nginx-vendor-0-6: src/event/ngx_event

annotate src/event/ngx_event_openssl.c @ 378:fc497c1dfb7c NGINX_0_6_33

nginx 0.6.33 *) Feature: now nginx returns the 405 status code for POST method requesting a static file only if the file exists. *) Workaround: compatibility with glibc 2.3. Thanks to Eric Benson and Maxim Dounin. *) Bugfix: the resolver did not understand big DNS responses. Thanks to Zyb. *) Bugfix: in HTTPS mode requests might fail with the "bad write retry" error. *) Bugfix: the ngx_http_charset_module did not understand quoted charset name received from backend. *) Bugfix: if the "max_fails=0" parameter was used in upstream with several servers, then a worker process exited on a SIGFPE signal. Thanks to Maxim Dounin. *) Bugfix: the $r->header_in() method did not return value of the "Host", "User-Agent", and "Connection" request header lines; the bug had appeared in 0.6.32. *) Bugfix: a full response was returned for request method HEAD while redirection via an "error_page" directive. *) Bugfix: if a directory has search only rights and the first index file was absent, then nginx returned the 500 status code. *) Bugfix: of recursive error_page for 500 status code.

author	Igor Sysoev <http://sysoev.ru>
date	Thu, 20 Nov 2008 00:00:00 +0300
parents	d13234035cad
children	09b703ae3ba5

rev	line source
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	2 /*
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	3 * Copyright (C) Igor Sysoev
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	4 */
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	5
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	6
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	7 #include <ngx_config.h>
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	8 #include <ngx_core.h>
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	9 #include <ngx_event.h>
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	10
90 71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	11
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	12 typedef struct {
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	13 ngx_str_t engine;
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	14 } ngx_openssl_conf_t;
28 7ca9bdc82b3f nginx 0.1.14 Igor Sysoev <http://sysoev.ru> parents: 22 diff changeset	15
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	16
220 559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	17 static int ngx_http_ssl_verify_callback(int ok, X509_STORE_CTX *x509_store);
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	18 static void ngx_ssl_handshake_handler(ngx_event_t *ev);
38 2879cd3a40cb nginx 0.1.19 Igor Sysoev <http://sysoev.ru> parents: 28 diff changeset	19 static ngx_int_t ngx_ssl_handle_recv(ngx_connection_t *c, int n);
22 8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	20 static void ngx_ssl_write_handler(ngx_event_t *wev);
8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	21 static void ngx_ssl_read_handler(ngx_event_t *rev);
126 df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	22 static void ngx_ssl_shutdown_handler(ngx_event_t *ev);
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	23 static void ngx_ssl_connection_error(ngx_connection_t *c, int sslerr,
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	24 ngx_err_t err, char *text);
358 9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	25 static void ngx_ssl_clear_error(ngx_log_t *log);
272 29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	26
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	27 static ngx_int_t ngx_ssl_session_cache_init(ngx_shm_zone_t *shm_zone,
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	28 void *data);
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	29 static int ngx_ssl_new_session(ngx_ssl_conn_t *ssl_conn,
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	30 ngx_ssl_session_t *sess);
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	31 static ngx_ssl_session_t ngx_ssl_get_cached_session(ngx_ssl_conn_t ssl_conn,
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	32 u_char id, int len, int copy);
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	33 static void ngx_ssl_remove_session(SSL_CTX ssl, ngx_ssl_session_t sess);
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	34 static void ngx_ssl_expire_sessions(ngx_ssl_session_cache_t *cache,
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	35 ngx_slab_pool_t *shpool, ngx_uint_t n);
274 052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	36 static void ngx_ssl_session_rbtree_insert_value(ngx_rbtree_node_t *temp,
052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	37 ngx_rbtree_node_t node, ngx_rbtree_node_t sentinel);
272 29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	38
90 71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	39 static void ngx_openssl_create_conf(ngx_cycle_t cycle);
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	40 static char ngx_openssl_init_conf(ngx_cycle_t cycle, void *conf);
120 e85dca77c46a nginx 0.3.7 Igor Sysoev <http://sysoev.ru> parents: 112 diff changeset	41 static void ngx_openssl_exit(ngx_cycle_t *cycle);
90 71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	42
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	43 #if !(NGX_SSL_ENGINE)
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	44 static char ngx_openssl_noengine(ngx_conf_t cf, ngx_command_t *cmd,
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	45 void *conf);
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	46 #endif
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	47
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	48
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	49 static ngx_command_t ngx_openssl_commands[] = {
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	50
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	51 { ngx_string("ssl_engine"),
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	52 NGX_MAIN_CONF\|NGX_DIRECT_CONF\|NGX_CONF_TAKE1,
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	53 #if (NGX_SSL_ENGINE)
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	54 ngx_conf_set_str_slot,
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	55 #else
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	56 ngx_openssl_noengine,
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	57 #endif
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	58 0,
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	59 offsetof(ngx_openssl_conf_t, engine),
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	60 NULL },
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	61
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	62 ngx_null_command
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	63 };
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	64
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	65
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	66 static ngx_core_module_t ngx_openssl_module_ctx = {
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	67 ngx_string("openssl"),
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	68 ngx_openssl_create_conf,
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	69 ngx_openssl_init_conf
126 df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	70 };
90 71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	71
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	72
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	73 ngx_module_t ngx_openssl_module = {
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	74 NGX_MODULE_V1,
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	75 &ngx_openssl_module_ctx, /* module context */
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	76 ngx_openssl_commands, /* module directives */
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	77 NGX_CORE_MODULE, /* module type */
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	78 NULL, /* init master */
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	79 NULL, /* init module */
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	80 NULL, /* init process */
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	81 NULL, /* init thread */
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	82 NULL, /* exit thread */
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	83 NULL, /* exit process */
120 e85dca77c46a nginx 0.3.7 Igor Sysoev <http://sysoev.ru> parents: 112 diff changeset	84 ngx_openssl_exit, /* exit master */
90 71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	85 NGX_MODULE_V1_PADDING
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	86 };
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	87
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	88
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	89 static long ngx_ssl_protocols[] = {
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	90 SSL_OP_NO_SSLv2\|SSL_OP_NO_SSLv3\|SSL_OP_NO_TLSv1,
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	91 SSL_OP_NO_SSLv3\|SSL_OP_NO_TLSv1,
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	92 SSL_OP_NO_SSLv2\|SSL_OP_NO_TLSv1,
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	93 SSL_OP_NO_TLSv1,
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	94 SSL_OP_NO_SSLv2\|SSL_OP_NO_SSLv3,
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	95 SSL_OP_NO_SSLv3,
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	96 SSL_OP_NO_SSLv2,
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	97 0,
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	98 };
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	99
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	100
272 29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	101 int ngx_ssl_connection_index;
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	102 int ngx_ssl_server_conf_index;
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	103 int ngx_ssl_session_cache_index;
220 559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	104
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	105
38 2879cd3a40cb nginx 0.1.19 Igor Sysoev <http://sysoev.ru> parents: 28 diff changeset	106 ngx_int_t
2879cd3a40cb nginx 0.1.19 Igor Sysoev <http://sysoev.ru> parents: 28 diff changeset	107 ngx_ssl_init(ngx_log_t *log)
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	108 {
272 29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	109 #if OPENSSL_VERSION_NUMBER >= 0x00907000
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	110 OPENSSL_config(NULL);
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	111 #endif
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	112
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	113 SSL_library_init();
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	114 SSL_load_error_strings();
90 71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	115
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	116 #if (NGX_SSL_ENGINE)
28 7ca9bdc82b3f nginx 0.1.14 Igor Sysoev <http://sysoev.ru> parents: 22 diff changeset	117 ENGINE_load_builtin_engines();
90 71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	118 #endif
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	119
272 29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	120 ngx_ssl_connection_index = SSL_get_ex_new_index(0, NULL, NULL, NULL, NULL);
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	121
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	122 if (ngx_ssl_connection_index == -1) {
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	123 ngx_ssl_error(NGX_LOG_ALERT, log, 0, "SSL_get_ex_new_index() failed");
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	124 return NGX_ERROR;
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	125 }
220 559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	126
272 29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	127 ngx_ssl_server_conf_index = SSL_CTX_get_ex_new_index(0, NULL, NULL, NULL,
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	128 NULL);
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	129 if (ngx_ssl_server_conf_index == -1) {
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	130 ngx_ssl_error(NGX_LOG_ALERT, log, 0,
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	131 "SSL_CTX_get_ex_new_index() failed");
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	132 return NGX_ERROR;
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	133 }
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	134
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	135 ngx_ssl_session_cache_index = SSL_CTX_get_ex_new_index(0, NULL, NULL, NULL,
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	136 NULL);
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	137 if (ngx_ssl_session_cache_index == -1) {
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	138 ngx_ssl_error(NGX_LOG_ALERT, log, 0,
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	139 "SSL_CTX_get_ex_new_index() failed");
220 559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	140 return NGX_ERROR;
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	141 }
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	142
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	143 return NGX_OK;
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	144 }
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	145
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	146
38 2879cd3a40cb nginx 0.1.19 Igor Sysoev <http://sysoev.ru> parents: 28 diff changeset	147 ngx_int_t
272 29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	148 ngx_ssl_create(ngx_ssl_t ssl, ngx_uint_t protocols, void data)
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	149 {
126 df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	150 ssl->ctx = SSL_CTX_new(SSLv23_method());
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	151
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	152 if (ssl->ctx == NULL) {
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	153 ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0, "SSL_CTX_new() failed");
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	154 return NGX_ERROR;
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	155 }
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	156
272 29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	157 if (SSL_CTX_set_ex_data(ssl->ctx, ngx_ssl_server_conf_index, data) == 0) {
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	158 ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0,
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	159 "SSL_CTX_set_ex_data() failed");
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	160 return NGX_ERROR;
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	161 }
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	162
126 df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	163 /* client side options */
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	164
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	165 SSL_CTX_set_options(ssl->ctx, SSL_OP_MICROSOFT_SESS_ID_BUG);
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	166 SSL_CTX_set_options(ssl->ctx, SSL_OP_NETSCAPE_CHALLENGE_BUG);
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	167 SSL_CTX_set_options(ssl->ctx, SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG);
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	168
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	169 /* server side options */
112 408f195b3482 nginx 0.3.3 Igor Sysoev <http://sysoev.ru> parents: 108 diff changeset	170
408f195b3482 nginx 0.3.3 Igor Sysoev <http://sysoev.ru> parents: 108 diff changeset	171 SSL_CTX_set_options(ssl->ctx, SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG);
408f195b3482 nginx 0.3.3 Igor Sysoev <http://sysoev.ru> parents: 108 diff changeset	172 SSL_CTX_set_options(ssl->ctx, SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER);
408f195b3482 nginx 0.3.3 Igor Sysoev <http://sysoev.ru> parents: 108 diff changeset	173
408f195b3482 nginx 0.3.3 Igor Sysoev <http://sysoev.ru> parents: 108 diff changeset	174 /* this option allow a potential SSL 2.0 rollback (CAN-2005-2969) */
408f195b3482 nginx 0.3.3 Igor Sysoev <http://sysoev.ru> parents: 108 diff changeset	175 SSL_CTX_set_options(ssl->ctx, SSL_OP_MSIE_SSLV2_RSA_PADDING);
408f195b3482 nginx 0.3.3 Igor Sysoev <http://sysoev.ru> parents: 108 diff changeset	176
408f195b3482 nginx 0.3.3 Igor Sysoev <http://sysoev.ru> parents: 108 diff changeset	177 SSL_CTX_set_options(ssl->ctx, SSL_OP_SSLEAY_080_CLIENT_DH_BUG);
408f195b3482 nginx 0.3.3 Igor Sysoev <http://sysoev.ru> parents: 108 diff changeset	178 SSL_CTX_set_options(ssl->ctx, SSL_OP_TLS_D5_BUG);
408f195b3482 nginx 0.3.3 Igor Sysoev <http://sysoev.ru> parents: 108 diff changeset	179 SSL_CTX_set_options(ssl->ctx, SSL_OP_TLS_BLOCK_PADDING_BUG);
408f195b3482 nginx 0.3.3 Igor Sysoev <http://sysoev.ru> parents: 108 diff changeset	180
408f195b3482 nginx 0.3.3 Igor Sysoev <http://sysoev.ru> parents: 108 diff changeset	181 #ifdef SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS
408f195b3482 nginx 0.3.3 Igor Sysoev <http://sysoev.ru> parents: 108 diff changeset	182 SSL_CTX_set_options(ssl->ctx, SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS);
408f195b3482 nginx 0.3.3 Igor Sysoev <http://sysoev.ru> parents: 108 diff changeset	183 #endif
408f195b3482 nginx 0.3.3 Igor Sysoev <http://sysoev.ru> parents: 108 diff changeset	184
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	185
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	186 if (ngx_ssl_protocols[protocols >> 1] != 0) {
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	187 SSL_CTX_set_options(ssl->ctx, ngx_ssl_protocols[protocols >> 1]);
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	188 }
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	189
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	190 SSL_CTX_set_read_ahead(ssl->ctx, 1);
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	191
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	192 return NGX_OK;
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	193 }
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	194
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	195
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	196 ngx_int_t
112 408f195b3482 nginx 0.3.3 Igor Sysoev <http://sysoev.ru> parents: 108 diff changeset	197 ngx_ssl_certificate(ngx_conf_t cf, ngx_ssl_t ssl, ngx_str_t *cert,
408f195b3482 nginx 0.3.3 Igor Sysoev <http://sysoev.ru> parents: 108 diff changeset	198 ngx_str_t *key)
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	199 {
324 f7cd062ee035 nginx 0.6.6 Igor Sysoev <http://sysoev.ru> parents: 302 diff changeset	200 if (ngx_conf_full_name(cf->cycle, cert, 1) == NGX_ERROR) {
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	201 return NGX_ERROR;
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	202 }
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	203
112 408f195b3482 nginx 0.3.3 Igor Sysoev <http://sysoev.ru> parents: 108 diff changeset	204 if (SSL_CTX_use_certificate_chain_file(ssl->ctx, (char *) cert->data)
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	205 == 0)
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	206 {
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	207 ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0,
112 408f195b3482 nginx 0.3.3 Igor Sysoev <http://sysoev.ru> parents: 108 diff changeset	208 "SSL_CTX_use_certificate_chain_file(\"%s\") failed",
408f195b3482 nginx 0.3.3 Igor Sysoev <http://sysoev.ru> parents: 108 diff changeset	209 cert->data);
408f195b3482 nginx 0.3.3 Igor Sysoev <http://sysoev.ru> parents: 108 diff changeset	210 return NGX_ERROR;
408f195b3482 nginx 0.3.3 Igor Sysoev <http://sysoev.ru> parents: 108 diff changeset	211 }
408f195b3482 nginx 0.3.3 Igor Sysoev <http://sysoev.ru> parents: 108 diff changeset	212
324 f7cd062ee035 nginx 0.6.6 Igor Sysoev <http://sysoev.ru> parents: 302 diff changeset	213 if (ngx_conf_full_name(cf->cycle, key, 1) == NGX_ERROR) {
112 408f195b3482 nginx 0.3.3 Igor Sysoev <http://sysoev.ru> parents: 108 diff changeset	214 return NGX_ERROR;
408f195b3482 nginx 0.3.3 Igor Sysoev <http://sysoev.ru> parents: 108 diff changeset	215 }
408f195b3482 nginx 0.3.3 Igor Sysoev <http://sysoev.ru> parents: 108 diff changeset	216
408f195b3482 nginx 0.3.3 Igor Sysoev <http://sysoev.ru> parents: 108 diff changeset	217 if (SSL_CTX_use_PrivateKey_file(ssl->ctx, (char *) key->data,
196 8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	218 SSL_FILETYPE_PEM)
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	219 == 0)
112 408f195b3482 nginx 0.3.3 Igor Sysoev <http://sysoev.ru> parents: 108 diff changeset	220 {
408f195b3482 nginx 0.3.3 Igor Sysoev <http://sysoev.ru> parents: 108 diff changeset	221 ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0,
408f195b3482 nginx 0.3.3 Igor Sysoev <http://sysoev.ru> parents: 108 diff changeset	222 "SSL_CTX_use_PrivateKey_file(\"%s\") failed", key->data);
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	223 return NGX_ERROR;
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	224 }
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	225
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	226 return NGX_OK;
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	227 }
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	228
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	229
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	230 ngx_int_t
220 559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	231 ngx_ssl_client_certificate(ngx_conf_t cf, ngx_ssl_t ssl, ngx_str_t *cert,
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	232 ngx_int_t depth)
196 8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	233 {
220 559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	234 STACK_OF(X509_NAME) *list;
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	235
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	236 SSL_CTX_set_verify(ssl->ctx, SSL_VERIFY_PEER, ngx_http_ssl_verify_callback);
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	237
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	238 SSL_CTX_set_verify_depth(ssl->ctx, depth);
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	239
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	240 if (cert->len == 0) {
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	241 return NGX_OK;
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	242 }
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	243
324 f7cd062ee035 nginx 0.6.6 Igor Sysoev <http://sysoev.ru> parents: 302 diff changeset	244 if (ngx_conf_full_name(cf->cycle, cert, 1) == NGX_ERROR) {
196 8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	245 return NGX_ERROR;
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	246 }
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	247
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	248 if (SSL_CTX_load_verify_locations(ssl->ctx, (char *) cert->data, NULL)
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	249 == 0)
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	250 {
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	251 ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0,
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	252 "SSL_CTX_load_verify_locations(\"%s\") failed",
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	253 cert->data);
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	254 return NGX_ERROR;
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	255 }
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	256
220 559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	257 list = SSL_load_client_CA_file((char *) cert->data);
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	258
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	259 if (list == NULL) {
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	260 ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0,
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	261 "SSL_load_client_CA_file(\"%s\") failed", cert->data);
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	262 return NGX_ERROR;
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	263 }
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	264
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	265 /*
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	266 * before 0.9.7h and 0.9.8 SSL_load_client_CA_file()
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	267 * always leaved an error in the error queue
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	268 */
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	269
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	270 ERR_clear_error();
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	271
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	272 SSL_CTX_set_client_CA_list(ssl->ctx, list);
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	273
196 8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	274 return NGX_OK;
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	275 }
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	276
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	277
220 559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	278 static int
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	279 ngx_http_ssl_verify_callback(int ok, X509_STORE_CTX *x509_store)
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	280 {
372 6639b93e81b2 nginx 0.6.30 Igor Sysoev <http://sysoev.ru> parents: 370 diff changeset	281 #if (NGX_DEBUG)
220 559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	282 char subject, issuer;
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	283 int err, depth;
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	284 X509 *cert;
372 6639b93e81b2 nginx 0.6.30 Igor Sysoev <http://sysoev.ru> parents: 370 diff changeset	285 X509_NAME sname, iname;
220 559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	286 ngx_connection_t *c;
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	287 ngx_ssl_conn_t *ssl_conn;
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	288
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	289 ssl_conn = X509_STORE_CTX_get_ex_data(x509_store,
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	290 SSL_get_ex_data_X509_STORE_CTX_idx());
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	291
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	292 c = ngx_ssl_get_connection(ssl_conn);
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	293
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	294 cert = X509_STORE_CTX_get_current_cert(x509_store);
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	295 err = X509_STORE_CTX_get_error(x509_store);
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	296 depth = X509_STORE_CTX_get_error_depth(x509_store);
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	297
372 6639b93e81b2 nginx 0.6.30 Igor Sysoev <http://sysoev.ru> parents: 370 diff changeset	298 sname = X509_get_subject_name(cert);
6639b93e81b2 nginx 0.6.30 Igor Sysoev <http://sysoev.ru> parents: 370 diff changeset	299 subject = sname ? X509_NAME_oneline(sname, NULL, 0) : "(none)";
6639b93e81b2 nginx 0.6.30 Igor Sysoev <http://sysoev.ru> parents: 370 diff changeset	300
6639b93e81b2 nginx 0.6.30 Igor Sysoev <http://sysoev.ru> parents: 370 diff changeset	301 iname = X509_get_issuer_name(cert);
6639b93e81b2 nginx 0.6.30 Igor Sysoev <http://sysoev.ru> parents: 370 diff changeset	302 issuer = iname ? X509_NAME_oneline(iname, NULL, 0) : "(none)";
220 559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	303
272 29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	304 ngx_log_debug5(NGX_LOG_DEBUG_EVENT, c->log, 0,
220 559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	305 "verify:%d, error:%d, depth:%d, "
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	306 "subject:\"%s\",issuer: \"%s\"",
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	307 ok, err, depth, subject, issuer);
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	308
372 6639b93e81b2 nginx 0.6.30 Igor Sysoev <http://sysoev.ru> parents: 370 diff changeset	309 if (sname) {
6639b93e81b2 nginx 0.6.30 Igor Sysoev <http://sysoev.ru> parents: 370 diff changeset	310 OPENSSL_free(subject);
6639b93e81b2 nginx 0.6.30 Igor Sysoev <http://sysoev.ru> parents: 370 diff changeset	311 }
6639b93e81b2 nginx 0.6.30 Igor Sysoev <http://sysoev.ru> parents: 370 diff changeset	312
6639b93e81b2 nginx 0.6.30 Igor Sysoev <http://sysoev.ru> parents: 370 diff changeset	313 if (iname) {
6639b93e81b2 nginx 0.6.30 Igor Sysoev <http://sysoev.ru> parents: 370 diff changeset	314 OPENSSL_free(issuer);
6639b93e81b2 nginx 0.6.30 Igor Sysoev <http://sysoev.ru> parents: 370 diff changeset	315 }
6639b93e81b2 nginx 0.6.30 Igor Sysoev <http://sysoev.ru> parents: 370 diff changeset	316 #endif
6639b93e81b2 nginx 0.6.30 Igor Sysoev <http://sysoev.ru> parents: 370 diff changeset	317
220 559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	318 return 1;
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	319 }
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	320
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	321
196 8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	322 ngx_int_t
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	323 ngx_ssl_generate_rsa512_key(ngx_ssl_t *ssl)
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	324 {
220 559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	325 RSA *key;
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	326
108 cf3d6edb3ad6 nginx 0.3.1 Igor Sysoev <http://sysoev.ru> parents: 98 diff changeset	327 if (SSL_CTX_need_tmp_RSA(ssl->ctx) == 0) {
cf3d6edb3ad6 nginx 0.3.1 Igor Sysoev <http://sysoev.ru> parents: 98 diff changeset	328 return NGX_OK;
cf3d6edb3ad6 nginx 0.3.1 Igor Sysoev <http://sysoev.ru> parents: 98 diff changeset	329 }
cf3d6edb3ad6 nginx 0.3.1 Igor Sysoev <http://sysoev.ru> parents: 98 diff changeset	330
220 559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	331 key = RSA_generate_key(512, RSA_F4, NULL, NULL);
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	332
220 559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	333 if (key) {
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	334 SSL_CTX_set_tmp_rsa(ssl->ctx, key);
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	335
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	336 RSA_free(key);
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	337
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	338 return NGX_OK;
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	339 }
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	340
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	341 ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0, "RSA_generate_key(512) failed");
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	342
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	343 return NGX_ERROR;
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	344 }
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	345
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	346
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	347 ngx_int_t
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	348 ngx_ssl_create_connection(ngx_ssl_t ssl, ngx_connection_t c, ngx_uint_t flags)
126 df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	349 {
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	350 ngx_ssl_connection_t *sc;
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	351
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	352 sc = ngx_pcalloc(c->pool, sizeof(ngx_ssl_connection_t));
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	353 if (sc == NULL) {
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	354 return NGX_ERROR;
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	355 }
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	356
358 9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	357 sc->buffer = ((flags & NGX_SSL_BUFFER) != 0);
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	358
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	359 sc->connection = SSL_new(ssl->ctx);
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	360
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	361 if (sc->connection == NULL) {
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	362 ngx_ssl_error(NGX_LOG_ALERT, c->log, 0, "SSL_new() failed");
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	363 return NGX_ERROR;
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	364 }
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	365
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	366 if (SSL_set_fd(sc->connection, c->fd) == 0) {
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	367 ngx_ssl_error(NGX_LOG_ALERT, c->log, 0, "SSL_set_fd() failed");
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	368 return NGX_ERROR;
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	369 }
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	370
126 df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	371 if (flags & NGX_SSL_CLIENT) {
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	372 SSL_set_connect_state(sc->connection);
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	373
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	374 } else {
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	375 SSL_set_accept_state(sc->connection);
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	376 }
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	377
272 29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	378 if (SSL_set_ex_data(sc->connection, ngx_ssl_connection_index, c) == 0) {
220 559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	379 ngx_ssl_error(NGX_LOG_ALERT, c->log, 0, "SSL_set_ex_data() failed");
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	380 return NGX_ERROR;
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	381 }
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	382
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	383 c->ssl = sc;
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	384
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	385 return NGX_OK;
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	386 }
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	387
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	388
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	389 ngx_int_t
126 df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	390 ngx_ssl_set_session(ngx_connection_t c, ngx_ssl_session_t session)
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	391 {
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	392 if (session) {
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	393 if (SSL_set_session(c->ssl->connection, session) == 0) {
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	394 ngx_ssl_error(NGX_LOG_ALERT, c->log, 0, "SSL_set_session() failed");
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	395 return NGX_ERROR;
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	396 }
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	397 }
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	398
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	399 return NGX_OK;
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	400 }
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	401
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	402
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	403 ngx_int_t
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	404 ngx_ssl_handshake(ngx_connection_t *c)
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	405 {
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	406 int n, sslerr;
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	407 ngx_err_t err;
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	408
358 9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	409 ngx_ssl_clear_error(c->log);
9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	410
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	411 n = SSL_do_handshake(c->ssl->connection);
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	412
126 df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	413 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL_do_handshake: %d", n);
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	414
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	415 if (n == 1) {
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	416
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	417 if (ngx_handle_read_event(c->read, 0) == NGX_ERROR) {
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	418 return NGX_ERROR;
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	419 }
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	420
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	421 if (ngx_handle_write_event(c->write, 0) == NGX_ERROR) {
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	422 return NGX_ERROR;
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	423 }
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	424
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	425 #if (NGX_DEBUG)
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	426 {
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	427 char buf[129], s, d;
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	428 SSL_CIPHER *cipher;
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	429
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	430 cipher = SSL_get_current_cipher(c->ssl->connection);
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	431
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	432 if (cipher) {
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	433 SSL_CIPHER_description(cipher, &buf[1], 128);
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	434
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	435 for (s = &buf[1], d = buf; *s; s++) {
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	436 if (s == ' ' && d == ' ') {
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	437 continue;
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	438 }
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	439
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	440 if (s == LF \|\| s == CR) {
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	441 continue;
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	442 }
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	443
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	444 ++d = s;
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	445 }
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	446
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	447 if (*d != ' ') {
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	448 d++;
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	449 }
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	450
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	451 *d = '\0';
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	452
132 91372f004adf nginx 0.3.13 Igor Sysoev <http://sysoev.ru> parents: 126 diff changeset	453 ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0,
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	454 "SSL: %s, cipher: \"%s\"",
126 df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	455 SSL_get_version(c->ssl->connection), &buf[1]);
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	456
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	457 if (SSL_session_reused(c->ssl->connection)) {
132 91372f004adf nginx 0.3.13 Igor Sysoev <http://sysoev.ru> parents: 126 diff changeset	458 ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0,
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	459 "SSL reused session");
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	460 }
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	461
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	462 } else {
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	463 ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0,
126 df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	464 "SSL no shared ciphers");
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	465 }
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	466 }
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	467 #endif
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	468
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	469 c->ssl->handshaked = 1;
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	470
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	471 c->recv = ngx_ssl_recv;
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	472 c->send = ngx_ssl_write;
126 df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	473 c->recv_chain = ngx_ssl_recv_chain;
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	474 c->send_chain = ngx_ssl_send_chain;
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	475
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	476 return NGX_OK;
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	477 }
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	478
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	479 sslerr = SSL_get_error(c->ssl->connection, n);
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	480
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	481 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL_get_error: %d", sslerr);
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	482
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	483 if (sslerr == SSL_ERROR_WANT_READ) {
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	484 c->read->ready = 0;
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	485 c->read->handler = ngx_ssl_handshake_handler;
140 55a211e5eeb7 nginx 0.3.17 Igor Sysoev <http://sysoev.ru> parents: 138 diff changeset	486 c->write->handler = ngx_ssl_handshake_handler;
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	487
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	488 if (ngx_handle_read_event(c->read, 0) == NGX_ERROR) {
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	489 return NGX_ERROR;
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	490 }
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	491
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	492 return NGX_AGAIN;
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	493 }
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	494
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	495 if (sslerr == SSL_ERROR_WANT_WRITE) {
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	496 c->write->ready = 0;
140 55a211e5eeb7 nginx 0.3.17 Igor Sysoev <http://sysoev.ru> parents: 138 diff changeset	497 c->read->handler = ngx_ssl_handshake_handler;
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	498 c->write->handler = ngx_ssl_handshake_handler;
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	499
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	500 if (ngx_handle_write_event(c->write, 0) == NGX_ERROR) {
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	501 return NGX_ERROR;
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	502 }
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	503
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	504 return NGX_AGAIN;
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	505 }
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	506
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	507 err = (sslerr == SSL_ERROR_SYSCALL) ? ngx_errno : 0;
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	508
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	509 c->ssl->no_wait_shutdown = 1;
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	510 c->ssl->no_send_shutdown = 1;
140 55a211e5eeb7 nginx 0.3.17 Igor Sysoev <http://sysoev.ru> parents: 138 diff changeset	511 c->read->eof = 1;
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	512
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	513 if (sslerr == SSL_ERROR_ZERO_RETURN \|\| ERR_peek_error() == 0) {
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	514 ngx_log_error(NGX_LOG_INFO, c->log, err,
126 df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	515 "peer closed connection in SSL handshake");
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	516
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	517 return NGX_ERROR;
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	518 }
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	519
140 55a211e5eeb7 nginx 0.3.17 Igor Sysoev <http://sysoev.ru> parents: 138 diff changeset	520 c->read->error = 1;
55a211e5eeb7 nginx 0.3.17 Igor Sysoev <http://sysoev.ru> parents: 138 diff changeset	521
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	522 ngx_ssl_connection_error(c, sslerr, err, "SSL_do_handshake() failed");
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	523
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	524 return NGX_ERROR;
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	525 }
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	526
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	527
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	528 static void
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	529 ngx_ssl_handshake_handler(ngx_event_t *ev)
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	530 {
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	531 ngx_connection_t *c;
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	532
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	533 c = ev->data;
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	534
98 8bf57caa374a nginx 0.2.3 Igor Sysoev <http://sysoev.ru> parents: 96 diff changeset	535 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0,
126 df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	536 "SSL handshake handler: %d", ev->write);
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	537
140 55a211e5eeb7 nginx 0.3.17 Igor Sysoev <http://sysoev.ru> parents: 138 diff changeset	538 if (ev->timedout) {
55a211e5eeb7 nginx 0.3.17 Igor Sysoev <http://sysoev.ru> parents: 138 diff changeset	539 c->ssl->handler(c);
55a211e5eeb7 nginx 0.3.17 Igor Sysoev <http://sysoev.ru> parents: 138 diff changeset	540 return;
55a211e5eeb7 nginx 0.3.17 Igor Sysoev <http://sysoev.ru> parents: 138 diff changeset	541 }
55a211e5eeb7 nginx 0.3.17 Igor Sysoev <http://sysoev.ru> parents: 138 diff changeset	542
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	543 if (ngx_ssl_handshake(c) == NGX_AGAIN) {
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	544 return;
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	545 }
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	546
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	547 c->ssl->handler(c);
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	548 }
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	549
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	550
38 2879cd3a40cb nginx 0.1.19 Igor Sysoev <http://sysoev.ru> parents: 28 diff changeset	551 ssize_t
126 df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	552 ngx_ssl_recv_chain(ngx_connection_t c, ngx_chain_t cl)
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	553 {
294 27d9d1f26b38 nginx 0.5.17 Igor Sysoev <http://sysoev.ru> parents: 276 diff changeset	554 u_char *last;
126 df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	555 ssize_t n, bytes;
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	556 ngx_buf_t *b;
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	557
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	558 bytes = 0;
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	559
294 27d9d1f26b38 nginx 0.5.17 Igor Sysoev <http://sysoev.ru> parents: 276 diff changeset	560 b = cl->buf;
27d9d1f26b38 nginx 0.5.17 Igor Sysoev <http://sysoev.ru> parents: 276 diff changeset	561 last = b->last;
27d9d1f26b38 nginx 0.5.17 Igor Sysoev <http://sysoev.ru> parents: 276 diff changeset	562
27d9d1f26b38 nginx 0.5.17 Igor Sysoev <http://sysoev.ru> parents: 276 diff changeset	563 for ( ;; ) {
27d9d1f26b38 nginx 0.5.17 Igor Sysoev <http://sysoev.ru> parents: 276 diff changeset	564
27d9d1f26b38 nginx 0.5.17 Igor Sysoev <http://sysoev.ru> parents: 276 diff changeset	565 n = ngx_ssl_recv(c, last, b->end - last);
126 df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	566
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	567 if (n > 0) {
294 27d9d1f26b38 nginx 0.5.17 Igor Sysoev <http://sysoev.ru> parents: 276 diff changeset	568 last += n;
126 df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	569 bytes += n;
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	570
294 27d9d1f26b38 nginx 0.5.17 Igor Sysoev <http://sysoev.ru> parents: 276 diff changeset	571 if (last == b->end) {
126 df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	572 cl = cl->next;
294 27d9d1f26b38 nginx 0.5.17 Igor Sysoev <http://sysoev.ru> parents: 276 diff changeset	573
27d9d1f26b38 nginx 0.5.17 Igor Sysoev <http://sysoev.ru> parents: 276 diff changeset	574 if (cl == NULL) {
27d9d1f26b38 nginx 0.5.17 Igor Sysoev <http://sysoev.ru> parents: 276 diff changeset	575 return bytes;
27d9d1f26b38 nginx 0.5.17 Igor Sysoev <http://sysoev.ru> parents: 276 diff changeset	576 }
27d9d1f26b38 nginx 0.5.17 Igor Sysoev <http://sysoev.ru> parents: 276 diff changeset	577
27d9d1f26b38 nginx 0.5.17 Igor Sysoev <http://sysoev.ru> parents: 276 diff changeset	578 b = cl->buf;
27d9d1f26b38 nginx 0.5.17 Igor Sysoev <http://sysoev.ru> parents: 276 diff changeset	579 last = b->last;
126 df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	580 }
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	581
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	582 continue;
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	583 }
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	584
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	585 if (bytes) {
376 d13234035cad nginx 0.6.32 Igor Sysoev <http://sysoev.ru> parents: 372 diff changeset	586
d13234035cad nginx 0.6.32 Igor Sysoev <http://sysoev.ru> parents: 372 diff changeset	587 if (n == 0 \|\| n == NGX_ERROR) {
d13234035cad nginx 0.6.32 Igor Sysoev <http://sysoev.ru> parents: 372 diff changeset	588 c->read->ready = 1;
d13234035cad nginx 0.6.32 Igor Sysoev <http://sysoev.ru> parents: 372 diff changeset	589 }
d13234035cad nginx 0.6.32 Igor Sysoev <http://sysoev.ru> parents: 372 diff changeset	590
126 df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	591 return bytes;
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	592 }
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	593
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	594 return n;
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	595 }
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	596 }
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	597
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	598
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	599 ssize_t
38 2879cd3a40cb nginx 0.1.19 Igor Sysoev <http://sysoev.ru> parents: 28 diff changeset	600 ngx_ssl_recv(ngx_connection_t c, u_char buf, size_t size)
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	601 {
38 2879cd3a40cb nginx 0.1.19 Igor Sysoev <http://sysoev.ru> parents: 28 diff changeset	602 int n, bytes;
2879cd3a40cb nginx 0.1.19 Igor Sysoev <http://sysoev.ru> parents: 28 diff changeset	603
2879cd3a40cb nginx 0.1.19 Igor Sysoev <http://sysoev.ru> parents: 28 diff changeset	604 if (c->ssl->last == NGX_ERROR) {
330 5e3b425174f6 nginx 0.6.9 Igor Sysoev <http://sysoev.ru> parents: 324 diff changeset	605 c->read->error = 1;
38 2879cd3a40cb nginx 0.1.19 Igor Sysoev <http://sysoev.ru> parents: 28 diff changeset	606 return NGX_ERROR;
2879cd3a40cb nginx 0.1.19 Igor Sysoev <http://sysoev.ru> parents: 28 diff changeset	607 }
2879cd3a40cb nginx 0.1.19 Igor Sysoev <http://sysoev.ru> parents: 28 diff changeset	608
126 df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	609 if (c->ssl->last == NGX_DONE) {
330 5e3b425174f6 nginx 0.6.9 Igor Sysoev <http://sysoev.ru> parents: 324 diff changeset	610 c->read->ready = 0;
5e3b425174f6 nginx 0.6.9 Igor Sysoev <http://sysoev.ru> parents: 324 diff changeset	611 c->read->eof = 1;
126 df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	612 return 0;
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	613 }
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	614
38 2879cd3a40cb nginx 0.1.19 Igor Sysoev <http://sysoev.ru> parents: 28 diff changeset	615 bytes = 0;
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	616
358 9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	617 ngx_ssl_clear_error(c->log);
9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	618
38 2879cd3a40cb nginx 0.1.19 Igor Sysoev <http://sysoev.ru> parents: 28 diff changeset	619 /*
2879cd3a40cb nginx 0.1.19 Igor Sysoev <http://sysoev.ru> parents: 28 diff changeset	620 * SSL_read() may return data in parts, so try to read
2879cd3a40cb nginx 0.1.19 Igor Sysoev <http://sysoev.ru> parents: 28 diff changeset	621 * until SSL_read() would return no data
2879cd3a40cb nginx 0.1.19 Igor Sysoev <http://sysoev.ru> parents: 28 diff changeset	622 */
2879cd3a40cb nginx 0.1.19 Igor Sysoev <http://sysoev.ru> parents: 28 diff changeset	623
2879cd3a40cb nginx 0.1.19 Igor Sysoev <http://sysoev.ru> parents: 28 diff changeset	624 for ( ;; ) {
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	625
92 45945fa8b8ba nginx 0.2.0 Igor Sysoev <http://sysoev.ru> parents: 90 diff changeset	626 n = SSL_read(c->ssl->connection, buf, size);
38 2879cd3a40cb nginx 0.1.19 Igor Sysoev <http://sysoev.ru> parents: 28 diff changeset	627
126 df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	628 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL_read: %d", n);
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	629
38 2879cd3a40cb nginx 0.1.19 Igor Sysoev <http://sysoev.ru> parents: 28 diff changeset	630 if (n > 0) {
2879cd3a40cb nginx 0.1.19 Igor Sysoev <http://sysoev.ru> parents: 28 diff changeset	631 bytes += n;
2879cd3a40cb nginx 0.1.19 Igor Sysoev <http://sysoev.ru> parents: 28 diff changeset	632 }
2879cd3a40cb nginx 0.1.19 Igor Sysoev <http://sysoev.ru> parents: 28 diff changeset	633
2879cd3a40cb nginx 0.1.19 Igor Sysoev <http://sysoev.ru> parents: 28 diff changeset	634 c->ssl->last = ngx_ssl_handle_recv(c, n);
2879cd3a40cb nginx 0.1.19 Igor Sysoev <http://sysoev.ru> parents: 28 diff changeset	635
330 5e3b425174f6 nginx 0.6.9 Igor Sysoev <http://sysoev.ru> parents: 324 diff changeset	636 if (c->ssl->last == NGX_OK) {
5e3b425174f6 nginx 0.6.9 Igor Sysoev <http://sysoev.ru> parents: 324 diff changeset	637
5e3b425174f6 nginx 0.6.9 Igor Sysoev <http://sysoev.ru> parents: 324 diff changeset	638 size -= n;
5e3b425174f6 nginx 0.6.9 Igor Sysoev <http://sysoev.ru> parents: 324 diff changeset	639
5e3b425174f6 nginx 0.6.9 Igor Sysoev <http://sysoev.ru> parents: 324 diff changeset	640 if (size == 0) {
38 2879cd3a40cb nginx 0.1.19 Igor Sysoev <http://sysoev.ru> parents: 28 diff changeset	641 return bytes;
126 df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	642 }
38 2879cd3a40cb nginx 0.1.19 Igor Sysoev <http://sysoev.ru> parents: 28 diff changeset	643
330 5e3b425174f6 nginx 0.6.9 Igor Sysoev <http://sysoev.ru> parents: 324 diff changeset	644 buf += n;
5e3b425174f6 nginx 0.6.9 Igor Sysoev <http://sysoev.ru> parents: 324 diff changeset	645
5e3b425174f6 nginx 0.6.9 Igor Sysoev <http://sysoev.ru> parents: 324 diff changeset	646 continue;
5e3b425174f6 nginx 0.6.9 Igor Sysoev <http://sysoev.ru> parents: 324 diff changeset	647 }
5e3b425174f6 nginx 0.6.9 Igor Sysoev <http://sysoev.ru> parents: 324 diff changeset	648
5e3b425174f6 nginx 0.6.9 Igor Sysoev <http://sysoev.ru> parents: 324 diff changeset	649 if (bytes) {
5e3b425174f6 nginx 0.6.9 Igor Sysoev <http://sysoev.ru> parents: 324 diff changeset	650 return bytes;
5e3b425174f6 nginx 0.6.9 Igor Sysoev <http://sysoev.ru> parents: 324 diff changeset	651 }
5e3b425174f6 nginx 0.6.9 Igor Sysoev <http://sysoev.ru> parents: 324 diff changeset	652
5e3b425174f6 nginx 0.6.9 Igor Sysoev <http://sysoev.ru> parents: 324 diff changeset	653 switch (c->ssl->last) {
5e3b425174f6 nginx 0.6.9 Igor Sysoev <http://sysoev.ru> parents: 324 diff changeset	654
5e3b425174f6 nginx 0.6.9 Igor Sysoev <http://sysoev.ru> parents: 324 diff changeset	655 case NGX_DONE:
5e3b425174f6 nginx 0.6.9 Igor Sysoev <http://sysoev.ru> parents: 324 diff changeset	656 c->read->ready = 0;
5e3b425174f6 nginx 0.6.9 Igor Sysoev <http://sysoev.ru> parents: 324 diff changeset	657 c->read->eof = 1;
5e3b425174f6 nginx 0.6.9 Igor Sysoev <http://sysoev.ru> parents: 324 diff changeset	658 return 0;
5e3b425174f6 nginx 0.6.9 Igor Sysoev <http://sysoev.ru> parents: 324 diff changeset	659
5e3b425174f6 nginx 0.6.9 Igor Sysoev <http://sysoev.ru> parents: 324 diff changeset	660 case NGX_ERROR:
5e3b425174f6 nginx 0.6.9 Igor Sysoev <http://sysoev.ru> parents: 324 diff changeset	661 c->read->error = 1;
5e3b425174f6 nginx 0.6.9 Igor Sysoev <http://sysoev.ru> parents: 324 diff changeset	662
5e3b425174f6 nginx 0.6.9 Igor Sysoev <http://sysoev.ru> parents: 324 diff changeset	663 /* fall thruogh */
5e3b425174f6 nginx 0.6.9 Igor Sysoev <http://sysoev.ru> parents: 324 diff changeset	664
5e3b425174f6 nginx 0.6.9 Igor Sysoev <http://sysoev.ru> parents: 324 diff changeset	665 case NGX_AGAIN:
126 df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	666 return c->ssl->last;
28 7ca9bdc82b3f nginx 0.1.14 Igor Sysoev <http://sysoev.ru> parents: 22 diff changeset	667 }
38 2879cd3a40cb nginx 0.1.19 Igor Sysoev <http://sysoev.ru> parents: 28 diff changeset	668 }
2879cd3a40cb nginx 0.1.19 Igor Sysoev <http://sysoev.ru> parents: 28 diff changeset	669 }
2879cd3a40cb nginx 0.1.19 Igor Sysoev <http://sysoev.ru> parents: 28 diff changeset	670
2879cd3a40cb nginx 0.1.19 Igor Sysoev <http://sysoev.ru> parents: 28 diff changeset	671
2879cd3a40cb nginx 0.1.19 Igor Sysoev <http://sysoev.ru> parents: 28 diff changeset	672 static ngx_int_t
2879cd3a40cb nginx 0.1.19 Igor Sysoev <http://sysoev.ru> parents: 28 diff changeset	673 ngx_ssl_handle_recv(ngx_connection_t *c, int n)
2879cd3a40cb nginx 0.1.19 Igor Sysoev <http://sysoev.ru> parents: 28 diff changeset	674 {
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	675 int sslerr;
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	676 ngx_err_t err;
38 2879cd3a40cb nginx 0.1.19 Igor Sysoev <http://sysoev.ru> parents: 28 diff changeset	677
2879cd3a40cb nginx 0.1.19 Igor Sysoev <http://sysoev.ru> parents: 28 diff changeset	678 if (n > 0) {
28 7ca9bdc82b3f nginx 0.1.14 Igor Sysoev <http://sysoev.ru> parents: 22 diff changeset	679
22 8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	680 if (c->ssl->saved_write_handler) {
8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	681
58 b55cbf18157e nginx 0.1.29 Igor Sysoev <http://sysoev.ru> parents: 50 diff changeset	682 c->write->handler = c->ssl->saved_write_handler;
22 8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	683 c->ssl->saved_write_handler = NULL;
8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	684 c->write->ready = 1;
8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	685
8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	686 if (ngx_handle_write_event(c->write, 0) == NGX_ERROR) {
8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	687 return NGX_ERROR;
8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	688 }
8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	689
112 408f195b3482 nginx 0.3.3 Igor Sysoev <http://sysoev.ru> parents: 108 diff changeset	690 ngx_post_event(c->write, &ngx_posted_events);
22 8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	691 }
8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	692
38 2879cd3a40cb nginx 0.1.19 Igor Sysoev <http://sysoev.ru> parents: 28 diff changeset	693 return NGX_OK;
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	694 }
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	695
92 45945fa8b8ba nginx 0.2.0 Igor Sysoev <http://sysoev.ru> parents: 90 diff changeset	696 sslerr = SSL_get_error(c->ssl->connection, n);
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	697
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	698 err = (sslerr == SSL_ERROR_SYSCALL) ? ngx_errno : 0;
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	699
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	700 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL_get_error: %d", sslerr);
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	701
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	702 if (sslerr == SSL_ERROR_WANT_READ) {
4 4b2dafa26fe2 nginx 0.1.2 Igor Sysoev <http://sysoev.ru> parents: 2 diff changeset	703 c->read->ready = 0;
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	704 return NGX_AGAIN;
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	705 }
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	706
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	707 if (sslerr == SSL_ERROR_WANT_WRITE) {
88 e916a291e9aa nginx 0.1.44 Igor Sysoev <http://sysoev.ru> parents: 62 diff changeset	708
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	709 ngx_log_error(NGX_LOG_INFO, c->log, 0,
126 df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	710 "peer started SSL renegotiation");
22 8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	711
8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	712 c->write->ready = 0;
8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	713
8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	714 if (ngx_handle_write_event(c->write, 0) == NGX_ERROR) {
8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	715 return NGX_ERROR;
8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	716 }
8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	717
8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	718 /*
8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	719 * we do not set the timer because there is already the read event timer
8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	720 */
8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	721
8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	722 if (c->ssl->saved_write_handler == NULL) {
58 b55cbf18157e nginx 0.1.29 Igor Sysoev <http://sysoev.ru> parents: 50 diff changeset	723 c->ssl->saved_write_handler = c->write->handler;
b55cbf18157e nginx 0.1.29 Igor Sysoev <http://sysoev.ru> parents: 50 diff changeset	724 c->write->handler = ngx_ssl_write_handler;
22 8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	725 }
8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	726
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	727 return NGX_AGAIN;
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	728 }
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	729
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	730 c->ssl->no_wait_shutdown = 1;
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	731 c->ssl->no_send_shutdown = 1;
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	732
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	733 if (sslerr == SSL_ERROR_ZERO_RETURN \|\| ERR_peek_error() == 0) {
126 df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	734 ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0,
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	735 "peer shutdown SSL cleanly");
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	736 return NGX_DONE;
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	737 }
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	738
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	739 ngx_ssl_connection_error(c, sslerr, err, "SSL_read() failed");
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	740
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	741 return NGX_ERROR;
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	742 }
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	743
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	744
38 2879cd3a40cb nginx 0.1.19 Igor Sysoev <http://sysoev.ru> parents: 28 diff changeset	745 static void
2879cd3a40cb nginx 0.1.19 Igor Sysoev <http://sysoev.ru> parents: 28 diff changeset	746 ngx_ssl_write_handler(ngx_event_t *wev)
22 8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	747 {
8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	748 ngx_connection_t *c;
8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	749
8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	750 c = wev->data;
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	751
58 b55cbf18157e nginx 0.1.29 Igor Sysoev <http://sysoev.ru> parents: 50 diff changeset	752 c->read->handler(c->read);
22 8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	753 }
8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	754
8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	755
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	756 /*
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	757 * OpenSSL has no SSL_writev() so we copy several bufs into our 16K buffer
22 8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	758 * before the SSL_write() call to decrease a SSL overhead.
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	759 *
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	760 * Besides for protocols such as HTTP it is possible to always buffer
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	761 * the output to decrease a SSL overhead some more.
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	762 */
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	763
38 2879cd3a40cb nginx 0.1.19 Igor Sysoev <http://sysoev.ru> parents: 28 diff changeset	764 ngx_chain_t *
2879cd3a40cb nginx 0.1.19 Igor Sysoev <http://sysoev.ru> parents: 28 diff changeset	765 ngx_ssl_send_chain(ngx_connection_t c, ngx_chain_t in, off_t limit)
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	766 {
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	767 int n;
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	768 ngx_uint_t flush;
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	769 ssize_t send, size;
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	770 ngx_buf_t *buf;
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	771
378 fc497c1dfb7c nginx 0.6.33 Igor Sysoev <http://sysoev.ru> parents: 376 diff changeset	772 if (!c->ssl->buffer) {
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	773
126 df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	774 while (in) {
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	775 if (ngx_buf_special(in->buf)) {
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	776 in = in->next;
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	777 continue;
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	778 }
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	779
126 df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	780 n = ngx_ssl_write(c, in->buf->pos, in->buf->last - in->buf->pos);
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	781
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	782 if (n == NGX_ERROR) {
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	783 return NGX_CHAIN_ERROR;
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	784 }
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	785
126 df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	786 if (n == NGX_AGAIN) {
146 36af50a5582d nginx 0.3.20 Igor Sysoev <http://sysoev.ru> parents: 140 diff changeset	787 c->buffered \|= NGX_SSL_BUFFERED;
126 df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	788 return in;
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	789 }
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	790
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	791 in->buf->pos += n;
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	792
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	793 if (in->buf->pos == in->buf->last) {
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	794 in = in->next;
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	795 }
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	796 }
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	797
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	798 return in;
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	799 }
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	800
22 8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	801
8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	802 /* the maximum limit size is the maximum uint32_t value - the page size */
8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	803
324 f7cd062ee035 nginx 0.6.6 Igor Sysoev <http://sysoev.ru> parents: 302 diff changeset	804 if (limit == 0 \|\| limit > (off_t) (NGX_MAX_UINT32_VALUE - ngx_pagesize)) {
22 8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	805 limit = NGX_MAX_UINT32_VALUE - ngx_pagesize;
8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	806 }
8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	807
126 df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	808 buf = c->ssl->buf;
358 9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	809
9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	810 if (buf == NULL) {
9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	811 buf = ngx_create_temp_buf(c->pool, NGX_SSL_BUFSIZE);
9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	812 if (buf == NULL) {
9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	813 return NGX_CHAIN_ERROR;
9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	814 }
9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	815
9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	816 c->ssl->buf = buf;
9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	817 }
9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	818
9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	819 if (buf->start == NULL) {
9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	820 buf->start = ngx_palloc(c->pool, NGX_SSL_BUFSIZE);
9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	821 if (buf->start == NULL) {
9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	822 return NGX_CHAIN_ERROR;
9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	823 }
9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	824
9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	825 buf->pos = buf->start;
9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	826 buf->last = buf->start;
9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	827 buf->end = buf->start + NGX_SSL_BUFSIZE;
9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	828 }
9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	829
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	830 send = 0;
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	831 flush = (in == NULL) ? 1 : 0;
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	832
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	833 for ( ;; ) {
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	834
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	835 while (in && buf->last < buf->end) {
132 91372f004adf nginx 0.3.13 Igor Sysoev <http://sysoev.ru> parents: 126 diff changeset	836 if (in->buf->last_buf \|\| in->buf->flush) {
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	837 flush = 1;
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	838 }
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	839
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	840 if (ngx_buf_special(in->buf)) {
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	841 in = in->next;
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	842 continue;
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	843 }
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	844
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	845 size = in->buf->last - in->buf->pos;
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	846
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	847 if (size > buf->end - buf->last) {
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	848 size = buf->end - buf->last;
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	849 }
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	850
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	851 if (send + size > limit) {
126 df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	852 size = (ssize_t) (limit - send);
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	853 flush = 1;
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	854 }
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	855
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	856 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0,
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	857 "SSL buf copy: %d", size);
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	858
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	859 ngx_memcpy(buf->last, in->buf->pos, size);
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	860
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	861 buf->last += size;
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	862
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	863 in->buf->pos += size;
126 df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	864
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	865 if (in->buf->pos == in->buf->last) {
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	866 in = in->next;
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	867 }
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	868 }
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	869
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	870 size = buf->last - buf->pos;
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	871
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	872 if (!flush && buf->last < buf->end && c->ssl->buffer) {
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	873 break;
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	874 }
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	875
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	876 n = ngx_ssl_write(c, buf->pos, size);
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	877
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	878 if (n == NGX_ERROR) {
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	879 return NGX_CHAIN_ERROR;
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	880 }
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	881
60 df7d3fff122b nginx 0.1.30 Igor Sysoev <http://sysoev.ru> parents: 58 diff changeset	882 if (n == NGX_AGAIN) {
146 36af50a5582d nginx 0.3.20 Igor Sysoev <http://sysoev.ru> parents: 140 diff changeset	883 c->buffered \|= NGX_SSL_BUFFERED;
60 df7d3fff122b nginx 0.1.30 Igor Sysoev <http://sysoev.ru> parents: 58 diff changeset	884 return in;
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	885 }
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	886
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	887 buf->pos += n;
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	888 send += n;
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	889 c->sent += n;
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	890
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	891 if (n < size) {
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	892 break;
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	893 }
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	894
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	895 if (buf->pos == buf->last) {
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	896 buf->pos = buf->start;
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	897 buf->last = buf->start;
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	898 }
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	899
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	900 if (in == NULL \|\| send == limit) {
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	901 break;
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	902 }
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	903 }
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	904
146 36af50a5582d nginx 0.3.20 Igor Sysoev <http://sysoev.ru> parents: 140 diff changeset	905 if (buf->pos < buf->last) {
36af50a5582d nginx 0.3.20 Igor Sysoev <http://sysoev.ru> parents: 140 diff changeset	906 c->buffered \|= NGX_SSL_BUFFERED;
36af50a5582d nginx 0.3.20 Igor Sysoev <http://sysoev.ru> parents: 140 diff changeset	907
36af50a5582d nginx 0.3.20 Igor Sysoev <http://sysoev.ru> parents: 140 diff changeset	908 } else {
36af50a5582d nginx 0.3.20 Igor Sysoev <http://sysoev.ru> parents: 140 diff changeset	909 c->buffered &= ~NGX_SSL_BUFFERED;
36af50a5582d nginx 0.3.20 Igor Sysoev <http://sysoev.ru> parents: 140 diff changeset	910 }
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	911
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	912 return in;
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	913 }
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	914
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	915
88 e916a291e9aa nginx 0.1.44 Igor Sysoev <http://sysoev.ru> parents: 62 diff changeset	916 ssize_t
38 2879cd3a40cb nginx 0.1.19 Igor Sysoev <http://sysoev.ru> parents: 28 diff changeset	917 ngx_ssl_write(ngx_connection_t c, u_char data, size_t size)
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	918 {
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	919 int n, sslerr;
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	920 ngx_err_t err;
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	921
358 9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	922 ngx_ssl_clear_error(c->log);
9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	923
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	924 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL to write: %d", size);
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	925
92 45945fa8b8ba nginx 0.2.0 Igor Sysoev <http://sysoev.ru> parents: 90 diff changeset	926 n = SSL_write(c->ssl->connection, data, size);
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	927
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	928 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL_write: %d", n);
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	929
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	930 if (n > 0) {
88 e916a291e9aa nginx 0.1.44 Igor Sysoev <http://sysoev.ru> parents: 62 diff changeset	931
22 8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	932 if (c->ssl->saved_read_handler) {
8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	933
58 b55cbf18157e nginx 0.1.29 Igor Sysoev <http://sysoev.ru> parents: 50 diff changeset	934 c->read->handler = c->ssl->saved_read_handler;
22 8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	935 c->ssl->saved_read_handler = NULL;
8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	936 c->read->ready = 1;
8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	937
8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	938 if (ngx_handle_read_event(c->read, 0) == NGX_ERROR) {
8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	939 return NGX_ERROR;
8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	940 }
8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	941
112 408f195b3482 nginx 0.3.3 Igor Sysoev <http://sysoev.ru> parents: 108 diff changeset	942 ngx_post_event(c->read, &ngx_posted_events);
22 8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	943 }
8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	944
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	945 return n;
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	946 }
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	947
92 45945fa8b8ba nginx 0.2.0 Igor Sysoev <http://sysoev.ru> parents: 90 diff changeset	948 sslerr = SSL_get_error(c->ssl->connection, n);
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	949
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	950 err = (sslerr == SSL_ERROR_SYSCALL) ? ngx_errno : 0;
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	951
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	952 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL_get_error: %d", sslerr);
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	953
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	954 if (sslerr == SSL_ERROR_WANT_WRITE) {
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	955 c->write->ready = 0;
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	956 return NGX_AGAIN;
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	957 }
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	958
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	959 if (sslerr == SSL_ERROR_WANT_READ) {
2 cc9f381affaa nginx 0.1.1 Igor Sysoev <http://sysoev.ru> parents: 0 diff changeset	960
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	961 ngx_log_error(NGX_LOG_INFO, c->log, 0,
126 df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	962 "peer started SSL renegotiation");
22 8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	963
8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	964 c->read->ready = 0;
8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	965
8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	966 if (ngx_handle_read_event(c->read, 0) == NGX_ERROR) {
8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	967 return NGX_ERROR;
8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	968 }
8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	969
8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	970 /*
8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	971 * we do not set the timer because there is already
8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	972 * the write event timer
8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	973 */
8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	974
8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	975 if (c->ssl->saved_read_handler == NULL) {
58 b55cbf18157e nginx 0.1.29 Igor Sysoev <http://sysoev.ru> parents: 50 diff changeset	976 c->ssl->saved_read_handler = c->read->handler;
b55cbf18157e nginx 0.1.29 Igor Sysoev <http://sysoev.ru> parents: 50 diff changeset	977 c->read->handler = ngx_ssl_read_handler;
22 8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	978 }
8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	979
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	980 return NGX_AGAIN;
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	981 }
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	982
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	983 c->ssl->no_wait_shutdown = 1;
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	984 c->ssl->no_send_shutdown = 1;
140 55a211e5eeb7 nginx 0.3.17 Igor Sysoev <http://sysoev.ru> parents: 138 diff changeset	985 c->write->error = 1;
92 45945fa8b8ba nginx 0.2.0 Igor Sysoev <http://sysoev.ru> parents: 90 diff changeset	986
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	987 ngx_ssl_connection_error(c, sslerr, err, "SSL_write() failed");
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	988
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	989 return NGX_ERROR;
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	990 }
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	991
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	992
38 2879cd3a40cb nginx 0.1.19 Igor Sysoev <http://sysoev.ru> parents: 28 diff changeset	993 static void
2879cd3a40cb nginx 0.1.19 Igor Sysoev <http://sysoev.ru> parents: 28 diff changeset	994 ngx_ssl_read_handler(ngx_event_t *rev)
22 8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	995 {
8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	996 ngx_connection_t *c;
8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	997
8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	998 c = rev->data;
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	999
58 b55cbf18157e nginx 0.1.29 Igor Sysoev <http://sysoev.ru> parents: 50 diff changeset	1000 c->write->handler(c->write);
22 8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	1001 }
8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	1002
8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	1003
358 9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	1004 void
9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	1005 ngx_ssl_free_buffer(ngx_connection_t *c)
9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	1006 {
360 2b41fbc2e39e nginx 0.6.24 Igor Sysoev <http://sysoev.ru> parents: 358 diff changeset	1007 if (c->ssl->buf && c->ssl->buf->start) {
2b41fbc2e39e nginx 0.6.24 Igor Sysoev <http://sysoev.ru> parents: 358 diff changeset	1008 if (ngx_pfree(c->pool, c->ssl->buf->start) == NGX_OK) {
2b41fbc2e39e nginx 0.6.24 Igor Sysoev <http://sysoev.ru> parents: 358 diff changeset	1009 c->ssl->buf->start = NULL;
2b41fbc2e39e nginx 0.6.24 Igor Sysoev <http://sysoev.ru> parents: 358 diff changeset	1010 }
358 9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	1011 }
9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	1012 }
9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	1013
9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	1014
38 2879cd3a40cb nginx 0.1.19 Igor Sysoev <http://sysoev.ru> parents: 28 diff changeset	1015 ngx_int_t
2879cd3a40cb nginx 0.1.19 Igor Sysoev <http://sysoev.ru> parents: 28 diff changeset	1016 ngx_ssl_shutdown(ngx_connection_t *c)
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1017 {
358 9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	1018 int n, sslerr, mode;
9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	1019 ngx_err_t err;
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1020
126 df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	1021 if (c->timedout) {
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	1022 mode = SSL_RECEIVED_SHUTDOWN\|SSL_SENT_SHUTDOWN;
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1023
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	1024 } else {
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	1025 mode = SSL_get_shutdown(c->ssl->connection);
22 8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	1026
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	1027 if (c->ssl->no_wait_shutdown) {
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	1028 mode \|= SSL_RECEIVED_SHUTDOWN;
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1029 }
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1030
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	1031 if (c->ssl->no_send_shutdown) {
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	1032 mode \|= SSL_SENT_SHUTDOWN;
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1033 }
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1034 }
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1035
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	1036 SSL_set_shutdown(c->ssl->connection, mode);
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	1037
358 9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	1038 ngx_ssl_clear_error(c->log);
9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	1039
9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	1040 n = SSL_shutdown(c->ssl->connection);
9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	1041
9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	1042 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL_shutdown: %d", n);
9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	1043
10 46833bd150cb nginx 0.1.5 Igor Sysoev <http://sysoev.ru> parents: 4 diff changeset	1044 sslerr = 0;
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1045
364 a39aab45a53f nginx 0.6.26 Igor Sysoev <http://sysoev.ru> parents: 360 diff changeset	1046 /* SSL_shutdown() never returns -1, on error it returns 0 */
a39aab45a53f nginx 0.6.26 Igor Sysoev <http://sysoev.ru> parents: 360 diff changeset	1047
a39aab45a53f nginx 0.6.26 Igor Sysoev <http://sysoev.ru> parents: 360 diff changeset	1048 if (n != 1 && ERR_peek_error()) {
92 45945fa8b8ba nginx 0.2.0 Igor Sysoev <http://sysoev.ru> parents: 90 diff changeset	1049 sslerr = SSL_get_error(c->ssl->connection, n);
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1050
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1051 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0,
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1052 "SSL_get_error: %d", sslerr);
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1053 }
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1054
364 a39aab45a53f nginx 0.6.26 Igor Sysoev <http://sysoev.ru> parents: 360 diff changeset	1055 if (n == 1 \|\| sslerr == 0 \|\| sslerr == SSL_ERROR_ZERO_RETURN) {
358 9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	1056 SSL_free(c->ssl->connection);
9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	1057 c->ssl = NULL;
9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	1058
9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	1059 return NGX_OK;
9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	1060 }
9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	1061
9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	1062 if (sslerr == SSL_ERROR_WANT_READ \|\| sslerr == SSL_ERROR_WANT_WRITE) {
126 df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	1063 c->read->handler = ngx_ssl_shutdown_handler;
138 8e6d4d96ec4c nginx 0.3.16 Igor Sysoev <http://sysoev.ru> parents: 132 diff changeset	1064 c->write->handler = ngx_ssl_shutdown_handler;
126 df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	1065
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1066 if (ngx_handle_read_event(c->read, 0) == NGX_ERROR) {
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1067 return NGX_ERROR;
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1068 }
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1069
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1070 if (ngx_handle_write_event(c->write, 0) == NGX_ERROR) {
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1071 return NGX_ERROR;
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1072 }
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1073
358 9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	1074 if (sslerr == SSL_ERROR_WANT_READ) {
138 8e6d4d96ec4c nginx 0.3.16 Igor Sysoev <http://sysoev.ru> parents: 132 diff changeset	1075 ngx_add_timer(c->read, 30000);
8e6d4d96ec4c nginx 0.3.16 Igor Sysoev <http://sysoev.ru> parents: 132 diff changeset	1076 }
8e6d4d96ec4c nginx 0.3.16 Igor Sysoev <http://sysoev.ru> parents: 132 diff changeset	1077
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1078 return NGX_AGAIN;
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1079 }
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1080
140 55a211e5eeb7 nginx 0.3.17 Igor Sysoev <http://sysoev.ru> parents: 138 diff changeset	1081 err = (sslerr == SSL_ERROR_SYSCALL) ? ngx_errno : 0;
55a211e5eeb7 nginx 0.3.17 Igor Sysoev <http://sysoev.ru> parents: 138 diff changeset	1082
55a211e5eeb7 nginx 0.3.17 Igor Sysoev <http://sysoev.ru> parents: 138 diff changeset	1083 ngx_ssl_connection_error(c, sslerr, err, "SSL_shutdown() failed");
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1084
92 45945fa8b8ba nginx 0.2.0 Igor Sysoev <http://sysoev.ru> parents: 90 diff changeset	1085 SSL_free(c->ssl->connection);
45945fa8b8ba nginx 0.2.0 Igor Sysoev <http://sysoev.ru> parents: 90 diff changeset	1086 c->ssl = NULL;
45945fa8b8ba nginx 0.2.0 Igor Sysoev <http://sysoev.ru> parents: 90 diff changeset	1087
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1088 return NGX_ERROR;
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1089 }
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1090
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1091
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	1092 static void
126 df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	1093 ngx_ssl_shutdown_handler(ngx_event_t *ev)
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	1094 {
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	1095 ngx_connection_t *c;
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	1096 ngx_connection_handler_pt handler;
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	1097
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	1098 c = ev->data;
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	1099 handler = c->ssl->handler;
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	1100
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	1101 if (ev->timedout) {
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	1102 c->timedout = 1;
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	1103 }
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	1104
272 29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1105 ngx_log_debug0(NGX_LOG_DEBUG_EVENT, ev->log, 0, "SSL shutdown handler");
126 df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	1106
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	1107 if (ngx_ssl_shutdown(c) == NGX_AGAIN) {
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	1108 return;
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	1109 }
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	1110
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	1111 handler(c);
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	1112 }
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	1113
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	1114
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	1115 static void
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	1116 ngx_ssl_connection_error(ngx_connection_t *c, int sslerr, ngx_err_t err,
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	1117 char *text)
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	1118 {
364 a39aab45a53f nginx 0.6.26 Igor Sysoev <http://sysoev.ru> parents: 360 diff changeset	1119 int n;
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	1120 ngx_uint_t level;
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	1121
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	1122 level = NGX_LOG_CRIT;
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	1123
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	1124 if (sslerr == SSL_ERROR_SYSCALL) {
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	1125
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	1126 if (err == NGX_ECONNRESET
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	1127 \|\| err == NGX_EPIPE
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	1128 \|\| err == NGX_ENOTCONN
138 8e6d4d96ec4c nginx 0.3.16 Igor Sysoev <http://sysoev.ru> parents: 132 diff changeset	1129 #if !(NGX_CRIT_ETIMEDOUT)
8e6d4d96ec4c nginx 0.3.16 Igor Sysoev <http://sysoev.ru> parents: 132 diff changeset	1130 \|\| err == NGX_ETIMEDOUT
8e6d4d96ec4c nginx 0.3.16 Igor Sysoev <http://sysoev.ru> parents: 132 diff changeset	1131 #endif
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	1132 \|\| err == NGX_ECONNREFUSED
364 a39aab45a53f nginx 0.6.26 Igor Sysoev <http://sysoev.ru> parents: 360 diff changeset	1133 \|\| err == NGX_ENETDOWN
a39aab45a53f nginx 0.6.26 Igor Sysoev <http://sysoev.ru> parents: 360 diff changeset	1134 \|\| err == NGX_ENETUNREACH
a39aab45a53f nginx 0.6.26 Igor Sysoev <http://sysoev.ru> parents: 360 diff changeset	1135 \|\| err == NGX_EHOSTDOWN
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	1136 \|\| err == NGX_EHOSTUNREACH)
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	1137 {
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	1138 switch (c->log_error) {
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	1139
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	1140 case NGX_ERROR_IGNORE_ECONNRESET:
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	1141 case NGX_ERROR_INFO:
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	1142 level = NGX_LOG_INFO;
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	1143 break;
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	1144
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	1145 case NGX_ERROR_ERR:
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	1146 level = NGX_LOG_ERR;
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	1147 break;
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	1148
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	1149 default:
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	1150 break;
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	1151 }
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	1152 }
364 a39aab45a53f nginx 0.6.26 Igor Sysoev <http://sysoev.ru> parents: 360 diff changeset	1153
a39aab45a53f nginx 0.6.26 Igor Sysoev <http://sysoev.ru> parents: 360 diff changeset	1154 } else if (sslerr == SSL_ERROR_SSL) {
a39aab45a53f nginx 0.6.26 Igor Sysoev <http://sysoev.ru> parents: 360 diff changeset	1155
a39aab45a53f nginx 0.6.26 Igor Sysoev <http://sysoev.ru> parents: 360 diff changeset	1156 n = ERR_GET_REASON(ERR_peek_error());
a39aab45a53f nginx 0.6.26 Igor Sysoev <http://sysoev.ru> parents: 360 diff changeset	1157
a39aab45a53f nginx 0.6.26 Igor Sysoev <http://sysoev.ru> parents: 360 diff changeset	1158 /* handshake failures */
370 9a242235a80a nginx 0.6.29 Igor Sysoev <http://sysoev.ru> parents: 366 diff changeset	1159 if (n == SSL_R_DIGEST_CHECK_FAILED
9a242235a80a nginx 0.6.29 Igor Sysoev <http://sysoev.ru> parents: 366 diff changeset	1160 \|\| n == SSL_R_NO_SHARED_CIPHER
364 a39aab45a53f nginx 0.6.26 Igor Sysoev <http://sysoev.ru> parents: 360 diff changeset	1161 \|\| n == SSL_R_UNEXPECTED_MESSAGE
a39aab45a53f nginx 0.6.26 Igor Sysoev <http://sysoev.ru> parents: 360 diff changeset	1162 \|\| n == SSL_R_WRONG_VERSION_NUMBER
370 9a242235a80a nginx 0.6.29 Igor Sysoev <http://sysoev.ru> parents: 366 diff changeset	1163 \|\| n == SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC
364 a39aab45a53f nginx 0.6.26 Igor Sysoev <http://sysoev.ru> parents: 360 diff changeset	1164 \|\| n == 1000 /* SSL_R_SSLV3_ALERT_CLOSE_NOTIFY */
370 9a242235a80a nginx 0.6.29 Igor Sysoev <http://sysoev.ru> parents: 366 diff changeset	1165 \|\| n == SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE
9a242235a80a nginx 0.6.29 Igor Sysoev <http://sysoev.ru> parents: 366 diff changeset	1166 \|\| n == SSL_R_SSLV3_ALERT_BAD_RECORD_MAC
9a242235a80a nginx 0.6.29 Igor Sysoev <http://sysoev.ru> parents: 366 diff changeset	1167 \|\| n == SSL_R_SSLV3_ALERT_DECOMPRESSION_FAILURE
9a242235a80a nginx 0.6.29 Igor Sysoev <http://sysoev.ru> parents: 366 diff changeset	1168 \|\| n == SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE
9a242235a80a nginx 0.6.29 Igor Sysoev <http://sysoev.ru> parents: 366 diff changeset	1169 \|\| n == SSL_R_SSLV3_ALERT_BAD_CERTIFICATE
9a242235a80a nginx 0.6.29 Igor Sysoev <http://sysoev.ru> parents: 366 diff changeset	1170 \|\| n == SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE
9a242235a80a nginx 0.6.29 Igor Sysoev <http://sysoev.ru> parents: 366 diff changeset	1171 \|\| n == SSL_R_SSLV3_ALERT_CERTIFICATE_REVOKED
364 a39aab45a53f nginx 0.6.26 Igor Sysoev <http://sysoev.ru> parents: 360 diff changeset	1172 \|\| n == SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED
370 9a242235a80a nginx 0.6.29 Igor Sysoev <http://sysoev.ru> parents: 366 diff changeset	1173 \|\| n == SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN
364 a39aab45a53f nginx 0.6.26 Igor Sysoev <http://sysoev.ru> parents: 360 diff changeset	1174 \|\| n == SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER
a39aab45a53f nginx 0.6.26 Igor Sysoev <http://sysoev.ru> parents: 360 diff changeset	1175 \|\| n == SSL_R_TLSV1_ALERT_UNKNOWN_CA)
a39aab45a53f nginx 0.6.26 Igor Sysoev <http://sysoev.ru> parents: 360 diff changeset	1176 {
a39aab45a53f nginx 0.6.26 Igor Sysoev <http://sysoev.ru> parents: 360 diff changeset	1177 switch (c->log_error) {
a39aab45a53f nginx 0.6.26 Igor Sysoev <http://sysoev.ru> parents: 360 diff changeset	1178
a39aab45a53f nginx 0.6.26 Igor Sysoev <http://sysoev.ru> parents: 360 diff changeset	1179 case NGX_ERROR_IGNORE_ECONNRESET:
a39aab45a53f nginx 0.6.26 Igor Sysoev <http://sysoev.ru> parents: 360 diff changeset	1180 case NGX_ERROR_INFO:
a39aab45a53f nginx 0.6.26 Igor Sysoev <http://sysoev.ru> parents: 360 diff changeset	1181 level = NGX_LOG_INFO;
a39aab45a53f nginx 0.6.26 Igor Sysoev <http://sysoev.ru> parents: 360 diff changeset	1182 break;
a39aab45a53f nginx 0.6.26 Igor Sysoev <http://sysoev.ru> parents: 360 diff changeset	1183
a39aab45a53f nginx 0.6.26 Igor Sysoev <http://sysoev.ru> parents: 360 diff changeset	1184 case NGX_ERROR_ERR:
a39aab45a53f nginx 0.6.26 Igor Sysoev <http://sysoev.ru> parents: 360 diff changeset	1185 level = NGX_LOG_ERR;
a39aab45a53f nginx 0.6.26 Igor Sysoev <http://sysoev.ru> parents: 360 diff changeset	1186 break;
a39aab45a53f nginx 0.6.26 Igor Sysoev <http://sysoev.ru> parents: 360 diff changeset	1187
a39aab45a53f nginx 0.6.26 Igor Sysoev <http://sysoev.ru> parents: 360 diff changeset	1188 default:
a39aab45a53f nginx 0.6.26 Igor Sysoev <http://sysoev.ru> parents: 360 diff changeset	1189 break;
a39aab45a53f nginx 0.6.26 Igor Sysoev <http://sysoev.ru> parents: 360 diff changeset	1190 }
a39aab45a53f nginx 0.6.26 Igor Sysoev <http://sysoev.ru> parents: 360 diff changeset	1191 }
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	1192 }
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	1193
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	1194 ngx_ssl_error(level, c->log, err, text);
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	1195 }
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	1196
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	1197
358 9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	1198 static void
9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	1199 ngx_ssl_clear_error(ngx_log_t *log)
9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	1200 {
364 a39aab45a53f nginx 0.6.26 Igor Sysoev <http://sysoev.ru> parents: 360 diff changeset	1201 while (ERR_peek_error()) {
358 9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	1202 ngx_ssl_error(NGX_LOG_ALERT, log, 0, "ignoring stale global SSL error");
9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	1203 }
364 a39aab45a53f nginx 0.6.26 Igor Sysoev <http://sysoev.ru> parents: 360 diff changeset	1204
a39aab45a53f nginx 0.6.26 Igor Sysoev <http://sysoev.ru> parents: 360 diff changeset	1205 ERR_clear_error();
358 9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	1206 }
9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	1207
9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	1208
132 91372f004adf nginx 0.3.13 Igor Sysoev <http://sysoev.ru> parents: 126 diff changeset	1209 void ngx_cdecl
38 2879cd3a40cb nginx 0.1.19 Igor Sysoev <http://sysoev.ru> parents: 28 diff changeset	1210 ngx_ssl_error(ngx_uint_t level, ngx_log_t log, ngx_err_t err, char fmt, ...)
126 df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	1211 {
364 a39aab45a53f nginx 0.6.26 Igor Sysoev <http://sysoev.ru> parents: 360 diff changeset	1212 u_long n;
a39aab45a53f nginx 0.6.26 Igor Sysoev <http://sysoev.ru> parents: 360 diff changeset	1213 va_list args;
a39aab45a53f nginx 0.6.26 Igor Sysoev <http://sysoev.ru> parents: 360 diff changeset	1214 u_char p, last;
a39aab45a53f nginx 0.6.26 Igor Sysoev <http://sysoev.ru> parents: 360 diff changeset	1215 u_char errstr[NGX_MAX_CONF_ERRSTR];
10 46833bd150cb nginx 0.1.5 Igor Sysoev <http://sysoev.ru> parents: 4 diff changeset	1216
46833bd150cb nginx 0.1.5 Igor Sysoev <http://sysoev.ru> parents: 4 diff changeset	1217 last = errstr + NGX_MAX_CONF_ERRSTR;
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1218
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1219 va_start(args, fmt);
10 46833bd150cb nginx 0.1.5 Igor Sysoev <http://sysoev.ru> parents: 4 diff changeset	1220 p = ngx_vsnprintf(errstr, sizeof(errstr) - 1, fmt, args);
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1221 va_end(args);
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1222
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	1223 p = ngx_cpystrn(p, (u_char *) " (SSL:", last - p);
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	1224
364 a39aab45a53f nginx 0.6.26 Igor Sysoev <http://sysoev.ru> parents: 360 diff changeset	1225 for ( ;; ) {
132 91372f004adf nginx 0.3.13 Igor Sysoev <http://sysoev.ru> parents: 126 diff changeset	1226
91372f004adf nginx 0.3.13 Igor Sysoev <http://sysoev.ru> parents: 126 diff changeset	1227 n = ERR_get_error();
91372f004adf nginx 0.3.13 Igor Sysoev <http://sysoev.ru> parents: 126 diff changeset	1228
91372f004adf nginx 0.3.13 Igor Sysoev <http://sysoev.ru> parents: 126 diff changeset	1229 if (n == 0) {
91372f004adf nginx 0.3.13 Igor Sysoev <http://sysoev.ru> parents: 126 diff changeset	1230 break;
91372f004adf nginx 0.3.13 Igor Sysoev <http://sysoev.ru> parents: 126 diff changeset	1231 }
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	1232
364 a39aab45a53f nginx 0.6.26 Igor Sysoev <http://sysoev.ru> parents: 360 diff changeset	1233 if (p >= last) {
a39aab45a53f nginx 0.6.26 Igor Sysoev <http://sysoev.ru> parents: 360 diff changeset	1234 continue;
a39aab45a53f nginx 0.6.26 Igor Sysoev <http://sysoev.ru> parents: 360 diff changeset	1235 }
a39aab45a53f nginx 0.6.26 Igor Sysoev <http://sysoev.ru> parents: 360 diff changeset	1236
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	1237 *p++ = ' ';
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1238
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	1239 ERR_error_string_n(n, (char *) p, last - p);
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	1240
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	1241 while (p < last && *p) {
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	1242 p++;
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	1243 }
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	1244 }
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1245
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1246 ngx_log_error(level, log, err, "%s)", errstr);
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1247 }
58 b55cbf18157e nginx 0.1.29 Igor Sysoev <http://sysoev.ru> parents: 50 diff changeset	1248
b55cbf18157e nginx 0.1.29 Igor Sysoev <http://sysoev.ru> parents: 50 diff changeset	1249
272 29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1250 ngx_int_t
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1251 ngx_ssl_session_cache(ngx_ssl_t ssl, ngx_str_t sess_ctx,
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1252 ssize_t builtin_session_cache, ngx_shm_zone_t *shm_zone, time_t timeout)
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1253 {
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1254 long cache_mode;
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1255
358 9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	1256 if (builtin_session_cache == NGX_SSL_NO_SCACHE) {
9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	1257 SSL_CTX_set_session_cache_mode(ssl->ctx, SSL_SESS_CACHE_OFF);
9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	1258 return NGX_OK;
9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	1259 }
9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	1260
376 d13234035cad nginx 0.6.32 Igor Sysoev <http://sysoev.ru> parents: 372 diff changeset	1261 if (builtin_session_cache == NGX_SSL_NONE_SCACHE) {
d13234035cad nginx 0.6.32 Igor Sysoev <http://sysoev.ru> parents: 372 diff changeset	1262
d13234035cad nginx 0.6.32 Igor Sysoev <http://sysoev.ru> parents: 372 diff changeset	1263 /*
d13234035cad nginx 0.6.32 Igor Sysoev <http://sysoev.ru> parents: 372 diff changeset	1264 * If the server explicitly says that it does not support
d13234035cad nginx 0.6.32 Igor Sysoev <http://sysoev.ru> parents: 372 diff changeset	1265 * session reuse (see SSL_SESS_CACHE_OFF above), then
d13234035cad nginx 0.6.32 Igor Sysoev <http://sysoev.ru> parents: 372 diff changeset	1266 * Outlook Express fails to upload a sent email to
d13234035cad nginx 0.6.32 Igor Sysoev <http://sysoev.ru> parents: 372 diff changeset	1267 * the Sent Items folder on the IMAP server via a separate IMAP
d13234035cad nginx 0.6.32 Igor Sysoev <http://sysoev.ru> parents: 372 diff changeset	1268 * connection in the background. Therefore we have a special
d13234035cad nginx 0.6.32 Igor Sysoev <http://sysoev.ru> parents: 372 diff changeset	1269 * mode (SSL_SESS_CACHE_SERVER\|SSL_SESS_CACHE_NO_INTERNAL_STORE)
d13234035cad nginx 0.6.32 Igor Sysoev <http://sysoev.ru> parents: 372 diff changeset	1270 * where the server pretends that it supports session reuse,
d13234035cad nginx 0.6.32 Igor Sysoev <http://sysoev.ru> parents: 372 diff changeset	1271 * but it does not actually store any session.
d13234035cad nginx 0.6.32 Igor Sysoev <http://sysoev.ru> parents: 372 diff changeset	1272 */
d13234035cad nginx 0.6.32 Igor Sysoev <http://sysoev.ru> parents: 372 diff changeset	1273
d13234035cad nginx 0.6.32 Igor Sysoev <http://sysoev.ru> parents: 372 diff changeset	1274 SSL_CTX_set_session_cache_mode(ssl->ctx,
d13234035cad nginx 0.6.32 Igor Sysoev <http://sysoev.ru> parents: 372 diff changeset	1275 SSL_SESS_CACHE_SERVER
d13234035cad nginx 0.6.32 Igor Sysoev <http://sysoev.ru> parents: 372 diff changeset	1276 \|SSL_SESS_CACHE_NO_AUTO_CLEAR
d13234035cad nginx 0.6.32 Igor Sysoev <http://sysoev.ru> parents: 372 diff changeset	1277 \|SSL_SESS_CACHE_NO_INTERNAL_STORE);
d13234035cad nginx 0.6.32 Igor Sysoev <http://sysoev.ru> parents: 372 diff changeset	1278
d13234035cad nginx 0.6.32 Igor Sysoev <http://sysoev.ru> parents: 372 diff changeset	1279 SSL_CTX_sess_set_cache_size(ssl->ctx, 1);
d13234035cad nginx 0.6.32 Igor Sysoev <http://sysoev.ru> parents: 372 diff changeset	1280
d13234035cad nginx 0.6.32 Igor Sysoev <http://sysoev.ru> parents: 372 diff changeset	1281 return NGX_OK;
d13234035cad nginx 0.6.32 Igor Sysoev <http://sysoev.ru> parents: 372 diff changeset	1282 }
d13234035cad nginx 0.6.32 Igor Sysoev <http://sysoev.ru> parents: 372 diff changeset	1283
272 29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1284 cache_mode = SSL_SESS_CACHE_SERVER;
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1285
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1286 if (shm_zone && builtin_session_cache == NGX_SSL_NO_BUILTIN_SCACHE) {
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1287 cache_mode \|= SSL_SESS_CACHE_NO_INTERNAL;
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1288 }
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1289
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1290 SSL_CTX_set_session_cache_mode(ssl->ctx, cache_mode);
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1291
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1292 SSL_CTX_set_session_id_context(ssl->ctx, sess_ctx->data, sess_ctx->len);
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1293
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1294 if (builtin_session_cache != NGX_SSL_NO_BUILTIN_SCACHE) {
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1295
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1296 if (builtin_session_cache != NGX_SSL_DFLT_BUILTIN_SCACHE) {
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1297 SSL_CTX_sess_set_cache_size(ssl->ctx, builtin_session_cache);
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1298 }
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1299 }
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1300
274 052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1301 SSL_CTX_set_timeout(ssl->ctx, timeout);
052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1302
272 29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1303 if (shm_zone) {
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1304 shm_zone->init = ngx_ssl_session_cache_init;
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1305
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1306 SSL_CTX_sess_set_new_cb(ssl->ctx, ngx_ssl_new_session);
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1307 SSL_CTX_sess_set_get_cb(ssl->ctx, ngx_ssl_get_cached_session);
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1308 SSL_CTX_sess_set_remove_cb(ssl->ctx, ngx_ssl_remove_session);
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1309
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1310 if (SSL_CTX_set_ex_data(ssl->ctx, ngx_ssl_session_cache_index, shm_zone)
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1311 == 0)
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1312 {
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1313 ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0,
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1314 "SSL_CTX_set_ex_data() failed");
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1315 return NGX_ERROR;
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1316 }
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1317 }
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1318
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1319 return NGX_OK;
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1320 }
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1321
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1322
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1323 static ngx_int_t
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1324 ngx_ssl_session_cache_init(ngx_shm_zone_t shm_zone, void data)
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1325 {
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1326 ngx_slab_pool_t *shpool;
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1327 ngx_ssl_session_cache_t *cache;
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1328
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1329 if (data) {
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1330 shm_zone->data = data;
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1331 return NGX_OK;
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1332 }
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1333
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1334 shpool = (ngx_slab_pool_t *) shm_zone->shm.addr;
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1335
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1336 cache = ngx_slab_alloc(shpool, sizeof(ngx_ssl_session_cache_t));
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1337 if (cache == NULL) {
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1338 return NGX_ERROR;
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1339 }
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1340
358 9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	1341 ngx_rbtree_init(&cache->session_rbtree, &cache->sentinel,
356 b743d290eb3b nginx 0.6.22 Igor Sysoev <http://sysoev.ru> parents: 332 diff changeset	1342 ngx_ssl_session_rbtree_insert_value);
272 29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1343
358 9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	1344 ngx_queue_init(&cache->expire_queue);
9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	1345
272 29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1346 shm_zone->data = cache;
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1347
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1348 return NGX_OK;
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1349 }
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1350
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1351
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1352 /*
274 052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1353 * The length of the session id is 16 bytes for SSLv2 sessions and
052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1354 * between 1 and 32 bytes for SSLv3/TLSv1, typically 32 bytes.
052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1355 * It seems that the typical length of the external ASN1 representation
052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1356 * of a session is 118 or 119 bytes for SSLv3/TSLv1.
052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1357 *
052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1358 * Thus on 32-bit platforms we allocate separately an rbtree node,
052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1359 * a session id, and an ASN1 representation, they take accordingly
052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1360 * 64, 32, and 128 bytes.
052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1361 *
052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1362 * On 64-bit platforms we allocate separately an rbtree node + session_id,
052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1363 * and an ASN1 representation, they take accordingly 128 and 128 bytes.
052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1364 *
272 29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1365 * OpenSSL's i2d_SSL_SESSION() and d2i_SSL_SESSION are slow,
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1366 * so they are outside the code locked by shared pool mutex
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1367 */
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1368
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1369 static int
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1370 ngx_ssl_new_session(ngx_ssl_conn_t ssl_conn, ngx_ssl_session_t sess)
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1371 {
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1372 int len;
274 052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1373 u_char p, id, *cached_sess;
272 29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1374 uint32_t hash;
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1375 SSL_CTX *ssl_ctx;
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1376 ngx_shm_zone_t *shm_zone;
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1377 ngx_connection_t *c;
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1378 ngx_slab_pool_t *shpool;
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1379 ngx_ssl_sess_id_t *sess_id;
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1380 ngx_ssl_session_cache_t *cache;
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1381 u_char buf[NGX_SSL_MAX_SESSION_SIZE];
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1382
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1383 len = i2d_SSL_SESSION(sess, NULL);
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1384
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1385 /* do not cache too big session */
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1386
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1387 if (len > (int) NGX_SSL_MAX_SESSION_SIZE) {
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1388 return 0;
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1389 }
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1390
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1391 p = buf;
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1392 i2d_SSL_SESSION(sess, &p);
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1393
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1394 c = ngx_ssl_get_connection(ssl_conn);
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1395
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1396 ssl_ctx = SSL_get_SSL_CTX(ssl_conn);
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1397 shm_zone = SSL_CTX_get_ex_data(ssl_ctx, ngx_ssl_session_cache_index);
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1398
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1399 cache = shm_zone->data;
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1400 shpool = (ngx_slab_pool_t *) shm_zone->shm.addr;
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1401
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1402 ngx_shmtx_lock(&shpool->mutex);
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1403
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1404 /* drop one or two expired sessions */
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1405 ngx_ssl_expire_sessions(cache, shpool, 1);
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1406
274 052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1407 cached_sess = ngx_slab_alloc_locked(shpool, len);
272 29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1408
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1409 if (cached_sess == NULL) {
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1410
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1411 /* drop the oldest non-expired session and try once more */
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1412
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1413 ngx_ssl_expire_sessions(cache, shpool, 0);
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1414
274 052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1415 cached_sess = ngx_slab_alloc_locked(shpool, len);
272 29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1416
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1417 if (cached_sess == NULL) {
274 052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1418 sess_id = NULL;
272 29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1419 goto failed;
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1420 }
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1421 }
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1422
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1423 sess_id = ngx_slab_alloc_locked(shpool, sizeof(ngx_ssl_sess_id_t));
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1424 if (sess_id == NULL) {
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1425 goto failed;
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1426 }
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1427
274 052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1428 #if (NGX_PTR_SIZE == 8)
052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1429
052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1430 id = sess_id->sess_id;
052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1431
052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1432 #else
052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1433
052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1434 id = ngx_slab_alloc_locked(shpool, sess->session_id_length);
052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1435 if (id == NULL) {
052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1436 goto failed;
052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1437 }
052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1438
052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1439 #endif
052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1440
052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1441 ngx_memcpy(cached_sess, buf, len);
272 29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1442
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1443 ngx_memcpy(id, sess->session_id, sess->session_id_length);
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1444
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1445 hash = ngx_crc32_short(sess->session_id, sess->session_id_length);
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1446
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1447 ngx_log_debug3(NGX_LOG_DEBUG_EVENT, c->log, 0,
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1448 "http ssl new session: %08XD:%d:%d",
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1449 hash, sess->session_id_length, len);
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1450
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1451 sess_id->node.key = hash;
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1452 sess_id->node.data = (u_char) sess->session_id_length;
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1453 sess_id->id = id;
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1454 sess_id->len = len;
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1455 sess_id->session = cached_sess;
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1456
358 9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	1457 sess_id->expire = ngx_time() + SSL_CTX_get_timeout(ssl_ctx);
9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	1458
9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	1459 ngx_queue_insert_head(&cache->expire_queue, &sess_id->queue);
9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	1460
9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	1461 ngx_rbtree_insert(&cache->session_rbtree, &sess_id->node);
272 29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1462
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1463 ngx_shmtx_unlock(&shpool->mutex);
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1464
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1465 return 0;
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1466
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1467 failed:
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1468
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1469 if (cached_sess) {
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1470 ngx_slab_free_locked(shpool, cached_sess);
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1471 }
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1472
274 052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1473 if (sess_id) {
052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1474 ngx_slab_free_locked(shpool, sess_id);
272 29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1475 }
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1476
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1477 ngx_shmtx_unlock(&shpool->mutex);
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1478
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1479 ngx_log_error(NGX_LOG_ALERT, c->log, 0,
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1480 "could not add new SSL session to the session cache");
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1481
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1482 return 0;
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1483 }
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1484
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1485
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1486 static ngx_ssl_session_t *
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1487 ngx_ssl_get_cached_session(ngx_ssl_conn_t ssl_conn, u_char id, int len,
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1488 int *copy)
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1489 {
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1490 #if OPENSSL_VERSION_NUMBER >= 0x0090707fL
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1491 const
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1492 #endif
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1493 u_char *p;
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1494 uint32_t hash;
274 052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1495 ngx_int_t rc;
272 29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1496 ngx_shm_zone_t *shm_zone;
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1497 ngx_slab_pool_t *shpool;
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1498 ngx_connection_t *c;
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1499 ngx_rbtree_node_t node, sentinel;
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1500 ngx_ssl_session_t *sess;
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1501 ngx_ssl_sess_id_t *sess_id;
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1502 ngx_ssl_session_cache_t *cache;
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1503 u_char buf[NGX_SSL_MAX_SESSION_SIZE];
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1504
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1505 c = ngx_ssl_get_connection(ssl_conn);
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1506
274 052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1507 hash = ngx_crc32_short(id, (size_t) len);
272 29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1508 *copy = 0;
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1509
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1510 ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0,
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1511 "http ssl get session: %08XD:%d", hash, len);
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1512
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1513 shm_zone = SSL_CTX_get_ex_data(SSL_get_SSL_CTX(ssl_conn),
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1514 ngx_ssl_session_cache_index);
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1515
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1516 cache = shm_zone->data;
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1517
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1518 sess = NULL;
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1519
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1520 shpool = (ngx_slab_pool_t *) shm_zone->shm.addr;
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1521
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1522 ngx_shmtx_lock(&shpool->mutex);
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1523
358 9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	1524 node = cache->session_rbtree.root;
9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	1525 sentinel = cache->session_rbtree.sentinel;
272 29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1526
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1527 while (node != sentinel) {
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1528
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1529 if (hash < node->key) {
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1530 node = node->left;
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1531 continue;
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1532 }
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1533
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1534 if (hash > node->key) {
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1535 node = node->right;
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1536 continue;
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1537 }
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1538
274 052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1539 /* hash == node->key */
052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1540
052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1541 do {
272 29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1542 sess_id = (ngx_ssl_sess_id_t *) node;
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1543
274 052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1544 rc = ngx_memn2cmp(id, sess_id->id,
052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1545 (size_t) len, (size_t) node->data);
052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1546 if (rc == 0) {
272 29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1547
358 9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	1548 if (sess_id->expire > ngx_time()) {
274 052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1549 ngx_memcpy(buf, sess_id->session, sess_id->len);
272 29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1550
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1551 ngx_shmtx_unlock(&shpool->mutex);
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1552
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1553 p = buf;
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1554 sess = d2i_SSL_SESSION(NULL, &p, sess_id->len);
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1555
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1556 return sess;
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1557 }
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1558
358 9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	1559 ngx_queue_remove(&sess_id->queue);
9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	1560
9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	1561 ngx_rbtree_delete(&cache->session_rbtree, node);
272 29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1562
274 052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1563 ngx_slab_free_locked(shpool, sess_id->session);
052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1564 #if (NGX_PTR_SIZE == 4)
272 29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1565 ngx_slab_free_locked(shpool, sess_id->id);
274 052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1566 #endif
272 29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1567 ngx_slab_free_locked(shpool, sess_id);
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1568
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1569 sess = NULL;
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1570
274 052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1571 goto done;
272 29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1572 }
274 052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1573
052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1574 node = (rc < 0) ? node->left : node->right;
052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1575
052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1576 } while (node != sentinel && hash == node->key);
052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1577
052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1578 break;
272 29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1579 }
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1580
274 052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1581 done:
052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1582
272 29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1583 ngx_shmtx_unlock(&shpool->mutex);
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1584
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1585 return sess;
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1586 }
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1587
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1588
366 babd3d9efb62 nginx 0.6.27 Igor Sysoev <http://sysoev.ru> parents: 364 diff changeset	1589 void
babd3d9efb62 nginx 0.6.27 Igor Sysoev <http://sysoev.ru> parents: 364 diff changeset	1590 ngx_ssl_remove_cached_session(SSL_CTX ssl, ngx_ssl_session_t sess)
babd3d9efb62 nginx 0.6.27 Igor Sysoev <http://sysoev.ru> parents: 364 diff changeset	1591 {
babd3d9efb62 nginx 0.6.27 Igor Sysoev <http://sysoev.ru> parents: 364 diff changeset	1592 SSL_CTX_remove_session(ssl, sess);
babd3d9efb62 nginx 0.6.27 Igor Sysoev <http://sysoev.ru> parents: 364 diff changeset	1593
babd3d9efb62 nginx 0.6.27 Igor Sysoev <http://sysoev.ru> parents: 364 diff changeset	1594 ngx_ssl_remove_session(ssl, sess);
babd3d9efb62 nginx 0.6.27 Igor Sysoev <http://sysoev.ru> parents: 364 diff changeset	1595 }
babd3d9efb62 nginx 0.6.27 Igor Sysoev <http://sysoev.ru> parents: 364 diff changeset	1596
babd3d9efb62 nginx 0.6.27 Igor Sysoev <http://sysoev.ru> parents: 364 diff changeset	1597
272 29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1598 static void
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1599 ngx_ssl_remove_session(SSL_CTX ssl, ngx_ssl_session_t sess)
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1600 {
274 052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1601 size_t len;
052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1602 u_char *id;
272 29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1603 uint32_t hash;
274 052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1604 ngx_int_t rc;
272 29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1605 ngx_shm_zone_t *shm_zone;
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1606 ngx_slab_pool_t *shpool;
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1607 ngx_rbtree_node_t node, sentinel;
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1608 ngx_ssl_sess_id_t *sess_id;
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1609 ngx_ssl_session_cache_t *cache;
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1610
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1611 shm_zone = SSL_CTX_get_ex_data(ssl, ngx_ssl_session_cache_index);
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1612
366 babd3d9efb62 nginx 0.6.27 Igor Sysoev <http://sysoev.ru> parents: 364 diff changeset	1613 if (shm_zone == NULL) {
babd3d9efb62 nginx 0.6.27 Igor Sysoev <http://sysoev.ru> parents: 364 diff changeset	1614 return;
babd3d9efb62 nginx 0.6.27 Igor Sysoev <http://sysoev.ru> parents: 364 diff changeset	1615 }
babd3d9efb62 nginx 0.6.27 Igor Sysoev <http://sysoev.ru> parents: 364 diff changeset	1616
272 29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1617 cache = shm_zone->data;
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1618
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1619 id = sess->session_id;
274 052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1620 len = (size_t) sess->session_id_length;
052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1621
052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1622 hash = ngx_crc32_short(id, len);
272 29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1623
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1624 ngx_log_debug2(NGX_LOG_DEBUG_EVENT, ngx_cycle->log, 0,
274 052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1625 "http ssl remove session: %08XD:%uz", hash, len);
272 29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1626
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1627 shpool = (ngx_slab_pool_t *) shm_zone->shm.addr;
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1628
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1629 ngx_shmtx_lock(&shpool->mutex);
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1630
358 9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	1631 node = cache->session_rbtree.root;
9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	1632 sentinel = cache->session_rbtree.sentinel;
272 29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1633
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1634 while (node != sentinel) {
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1635
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1636 if (hash < node->key) {
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1637 node = node->left;
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1638 continue;
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1639 }
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1640
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1641 if (hash > node->key) {
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1642 node = node->right;
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1643 continue;
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1644 }
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1645
274 052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1646 /* hash == node->key */
052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1647
052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1648 do {
272 29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1649 sess_id = (ngx_ssl_sess_id_t *) node;
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1650
274 052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1651 rc = ngx_memn2cmp(id, sess_id->id, len, (size_t) node->data);
052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1652
052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1653 if (rc == 0) {
358 9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	1654
9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	1655 ngx_queue_remove(&sess_id->queue);
9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	1656
9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	1657 ngx_rbtree_delete(&cache->session_rbtree, node);
272 29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1658
274 052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1659 ngx_slab_free_locked(shpool, sess_id->session);
052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1660 #if (NGX_PTR_SIZE == 4)
272 29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1661 ngx_slab_free_locked(shpool, sess_id->id);
274 052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1662 #endif
272 29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1663 ngx_slab_free_locked(shpool, sess_id);
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1664
274 052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1665 goto done;
272 29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1666 }
274 052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1667
052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1668 node = (rc < 0) ? node->left : node->right;
052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1669
052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1670 } while (node != sentinel && hash == node->key);
052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1671
052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1672 break;
272 29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1673 }
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1674
274 052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1675 done:
052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1676
272 29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1677 ngx_shmtx_unlock(&shpool->mutex);
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1678 }
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1679
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1680
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1681 static void
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1682 ngx_ssl_expire_sessions(ngx_ssl_session_cache_t *cache,
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1683 ngx_slab_pool_t *shpool, ngx_uint_t n)
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1684 {
358 9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	1685 time_t now;
9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	1686 ngx_queue_t *q;
274 052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1687 ngx_ssl_sess_id_t *sess_id;
272 29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1688
358 9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	1689 now = ngx_time();
272 29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1690
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1691 while (n < 3) {
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1692
358 9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	1693 if (ngx_queue_empty(&cache->expire_queue)) {
272 29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1694 return;
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1695 }
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1696
358 9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	1697 q = ngx_queue_last(&cache->expire_queue);
9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	1698
9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	1699 sess_id = ngx_queue_data(q, ngx_ssl_sess_id_t, queue);
9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	1700
9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	1701 if (n++ != 0 && sess_id->expire > now) {
332 3a91bfeffaba nginx 0.6.10 Igor Sysoev <http://sysoev.ru> parents: 330 diff changeset	1702 return;
272 29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1703 }
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1704
358 9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	1705 ngx_queue_remove(q);
272 29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1706
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1707 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, ngx_cycle->log, 0,
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1708 "expire session: %08Xi", sess_id->node.key);
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1709
358 9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	1710 ngx_rbtree_delete(&cache->session_rbtree, &sess_id->node);
9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	1711
274 052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1712 ngx_slab_free_locked(shpool, sess_id->session);
052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1713 #if (NGX_PTR_SIZE == 4)
272 29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1714 ngx_slab_free_locked(shpool, sess_id->id);
274 052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1715 #endif
272 29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1716 ngx_slab_free_locked(shpool, sess_id);
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1717 }
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1718 }
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1719
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1720
274 052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1721 static void
052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1722 ngx_ssl_session_rbtree_insert_value(ngx_rbtree_node_t *temp,
052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1723 ngx_rbtree_node_t node, ngx_rbtree_node_t sentinel)
052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1724 {
356 b743d290eb3b nginx 0.6.22 Igor Sysoev <http://sysoev.ru> parents: 332 diff changeset	1725 ngx_rbtree_node_t **p;
b743d290eb3b nginx 0.6.22 Igor Sysoev <http://sysoev.ru> parents: 332 diff changeset	1726 ngx_ssl_sess_id_t sess_id, sess_id_temp;
274 052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1727
052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1728 for ( ;; ) {
052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1729
052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1730 if (node->key < temp->key) {
052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1731
356 b743d290eb3b nginx 0.6.22 Igor Sysoev <http://sysoev.ru> parents: 332 diff changeset	1732 p = &temp->left;
274 052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1733
052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1734 } else if (node->key > temp->key) {
052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1735
356 b743d290eb3b nginx 0.6.22 Igor Sysoev <http://sysoev.ru> parents: 332 diff changeset	1736 p = &temp->right;
274 052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1737
052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1738 } else { /* node->key == temp->key */
052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1739
052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1740 sess_id = (ngx_ssl_sess_id_t *) node;
052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1741 sess_id_temp = (ngx_ssl_sess_id_t *) temp;
052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1742
356 b743d290eb3b nginx 0.6.22 Igor Sysoev <http://sysoev.ru> parents: 332 diff changeset	1743 p = (ngx_memn2cmp(sess_id->id, sess_id_temp->id,
b743d290eb3b nginx 0.6.22 Igor Sysoev <http://sysoev.ru> parents: 332 diff changeset	1744 (size_t) node->data, (size_t) temp->data)
b743d290eb3b nginx 0.6.22 Igor Sysoev <http://sysoev.ru> parents: 332 diff changeset	1745 < 0) ? &temp->left : &temp->right;
274 052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1746 }
356 b743d290eb3b nginx 0.6.22 Igor Sysoev <http://sysoev.ru> parents: 332 diff changeset	1747
b743d290eb3b nginx 0.6.22 Igor Sysoev <http://sysoev.ru> parents: 332 diff changeset	1748 if (*p == sentinel) {
b743d290eb3b nginx 0.6.22 Igor Sysoev <http://sysoev.ru> parents: 332 diff changeset	1749 break;
b743d290eb3b nginx 0.6.22 Igor Sysoev <http://sysoev.ru> parents: 332 diff changeset	1750 }
b743d290eb3b nginx 0.6.22 Igor Sysoev <http://sysoev.ru> parents: 332 diff changeset	1751
b743d290eb3b nginx 0.6.22 Igor Sysoev <http://sysoev.ru> parents: 332 diff changeset	1752 temp = *p;
274 052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1753 }
052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1754
356 b743d290eb3b nginx 0.6.22 Igor Sysoev <http://sysoev.ru> parents: 332 diff changeset	1755 *p = node;
274 052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1756 node->parent = temp;
052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1757 node->left = sentinel;
052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1758 node->right = sentinel;
052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1759 ngx_rbt_red(node);
276 c5c2b2883984 nginx 0.5.8 Igor Sysoev <http://sysoev.ru> parents: 274 diff changeset	1760 }
274 052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1761
052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1762
58 b55cbf18157e nginx 0.1.29 Igor Sysoev <http://sysoev.ru> parents: 50 diff changeset	1763 void
b55cbf18157e nginx 0.1.29 Igor Sysoev <http://sysoev.ru> parents: 50 diff changeset	1764 ngx_ssl_cleanup_ctx(void *data)
b55cbf18157e nginx 0.1.29 Igor Sysoev <http://sysoev.ru> parents: 50 diff changeset	1765 {
138 8e6d4d96ec4c nginx 0.3.16 Igor Sysoev <http://sysoev.ru> parents: 132 diff changeset	1766 ngx_ssl_t *ssl = data;
58 b55cbf18157e nginx 0.1.29 Igor Sysoev <http://sysoev.ru> parents: 50 diff changeset	1767
138 8e6d4d96ec4c nginx 0.3.16 Igor Sysoev <http://sysoev.ru> parents: 132 diff changeset	1768 SSL_CTX_free(ssl->ctx);
58 b55cbf18157e nginx 0.1.29 Igor Sysoev <http://sysoev.ru> parents: 50 diff changeset	1769 }
90 71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	1770
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	1771
220 559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	1772 ngx_int_t
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	1773 ngx_ssl_get_protocol(ngx_connection_t c, ngx_pool_t pool, ngx_str_t *s)
160 73e8476f9142 nginx 0.3.27 Igor Sysoev <http://sysoev.ru> parents: 146 diff changeset	1774 {
220 559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	1775 s->data = (u_char *) SSL_get_version(c->ssl->connection);
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	1776 return NGX_OK;
160 73e8476f9142 nginx 0.3.27 Igor Sysoev <http://sysoev.ru> parents: 146 diff changeset	1777 }
73e8476f9142 nginx 0.3.27 Igor Sysoev <http://sysoev.ru> parents: 146 diff changeset	1778
73e8476f9142 nginx 0.3.27 Igor Sysoev <http://sysoev.ru> parents: 146 diff changeset	1779
220 559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	1780 ngx_int_t
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	1781 ngx_ssl_get_cipher_name(ngx_connection_t c, ngx_pool_t pool, ngx_str_t *s)
160 73e8476f9142 nginx 0.3.27 Igor Sysoev <http://sysoev.ru> parents: 146 diff changeset	1782 {
220 559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	1783 s->data = (u_char *) SSL_get_cipher_name(c->ssl->connection);
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	1784 return NGX_OK;
160 73e8476f9142 nginx 0.3.27 Igor Sysoev <http://sysoev.ru> parents: 146 diff changeset	1785 }
73e8476f9142 nginx 0.3.27 Igor Sysoev <http://sysoev.ru> parents: 146 diff changeset	1786
73e8476f9142 nginx 0.3.27 Igor Sysoev <http://sysoev.ru> parents: 146 diff changeset	1787
196 8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1788 ngx_int_t
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1789 ngx_ssl_get_subject_dn(ngx_connection_t c, ngx_pool_t pool, ngx_str_t *s)
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1790 {
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1791 char *p;
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1792 size_t len;
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1793 X509 *cert;
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1794 X509_NAME *name;
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1795
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1796 s->len = 0;
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1797
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1798 cert = SSL_get_peer_certificate(c->ssl->connection);
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1799 if (cert == NULL) {
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1800 return NGX_OK;
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1801 }
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1802
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1803 name = X509_get_subject_name(cert);
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1804 if (name == NULL) {
372 6639b93e81b2 nginx 0.6.30 Igor Sysoev <http://sysoev.ru> parents: 370 diff changeset	1805 X509_free(cert);
196 8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1806 return NGX_ERROR;
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1807 }
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1808
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1809 p = X509_NAME_oneline(name, NULL, 0);
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1810
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1811 for (len = 0; p[len]; len++) { /* void */ }
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1812
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1813 s->len = len;
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1814 s->data = ngx_palloc(pool, len);
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1815 if (s->data == NULL) {
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1816 OPENSSL_free(p);
372 6639b93e81b2 nginx 0.6.30 Igor Sysoev <http://sysoev.ru> parents: 370 diff changeset	1817 X509_free(cert);
196 8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1818 return NGX_ERROR;
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1819 }
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1820
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1821 ngx_memcpy(s->data, p, len);
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1822
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1823 OPENSSL_free(p);
372 6639b93e81b2 nginx 0.6.30 Igor Sysoev <http://sysoev.ru> parents: 370 diff changeset	1824 X509_free(cert);
196 8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1825
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1826 return NGX_OK;
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1827 }
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1828
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1829
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1830 ngx_int_t
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1831 ngx_ssl_get_issuer_dn(ngx_connection_t c, ngx_pool_t pool, ngx_str_t *s)
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1832 {
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1833 char *p;
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1834 size_t len;
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1835 X509 *cert;
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1836 X509_NAME *name;
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1837
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1838 s->len = 0;
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1839
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1840 cert = SSL_get_peer_certificate(c->ssl->connection);
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1841 if (cert == NULL) {
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1842 return NGX_OK;
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1843 }
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1844
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1845 name = X509_get_issuer_name(cert);
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1846 if (name == NULL) {
372 6639b93e81b2 nginx 0.6.30 Igor Sysoev <http://sysoev.ru> parents: 370 diff changeset	1847 X509_free(cert);
196 8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1848 return NGX_ERROR;
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1849 }
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1850
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1851 p = X509_NAME_oneline(name, NULL, 0);
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1852
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1853 for (len = 0; p[len]; len++) { /* void */ }
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1854
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1855 s->len = len;
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1856 s->data = ngx_palloc(pool, len);
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1857 if (s->data == NULL) {
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1858 OPENSSL_free(p);
372 6639b93e81b2 nginx 0.6.30 Igor Sysoev <http://sysoev.ru> parents: 370 diff changeset	1859 X509_free(cert);
196 8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1860 return NGX_ERROR;
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1861 }
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1862
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1863 ngx_memcpy(s->data, p, len);
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1864
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1865 OPENSSL_free(p);
372 6639b93e81b2 nginx 0.6.30 Igor Sysoev <http://sysoev.ru> parents: 370 diff changeset	1866 X509_free(cert);
196 8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1867
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1868 return NGX_OK;
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1869 }
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1870
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	1871
220 559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	1872 ngx_int_t
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	1873 ngx_ssl_get_serial_number(ngx_connection_t c, ngx_pool_t pool, ngx_str_t *s)
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	1874 {
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	1875 size_t len;
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	1876 X509 *cert;
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	1877 BIO *bio;
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	1878
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	1879 s->len = 0;
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	1880
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	1881 cert = SSL_get_peer_certificate(c->ssl->connection);
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	1882 if (cert == NULL) {
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	1883 return NGX_OK;
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	1884 }
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	1885
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	1886 bio = BIO_new(BIO_s_mem());
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	1887 if (bio == NULL) {
372 6639b93e81b2 nginx 0.6.30 Igor Sysoev <http://sysoev.ru> parents: 370 diff changeset	1888 X509_free(cert);
220 559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	1889 return NGX_ERROR;
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	1890 }
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	1891
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	1892 i2a_ASN1_INTEGER(bio, X509_get_serialNumber(cert));
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	1893 len = BIO_pending(bio);
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	1894
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	1895 s->len = len;
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	1896 s->data = ngx_palloc(pool, len);
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	1897 if (s->data == NULL) {
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	1898 BIO_free(bio);
372 6639b93e81b2 nginx 0.6.30 Igor Sysoev <http://sysoev.ru> parents: 370 diff changeset	1899 X509_free(cert);
220 559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	1900 return NGX_ERROR;
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	1901 }
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	1902
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	1903 BIO_read(bio, s->data, len);
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	1904 BIO_free(bio);
372 6639b93e81b2 nginx 0.6.30 Igor Sysoev <http://sysoev.ru> parents: 370 diff changeset	1905 X509_free(cert);
220 559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	1906
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	1907 return NGX_OK;
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	1908 }
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	1909
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	1910
90 71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	1911 static void *
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	1912 ngx_openssl_create_conf(ngx_cycle_t *cycle)
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	1913 {
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	1914 ngx_openssl_conf_t *oscf;
126 df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	1915
90 71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	1916 oscf = ngx_pcalloc(cycle->pool, sizeof(ngx_openssl_conf_t));
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	1917 if (oscf == NULL) {
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	1918 return NGX_CONF_ERROR;
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	1919 }
126 df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	1920
90 71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	1921 /*
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	1922 * set by ngx_pcalloc():
126 df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	1923 *
90 71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	1924 * oscf->engine.len = 0;
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	1925 * oscf->engine.data = NULL;
126 df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	1926 */
90 71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	1927
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	1928 return oscf;
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	1929 }
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	1930
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	1931
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	1932 static char *
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	1933 ngx_openssl_init_conf(ngx_cycle_t cycle, void conf)
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	1934 {
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	1935 #if (NGX_SSL_ENGINE)
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	1936 ngx_openssl_conf_t *oscf = conf;
120 e85dca77c46a nginx 0.3.7 Igor Sysoev <http://sysoev.ru> parents: 112 diff changeset	1937
90 71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	1938 ENGINE *engine;
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	1939
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	1940 if (oscf->engine.len == 0) {
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	1941 return NGX_CONF_OK;
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	1942 }
126 df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	1943
90 71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	1944 engine = ENGINE_by_id((const char *) oscf->engine.data);
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	1945
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	1946 if (engine == NULL) {
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	1947 ngx_ssl_error(NGX_LOG_WARN, cycle->log, 0,
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	1948 "ENGINE_by_id(\"%V\") failed", &oscf->engine);
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	1949 return NGX_CONF_ERROR;
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	1950 }
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	1951
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	1952 if (ENGINE_set_default(engine, ENGINE_METHOD_ALL) == 0) {
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	1953 ngx_ssl_error(NGX_LOG_WARN, cycle->log, 0,
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	1954 "ENGINE_set_default(\"%V\", ENGINE_METHOD_ALL) failed",
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	1955 &oscf->engine);
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	1956 return NGX_CONF_ERROR;
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	1957 }
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	1958
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	1959 ENGINE_free(engine);
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	1960
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	1961 #endif
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	1962
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	1963 return NGX_CONF_OK;
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	1964 }
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	1965
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	1966
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	1967 #if !(NGX_SSL_ENGINE)
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	1968
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	1969 static char *
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	1970 ngx_openssl_noengine(ngx_conf_t cf, ngx_command_t cmd, void *conf)
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	1971 {
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	1972 ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
112 408f195b3482 nginx 0.3.3 Igor Sysoev <http://sysoev.ru> parents: 108 diff changeset	1973 "\"ssl_engine\" directive is available only in "
408f195b3482 nginx 0.3.3 Igor Sysoev <http://sysoev.ru> parents: 108 diff changeset	1974 "OpenSSL 0.9.7 and higher,");
90 71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	1975
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	1976 return NGX_CONF_ERROR;
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	1977 }
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	1978
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	1979 #endif
120 e85dca77c46a nginx 0.3.7 Igor Sysoev <http://sysoev.ru> parents: 112 diff changeset	1980
e85dca77c46a nginx 0.3.7 Igor Sysoev <http://sysoev.ru> parents: 112 diff changeset	1981
e85dca77c46a nginx 0.3.7 Igor Sysoev <http://sysoev.ru> parents: 112 diff changeset	1982 static void
e85dca77c46a nginx 0.3.7 Igor Sysoev <http://sysoev.ru> parents: 112 diff changeset	1983 ngx_openssl_exit(ngx_cycle_t *cycle)
e85dca77c46a nginx 0.3.7 Igor Sysoev <http://sysoev.ru> parents: 112 diff changeset	1984 {
e85dca77c46a nginx 0.3.7 Igor Sysoev <http://sysoev.ru> parents: 112 diff changeset	1985 #if (NGX_SSL_ENGINE)
e85dca77c46a nginx 0.3.7 Igor Sysoev <http://sysoev.ru> parents: 112 diff changeset	1986 ENGINE_cleanup();
e85dca77c46a nginx 0.3.7 Igor Sysoev <http://sysoev.ru> parents: 112 diff changeset	1987 #endif
e85dca77c46a nginx 0.3.7 Igor Sysoev <http://sysoev.ru> parents: 112 diff changeset	1988 }

Mercurial > hg > nginx-vendor-0-6

annotate src/event/ngx_event_openssl.c @ 378:fc497c1dfb7c NGINX_0_6_33