,
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	159 "SSL_CTX_set_ex_data() failed");
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	160 return NGX_ERROR;
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	161 }
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	162
126 df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	163 /* client side options */
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	164
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	165 SSL_CTX_set_options(ssl->ctx, SSL_OP_MICROSOFT_SESS_ID_BUG);
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	166 SSL_CTX_set_options(ssl->ctx, SSL_OP_NETSCAPE_CHALLENGE_BUG);
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	167 SSL_CTX_set_options(ssl->ctx, SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG);
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	168
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	169 /* server side options */
112 408f195b3482 nginx 0.3.3 Igor Sysoev <http://sysoev.ru> parents: 108 diff changeset	170
408f195b3482 nginx 0.3.3 Igor Sysoev <http://sysoev.ru> parents: 108 diff changeset	171 SSL_CTX_set_options(ssl->ctx, SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG);
408f195b3482 nginx 0.3.3 Igor Sysoev <http://sysoev.ru> parents: 108 diff changeset	172 SSL_CTX_set_options(ssl->ctx, SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER);
408f195b3482 nginx 0.3.3 Igor Sysoev <http://sysoev.ru> parents: 108 diff changeset	173
408f195b3482 nginx 0.3.3 Igor Sysoev <http://sysoev.ru> parents: 108 diff changeset	174 /* this option allow a potential SSL 2.0 rollback (CAN-2005-2969) */
408f195b3482 nginx 0.3.3 Igor Sysoev <http://sysoev.ru> parents: 108 diff changeset	175 SSL_CTX_set_options(ssl->ctx, SSL_OP_MSIE_SSLV2_RSA_PADDING);
408f195b3482 nginx 0.3.3 Igor Sysoev <http://sysoev.ru> parents: 108 diff changeset	176
408f195b3482 nginx 0.3.3 Igor Sysoev <http://sysoev.ru> parents: 108 diff changeset	177 SSL_CTX_set_options(ssl->ctx, SSL_OP_SSLEAY_080_CLIENT_DH_BUG);
408f195b3482 nginx 0.3.3 Igor Sysoev <http://sysoev.ru> parents: 108 diff changeset	178 SSL_CTX_set_options(ssl->ctx, SSL_OP_TLS_D5_BUG);
408f195b3482 nginx 0.3.3 Igor Sysoev <http://sysoev.ru> parents: 108 diff changeset	179 SSL_CTX_set_options(ssl->ctx, SSL_OP_TLS_BLOCK_PADDING_BUG);
408f195b3482 nginx 0.3.3 Igor Sysoev <http://sysoev.ru> parents: 108 diff changeset	180
408f195b3482 nginx 0.3.3 Igor Sysoev <http://sysoev.ru> parents: 108 diff changeset	181 #ifdef SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS
408f195b3482 nginx 0.3.3 Igor Sysoev <http://sysoev.ru> parents: 108 diff changeset	182 SSL_CTX_set_options(ssl->ctx, SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS);
408f195b3482 nginx 0.3.3 Igor Sysoev <http://sysoev.ru> parents: 108 diff changeset	183 #endif
408f195b3482 nginx 0.3.3 Igor Sysoev <http://sysoev.ru> parents: 108 diff changeset	184
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	185
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	186 if (ngx_ssl_protocols[protocols >> 1] != 0) {
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	187 SSL_CTX_set_options(ssl->ctx, ngx_ssl_protocols[protocols >> 1]);
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	188 }
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	189
364 a39aab45a53f nginx 0.6.26 Igor Sysoev <http://sysoev.ru> parents: 360 diff changeset	190 /*
a39aab45a53f nginx 0.6.26 Igor Sysoev <http://sysoev.ru> parents: 360 diff changeset	191 * we need this option because in ngx_ssl_send_chain()
a39aab45a53f nginx 0.6.26 Igor Sysoev <http://sysoev.ru> parents: 360 diff changeset	192 * we may switch to a buffered write and may copy leftover part of
a39aab45a53f nginx 0.6.26 Igor Sysoev <http://sysoev.ru> parents: 360 diff changeset	193 * previously unbuffered data to our internal buffer
a39aab45a53f nginx 0.6.26 Igor Sysoev <http://sysoev.ru> parents: 360 diff changeset	194 */
a39aab45a53f nginx 0.6.26 Igor Sysoev <http://sysoev.ru> parents: 360 diff changeset	195 SSL_CTX_set_mode(ssl->ctx, SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER);
a39aab45a53f nginx 0.6.26 Igor Sysoev <http://sysoev.ru> parents: 360 diff changeset	196
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	197 SSL_CTX_set_read_ahead(ssl->ctx, 1);
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	198
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	199 return NGX_OK;
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	200 }
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	201
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	202
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	203 ngx_int_t
112 408f195b3482 nginx 0.3.3 Igor Sysoev <http://sysoev.ru> parents: 108 diff changeset	204 ngx_ssl_certificate(ngx_conf_t cf, ngx_ssl_t ssl, ngx_str_t *cert,
408f195b3482 nginx 0.3.3 Igor Sysoev <http://sysoev.ru> parents: 108 diff changeset	205 ngx_str_t *key)
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	206 {
324 f7cd062ee035 nginx 0.6.6 Igor Sysoev <http://sysoev.ru> parents: 302 diff changeset	207 if (ngx_conf_full_name(cf->cycle, cert, 1) == NGX_ERROR) {
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	208 return NGX_ERROR;
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	209 }
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	210
112 408f195b3482 nginx 0.3.3 Igor Sysoev <http://sysoev.ru> parents: 108 diff changeset	211 if (SSL_CTX_use_certificate_chain_file(ssl->ctx, (char *) cert->data)
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	212 == 0)
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	213 {
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	214 ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0,
112 408f195b3482 nginx 0.3.3 Igor Sysoev <http://sysoev.ru> parents: 108 diff changeset	215 "SSL_CTX_use_certificate_chain_file(\"%s\") failed",
408f195b3482 nginx 0.3.3 Igor Sysoev <http://sysoev.ru> parents: 108 diff changeset	216 cert->data);
408f195b3482 nginx 0.3.3 Igor Sysoev <http://sysoev.ru> parents: 108 diff changeset	217 return NGX_ERROR;
408f195b3482 nginx 0.3.3 Igor Sysoev <http://sysoev.ru> parents: 108 diff changeset	218 }
408f195b3482 nginx 0.3.3 Igor Sysoev <http://sysoev.ru> parents: 108 diff changeset	219
324 f7cd062ee035 nginx 0.6.6 Igor Sysoev <http://sysoev.ru> parents: 302 diff changeset	220 if (ngx_conf_full_name(cf->cycle, key, 1) == NGX_ERROR) {
112 408f195b3482 nginx 0.3.3 Igor Sysoev <http://sysoev.ru> parents: 108 diff changeset	221 return NGX_ERROR;
408f195b3482 nginx 0.3.3 Igor Sysoev <http://sysoev.ru> parents: 108 diff changeset	222 }
408f195b3482 nginx 0.3.3 Igor Sysoev <http://sysoev.ru> parents: 108 diff changeset	223
408f195b3482 nginx 0.3.3 Igor Sysoev <http://sysoev.ru> parents: 108 diff changeset	224 if (SSL_CTX_use_PrivateKey_file(ssl->ctx, (char *) key->data,
196 8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	225 SSL_FILETYPE_PEM)
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	226 == 0)
112 408f195b3482 nginx 0.3.3 Igor Sysoev <http://sysoev.ru> parents: 108 diff changeset	227 {
408f195b3482 nginx 0.3.3 Igor Sysoev <http://sysoev.ru> parents: 108 diff changeset	228 ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0,
408f195b3482 nginx 0.3.3 Igor Sysoev <http://sysoev.ru> parents: 108 diff changeset	229 "SSL_CTX_use_PrivateKey_file(\"%s\") failed", key->data);
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	230 return NGX_ERROR;
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	231 }
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	232
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	233 return NGX_OK;
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	234 }
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	235
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	236
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	237 ngx_int_t
220 559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	238 ngx_ssl_client_certificate(ngx_conf_t cf, ngx_ssl_t ssl, ngx_str_t *cert,
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	239 ngx_int_t depth)
196 8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	240 {
220 559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	241 STACK_OF(X509_NAME) *list;
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	242
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	243 SSL_CTX_set_verify(ssl->ctx, SSL_VERIFY_PEER, ngx_http_ssl_verify_callback);
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	244
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	245 SSL_CTX_set_verify_depth(ssl->ctx, depth);
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	246
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	247 if (cert->len == 0) {
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	248 return NGX_OK;
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	249 }
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	250
324 f7cd062ee035 nginx 0.6.6 Igor Sysoev <http://sysoev.ru> parents: 302 diff changeset	251 if (ngx_conf_full_name(cf->cycle, cert, 1) == NGX_ERROR) {
196 8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	252 return NGX_ERROR;
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	253 }
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	254
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	255 if (SSL_CTX_load_verify_locations(ssl->ctx, (char *) cert->data, NULL)
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	256 == 0)
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	257 {
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	258 ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0,
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	259 "SSL_CTX_load_verify_locations(\"%s\") failed",
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	260 cert->data);
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	261 return NGX_ERROR;
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	262 }
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	263
220 559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	264 list = SSL_load_client_CA_file((char *) cert->data);
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	265
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	266 if (list == NULL) {
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	267 ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0,
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	268 "SSL_load_client_CA_file(\"%s\") failed", cert->data);
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	269 return NGX_ERROR;
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	270 }
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	271
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	272 /*
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	273 * before 0.9.7h and 0.9.8 SSL_load_client_CA_file()
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	274 * always leaved an error in the error queue
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	275 */
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	276
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	277 ERR_clear_error();
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	278
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	279 SSL_CTX_set_client_CA_list(ssl->ctx, list);
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	280
196 8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	281 return NGX_OK;
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	282 }
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	283
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	284
220 559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	285 static int
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	286 ngx_http_ssl_verify_callback(int ok, X509_STORE_CTX *x509_store)
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	287 {
372 6639b93e81b2 nginx 0.6.30 Igor Sysoev <http://sysoev.ru> parents: 370 diff changeset	288 #if (NGX_DEBUG)
220 559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	289 char subject, issuer;
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	290 int err, depth;
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	291 X509 *cert;
372 6639b93e81b2 nginx 0.6.30 Igor Sysoev <http://sysoev.ru> parents: 370 diff changeset	292 X509_NAME sname, iname;
220 559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	293 ngx_connection_t *c;
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	294 ngx_ssl_conn_t *ssl_conn;
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	295
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	296 ssl_conn = X509_STORE_CTX_get_ex_data(x509_store,
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	297 SSL_get_ex_data_X509_STORE_CTX_idx());
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	298
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	299 c = ngx_ssl_get_connection(ssl_conn);
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	300
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	301 cert = X509_STORE_CTX_get_current_cert(x509_store);
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	302 err = X509_STORE_CTX_get_error(x509_store);
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	303 depth = X509_STORE_CTX_get_error_depth(x509_store);
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	304
372 6639b93e81b2 nginx 0.6.30 Igor Sysoev <http://sysoev.ru> parents: 370 diff changeset	305 sname = X509_get_subject_name(cert);
6639b93e81b2 nginx 0.6.30 Igor Sysoev <http://sysoev.ru> parents: 370 diff changeset	306 subject = sname ? X509_NAME_oneline(sname, NULL, 0) : "(none)";
6639b93e81b2 nginx 0.6.30 Igor Sysoev <http://sysoev.ru> parents: 370 diff changeset	307
6639b93e81b2 nginx 0.6.30 Igor Sysoev <http://sysoev.ru> parents: 370 diff changeset	308 iname = X509_get_issuer_name(cert);
6639b93e81b2 nginx 0.6.30 Igor Sysoev <http://sysoev.ru> parents: 370 diff changeset	309 issuer = iname ? X509_NAME_oneline(iname, NULL, 0) : "(none)";
220 559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	310
272 29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	311 ngx_log_debug5(NGX_LOG_DEBUG_EVENT, c->log, 0,
220 559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	312 "verify:%d, error:%d, depth:%d, "
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	313 "subject:\"%s\",issuer: \"%s\"",
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	314 ok, err, depth, subject, issuer);
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	315
372 6639b93e81b2 nginx 0.6.30 Igor Sysoev <http://sysoev.ru> parents: 370 diff changeset	316 if (sname) {
6639b93e81b2 nginx 0.6.30 Igor Sysoev <http://sysoev.ru> parents: 370 diff changeset	317 OPENSSL_free(subject);
6639b93e81b2 nginx 0.6.30 Igor Sysoev <http://sysoev.ru> parents: 370 diff changeset	318 }
6639b93e81b2 nginx 0.6.30 Igor Sysoev <http://sysoev.ru> parents: 370 diff changeset	319
6639b93e81b2 nginx 0.6.30 Igor Sysoev <http://sysoev.ru> parents: 370 diff changeset	320 if (iname) {
6639b93e81b2 nginx 0.6.30 Igor Sysoev <http://sysoev.ru> parents: 370 diff changeset	321 OPENSSL_free(issuer);
6639b93e81b2 nginx 0.6.30 Igor Sysoev <http://sysoev.ru> parents: 370 diff changeset	322 }
6639b93e81b2 nginx 0.6.30 Igor Sysoev <http://sysoev.ru> parents: 370 diff changeset	323 #endif
6639b93e81b2 nginx 0.6.30 Igor Sysoev <http://sysoev.ru> parents: 370 diff changeset	324
220 559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	325 return 1;
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	326 }
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	327
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	328
196 8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	329 ngx_int_t
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	330 ngx_ssl_generate_rsa512_key(ngx_ssl_t *ssl)
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	331 {
220 559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	332 RSA *key;
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	333
108 cf3d6edb3ad6 nginx 0.3.1 Igor Sysoev <http://sysoev.ru> parents: 98 diff changeset	334 if (SSL_CTX_need_tmp_RSA(ssl->ctx) == 0) {
cf3d6edb3ad6 nginx 0.3.1 Igor Sysoev <http://sysoev.ru> parents: 98 diff changeset	335 return NGX_OK;
cf3d6edb3ad6 nginx 0.3.1 Igor Sysoev <http://sysoev.ru> parents: 98 diff changeset	336 }
cf3d6edb3ad6 nginx 0.3.1 Igor Sysoev <http://sysoev.ru> parents: 98 diff changeset	337
220 559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	338 key = RSA_generate_key(512, RSA_F4, NULL, NULL);
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	339
220 559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	340 if (key) {
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	341 SSL_CTX_set_tmp_rsa(ssl->ctx, key);
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	342
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	343 RSA_free(key);
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	344
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	345 return NGX_OK;
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	346 }
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	347
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	348 ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0, "RSA_generate_key(512) failed");
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	349
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	350 return NGX_ERROR;
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	351 }
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	352
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	353
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	354 ngx_int_t
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	355 ngx_ssl_create_connection(ngx_ssl_t ssl, ngx_connection_t c, ngx_uint_t flags)
126 df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	356 {
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	357 ngx_ssl_connection_t *sc;
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	358
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	359 sc = ngx_pcalloc(c->pool, sizeof(ngx_ssl_connection_t));
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	360 if (sc == NULL) {
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	361 return NGX_ERROR;
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	362 }
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	363
358 9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	364 sc->buffer = ((flags & NGX_SSL_BUFFER) != 0);
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	365
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	366 sc->connection = SSL_new(ssl->ctx);
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	367
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	368 if (sc->connection == NULL) {
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	369 ngx_ssl_error(NGX_LOG_ALERT, c->log, 0, "SSL_new() failed");
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	370 return NGX_ERROR;
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	371 }
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	372
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	373 if (SSL_set_fd(sc->connection, c->fd) == 0) {
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	374 ngx_ssl_error(NGX_LOG_ALERT, c->log, 0, "SSL_set_fd() failed");
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	375 return NGX_ERROR;
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	376 }
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	377
126 df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	378 if (flags & NGX_SSL_CLIENT) {
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	379 SSL_set_connect_state(sc->connection);
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	380
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	381 } else {
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	382 SSL_set_accept_state(sc->connection);
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	383 }
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	384
272 29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	385 if (SSL_set_ex_data(sc->connection, ngx_ssl_connection_index, c) == 0) {
220 559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	386 ngx_ssl_error(NGX_LOG_ALERT, c->log, 0, "SSL_set_ex_data() failed");
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	387 return NGX_ERROR;
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	388 }
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	389
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	390 c->ssl = sc;
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	391
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	392 return NGX_OK;
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	393 }
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	394
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	395
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	396 ngx_int_t
126 df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	397 ngx_ssl_set_session(ngx_connection_t c, ngx_ssl_session_t session)
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	398 {
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	399 if (session) {
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	400 if (SSL_set_session(c->ssl->connection, session) == 0) {
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	401 ngx_ssl_error(NGX_LOG_ALERT, c->log, 0, "SSL_set_session() failed");
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	402 return NGX_ERROR;
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	403 }
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	404 }
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	405
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	406 return NGX_OK;
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	407 }
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	408
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	409
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	410 ngx_int_t
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	411 ngx_ssl_handshake(ngx_connection_t *c)
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	412 {
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	413 int n, sslerr;
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	414 ngx_err_t err;
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	415
358 9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	416 ngx_ssl_clear_error(c->log);
9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	417
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	418 n = SSL_do_handshake(c->ssl->connection);
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	419
126 df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	420 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL_do_handshake: %d", n);
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	421
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	422 if (n == 1) {
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	423
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	424 if (ngx_handle_read_event(c->read, 0) == NGX_ERROR) {
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	425 return NGX_ERROR;
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	426 }
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	427
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	428 if (ngx_handle_write_event(c->write, 0) == NGX_ERROR) {
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	429 return NGX_ERROR;
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	430 }
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	431
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	432 #if (NGX_DEBUG)
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	433 {
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	434 char buf[129], s, d;
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	435 SSL_CIPHER *cipher;
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	436
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	437 cipher = SSL_get_current_cipher(c->ssl->connection);
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	438
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	439 if (cipher) {
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	440 SSL_CIPHER_description(cipher, &buf[1], 128);
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	441
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	442 for (s = &buf[1], d = buf; *s; s++) {
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	443 if (s == ' ' && d == ' ') {
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	444 continue;
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	445 }
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	446
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	447 if (s == LF \|\| s == CR) {
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	448 continue;
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	449 }
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	450
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	451 ++d = s;
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	452 }
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	453
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	454 if (*d != ' ') {
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	455 d++;
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	456 }
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	457
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	458 *d = '\0';
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	459
132 91372f004adf nginx 0.3.13 Igor Sysoev <http://sysoev.ru> parents: 126 diff changeset	460 ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0,
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	461 "SSL: %s, cipher: \"%s\"",
126 df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	462 SSL_get_version(c->ssl->connection), &buf[1]);
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	463
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	464 if (SSL_session_reused(c->ssl->connection)) {
132 91372f004adf nginx 0.3.13 Igor Sysoev <http://sysoev.ru> parents: 126 diff changeset	465 ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0,
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	466 "SSL reused session");
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	467 }
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	468
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	469 } else {
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	470 ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0,
126 df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	471 "SSL no shared ciphers");
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	472 }
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	473 }
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	474 #endif
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	475
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	476 c->ssl->handshaked = 1;
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	477
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	478 c->recv = ngx_ssl_recv;
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	479 c->send = ngx_ssl_write;
126 df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	480 c->recv_chain = ngx_ssl_recv_chain;
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	481 c->send_chain = ngx_ssl_send_chain;
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	482
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	483 return NGX_OK;
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	484 }
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	485
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	486 sslerr = SSL_get_error(c->ssl->connection, n);
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	487
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	488 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL_get_error: %d", sslerr);
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	489
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	490 if (sslerr == SSL_ERROR_WANT_READ) {
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	491 c->read->ready = 0;
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	492 c->read->handler = ngx_ssl_handshake_handler;
140 55a211e5eeb7 nginx 0.3.17 Igor Sysoev <http://sysoev.ru> parents: 138 diff changeset	493 c->write->handler = ngx_ssl_handshake_handler;
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	494
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	495 if (ngx_handle_read_event(c->read, 0) == NGX_ERROR) {
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	496 return NGX_ERROR;
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	497 }
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	498
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	499 return NGX_AGAIN;
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	500 }
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	501
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	502 if (sslerr == SSL_ERROR_WANT_WRITE) {
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	503 c->write->ready = 0;
140 55a211e5eeb7 nginx 0.3.17 Igor Sysoev <http://sysoev.ru> parents: 138 diff changeset	504 c->read->handler = ngx_ssl_handshake_handler;
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	505 c->write->handler = ngx_ssl_handshake_handler;
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	506
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	507 if (ngx_handle_write_event(c->write, 0) == NGX_ERROR) {
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	508 return NGX_ERROR;
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	509 }
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	510
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	511 return NGX_AGAIN;
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	512 }
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	513
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	514 err = (sslerr == SSL_ERROR_SYSCALL) ? ngx_errno : 0;
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	515
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	516 c->ssl->no_wait_shutdown = 1;
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	517 c->ssl->no_send_shutdown = 1;
140 55a211e5eeb7 nginx 0.3.17 Igor Sysoev <http://sysoev.ru> parents: 138 diff changeset	518 c->read->eof = 1;
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	519
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	520 if (sslerr == SSL_ERROR_ZERO_RETURN \|\| ERR_peek_error() == 0) {
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	521 ngx_log_error(NGX_LOG_INFO, c->log, err,
126 df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	522 "peer closed connection in SSL handshake");
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	523
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	524 return NGX_ERROR;
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	525 }
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	526
140 55a211e5eeb7 nginx 0.3.17 Igor Sysoev <http://sysoev.ru> parents: 138 diff changeset	527 c->read->error = 1;
55a211e5eeb7 nginx 0.3.17 Igor Sysoev <http://sysoev.ru> parents: 138 diff changeset	528
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	529 ngx_ssl_connection_error(c, sslerr, err, "SSL_do_handshake() failed");
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	530
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	531 return NGX_ERROR;
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	532 }
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	533
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	534
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	535 static void
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	536 ngx_ssl_handshake_handler(ngx_event_t *ev)
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	537 {
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	538 ngx_connection_t *c;
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	539
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	540 c = ev->data;
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	541
98 8bf57caa374a nginx 0.2.3 Igor Sysoev <http://sysoev.ru> parents: 96 diff changeset	542 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0,
126 df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	543 "SSL handshake handler: %d", ev->write);
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	544
140 55a211e5eeb7 nginx 0.3.17 Igor Sysoev <http://sysoev.ru> parents: 138 diff changeset	545 if (ev->timedout) {
55a211e5eeb7 nginx 0.3.17 Igor Sysoev <http://sysoev.ru> parents: 138 diff changeset	546 c->ssl->handler(c);
55a211e5eeb7 nginx 0.3.17 Igor Sysoev <http://sysoev.ru> parents: 138 diff changeset	547 return;
55a211e5eeb7 nginx 0.3.17 Igor Sysoev <http://sysoev.ru> parents: 138 diff changeset	548 }
55a211e5eeb7 nginx 0.3.17 Igor Sysoev <http://sysoev.ru> parents: 138 diff changeset	549
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	550 if (ngx_ssl_handshake(c) == NGX_AGAIN) {
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	551 return;
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	552 }
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	553
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	554 c->ssl->handler(c);
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	555 }
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	556
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	557
38 2879cd3a40cb nginx 0.1.19 Igor Sysoev <http://sysoev.ru> parents: 28 diff changeset	558 ssize_t
126 df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	559 ngx_ssl_recv_chain(ngx_connection_t c, ngx_chain_t cl)
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	560 {
294 27d9d1f26b38 nginx 0.5.17 Igor Sysoev <http://sysoev.ru> parents: 276 diff changeset	561 u_char *last;
126 df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	562 ssize_t n, bytes;
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	563 ngx_buf_t *b;
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	564
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	565 bytes = 0;
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	566
294 27d9d1f26b38 nginx 0.5.17 Igor Sysoev <http://sysoev.ru> parents: 276 diff changeset	567 b = cl->buf;
27d9d1f26b38 nginx 0.5.17 Igor Sysoev <http://sysoev.ru> parents: 276 diff changeset	568 last = b->last;
27d9d1f26b38 nginx 0.5.17 Igor Sysoev <http://sysoev.ru> parents: 276 diff changeset	569
27d9d1f26b38 nginx 0.5.17 Igor Sysoev <http://sysoev.ru> parents: 276 diff changeset	570 for ( ;; ) {
27d9d1f26b38 nginx 0.5.17 Igor Sysoev <http://sysoev.ru> parents: 276 diff changeset	571
27d9d1f26b38 nginx 0.5.17 Igor Sysoev <http://sysoev.ru> parents: 276 diff changeset	572 n = ngx_ssl_recv(c, last, b->end - last);
126 df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	573
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	574 if (n > 0) {
294 27d9d1f26b38 nginx 0.5.17 Igor Sysoev <http://sysoev.ru> parents: 276 diff changeset	575 last += n;
126 df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	576 bytes += n;
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	577
294 27d9d1f26b38 nginx 0.5.17 Igor Sysoev <http://sysoev.ru> parents: 276 diff changeset	578 if (last == b->end) {
126 df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	579 cl = cl->next;
294 27d9d1f26b38 nginx 0.5.17 Igor Sysoev <http://sysoev.ru> parents: 276 diff changeset	580
27d9d1f26b38 nginx 0.5.17 Igor Sysoev <http://sysoev.ru> parents: 276 diff changeset	581 if (cl == NULL) {
27d9d1f26b38 nginx 0.5.17 Igor Sysoev <http://sysoev.ru> parents: 276 diff changeset	582 return bytes;
27d9d1f26b38 nginx 0.5.17 Igor Sysoev <http://sysoev.ru> parents: 276 diff changeset	583 }
27d9d1f26b38 nginx 0.5.17 Igor Sysoev <http://sysoev.ru> parents: 276 diff changeset	584
27d9d1f26b38 nginx 0.5.17 Igor Sysoev <http://sysoev.ru> parents: 276 diff changeset	585 b = cl->buf;
27d9d1f26b38 nginx 0.5.17 Igor Sysoev <http://sysoev.ru> parents: 276 diff changeset	586 last = b->last;
126 df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	587 }
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	588
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	589 continue;
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	590 }
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	591
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	592 if (bytes) {
376 d13234035cad nginx 0.6.32 Igor Sysoev <http://sysoev.ru> parents: 372 diff changeset	593
d13234035cad nginx 0.6.32 Igor Sysoev <http://sysoev.ru> parents: 372 diff changeset	594 if (n == 0 \|\| n == NGX_ERROR) {
d13234035cad nginx 0.6.32 Igor Sysoev <http://sysoev.ru> parents: 372 diff changeset	595 c->read->ready = 1;
d13234035cad nginx 0.6.32 Igor Sysoev <http://sysoev.ru> parents: 372 diff changeset	596 }
d13234035cad nginx 0.6.32 Igor Sysoev <http://sysoev.ru> parents: 372 diff changeset	597
126 df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	598 return bytes;
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	599 }
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	600
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	601 return n;
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	602 }
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	603 }
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	604
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	605
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	606 ssize_t
38 2879cd3a40cb nginx 0.1.19 Igor Sysoev <http://sysoev.ru> parents: 28 diff changeset	607 ngx_ssl_recv(ngx_connection_t c, u_char buf, size_t size)
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	608 {
38 2879cd3a40cb nginx 0.1.19 Igor Sysoev <http://sysoev.ru> parents: 28 diff changeset	609 int n, bytes;
2879cd3a40cb nginx 0.1.19 Igor Sysoev <http://sysoev.ru> parents: 28 diff changeset	610
2879cd3a40cb nginx 0.1.19 Igor Sysoev <http://sysoev.ru> parents: 28 diff changeset	611 if (c->ssl->last == NGX_ERROR) {
330 5e3b425174f6 nginx 0.6.9 Igor Sysoev <http://sysoev.ru> parents: 324 diff changeset	612 c->read->error = 1;
38 2879cd3a40cb nginx 0.1.19 Igor Sysoev <http://sysoev.ru> parents: 28 diff changeset	613 return NGX_ERROR;
2879cd3a40cb nginx 0.1.19 Igor Sysoev <http://sysoev.ru> parents: 28 diff changeset	614 }
2879cd3a40cb nginx 0.1.19 Igor Sysoev <http://sysoev.ru> parents: 28 diff changeset	615
126 df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	616 if (c->ssl->last == NGX_DONE) {
330 5e3b425174f6 nginx 0.6.9 Igor Sysoev <http://sysoev.ru> parents: 324 diff changeset	617 c->read->ready = 0;
5e3b425174f6 nginx 0.6.9 Igor Sysoev <http://sysoev.ru> parents: 324 diff changeset	618 c->read->eof = 1;
126 df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	619 return 0;
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	620 }
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	621
38 2879cd3a40cb nginx 0.1.19 Igor Sysoev <http://sysoev.ru> parents: 28 diff changeset	622 bytes = 0;
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	623
358 9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	624 ngx_ssl_clear_error(c->log);
9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	625
38 2879cd3a40cb nginx 0.1.19 Igor Sysoev <http://sysoev.ru> parents: 28 diff changeset	626 /*
2879cd3a40cb nginx 0.1.19 Igor Sysoev <http://sysoev.ru> parents: 28 diff changeset	627 * SSL_read() may return data in parts, so try to read
2879cd3a40cb nginx 0.1.19 Igor Sysoev <http://sysoev.ru> parents: 28 diff changeset	628 * until SSL_read() would return no data
2879cd3a40cb nginx 0.1.19 Igor Sysoev <http://sysoev.ru> parents: 28 diff changeset	629 */
2879cd3a40cb nginx 0.1.19 Igor Sysoev <http://sysoev.ru> parents: 28 diff changeset	630
2879cd3a40cb nginx 0.1.19 Igor Sysoev <http://sysoev.ru> parents: 28 diff changeset	631 for ( ;; ) {
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	632
92 45945fa8b8ba nginx 0.2.0 Igor Sysoev <http://sysoev.ru> parents: 90 diff changeset	633 n = SSL_read(c->ssl->connection, buf, size);
38 2879cd3a40cb nginx 0.1.19 Igor Sysoev <http://sysoev.ru> parents: 28 diff changeset	634
126 df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	635 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL_read: %d", n);
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	636
38 2879cd3a40cb nginx 0.1.19 Igor Sysoev <http://sysoev.ru> parents: 28 diff changeset	637 if (n > 0) {
2879cd3a40cb nginx 0.1.19 Igor Sysoev <http://sysoev.ru> parents: 28 diff changeset	638 bytes += n;
2879cd3a40cb nginx 0.1.19 Igor Sysoev <http://sysoev.ru> parents: 28 diff changeset	639 }
2879cd3a40cb nginx 0.1.19 Igor Sysoev <http://sysoev.ru> parents: 28 diff changeset	640
2879cd3a40cb nginx 0.1.19 Igor Sysoev <http://sysoev.ru> parents: 28 diff changeset	641 c->ssl->last = ngx_ssl_handle_recv(c, n);
2879cd3a40cb nginx 0.1.19 Igor Sysoev <http://sysoev.ru> parents: 28 diff changeset	642
330 5e3b425174f6 nginx 0.6.9 Igor Sysoev <http://sysoev.ru> parents: 324 diff changeset	643 if (c->ssl->last == NGX_OK) {
5e3b425174f6 nginx 0.6.9 Igor Sysoev <http://sysoev.ru> parents: 324 diff changeset	644
5e3b425174f6 nginx 0.6.9 Igor Sysoev <http://sysoev.ru> parents: 324 diff changeset	645 size -= n;
5e3b425174f6 nginx 0.6.9 Igor Sysoev <http://sysoev.ru> parents: 324 diff changeset	646
5e3b425174f6 nginx 0.6.9 Igor Sysoev <http://sysoev.ru> parents: 324 diff changeset	647 if (size == 0) {
38 2879cd3a40cb nginx 0.1.19 Igor Sysoev <http://sysoev.ru> parents: 28 diff changeset	648 return bytes;
126 df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	649 }
38 2879cd3a40cb nginx 0.1.19 Igor Sysoev <http://sysoev.ru> parents: 28 diff changeset	650
330 5e3b425174f6 nginx 0.6.9 Igor Sysoev <http://sysoev.ru> parents: 324 diff changeset	651 buf += n;
5e3b425174f6 nginx 0.6.9 Igor Sysoev <http://sysoev.ru> parents: 324 diff changeset	652
5e3b425174f6 nginx 0.6.9 Igor Sysoev <http://sysoev.ru> parents: 324 diff changeset	653 continue;
5e3b425174f6 nginx 0.6.9 Igor Sysoev <http://sysoev.ru> parents: 324 diff changeset	654 }
5e3b425174f6 nginx 0.6.9 Igor Sysoev <http://sysoev.ru> parents: 324 diff changeset	655
5e3b425174f6 nginx 0.6.9 Igor Sysoev <http://sysoev.ru> parents: 324 diff changeset	656 if (bytes) {
5e3b425174f6 nginx 0.6.9 Igor Sysoev <http://sysoev.ru> parents: 324 diff changeset	657 return bytes;
5e3b425174f6 nginx 0.6.9 Igor Sysoev <http://sysoev.ru> parents: 324 diff changeset	658 }
5e3b425174f6 nginx 0.6.9 Igor Sysoev <http://sysoev.ru> parents: 324 diff changeset	659
5e3b425174f6 nginx 0.6.9 Igor Sysoev <http://sysoev.ru> parents: 324 diff changeset	660 switch (c->ssl->last) {
5e3b425174f6 nginx 0.6.9 Igor Sysoev <http://sysoev.ru> parents: 324 diff changeset	661
5e3b425174f6 nginx 0.6.9 Igor Sysoev <http://sysoev.ru> parents: 324 diff changeset	662 case NGX_DONE:
5e3b425174f6 nginx 0.6.9 Igor Sysoev <http://sysoev.ru> parents: 324 diff changeset	663 c->read->ready = 0;
5e3b425174f6 nginx 0.6.9 Igor Sysoev <http://sysoev.ru> parents: 324 diff changeset	664 c->read->eof = 1;
5e3b425174f6 nginx 0.6.9 Igor Sysoev <http://sysoev.ru> parents: 324 diff changeset	665 return 0;
5e3b425174f6 nginx 0.6.9 Igor Sysoev <http://sysoev.ru> parents: 324 diff changeset	666
5e3b425174f6 nginx 0.6.9 Igor Sysoev <http://sysoev.ru> parents: 324 diff changeset	667 case NGX_ERROR:
5e3b425174f6 nginx 0.6.9 Igor Sysoev <http://sysoev.ru> parents: 324 diff changeset	668 c->read->error = 1;
5e3b425174f6 nginx 0.6.9 Igor Sysoev <http://sysoev.ru> parents: 324 diff changeset	669
5e3b425174f6 nginx 0.6.9 Igor Sysoev <http://sysoev.ru> parents: 324 diff changeset	670 /* fall thruogh */
5e3b425174f6 nginx 0.6.9 Igor Sysoev <http://sysoev.ru> parents: 324 diff changeset	671
5e3b425174f6 nginx 0.6.9 Igor Sysoev <http://sysoev.ru> parents: 324 diff changeset	672 case NGX_AGAIN:
126 df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	673 return c->ssl->last;
28 7ca9bdc82b3f nginx 0.1.14 Igor Sysoev <http://sysoev.ru> parents: 22 diff changeset	674 }
38 2879cd3a40cb nginx 0.1.19 Igor Sysoev <http://sysoev.ru> parents: 28 diff changeset	675 }
2879cd3a40cb nginx 0.1.19 Igor Sysoev <http://sysoev.ru> parents: 28 diff changeset	676 }
2879cd3a40cb nginx 0.1.19 Igor Sysoev <http://sysoev.ru> parents: 28 diff changeset	677
2879cd3a40cb nginx 0.1.19 Igor Sysoev <http://sysoev.ru> parents: 28 diff changeset	678
2879cd3a40cb nginx 0.1.19 Igor Sysoev <http://sysoev.ru> parents: 28 diff changeset	679 static ngx_int_t
2879cd3a40cb nginx 0.1.19 Igor Sysoev <http://sysoev.ru> parents: 28 diff changeset	680 ngx_ssl_handle_recv(ngx_connection_t *c, int n)
2879cd3a40cb nginx 0.1.19 Igor Sysoev <http://sysoev.ru> parents: 28 diff changeset	681 {
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	682 int sslerr;
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	683 ngx_err_t err;
38 2879cd3a40cb nginx 0.1.19 Igor Sysoev <http://sysoev.ru> parents: 28 diff changeset	684
2879cd3a40cb nginx 0.1.19 Igor Sysoev <http://sysoev.ru> parents: 28 diff changeset	685 if (n > 0) {
28 7ca9bdc82b3f nginx 0.1.14 Igor Sysoev <http://sysoev.ru> parents: 22 diff changeset	686
22 8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	687 if (c->ssl->saved_write_handler) {
8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	688
58 b55cbf18157e nginx 0.1.29 Igor Sysoev <http://sysoev.ru> parents: 50 diff changeset	689 c->write->handler = c->ssl->saved_write_handler;
22 8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	690 c->ssl->saved_write_handler = NULL;
8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	691 c->write->ready = 1;
8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	692
8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	693 if (ngx_handle_write_event(c->write, 0) == NGX_ERROR) {
8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	694 return NGX_ERROR;
8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	695 }
8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	696
112 408f195b3482 nginx 0.3.3 Igor Sysoev <http://sysoev.ru> parents: 108 diff changeset	697 ngx_post_event(c->write, &ngx_posted_events);
22 8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	698 }
8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	699
38 2879cd3a40cb nginx 0.1.19 Igor Sysoev <http://sysoev.ru> parents: 28 diff changeset	700 return NGX_OK;
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	701 }
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	702
92 45945fa8b8ba nginx 0.2.0 Igor Sysoev <http://sysoev.ru> parents: 90 diff changeset	703 sslerr = SSL_get_error(c->ssl->connection, n);
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	704
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	705 err = (sslerr == SSL_ERROR_SYSCALL) ? ngx_errno : 0;
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	706
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	707 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL_get_error: %d", sslerr);
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	708
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	709 if (sslerr == SSL_ERROR_WANT_READ) {
4 4b2dafa26fe2 nginx 0.1.2 Igor Sysoev <http://sysoev.ru> parents: 2 diff changeset	710 c->read->ready = 0;
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	711 return NGX_AGAIN;
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	712 }
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	713
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	714 if (sslerr == SSL_ERROR_WANT_WRITE) {
88 e916a291e9aa nginx 0.1.44 Igor Sysoev <http://sysoev.ru> parents: 62 diff changeset	715
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	716 ngx_log_error(NGX_LOG_INFO, c->log, 0,
126 df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	717 "peer started SSL renegotiation");
22 8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	718
8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	719 c->write->ready = 0;
8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	720
8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	721 if (ngx_handle_write_event(c->write, 0) == NGX_ERROR) {
8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	722 return NGX_ERROR;
8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	723 }
8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	724
8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	725 /*
8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	726 * we do not set the timer because there is already the read event timer
8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	727 */
8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	728
8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	729 if (c->ssl->saved_write_handler == NULL) {
58 b55cbf18157e nginx 0.1.29 Igor Sysoev <http://sysoev.ru> parents: 50 diff changeset	730 c->ssl->saved_write_handler = c->write->handler;
b55cbf18157e nginx 0.1.29 Igor Sysoev <http://sysoev.ru> parents: 50 diff changeset	731 c->write->handler = ngx_ssl_write_handler;
22 8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	732 }
8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	733
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	734 return NGX_AGAIN;
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	735 }
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	736
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	737 c->ssl->no_wait_shutdown = 1;
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	738 c->ssl->no_send_shutdown = 1;
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	739
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	740 if (sslerr == SSL_ERROR_ZERO_RETURN \|\| ERR_peek_error() == 0) {
126 df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	741 ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0,
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	742 "peer shutdown SSL cleanly");
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	743 return NGX_DONE;
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	744 }
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	745
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	746 ngx_ssl_connection_error(c, sslerr, err, "SSL_read() failed");
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	747
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	748 return NGX_ERROR;
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	749 }
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	750
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	751
38 2879cd3a40cb nginx 0.1.19 Igor Sysoev <http://sysoev.ru> parents: 28 diff changeset	752 static void
2879cd3a40cb nginx 0.1.19 Igor Sysoev <http://sysoev.ru> parents: 28 diff changeset	753 ngx_ssl_write_handler(ngx_event_t *wev)
22 8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	754 {
8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	755 ngx_connection_t *c;
8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	756
8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	757 c = wev->data;
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	758
58 b55cbf18157e nginx 0.1.29 Igor Sysoev <http://sysoev.ru> parents: 50 diff changeset	759 c->read->handler(c->read);
22 8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	760 }
8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	761
8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	762
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	763 /*
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	764 * OpenSSL has no SSL_writev() so we copy several bufs into our 16K buffer
22 8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	765 * before the SSL_write() call to decrease a SSL overhead.
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	766 *
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	767 * Besides for protocols such as HTTP it is possible to always buffer
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	768 * the output to decrease a SSL overhead some more.
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	769 */
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	770
38 2879cd3a40cb nginx 0.1.19 Igor Sysoev <http://sysoev.ru> parents: 28 diff changeset	771 ngx_chain_t *
2879cd3a40cb nginx 0.1.19 Igor Sysoev <http://sysoev.ru> parents: 28 diff changeset	772 ngx_ssl_send_chain(ngx_connection_t c, ngx_chain_t in, off_t limit)
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	773 {
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	774 int n;
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	775 ngx_uint_t flush;
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	776 ssize_t send, size;
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	777 ngx_buf_t *buf;
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	778
146 36af50a5582d nginx 0.3.20 Igor Sysoev <http://sysoev.ru> parents: 140 diff changeset	779 if (!c->ssl->buffer
36af50a5582d nginx 0.3.20 Igor Sysoev <http://sysoev.ru> parents: 140 diff changeset	780 \|\| (in && in->next == NULL && !(c->buffered & NGX_SSL_BUFFERED)))
36af50a5582d nginx 0.3.20 Igor Sysoev <http://sysoev.ru> parents: 140 diff changeset	781 {
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	782 /*
126 df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	783 * we avoid a buffer copy if
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	784 * we do not need to buffer the output
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	785 * or the incoming buf is a single and our buffer is empty
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	786 */
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	787
126 df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	788 while (in) {
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	789 if (ngx_buf_special(in->buf)) {
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	790 in = in->next;
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	791 continue;
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	792 }
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	793
126 df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	794 n = ngx_ssl_write(c, in->buf->pos, in->buf->last - in->buf->pos);
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	795
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	796 if (n == NGX_ERROR) {
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	797 return NGX_CHAIN_ERROR;
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	798 }
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	799
126 df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	800 if (n == NGX_AGAIN) {
146 36af50a5582d nginx 0.3.20 Igor Sysoev <http://sysoev.ru> parents: 140 diff changeset	801 c->buffered \|= NGX_SSL_BUFFERED;
126 df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	802 return in;
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	803 }
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	804
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	805 in->buf->pos += n;
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	806
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	807 if (in->buf->pos == in->buf->last) {
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	808 in = in->next;
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	809 }
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	810 }
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	811
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	812 return in;
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	813 }
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	814
22 8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	815
8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	816 /* the maximum limit size is the maximum uint32_t value - the page size */
8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	817
324 f7cd062ee035 nginx 0.6.6 Igor Sysoev <http://sysoev.ru> parents: 302 diff changeset	818 if (limit == 0 \|\| limit > (off_t) (NGX_MAX_UINT32_VALUE - ngx_pagesize)) {
22 8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	819 limit = NGX_MAX_UINT32_VALUE - ngx_pagesize;
8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	820 }
8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	821
126 df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	822 buf = c->ssl->buf;
358 9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	823
9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	824 if (buf == NULL) {
9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	825 buf = ngx_create_temp_buf(c->pool, NGX_SSL_BUFSIZE);
9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	826 if (buf == NULL) {
9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	827 return NGX_CHAIN_ERROR;
9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	828 }
9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	829
9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	830 c->ssl->buf = buf;
9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	831 }
9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	832
9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	833 if (buf->start == NULL) {
9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	834 buf->start = ngx_palloc(c->pool, NGX_SSL_BUFSIZE);
9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	835 if (buf->start == NULL) {
9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	836 return NGX_CHAIN_ERROR;
9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	837 }
9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	838
9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	839 buf->pos = buf->start;
9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	840 buf->last = buf->start;
9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	841 buf->end = buf->start + NGX_SSL_BUFSIZE;
9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	842 }
9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	843
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	844 send = 0;
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	845 flush = (in == NULL) ? 1 : 0;
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	846
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	847 for ( ;; ) {
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	848
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	849 while (in && buf->last < buf->end) {
132 91372f004adf nginx 0.3.13 Igor Sysoev <http://sysoev.ru> parents: 126 diff changeset	850 if (in->buf->last_buf \|\| in->buf->flush) {
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	851 flush = 1;
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	852 }
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	853
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	854 if (ngx_buf_special(in->buf)) {
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	855 in = in->next;
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	856 continue;
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	857 }
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	858
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	859 size = in->buf->last - in->buf->pos;
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	860
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	861 if (size > buf->end - buf->last) {
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	862 size = buf->end - buf->last;
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	863 }
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	864
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	865 if (send + size > limit) {
126 df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	866 size = (ssize_t) (limit - send);
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	867 flush = 1;
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	868 }
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	869
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	870 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0,
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	871 "SSL buf copy: %d", size);
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	872
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	873 ngx_memcpy(buf->last, in->buf->pos, size);
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	874
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	875 buf->last += size;
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	876
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	877 in->buf->pos += size;
126 df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	878
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	879 if (in->buf->pos == in->buf->last) {
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	880 in = in->next;
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	881 }
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	882 }
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	883
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	884 size = buf->last - buf->pos;
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	885
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	886 if (!flush && buf->last < buf->end && c->ssl->buffer) {
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	887 break;
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	888 }
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	889
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	890 n = ngx_ssl_write(c, buf->pos, size);
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	891
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	892 if (n == NGX_ERROR) {
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	893 return NGX_CHAIN_ERROR;
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	894 }
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	895
60 df7d3fff122b nginx 0.1.30 Igor Sysoev <http://sysoev.ru> parents: 58 diff changeset	896 if (n == NGX_AGAIN) {
146 36af50a5582d nginx 0.3.20 Igor Sysoev <http://sysoev.ru> parents: 140 diff changeset	897 c->buffered \|= NGX_SSL_BUFFERED;
60 df7d3fff122b nginx 0.1.30 Igor Sysoev <http://sysoev.ru> parents: 58 diff changeset	898 return in;
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	899 }
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	900
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	901 buf->pos += n;
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	902 send += n;
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	903 c->sent += n;
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	904
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	905 if (n < size) {
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	906 break;
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	907 }
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	908
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	909 if (buf->pos == buf->last) {
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	910 buf->pos = buf->start;
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	911 buf->last = buf->start;
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	912 }
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	913
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	914 if (in == NULL \|\| send == limit) {
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	915 break;
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	916 }
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	917 }
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	918
146 36af50a5582d nginx 0.3.20 Igor Sysoev <http://sysoev.ru> parents: 140 diff changeset	919 if (buf->pos < buf->last) {
36af50a5582d nginx 0.3.20 Igor Sysoev <http://sysoev.ru> parents: 140 diff changeset	920 c->buffered \|= NGX_SSL_BUFFERED;
36af50a5582d nginx 0.3.20 Igor Sysoev <http://sysoev.ru> parents: 140 diff changeset	921
36af50a5582d nginx 0.3.20 Igor Sysoev <http://sysoev.ru> parents: 140 diff changeset	922 } else {
36af50a5582d nginx 0.3.20 Igor Sysoev <http://sysoev.ru> parents: 140 diff changeset	923 c->buffered &= ~NGX_SSL_BUFFERED;
36af50a5582d nginx 0.3.20 Igor Sysoev <http://sysoev.ru> parents: 140 diff changeset	924 }
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	925
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	926 return in;
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	927 }
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	928
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	929
88 e916a291e9aa nginx 0.1.44 Igor Sysoev <http://sysoev.ru> parents: 62 diff changeset	930 ssize_t
38 2879cd3a40cb nginx 0.1.19 Igor Sysoev <http://sysoev.ru> parents: 28 diff changeset	931 ngx_ssl_write(ngx_connection_t c, u_char data, size_t size)
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	932 {
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	933 int n, sslerr;
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	934 ngx_err_t err;
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	935
358 9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	936 ngx_ssl_clear_error(c->log);
9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	937
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	938 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL to write: %d", size);
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	939
92 45945fa8b8ba nginx 0.2.0 Igor Sysoev <http://sysoev.ru> parents: 90 diff changeset	940 n = SSL_write(c->ssl->connection, data, size);
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	941
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	942 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL_write: %d", n);
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	943
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	944 if (n > 0) {
88 e916a291e9aa nginx 0.1.44 Igor Sysoev <http://sysoev.ru> parents: 62 diff changeset	945
22 8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	946 if (c->ssl->saved_read_handler) {
8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	947
58 b55cbf18157e nginx 0.1.29 Igor Sysoev <http://sysoev.ru> parents: 50 diff changeset	948 c->read->handler = c->ssl->saved_read_handler;
22 8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	949 c->ssl->saved_read_handler = NULL;
8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	950 c->read->ready = 1;
8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	951
8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	952 if (ngx_handle_read_event(c->read, 0) == NGX_ERROR) {
8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	953 return NGX_ERROR;
8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	954 }
8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	955
112 408f195b3482 nginx 0.3.3 Igor Sysoev <http://sysoev.ru> parents: 108 diff changeset	956 ngx_post_event(c->read, &ngx_posted_events);
22 8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	957 }
8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	958
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	959 return n;
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	960 }
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	961
92 45945fa8b8ba nginx 0.2.0 Igor Sysoev <http://sysoev.ru> parents: 90 diff changeset	962 sslerr = SSL_get_error(c->ssl->connection, n);
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	963
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	964 err = (sslerr == SSL_ERROR_SYSCALL) ? ngx_errno : 0;
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	965
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	966 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL_get_error: %d", sslerr);
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	967
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	968 if (sslerr == SSL_ERROR_WANT_WRITE) {
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	969 c->write->ready = 0;
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	970 return NGX_AGAIN;
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	971 }
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	972
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	973 if (sslerr == SSL_ERROR_WANT_READ) {
2 cc9f381affaa nginx 0.1.1 Igor Sysoev <http://sysoev.ru> parents: 0 diff changeset	974
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	975 ngx_log_error(NGX_LOG_INFO, c->log, 0,
126 df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	976 "peer started SSL renegotiation");
22 8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	977
8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	978 c->read->ready = 0;
8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	979
8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	980 if (ngx_handle_read_event(c->read, 0) == NGX_ERROR) {
8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	981 return NGX_ERROR;
8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	982 }
8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	983
8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	984 /*
8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	985 * we do not set the timer because there is already
8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	986 * the write event timer
8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	987 */
8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	988
8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	989 if (c->ssl->saved_read_handler == NULL) {
58 b55cbf18157e nginx 0.1.29 Igor Sysoev <http://sysoev.ru> parents: 50 diff changeset	990 c->ssl->saved_read_handler = c->read->handler;
b55cbf18157e nginx 0.1.29 Igor Sysoev <http://sysoev.ru> parents: 50 diff changeset	991 c->read->handler = ngx_ssl_read_handler;
22 8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	992 }
8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	993
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	994 return NGX_AGAIN;
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	995 }
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	996
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	997 c->ssl->no_wait_shutdown = 1;
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	998 c->ssl->no_send_shutdown = 1;
140 55a211e5eeb7 nginx 0.3.17 Igor Sysoev <http://sysoev.ru> parents: 138 diff changeset	999 c->write->error = 1;
92 45945fa8b8ba nginx 0.2.0 Igor Sysoev <http://sysoev.ru> parents: 90 diff changeset	1000
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	1001 ngx_ssl_connection_error(c, sslerr, err, "SSL_write() failed");
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1002
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1003 return NGX_ERROR;
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1004 }
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1005
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1006
38 2879cd3a40cb nginx 0.1.19 Igor Sysoev <http://sysoev.ru> parents: 28 diff changeset	1007 static void
2879cd3a40cb nginx 0.1.19 Igor Sysoev <http://sysoev.ru> parents: 28 diff changeset	1008 ngx_ssl_read_handler(ngx_event_t *rev)
22 8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	1009 {
8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	1010 ngx_connection_t *c;
8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	1011
8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	1012 c = rev->data;
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	1013
58 b55cbf18157e nginx 0.1.29 Igor Sysoev <http://sysoev.ru> parents: 50 diff changeset	1014 c->write->handler(c->write);
22 8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	1015 }
8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	1016
8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	1017
358 9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	1018 void
9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	1019 ngx_ssl_free_buffer(ngx_connection_t *c)
9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	1020 {
360 2b41fbc2e39e nginx 0.6.24 Igor Sysoev <http://sysoev.ru> parents: 358 diff changeset	1021 if (c->ssl->buf && c->ssl->buf->start) {
2b41fbc2e39e nginx 0.6.24 Igor Sysoev <http://sysoev.ru> parents: 358 diff changeset	1022 if (ngx_pfree(c->pool, c->ssl->buf->start) == NGX_OK) {
2b41fbc2e39e nginx 0.6.24 Igor Sysoev <http://sysoev.ru> parents: 358 diff changeset	1023 c->ssl->buf->start = NULL;
2b41fbc2e39e nginx 0.6.24 Igor Sysoev <http://sysoev.ru> parents: 358 diff changeset	1024 }
358 9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	1025 }
9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	1026 }
9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	1027
9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	1028
38 2879cd3a40cb nginx 0.1.19 Igor Sysoev <http://sysoev.ru> parents: 28 diff changeset	1029 ngx_int_t
2879cd3a40cb nginx 0.1.19 Igor Sysoev <http://sysoev.ru> parents: 28 diff changeset	1030 ngx_ssl_shutdown(ngx_connection_t *c)
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1031 {
358 9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	1032 int n, sslerr, mode;
9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	1033 ngx_err_t err;
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1034
126 df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	1035 if (c->timedout) {
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	1036 mode = SSL_RECEIVED_SHUTDOWN\|SSL_SENT_SHUTDOWN;
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1037
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	1038 } else {
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	1039 mode = SSL_get_shutdown(c->ssl->connection);
22 8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	1040
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	1041 if (c->ssl->no_wait_shutdown) {
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	1042 mode \|= SSL_RECEIVED_SHUTDOWN;
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1043 }
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1044
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	1045 if (c->ssl->no_send_shutdown) {
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	1046 mode \|= SSL_SENT_SHUTDOWN;
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1047 }
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1048 }
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1049
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	1050 SSL_set_shutdown(c->ssl->connection, mode);
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	1051
358 9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	1052 ngx_ssl_clear_error(c->log);
9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	1053
9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	1054 n = SSL_shutdown(c->ssl->connection);
9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	1055
9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	1056 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL_shutdown: %d", n);
9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	1057
10 46833bd150cb nginx 0.1.5 Igor Sysoev <http://sysoev.ru> parents: 4 diff changeset	1058 sslerr = 0;
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1059
364 a39aab45a53f nginx 0.6.26 Igor Sysoev <http://sysoev.ru> parents: 360 diff changeset	1060 /* SSL_shutdown() never returns -1, on error it returns 0 */
a39aab45a53f nginx 0.6.26 Igor Sysoev <http://sysoev.ru> parents: 360 diff changeset	1061
a39aab45a53f nginx 0.6.26 Igor Sysoev <http://sysoev.ru> parents: 360 diff changeset	1062 if (n != 1 && ERR_peek_error()) {
92 45945fa8b8ba nginx 0.2.0 Igor Sysoev <http://sysoev.ru> parents: 90 diff changeset	1063 sslerr = SSL_get_error(c->ssl->connection, n);
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1064
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1065 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0,
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1066 "SSL_get_error: %d", sslerr);
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1067 }
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1068
364 a39aab45a53f nginx 0.6.26 Igor Sysoev <http://sysoev.ru> parents: 360 diff changeset	1069 if (n == 1 \|\| sslerr == 0 \|\| sslerr == SSL_ERROR_ZERO_RETURN) {
358 9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	1070 SSL_free(c->ssl->connection);
9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	1071 c->ssl = NULL;
9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	1072
9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	1073 return NGX_OK;
9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	1074 }
9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	1075
9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	1076 if (sslerr == SSL_ERROR_WANT_READ \|\| sslerr == SSL_ERROR_WANT_WRITE) {
126 df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	1077 c->read->handler = ngx_ssl_shutdown_handler;
138 8e6d4d96ec4c nginx 0.3.16 Igor Sysoev <http://sysoev.ru> parents: 132 diff changeset	1078 c->write->handler = ngx_ssl_shutdown_handler;
126 df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	1079
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1080 if (ngx_handle_read_event(c->read, 0) == NGX_ERROR) {
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1081 return NGX_ERROR;
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1082 }
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1083
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1084 if (ngx_handle_write_event(c->write, 0) == NGX_ERROR) {
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1085 return NGX_ERROR;
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1086 }
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1087
358 9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	1088 if (sslerr == SSL_ERROR_WANT_READ) {
138 8e6d4d96ec4c nginx 0.3.16 Igor Sysoev <http://sysoev.ru> parents: 132 diff changeset	1089 ngx_add_timer(c->read, 30000);
8e6d4d96ec4c nginx 0.3.16 Igor Sysoev <http://sysoev.ru> parents: 132 diff changeset	1090 }
8e6d4d96ec4c nginx 0.3.16 Igor Sysoev <http://sysoev.ru> parents: 132 diff changeset	1091
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1092 return NGX_AGAIN;
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1093 }
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1094
140 55a211e5eeb7 nginx 0.3.17 Igor Sysoev <http://sysoev.ru> parents: 138 diff changeset	1095 err = (sslerr == SSL_ERROR_SYSCALL) ? ngx_errno : 0;
55a211e5eeb7 nginx 0.3.17 Igor Sysoev <http://sysoev.ru> parents: 138 diff changeset	1096
55a211e5eeb7 nginx 0.3.17 Igor Sysoev <http://sysoev.ru> parents: 138 diff changeset	1097 ngx_ssl_connection_error(c, sslerr, err, "SSL_shutdown() failed");
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1098
92 45945fa8b8ba nginx 0.2.0 Igor Sysoev <http://sysoev.ru> parents: 90 diff changeset	1099 SSL_free(c->ssl->connection);
45945fa8b8ba nginx 0.2.0 Igor Sysoev <http://sysoev.ru> parents: 90 diff changeset	1100 c->ssl = NULL;
45945fa8b8ba nginx 0.2.0 Igor Sysoev <http://sysoev.ru> parents: 90 diff changeset	1101
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1102 return NGX_ERROR;
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1103 }
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1104
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1105
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	1106 static void
126 df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	1107 ngx_ssl_shutdown_handler(ngx_event_t *ev)
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	1108 {
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	1109 ngx_connection_t *c;
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	1110 ngx_connection_handler_pt handler;
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	1111
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	1112 c = ev->data;
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	1113 handler = c->ssl->handler;
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	1114
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	1115 if (ev->timedout) {
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	1116 c->timedout = 1;
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	1117 }
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	1118
272 29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1119 ngx_log_debug0(NGX_LOG_DEBUG_EVENT, ev->log, 0, "SSL shutdown handler");
126 df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	1120
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	1121 if (ngx_ssl_shutdown(c) == NGX_AGAIN) {
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	1122 return;
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	1123 }
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	1124
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	1125 handler(c);
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	1126 }
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	1127
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	1128
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	1129 static void
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	1130 ngx_ssl_connection_error(ngx_connection_t *c, int sslerr, ngx_err_t err,
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	1131 char *text)
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	1132 {
364 a39aab45a53f nginx 0.6.26 Igor Sysoev <http://sysoev.ru> parents: 360 diff changeset	1133 int n;
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	1134 ngx_uint_t level;
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	1135
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	1136 level = NGX_LOG_CRIT;
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	1137
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	1138 if (sslerr == SSL_ERROR_SYSCALL) {
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	1139
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	1140 if (err == NGX_ECONNRESET
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	1141 \|\| err == NGX_EPIPE
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	1142 \|\| err == NGX_ENOTCONN
138 8e6d4d96ec4c nginx 0.3.16 Igor Sysoev <http://sysoev.ru> parents: 132 diff changeset	1143 #if !(NGX_CRIT_ETIMEDOUT)
8e6d4d96ec4c nginx 0.3.16 Igor Sysoev <http://sysoev.ru> parents: 132 diff changeset	1144 \|\| err == NGX_ETIMEDOUT
8e6d4d96ec4c nginx 0.3.16 Igor Sysoev <http://sysoev.ru> parents: 132 diff changeset	1145 #endif
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	1146 \|\| err == NGX_ECONNREFUSED
364 a39aab45a53f nginx 0.6.26 Igor Sysoev <http://sysoev.ru> parents: 360 diff changeset	1147 \|\| err == NGX_ENETDOWN
a39aab45a53f nginx 0.6.26 Igor Sysoev <http://sysoev.ru> parents: 360 diff changeset	1148 \|\| err == NGX_ENETUNREACH
a39aab45a53f nginx 0.6.26 Igor Sysoev <http://sysoev.ru> parents: 360 diff changeset	1149 \|\| err == NGX_EHOSTDOWN
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	1150 \|\| err == NGX_EHOSTUNREACH)
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	1151 {
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	1152 switch (c->log_error) {
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	1153
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	1154 case NGX_ERROR_IGNORE_ECONNRESET:
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	1155 case NGX_ERROR_INFO:
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	1156 level = NGX_LOG_INFO;
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	1157 break;
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	1158
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	1159 case NGX_ERROR_ERR:
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	1160 level = NGX_LOG_ERR;
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	1161 break;
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	1162
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	1163 default:
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	1164 break;
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	1165 }
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	1166 }
364 a39aab45a53f nginx 0.6.26 Igor Sysoev <http://sysoev.ru> parents: 360 diff changeset	1167
a39aab45a53f nginx 0.6.26 Igor Sysoev <http://sysoev.ru> parents: 360 diff changeset	1168 } else if (sslerr == SSL_ERROR_SSL) {
a39aab45a53f nginx 0.6.26 Igor Sysoev <http://sysoev.ru> parents: 360 diff changeset	1169
a39aab45a53f nginx 0.6.26 Igor Sysoev <http://sysoev.ru> parents: 360 diff changeset	1170 n = ERR_GET_REASON(ERR_peek_error());
a39aab45a53f nginx 0.6.26 Igor Sysoev <http://sysoev.ru> parents: 360 diff changeset	1171
a39aab45a53f nginx 0.6.26 Igor Sysoev <http://sysoev.ru> parents: 360 diff changeset	1172 /* handshake failures */
370 9a242235a80a nginx 0.6.29 Igor Sysoev <http://sysoev.ru> parents: 366 diff changeset	1173 if (n == SSL_R_DIGEST_CHECK_FAILED
9a242235a80a nginx 0.6.29 Igor Sysoev <http://sysoev.ru> parents: 366 diff changeset	1174 \|\| n == SSL_R_NO_SHARED_CIPHER
364 a39aab45a53f nginx 0.6.26 Igor Sysoev <http://sysoev.ru> parents: 360 diff changeset	1175 \|\| n == SSL_R_UNEXPECTED_MESSAGE
a39aab45a53f nginx 0.6.26 Igor Sysoev <http://sysoev.ru> parents: 360 diff changeset	1176 \|\| n == SSL_R_WRONG_VERSION_NUMBER
370 9a242235a80a nginx 0.6.29 Igor Sysoev <http://sysoev.ru> parents: 366 diff changeset	1177 \|\| n == SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC
364 a39aab45a53f nginx 0.6.26 Igor Sysoev <http://sysoev.ru> parents: 360 diff changeset	1178 \|\| n == 1000 /* SSL_R_SSLV3_ALERT_CLOSE_NOTIFY */
370 9a242235a80a nginx 0.6.29 Igor Sysoev <http://sysoev.ru> parents: 366 diff changeset	1179 \|\| n == SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE
9a242235a80a nginx 0.6.29 Igor Sysoev <http://sysoev.ru> parents: 366 diff changeset	1180 \|\| n == SSL_R_SSLV3_ALERT_BAD_RECORD_MAC
9a242235a80a nginx 0.6.29 Igor Sysoev <http://sysoev.ru> parents: 366 diff changeset	1181 \|\| n == SSL_R_SSLV3_ALERT_DECOMPRESSION_FAILURE
9a242235a80a nginx 0.6.29 Igor Sysoev <http://sysoev.ru> parents: 366 diff changeset	1182 \|\| n == SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE
9a242235a80a nginx 0.6.29 Igor Sysoev <http://sysoev.ru> parents: 366 diff changeset	1183 \|\| n == SSL_R_SSLV3_ALERT_BAD_CERTIFICATE
9a242235a80a nginx 0.6.29 Igor Sysoev <http://sysoev.ru> parents: 366 diff changeset	1184 \|\| n == SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE
9a242235a80a nginx 0.6.29 Igor Sysoev <http://sysoev.ru> parents: 366 diff changeset	1185 \|\| n == SSL_R_SSLV3_ALERT_CERTIFICATE_REVOKED
364 a39aab45a53f nginx 0.6.26 Igor Sysoev <http://sysoev.ru> parents: 360 diff changeset	1186 \|\| n == SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED
370 9a242235a80a nginx 0.6.29 Igor Sysoev <http://sysoev.ru> parents: 366 diff changeset	1187 \|\| n == SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN
364 a39aab45a53f nginx 0.6.26 Igor Sysoev <http://sysoev.ru> parents: 360 diff changeset	1188 \|\| n == SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER
a39aab45a53f nginx 0.6.26 Igor Sysoev <http://sysoev.ru> parents: 360 diff changeset	1189 \|\| n == SSL_R_TLSV1_ALERT_UNKNOWN_CA)
a39aab45a53f nginx 0.6.26 Igor Sysoev <http://sysoev.ru> parents: 360 diff changeset	1190 {
a39aab45a53f nginx 0.6.26 Igor Sysoev <http://sysoev.ru> parents: 360 diff changeset	1191 switch (c->log_error) {
a39aab45a53f nginx 0.6.26 Igor Sysoev <http://sysoev.ru> parents: 360 diff changeset	1192
a39aab45a53f nginx 0.6.26 Igor Sysoev <http://sysoev.ru> parents: 360 diff changeset	1193 case NGX_ERROR_IGNORE_ECONNRESET:
a39aab45a53f nginx 0.6.26 Igor Sysoev <http://sysoev.ru> parents: 360 diff changeset	1194 case NGX_ERROR_INFO:
a39aab45a53f nginx 0.6.26 Igor Sysoev <http://sysoev.ru> parents: 360 diff changeset	1195 level = NGX_LOG_INFO;
a39aab45a53f nginx 0.6.26 Igor Sysoev <http://sysoev.ru> parents: 360 diff changeset	1196 break;
a39aab45a53f nginx 0.6.26 Igor Sysoev <http://sysoev.ru> parents: 360 diff changeset	1197
a39aab45a53f nginx 0.6.26 Igor Sysoev <http://sysoev.ru> parents: 360 diff changeset	1198 case NGX_ERROR_ERR:
a39aab45a53f nginx 0.6.26 Igor Sysoev <http://sysoev.ru> parents: 360 diff changeset	1199 level = NGX_LOG_ERR;
a39aab45a53f nginx 0.6.26 Igor Sysoev <http://sysoev.ru> parents: 360 diff changeset	1200 break;
a39aab45a53f nginx 0.6.26 Igor Sysoev <http://sysoev.ru> parents: 360 diff changeset	1201
a39aab45a53f nginx 0.6.26 Igor Sysoev <http://sysoev.ru> parents: 360 diff changeset	1202 default:
a39aab45a53f nginx 0.6.26 Igor Sysoev <http://sysoev.ru> parents: 360 diff changeset	1203 break;
a39aab45a53f nginx 0.6.26 Igor Sysoev <http://sysoev.ru> parents: 360 diff changeset	1204 }
a39aab45a53f nginx 0.6.26 Igor Sysoev <http://sysoev.ru> parents: 360 diff changeset	1205 }
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	1206 }
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	1207
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	1208 ngx_ssl_error(level, c->log, err, text);
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	1209 }
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	1210
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	1211
358 9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	1212 static void
9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	1213 ngx_ssl_clear_error(ngx_log_t *log)
9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	1214 {
364 a39aab45a53f nginx 0.6.26 Igor Sysoev <http://sysoev.ru> parents: 360 diff changeset	1215 while (ERR_peek_error()) {
358 9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	1216 ngx_ssl_error(NGX_LOG_ALERT, log, 0, "ignoring stale global SSL error");
9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	1217 }
364 a39aab45a53f nginx 0.6.26 Igor Sysoev <http://sysoev.ru> parents: 360 diff changeset	1218
a39aab45a53f nginx 0.6.26 Igor Sysoev <http://sysoev.ru> parents: 360 diff changeset	1219 ERR_clear_error();
358 9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	1220 }
9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	1221
9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	1222
132 91372f004adf nginx 0.3.13 Igor Sysoev <http://sysoev.ru> parents: 126 diff changeset	1223 void ngx_cdecl
38 2879cd3a40cb nginx 0.1.19 Igor Sysoev <http://sysoev.ru> parents: 28 diff changeset	1224 ngx_ssl_error(ngx_uint_t level, ngx_log_t log, ngx_err_t err, char fmt, ...)
126 df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	1225 {
364 a39aab45a53f nginx 0.6.26 Igor Sysoev <http://sysoev.ru> parents: 360 diff changeset	1226 u_long n;
a39aab45a53f nginx 0.6.26 Igor Sysoev <http://sysoev.ru> parents: 360 diff changeset	1227 va_list args;
a39aab45a53f nginx 0.6.26 Igor Sysoev <http://sysoev.ru> parents: 360 diff changeset	1228 u_char p, last;
a39aab45a53f nginx 0.6.26 Igor Sysoev <http://sysoev.ru> parents: 360 diff changeset	1229 u_char errstr[NGX_MAX_CONF_ERRSTR];
10 46833bd150cb nginx 0.1.5 Igor Sysoev <http://sysoev.ru> parents: 4 diff changeset	1230
46833bd150cb nginx 0.1.5 Igor Sysoev <http://sysoev.ru> parents: 4 diff changeset	1231 last = errstr + NGX_MAX_CONF_ERRSTR;
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1232
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1233 va_start(args, fmt);
10 46833bd150cb nginx 0.1.5 Igor Sysoev <http://sysoev.ru> parents: 4 diff changeset	1234 p = ngx_vsnprintf(errstr, sizeof(errstr) - 1, fmt, args);
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1235 va_end(args);
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1236
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	1237 p = ngx_cpystrn(p, (u_char *) " (SSL:", last - p);
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	1238
364 a39aab45a53f nginx 0.6.26 Igor Sysoev <http://sysoev.ru> parents: 360 diff changeset	1239 for ( ;; ) {
132 91372f004adf nginx 0.3.13 Igor Sysoev <http://sysoev.ru> parents: 126 diff changeset	1240
91372f004adf nginx 0.3.13 Igor Sysoev <http://sysoev.ru> parents: 126 diff changeset	1241 n = ERR_get_error();
91372f004adf nginx 0.3.13 Igor Sysoev <http://sysoev.ru> parents: 126 diff changeset	1242
91372f004adf nginx 0.3.13 Igor Sysoev <http://sysoev.ru> parents: 126 diff changeset	1243 if (n == 0) {
91372f004adf nginx 0.3.13 Igor Sysoev <http://sysoev.ru> parents: 126 diff changeset	1244 break;
91372f004adf nginx 0.3.13 Igor Sysoev <http://sysoev.ru> parents: 126 diff changeset	1245 }
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	1246
364 a39aab45a53f nginx 0.6.26 Igor Sysoev <http://sysoev.ru> parents: 360 diff changeset	1247 if (p >= last) {
a39aab45a53f nginx 0.6.26 Igor Sysoev <http://sysoev.ru> parents: 360 diff changeset	1248 continue;
a39aab45a53f nginx 0.6.26 Igor Sysoev <http://sysoev.ru> parents: 360 diff changeset	1249 }
a39aab45a53f nginx 0.6.26 Igor Sysoev <http://sysoev.ru> parents: 360 diff changeset	1250
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	1251 *p++ = ' ';
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1252
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	1253 ERR_error_string_n(n, (char *) p, last - p);
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	1254
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	1255 while (p < last && *p) {
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	1256 p++;
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	1257 }
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	1258 }
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1259
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1260 ngx_log_error(level, log, err, "%s)", errstr);
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1261 }
58 b55cbf18157e nginx 0.1.29 Igor Sysoev <http://sysoev.ru> parents: 50 diff changeset	1262
b55cbf18157e nginx 0.1.29 Igor Sysoev <http://sysoev.ru> parents: 50 diff changeset	1263
272 29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1264 ngx_int_t
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1265 ngx_ssl_session_cache(ngx_ssl_t ssl, ngx_str_t sess_ctx,
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1266 ssize_t builtin_session_cache, ngx_shm_zone_t *shm_zone, time_t timeout)
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1267 {
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1268 long cache_mode;
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1269
358 9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	1270 if (builtin_session_cache == NGX_SSL_NO_SCACHE) {
9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	1271 SSL_CTX_set_session_cache_mode(ssl->ctx, SSL_SESS_CACHE_OFF);
9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	1272 return NGX_OK;
9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	1273 }
9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	1274
376 d13234035cad nginx 0.6.32 Igor Sysoev <http://sysoev.ru> parents: 372 diff changeset	1275 if (builtin_session_cache == NGX_SSL_NONE_SCACHE) {
d13234035cad nginx 0.6.32 Igor Sysoev <http://sysoev.ru> parents: 372 diff changeset	1276
d13234035cad nginx 0.6.32 Igor Sysoev <http://sysoev.ru> parents: 372 diff changeset	1277 /*
d13234035cad nginx 0.6.32 Igor Sysoev <http://sysoev.ru> parents: 372 diff changeset	1278 * If the server explicitly says that it does not support
d13234035cad nginx 0.6.32 Igor Sysoev <http://sysoev.ru> parents: 372 diff changeset	1279 * session reuse (see SSL_SESS_CACHE_OFF above), then
d13234035cad nginx 0.6.32 Igor Sysoev <http://sysoev.ru> parents: 372 diff changeset	1280 * Outlook Express fails to upload a sent email to
d13234035cad nginx 0.6.32 Igor Sysoev <http://sysoev.ru> parents: 372 diff changeset	1281 * the Sent Items folder on the IMAP server via a separate IMAP
d13234035cad nginx 0.6.32 Igor Sysoev <http://sysoev.ru> parents: 372 diff changeset	1282 * connection in the background. Therefore we have a special
d13234035cad nginx 0.6.32 Igor Sysoev <http://sysoev.ru> parents: 372 diff changeset	1283 * mode (SSL_SESS_CACHE_SERVER\|SSL_SESS_CACHE_NO_INTERNAL_STORE)
d13234035cad nginx 0.6.32 Igor Sysoev <http://sysoev.ru> parents: 372 diff changeset	1284 * where the server pretends that it supports session reuse,
d13234035cad nginx 0.6.32 Igor Sysoev <http://sysoev.ru> parents: 372 diff changeset	1285 * but it does not actually store any session.
d13234035cad nginx 0.6.32 Igor Sysoev <http://sysoev.ru> parents: 372 diff changeset	1286 */
d13234035cad nginx 0.6.32 Igor Sysoev <http://sysoev.ru> parents: 372 diff changeset	1287
d13234035cad nginx 0.6.32 Igor Sysoev <http://sysoev.ru> parents: 372 diff changeset	1288 SSL_CTX_set_session_cache_mode(ssl->ctx,
d13234035cad nginx 0.6.32 Igor Sysoev <http://sysoev.ru> parents: 372 diff changeset	1289 SSL_SESS_CACHE_SERVER
d13234035cad nginx 0.6.32 Igor Sysoev <http://sysoev.ru> parents: 372 diff changeset	1290 \|SSL_SESS_CACHE_NO_AUTO_CLEAR
d13234035cad nginx 0.6.32 Igor Sysoev <http://sysoev.ru> parents: 372 diff changeset	1291 \|SSL_SESS_CACHE_NO_INTERNAL_STORE);
d13234035cad nginx 0.6.32 Igor Sysoev <http://sysoev.ru> parents: 372 diff changeset	1292
d13234035cad nginx 0.6.32 Igor Sysoev <http://sysoev.ru> parents: 372 diff changeset	1293 SSL_CTX_sess_set_cache_size(ssl->ctx, 1);
d13234035cad nginx 0.6.32 Igor Sysoev <http://sysoev.ru> parents: 372 diff changeset	1294
d13234035cad nginx 0.6.32 Igor Sysoev <http://sysoev.ru> parents: 372 diff changeset	1295 return NGX_OK;
d13234035cad nginx 0.6.32 Igor Sysoev <http://sysoev.ru> parents: 372 diff changeset	1296 }
d13234035cad nginx 0.6.32 Igor Sysoev <http://sysoev.ru> parents: 372 diff changeset	1297
272 29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1298 cache_mode = SSL_SESS_CACHE_SERVER;
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1299
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1300 if (shm_zone && builtin_session_cache == NGX_SSL_NO_BUILTIN_SCACHE) {
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1301 cache_mode \|= SSL_SESS_CACHE_NO_INTERNAL;
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1302 }
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1303
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1304 SSL_CTX_set_session_cache_mode(ssl->ctx, cache_mode);
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1305
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1306 SSL_CTX_set_session_id_context(ssl->ctx, sess_ctx->data, sess_ctx->len);
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1307
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1308 if (builtin_session_cache != NGX_SSL_NO_BUILTIN_SCACHE) {
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1309
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1310 if (builtin_session_cache != NGX_SSL_DFLT_BUILTIN_SCACHE) {
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1311 SSL_CTX_sess_set_cache_size(ssl->ctx, builtin_session_cache);
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1312 }
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1313 }
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1314
274 052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1315 SSL_CTX_set_timeout(ssl->ctx, timeout);
052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1316
272 29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1317 if (shm_zone) {
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1318 shm_zone->init = ngx_ssl_session_cache_init;
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1319
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1320 SSL_CTX_sess_set_new_cb(ssl->ctx, ngx_ssl_new_session);
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1321 SSL_CTX_sess_set_get_cb(ssl->ctx, ngx_ssl_get_cached_session);
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1322 SSL_CTX_sess_set_remove_cb(ssl->ctx, ngx_ssl_remove_session);
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1323
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1324 if (SSL_CTX_set_ex_data(ssl->ctx, ngx_ssl_session_cache_index, shm_zone)
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1325 == 0)
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1326 {
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1327 ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0,
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1328 "SSL_CTX_set_ex_data() failed");
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1329 return NGX_ERROR;
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1330 }
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1331 }
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1332
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1333 return NGX_OK;
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1334 }
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1335
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1336
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1337 static ngx_int_t
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1338 ngx_ssl_session_cache_init(ngx_shm_zone_t shm_zone, void data)
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1339 {
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1340 ngx_slab_pool_t *shpool;
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1341 ngx_ssl_session_cache_t *cache;
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1342
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1343 if (data) {
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1344 shm_zone->data = data;
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1345 return NGX_OK;
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1346 }
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1347
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1348 shpool = (ngx_slab_pool_t *) shm_zone->shm.addr;
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1349
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1350 cache = ngx_slab_alloc(shpool, sizeof(ngx_ssl_session_cache_t));
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1351 if (cache == NULL) {
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1352 return NGX_ERROR;
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1353 }
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1354
358 9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	1355 ngx_rbtree_init(&cache->session_rbtree, &cache->sentinel,
356 b743d290eb3b nginx 0.6.22 Igor Sysoev <http://sysoev.ru> parents: 332 diff changeset	1356 ngx_ssl_session_rbtree_insert_value);
272 29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1357
358 9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	1358 ngx_queue_init(&cache->expire_queue);
9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	1359
272 29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1360 shm_zone->data = cache;
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1361
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1362 return NGX_OK;
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1363 }
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1364
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1365
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1366 /*
274 052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1367 * The length of the session id is 16 bytes for SSLv2 sessions and
052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1368 * between 1 and 32 bytes for SSLv3/TLSv1, typically 32 bytes.
052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1369 * It seems that the typical length of the external ASN1 representation
052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1370 * of a session is 118 or 119 bytes for SSLv3/TSLv1.
052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1371 *
052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1372 * Thus on 32-bit platforms we allocate separately an rbtree node,
052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1373 * a session id, and an ASN1 representation, they take accordingly
052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1374 * 64, 32, and 128 bytes.
052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1375 *
052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1376 * On 64-bit platforms we allocate separately an rbtree node + session_id,
052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1377 * and an ASN1 representation, they take accordingly 128 and 128 bytes.
052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1378 *
272 29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1379 * OpenSSL's i2d_SSL_SESSION() and d2i_SSL_SESSION are slow,
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1380 * so they are outside the code locked by shared pool mutex
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1381 */
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1382
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1383 static int
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1384 ngx_ssl_new_session(ngx_ssl_conn_t ssl_conn, ngx_ssl_session_t sess)
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1385 {
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1386 int len;
274 052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1387 u_char p, id, *cached_sess;
272 29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1388 uint32_t hash;
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1389 SSL_CTX *ssl_ctx;
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1390 ngx_shm_zone_t *shm_zone;
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1391 ngx_connection_t *c;
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1392 ngx_slab_pool_t *shpool;
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1393 ngx_ssl_sess_id_t *sess_id;
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1394 ngx_ssl_session_cache_t *cache;
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1395 u_char buf[NGX_SSL_MAX_SESSION_SIZE];
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1396
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1397 len = i2d_SSL_SESSION(sess, NULL);
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1398
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1399 /* do not cache too big session */
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1400
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1401 if (len > (int) NGX_SSL_MAX_SESSION_SIZE) {
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1402 return 0;
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1403 }
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1404
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1405 p = buf;
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1406 i2d_SSL_SESSION(sess, &p);
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1407
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1408 c = ngx_ssl_get_connection(ssl_conn);
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1409
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1410 ssl_ctx = SSL_get_SSL_CTX(ssl_conn);
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1411 shm_zone = SSL_CTX_get_ex_data(ssl_ctx, ngx_ssl_session_cache_index);
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1412
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1413 cache = shm_zone->data;
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1414 shpool = (ngx_slab_pool_t *) shm_zone->shm.addr;
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1415
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1416 ngx_shmtx_lock(&shpool->mutex);
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1417
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1418 /* drop one or two expired sessions */
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1419 ngx_ssl_expire_sessions(cache, shpool, 1);
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1420
274 052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1421 cached_sess = ngx_slab_alloc_locked(shpool, len);
272 29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1422
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1423 if (cached_sess == NULL) {
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1424
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1425 /* drop the oldest non-expired session and try once more */
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1426
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1427 ngx_ssl_expire_sessions(cache, shpool, 0);
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1428
274 052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1429 cached_sess = ngx_slab_alloc_locked(shpool, len);
272 29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1430
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1431 if (cached_sess == NULL) {
274 052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1432 sess_id = NULL;
272 29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1433 goto failed;
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1434 }
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1435 }
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1436
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1437 sess_id = ngx_slab_alloc_locked(shpool, sizeof(ngx_ssl_sess_id_t));
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1438 if (sess_id == NULL) {
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1439 goto failed;
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1440 }
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1441
274 052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1442 #if (NGX_PTR_SIZE == 8)
052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1443
052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1444 id = sess_id->sess_id;
052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1445
052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1446 #else
052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1447
052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1448 id = ngx_slab_alloc_locked(shpool, sess->session_id_length);
052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1449 if (id == NULL) {
052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1450 goto failed;
052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1451 }
052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1452
052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1453 #endif
052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1454
052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1455 ngx_memcpy(cached_sess, buf, len);
272 29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1456
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1457 ngx_memcpy(id, sess->session_id, sess->session_id_length);
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1458
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1459 hash = ngx_crc32_short(sess->session_id, sess->session_id_length);
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1460
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1461 ngx_log_debug3(NGX_LOG_DEBUG_EVENT, c->log, 0,
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1462 "http ssl new session: %08XD:%d:%d",
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1463 hash, sess->session_id_length, len);
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1464
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1465 sess_id->node.key = hash;
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1466 sess_id->node.data = (u_char) sess->session_id_length;
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1467 sess_id->id = id;
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1468 sess_id->len = len;
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1469 sess_id->session = cached_sess;
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1470
358 9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	1471 sess_id->expire = ngx_time() + SSL_CTX_get_timeout(ssl_ctx);
9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	1472
9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	1473 ngx_queue_insert_head(&cache->expire_queue, &sess_id->queue);
9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	1474
9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	1475 ngx_rbtree_insert(&cache->session_rbtree, &sess_id->node);
272 29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1476
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1477 ngx_shmtx_unlock(&shpool->mutex);
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1478
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1479 return 0;
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1480
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1481 failed:
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1482
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1483 if (cached_sess) {
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1484 ngx_slab_free_locked(shpool, cached_sess);
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1485 }
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1486
274 052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1487 if (sess_id) {
052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1488 ngx_slab_free_locked(shpool, sess_id);
272 29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1489 }
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1490
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1491 ngx_shmtx_unlock(&shpool->mutex);
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1492
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1493 ngx_log_error(NGX_LOG_ALERT, c->log, 0,
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1494 "could not add new SSL session to the session cache");
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1495
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1496 return 0;
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1497 }
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1498
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1499
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1500 static ngx_ssl_session_t *
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1501 ngx_ssl_get_cached_session(ngx_ssl_conn_t ssl_conn, u_char id, int len,
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1502 int *copy)
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1503 {
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1504 #if OPENSSL_VERSION_NUMBER >= 0x0090707fL
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1505 const
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1506 #endif
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1507 u_char *p;
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1508 uint32_t hash;
274 052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1509 ngx_int_t rc;
272 29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1510 ngx_shm_zone_t *shm_zone;
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1511 ngx_slab_pool_t *shpool;
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1512 ngx_connection_t *c;
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1513 ngx_rbtree_node_t node, sentinel;
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1514 ngx_ssl_session_t *sess;
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1515 ngx_ssl_sess_id_t *sess_id;
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1516 ngx_ssl_session_cache_t *cache;
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1517 u_char buf[NGX_SSL_MAX_SESSION_SIZE];
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1518
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1519 c = ngx_ssl_get_connection(ssl_conn);
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1520
274 052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1521 hash = ngx_crc32_short(id, (size_t) len);
272 29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1522 *copy = 0;
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1523
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1524 ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0,
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1525 "http ssl get session: %08XD:%d", hash, len);
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1526
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1527 shm_zone = SSL_CTX_get_ex_data(SSL_get_SSL_CTX(ssl_conn),
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1528 ngx_ssl_session_cache_index);
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1529
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1530 cache = shm_zone->data;
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1531
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1532 sess = NULL;
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1533
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1534 shpool = (ngx_slab_pool_t *) shm_zone->shm.addr;
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1535
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1536 ngx_shmtx_lock(&shpool->mutex);
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1537
358 9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	1538 node = cache->session_rbtree.root;
9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	1539 sentinel = cache->session_rbtree.sentinel;
272 29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1540
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1541 while (node != sentinel) {
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1542
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1543 if (hash < node->key) {
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1544 node = node->left;
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1545 continue;
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1546 }
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1547
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1548 if (hash > node->key) {
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1549 node = node->right;
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1550 continue;
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1551 }
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1552
274 052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1553 /* hash == node->key */
052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1554
052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1555 do {
272 29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1556 sess_id = (ngx_ssl_sess_id_t *) node;
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1557
274 052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1558 rc = ngx_memn2cmp(id, sess_id->id,
052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1559 (size_t) len, (size_t) node->data);
052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1560 if (rc == 0) {
272 29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1561
358 9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	1562 if (sess_id->expire > ngx_time()) {
274 052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1563 ngx_memcpy(buf, sess_id->session, sess_id->len);
272 29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1564
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1565 ngx_shmtx_unlock(&shpool->mutex);
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1566
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1567 p = buf;
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1568 sess = d2i_SSL_SESSION(NULL, &p, sess_id->len);
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1569
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1570 return sess;
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1571 }
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1572
358 9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	1573 ngx_queue_remove(&sess_id->queue);
9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	1574
9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	1575 ngx_rbtree_delete(&cache->session_rbtree, node);
272 29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1576
274 052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1577 ngx_slab_free_locked(shpool, sess_id->session);
052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1578 #if (NGX_PTR_SIZE == 4)
272 29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1579 ngx_slab_free_locked(shpool, sess_id->id);
274 052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1580 #endif
272 29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1581 ngx_slab_free_locked(shpool, sess_id);
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1582
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1583 sess = NULL;
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1584
274 052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1585 goto done;
272 29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1586 }
274 052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1587
052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1588 node = (rc < 0) ? node->left : node->right;
052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1589
052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1590 } while (node != sentinel && hash == node->key);
052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1591
052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1592 break;
272 29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1593 }
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1594
274 052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1595 done:
052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1596
272 29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1597 ngx_shmtx_unlock(&shpool->mutex);
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1598
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1599 return sess;
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1600 }
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1601
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1602
366 babd3d9efb62 nginx 0.6.27 Igor Sysoev <http://sysoev.ru> parents: 364 diff changeset	1603 void
babd3d9efb62 nginx 0.6.27 Igor Sysoev <http://sysoev.ru> parents: 364 diff changeset	1604 ngx_ssl_remove_cached_session(SSL_CTX ssl, ngx_ssl_session_t sess)
babd3d9efb62 nginx 0.6.27 Igor Sysoev <http://sysoev.ru> parents: 364 diff changeset	1605 {
babd3d9efb62 nginx 0.6.27 Igor Sysoev <http://sysoev.ru> parents: 364 diff changeset	1606 SSL_CTX_remove_session(ssl, sess);
babd3d9efb62 nginx 0.6.27 Igor Sysoev <http://sysoev.ru> parents: 364 diff changeset	1607
babd3d9efb62 nginx 0.6.27 Igor Sysoev <http://sysoev.ru> parents: 364 diff changeset	1608 ngx_ssl_remove_session(ssl, sess);
babd3d9efb62 nginx 0.6.27 Igor Sysoev <http://sysoev.ru> parents: 364 diff changeset	1609 }
babd3d9efb62 nginx 0.6.27 Igor Sysoev <http://sysoev.ru> parents: 364 diff changeset	1610
babd3d9efb62 nginx 0.6.27 Igor Sysoev <http://sysoev.ru> parents: 364 diff changeset	1611
272 29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1612 static void
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1613 ngx_ssl_remove_session(SSL_CTX ssl, ngx_ssl_session_t sess)
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1614 {
274 052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1615 size_t len;
052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1616 u_char *id;
272 29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1617 uint32_t hash;
274 052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1618 ngx_int_t rc;
272 29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1619 ngx_shm_zone_t *shm_zone;
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1620 ngx_slab_pool_t *shpool;
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1621 ngx_rbtree_node_t node, sentinel;
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1622 ngx_ssl_sess_id_t *sess_id;
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1623 ngx_ssl_session_cache_t *cache;
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1624
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1625 shm_zone = SSL_CTX_get_ex_data(ssl, ngx_ssl_session_cache_index);
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1626
366 babd3d9efb62 nginx 0.6.27 Igor Sysoev <http://sysoev.ru> parents: 364 diff changeset	1627 if (shm_zone == NULL) {
babd3d9efb62 nginx 0.6.27 Igor Sysoev <http://sysoev.ru> parents: 364 diff changeset	1628 return;
babd3d9efb62 nginx 0.6.27 Igor Sysoev <http://sysoev.ru> parents: 364 diff changeset	1629 }
babd3d9efb62 nginx 0.6.27 Igor Sysoev <http://sysoev.ru> parents: 364 diff changeset	1630
272 29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1631 cache = shm_zone->data;
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1632
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1633 id = sess->session_id;
274 052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1634 len = (size_t) sess->session_id_length;
052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1635
052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1636 hash = ngx_crc32_short(id, len);
272 29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1637
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1638 ngx_log_debug2(NGX_LOG_DEBUG_EVENT, ngx_cycle->log, 0,
274 052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1639 "http ssl remove session: %08XD:%uz", hash, len);
272 29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1640
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1641 shpool = (ngx_slab_pool_t *) shm_zone->shm.addr;
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1642
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1643 ngx_shmtx_lock(&shpool->mutex);
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1644
358 9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	1645 node = cache->session_rbtree.root;
9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	1646 sentinel = cache->session_rbtree.sentinel;
272 29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1647
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1648 while (node != sentinel) {
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1649
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1650 if (hash < node->key) {
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1651 node = node->left;
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1652 continue;
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1653 }
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1654
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1655 if (hash > node->key) {
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1656 node = node->right;
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1657 continue;
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1658 }
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1659
274 052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1660 /* hash == node->key */
052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1661
052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1662 do {
272 29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1663 sess_id = (ngx_ssl_sess_id_t *) node;
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1664
274 052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1665 rc = ngx_memn2cmp(id, sess_id->id, len, (size_t) node->data);
052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1666
052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1667 if (rc == 0) {
358 9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	1668
9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	1669 ngx_queue_remove(&sess_id->queue);
9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	1670
9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	1671 ngx_rbtree_delete(&cache->session_rbtree, node);
272 29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1672
274 052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1673 ngx_slab_free_locked(shpool, sess_id->session);
052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1674 #if (NGX_PTR_SIZE == 4)
272 29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1675 ngx_slab_free_locked(shpool, sess_id->id);
274 052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1676 #endif
272 29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1677 ngx_slab_free_locked(shpool, sess_id);
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1678
274 052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1679 goto done;
272 29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1680 }
274 052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1681
052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1682 node = (rc < 0) ? node->left : node->right;
052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1683
052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1684 } while (node != sentinel && hash == node->key);
052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1685
052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1686 break;
272 29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1687 }
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1688
274 052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1689 done:
052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1690
272 29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1691 ngx_shmtx_unlock(&shpool->mutex);
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1692 }
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1693
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1694
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1695 static void
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1696 ngx_ssl_expire_sessions(ngx_ssl_session_cache_t *cache,
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1697 ngx_slab_pool_t *shpool, ngx_uint_t n)
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1698 {
358 9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	1699 time_t now;
9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	1700 ngx_queue_t *q;
274 052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1701 ngx_ssl_sess_id_t *sess_id;
272 29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1702
358 9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	1703 now = ngx_time();
272 29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1704
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1705 while (n < 3) {
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1706
358 9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	1707 if (ngx_queue_empty(&cache->expire_queue)) {
272 29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1708 return;
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1709 }
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1710
358 9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	1711 q = ngx_queue_last(&cache->expire_queue);
9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	1712
9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	1713 sess_id = ngx_queue_data(q, ngx_ssl_sess_id_t, queue);
9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	1714
9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	1715 if (n++ != 0 && sess_id->expire > now) {
332 3a91bfeffaba nginx 0.6.10 Igor Sysoev <http://sysoev.ru> parents: 330 diff changeset	1716 return;
272 29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1717 }
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1718
358 9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	1719 ngx_queue_remove(q);
272 29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1720
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1721 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, ngx_cycle->log, 0,
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1722 "expire session: %08Xi", sess_id->node.key);
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1723
358 9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	1724 ngx_rbtree_delete(&cache->session_rbtree, &sess_id->node);
9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	1725
274 052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1726 ngx_slab_free_locked(shpool, sess_id->session);
052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1727 #if (NGX_PTR_SIZE == 4)
272 29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1728 ngx_slab_free_locked(shpool, sess_id->id);
274 052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1729 #endif
272 29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1730 ngx_slab_free_locked(shpool, sess_id);
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1731 }
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1732 }
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1733
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1734
274 052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1735 static void
052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1736 ngx_ssl_session_rbtree_insert_value(ngx_rbtree_node_t *temp,
052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1737 ngx_rbtree_node_t node, ngx_rbtree_node_t sentinel)
052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1738 {
356 b743d290eb3b nginx 0.6.22 Igor Sysoev <http://sysoev.ru> parents: 332 diff changeset	1739 ngx_rbtree_node_t **p;
b743d290eb3b nginx 0.6.22 Igor Sysoev <http://sysoev.ru> parents: 332 diff changeset	1740 ngx_ssl_sess_id_t sess_id, sess_id_temp;
274 052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1741
052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1742 for ( ;; ) {
052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1743
052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1744 if (node->key < temp->key) {
052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1745
356 b743d290eb3b nginx 0.6.22 Igor Sysoev <http://sysoev.ru> parents: 332 diff changeset	1746 p = &temp->left;
274 052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1747
052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1748 } else if (node->key > temp->key) {
052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1749
356 b743d290eb3b nginx 0.6.22 Igor Sysoev <http://sysoev.ru> parents: 332 diff changeset	1750 p = &temp->right;
274 052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1751
052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1752 } else { /* node->key == temp->key */
052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1753
052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1754 sess_id = (ngx_ssl_sess_id_t *) node;
052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1755 sess_id_temp = (ngx_ssl_sess_id_t *) temp;
052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1756
356 b743d290eb3b nginx 0.6.22 Igor Sysoev <http://sysoev.ru> parents: 332 diff changeset	1757 p = (ngx_memn2cmp(sess_id->id, sess_id_temp->id,
b743d290eb3b nginx 0.6.22 Igor Sysoev <http://sysoev.ru> parents: 332 diff changeset	1758 (size_t) node->data, (size_t) temp->data)
b743d290eb3b nginx 0.6.22 Igor Sysoev <http://sysoev.ru> parents: 332 diff changeset	1759 < 0) ? &temp->left : &temp->right;
274 052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1760 }
356 b743d290eb3b nginx 0.6.22 Igor Sysoev <http://sysoev.ru> parents: 332 diff changeset	1761
b743d290eb3b nginx 0.6.22 Igor Sysoev <http://sysoev.ru> parents: 332 diff changeset	1762 if (*p == sentinel) {
b743d290eb3b nginx 0.6.22 Igor Sysoev <http://sysoev.ru> parents: 332 diff changeset	1763 break;
b743d290eb3b nginx 0.6.22 Igor Sysoev <http://sysoev.ru> parents: 332 diff changeset	1764 }
b743d290eb3b nginx 0.6.22 Igor Sysoev <http://sysoev.ru> parents: 332 diff changeset	1765
b743d290eb3b nginx 0.6.22 Igor Sysoev <http://sysoev.ru> parents: 332 diff changeset	1766 temp = *p;
274 052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1767 }
052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1768
356 b743d290eb3b nginx 0.6.22 Igor Sysoev <http://sysoev.ru> parents: 332 diff changeset	1769 *p = node;
274 052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1770 node->parent = temp;
052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1771 node->left = sentinel;
052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1772 node->right = sentinel;
052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1773 ngx_rbt_red(node);
276 c5c2b2883984 nginx 0.5.8 Igor Sysoev <http://sysoev.ru> parents: 274 diff changeset	1774 }
274 052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1775
052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1776
58 b55cbf18157e nginx 0.1.29 Igor Sysoev <http://sysoev.ru> parents: 50 diff changeset	1777 void
b55cbf18157e nginx 0.1.29 Igor Sysoev <http://sysoev.ru> parents: 50 diff changeset	1778 ngx_ssl_cleanup_ctx(void *data)
b55cbf18157e nginx 0.1.29 Igor Sysoev <http://sysoev.ru> parents: 50 diff changeset	1779 {
138 8e6d4d96ec4c nginx 0.3.16 Igor Sysoev <http://sysoev.ru> parents: 132 diff changeset	1780 ngx_ssl_t *ssl = data;
58 b55cbf18157e nginx 0.1.29 Igor Sysoev <http://sysoev.ru> parents: 50 diff changeset	1781
138 8e6d4d96ec4c nginx 0.3.16 Igor Sysoev <http://sysoev.ru> parents: 132 diff changeset	1782 SSL_CTX_free(ssl->ctx);
58 b55cbf18157e nginx 0.1.29 Igor Sysoev <http://sysoev.ru> parents: 50 diff changeset	1783 }
90 71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	1784
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	1785
220 559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	1786 ngx_int_t
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	1787 ngx_ssl_get_protocol(ngx_connection_t c, ngx_pool_t pool, ngx_str_t *s)
160 73e8476f9142 nginx 0.3.27 Igor Sysoev <http://sysoev.ru> parents: 146 diff changeset	1788 {
220 559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	1789 s->data = (u_char *) SSL_get_version(c->ssl->connection);
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	1790 return NGX_OK;
160 73e8476f9142 nginx 0.3.27 Igor Sysoev <http://sysoev.ru> parents: 146 diff changeset	1791 }
73e8476f9142 nginx 0.3.27 Igor Sysoev <http://sysoev.ru> parents: 146 diff changeset	1792
73e8476f9142 nginx 0.3.27 Igor Sysoev <http://sysoev.ru> parents: 146 diff changeset	1793
220 559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	1794 ngx_int_t
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	1795 ngx_ssl_get_cipher_name(ngx_connection_t c, ngx_pool_t pool, ngx_str_t *s)
160 73e8476f9142 nginx 0.3.27 Igor Sysoev <http://sysoev.ru> parents: 146 diff changeset	1796 {
220 559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	1797 s->data = (u_char *) SSL_get_cipher_name(c->ssl->connection);
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	1798 return NGX_OK;
160 73e8476f9142 nginx 0.3.27 Igor Sysoev <http://sysoev.ru> parents: 146 diff changeset	1799 }
73e8476f9142 nginx 0.3.27 Igor Sysoev <http://sysoev.ru> parents: 146 diff changeset	1800
73e8476f9142 nginx 0.3.27 Igor Sysoev <http://sysoev.ru> parents: 146 diff changeset	1801
196 8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1802 ngx_int_t
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1803 ngx_ssl_get_subject_dn(ngx_connection_t c, ngx_pool_t pool, ngx_str_t *s)
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1804 {
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1805 char *p;
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1806 size_t len;
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1807 X509 *cert;
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1808 X509_NAME *name;
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1809
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1810 s->len = 0;
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1811
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1812 cert = SSL_get_peer_certificate(c->ssl->connection);
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1813 if (cert == NULL) {
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1814 return NGX_OK;
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1815 }
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1816
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1817 name = X509_get_subject_name(cert);
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1818 if (name == NULL) {
372 6639b93e81b2 nginx 0.6.30 Igor Sysoev <http://sysoev.ru> parents: 370 diff changeset	1819 X509_free(cert);
196 8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1820 return NGX_ERROR;
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1821 }
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1822
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1823 p = X509_NAME_oneline(name, NULL, 0);
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1824
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1825 for (len = 0; p[len]; len++) { /* void */ }
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1826
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1827 s->len = len;
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1828 s->data = ngx_palloc(pool, len);
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1829 if (s->data == NULL) {
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1830 OPENSSL_free(p);
372 6639b93e81b2 nginx 0.6.30 Igor Sysoev <http://sysoev.ru> parents: 370 diff changeset	1831 X509_free(cert);
196 8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1832 return NGX_ERROR;
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1833 }
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1834
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1835 ngx_memcpy(s->data, p, len);
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1836
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1837 OPENSSL_free(p);
372 6639b93e81b2 nginx 0.6.30 Igor Sysoev <http://sysoev.ru> parents: 370 diff changeset	1838 X509_free(cert);
196 8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1839
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1840 return NGX_OK;
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1841 }
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1842
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1843
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1844 ngx_int_t
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1845 ngx_ssl_get_issuer_dn(ngx_connection_t c, ngx_pool_t pool, ngx_str_t *s)
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1846 {
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1847 char *p;
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1848 size_t len;
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1849 X509 *cert;
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1850 X509_NAME *name;
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1851
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1852 s->len = 0;
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1853
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1854 cert = SSL_get_peer_certificate(c->ssl->connection);
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1855 if (cert == NULL) {
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1856 return NGX_OK;
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1857 }
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1858
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1859 name = X509_get_issuer_name(cert);
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1860 if (name == NULL) {
372 6639b93e81b2 nginx 0.6.30 Igor Sysoev <http://sysoev.ru> parents: 370 diff changeset	1861 X509_free(cert);
196 8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1862 return NGX_ERROR;
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1863 }
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1864
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1865 p = X509_NAME_oneline(name, NULL, 0);
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1866
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1867 for (len = 0; p[len]; len++) { /* void */ }
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1868
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1869 s->len = len;
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1870 s->data = ngx_palloc(pool, len);
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1871 if (s->data == NULL) {
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1872 OPENSSL_free(p);
372 6639b93e81b2 nginx 0.6.30 Igor Sysoev <http://sysoev.ru> parents: 370 diff changeset	1873 X509_free(cert);
196 8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1874 return NGX_ERROR;
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1875 }
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1876
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1877 ngx_memcpy(s->data, p, len);
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1878
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1879 OPENSSL_free(p);
372 6639b93e81b2 nginx 0.6.30 Igor Sysoev <http://sysoev.ru> parents: 370 diff changeset	1880 X509_free(cert);
196 8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1881
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1882 return NGX_OK;
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1883 }
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1884
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1885
220 559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	1886 ngx_int_t
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	1887 ngx_ssl_get_serial_number(ngx_connection_t c, ngx_pool_t pool, ngx_str_t *s)
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	1888 {
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	1889 size_t len;
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	1890 X509 *cert;
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	1891 BIO *bio;
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	1892
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	1893 s->len = 0;
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	1894
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	1895 cert = SSL_get_peer_certificate(c->ssl->connection);
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	1896 if (cert == NULL) {
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	1897 return NGX_OK;
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	1898 }
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	1899
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	1900 bio = BIO_new(BIO_s_mem());
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	1901 if (bio == NULL) {
372 6639b93e81b2 nginx 0.6.30 Igor Sysoev <http://sysoev.ru> parents: 370 diff changeset	1902 X509_free(cert);
220 559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	1903 return NGX_ERROR;
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	1904 }
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	1905
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	1906 i2a_ASN1_INTEGER(bio, X509_get_serialNumber(cert));
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	1907 len = BIO_pending(bio);
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	1908
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	1909 s->len = len;
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	1910 s->data = ngx_palloc(pool, len);
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	1911 if (s->data == NULL) {
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	1912 BIO_free(bio);
372 6639b93e81b2 nginx 0.6.30 Igor Sysoev <http://sysoev.ru> parents: 370 diff changeset	1913 X509_free(cert);
220 559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	1914 return NGX_ERROR;
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	1915 }
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	1916
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	1917 BIO_read(bio, s->data, len);
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	1918 BIO_free(bio);
372 6639b93e81b2 nginx 0.6.30 Igor Sysoev <http://sysoev.ru> parents: 370 diff changeset	1919 X509_free(cert);
220 559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	1920
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	1921 return NGX_OK;
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	1922 }
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	1923
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	1924
90 71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	1925 static void *
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	1926 ngx_openssl_create_conf(ngx_cycle_t *cycle)
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	1927 {
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	1928 ngx_openssl_conf_t *oscf;
126 df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	1929
90 71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	1930 oscf = ngx_pcalloc(cycle->pool, sizeof(ngx_openssl_conf_t));
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	1931 if (oscf == NULL) {
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	1932 return NGX_CONF_ERROR;
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	1933 }
126 df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	1934
90 71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	1935 /*
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	1936 * set by ngx_pcalloc():
126 df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	1937 *
90 71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	1938 * oscf->engine.len = 0;
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	1939 * oscf->engine.data = NULL;
126 df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	1940 */
90 71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	1941
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	1942 return oscf;
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	1943 }
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	1944
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	1945
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	1946 static char *
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	1947 ngx_openssl_init_conf(ngx_cycle_t cycle, void conf)
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	1948 {
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	1949 #if (NGX_SSL_ENGINE)
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	1950 ngx_openssl_conf_t *oscf = conf;
120 e85dca77c46a nginx 0.3.7 Igor Sysoev <http://sysoev.ru> parents: 112 diff changeset	1951
90 71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	1952 ENGINE *engine;
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	1953
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	1954 if (oscf->engine.len == 0) {
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	1955 return NGX_CONF_OK;
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	1956 }
126 df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	1957
90 71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	1958 engine = ENGINE_by_id((const char *) oscf->engine.data);
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	1959
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	1960 if (engine == NULL) {
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	1961 ngx_ssl_error(NGX_LOG_WARN, cycle->log, 0,
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	1962 "ENGINE_by_id(\"%V\") failed", &oscf->engine);
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	1963 return NGX_CONF_ERROR;
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	1964 }
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	1965
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	1966 if (ENGINE_set_default(engine, ENGINE_METHOD_ALL) == 0) {
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	1967 ngx_ssl_error(NGX_LOG_WARN, cycle->log, 0,
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	1968 "ENGINE_set_default(\"%V\", ENGINE_METHOD_ALL) failed",
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	1969 &oscf->engine);
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	1970 return NGX_CONF_ERROR;
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	1971 }
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	1972
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	1973 ENGINE_free(engine);
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	1974
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	1975 #endif
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	1976
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	1977 return NGX_CONF_OK;
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	1978 }
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	1979
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	1980
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	1981 #if !(NGX_SSL_ENGINE)
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	1982
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	1983 static char *
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	1984 ngx_openssl_noengine(ngx_conf_t cf, ngx_command_t cmd, void *conf)
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	1985 {
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	1986 ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
112 408f195b3482 nginx 0.3.3 Igor Sysoev <http://sysoev.ru> parents: 108 diff changeset	1987 "\"ssl_engine\" directive is available only in "
408f195b3482 nginx 0.3.3 Igor Sysoev <http://sysoev.ru> parents: 108 diff changeset	1988 "OpenSSL 0.9.7 and higher,");
90 71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	1989
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	1990 return NGX_CONF_ERROR;
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	1991 }
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	1992
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	1993 #endif
120 e85dca77c46a nginx 0.3.7 Igor Sysoev <http://sysoev.ru> parents: 112 diff changeset	1994
e85dca77c46a nginx 0.3.7 Igor Sysoev <http://sysoev.ru> parents: 112 diff changeset	1995
e85dca77c46a nginx 0.3.7 Igor Sysoev <http://sysoev.ru> parents: 112 diff changeset	1996 static void
e85dca77c46a nginx 0.3.7 Igor Sysoev <http://sysoev.ru> parents: 112 diff changeset	1997 ngx_openssl_exit(ngx_cycle_t *cycle)
e85dca77c46a nginx 0.3.7 Igor Sysoev <http://sysoev.ru> parents: 112 diff changeset	1998 {
e85dca77c46a nginx 0.3.7 Igor Sysoev <http://sysoev.ru> parents: 112 diff changeset	1999 #if (NGX_SSL_ENGINE)
e85dca77c46a nginx 0.3.7 Igor Sysoev <http://sysoev.ru> parents: 112 diff changeset	2000 ENGINE_cleanup();
e85dca77c46a nginx 0.3.7 Igor Sysoev <http://sysoev.ru> parents: 112 diff changeset	2001 #endif
e85dca77c46a nginx 0.3.7 Igor Sysoev <http://sysoev.ru> parents: 112 diff changeset	2002 }

Mercurial > hg > nginx-vendor-0-6

annotate src/event/ngx_event_openssl.c @ 376:d13234035cad NGINX_0_6_32