Mercurial > hg > nginx-vendor-0-8
comparison src/http/modules/ngx_http_ssl_module.c @ 218:1bf60f8c5c9e NGINX_0_3_56
nginx 0.3.56
*) Feature: the "dav_access" directive.
*) Feature: the "if" directive supports the "-d", "!-d", "-e", "!-e",
"-x", and "!-x" operators.
*) Bugfix: a segmentation fault occurred if an request returned an
redirect and some sent to client header lines were logged in the
access log.
author | Igor Sysoev <http://sysoev.ru> |
---|---|
date | Fri, 04 Aug 2006 00:00:00 +0400 |
parents | fa32d59d9a15 |
children | 559bc7ec214e |
comparison
equal
deleted
inserted
replaced
217:a346c23fc94e | 218:1bf60f8c5c9e |
---|---|
15 #define NGX_DEFLAUT_CERTIFICATE "cert.pem" | 15 #define NGX_DEFLAUT_CERTIFICATE "cert.pem" |
16 #define NGX_DEFLAUT_CERTIFICATE_KEY "cert.pem" | 16 #define NGX_DEFLAUT_CERTIFICATE_KEY "cert.pem" |
17 #define NGX_DEFLAUT_CIPHERS "ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP" | 17 #define NGX_DEFLAUT_CIPHERS "ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP" |
18 | 18 |
19 | 19 |
20 static int ngx_http_ssl_verify_callback(int ok, X509_STORE_CTX *x509_store); | |
20 static ngx_int_t ngx_http_ssl_variable(ngx_http_request_t *r, | 21 static ngx_int_t ngx_http_ssl_variable(ngx_http_request_t *r, |
21 ngx_http_variable_value_t *v, uintptr_t data); | 22 ngx_http_variable_value_t *v, uintptr_t data); |
22 static ngx_int_t ngx_http_ssl_client_s_dn(ngx_http_request_t *r, | 23 static ngx_int_t ngx_http_ssl_client_s_dn(ngx_http_request_t *r, |
23 ngx_http_variable_value_t *v, uintptr_t data); | 24 ngx_http_variable_value_t *v, uintptr_t data); |
24 static ngx_int_t ngx_http_ssl_client_i_dn(ngx_http_request_t *r, | 25 static ngx_int_t ngx_http_ssl_client_i_dn(ngx_http_request_t *r, |
382 "SSL_CTX_set_cipher_list(\"%V\") failed", | 383 "SSL_CTX_set_cipher_list(\"%V\") failed", |
383 &conf->ciphers); | 384 &conf->ciphers); |
384 } | 385 } |
385 | 386 |
386 if (conf->verify) { | 387 if (conf->verify) { |
387 SSL_CTX_set_verify(conf->ssl.ctx, NGX_SSL_VERIFY, NULL); | 388 SSL_CTX_set_verify(conf->ssl.ctx, NGX_SSL_VERIFY, |
389 ngx_http_ssl_verify_callback); | |
388 | 390 |
389 SSL_CTX_set_verify_depth(conf->ssl.ctx, conf->verify_depth); | 391 SSL_CTX_set_verify_depth(conf->ssl.ctx, conf->verify_depth); |
390 | 392 |
391 if (conf->client_certificate.len) { | 393 if (conf->client_certificate.len) { |
392 if (ngx_ssl_client_certificate(cf, &conf->ssl, | 394 if (ngx_ssl_client_certificate(cf, &conf->ssl, |
420 | 422 |
421 return NGX_CONF_OK; | 423 return NGX_CONF_OK; |
422 } | 424 } |
423 | 425 |
424 | 426 |
427 static int | |
428 ngx_http_ssl_verify_callback(int ok, X509_STORE_CTX *x509_store) | |
429 { | |
430 return 1; | |
431 } | |
432 | |
433 | |
425 #if !defined (SSL_OP_CIPHER_SERVER_PREFERENCE) | 434 #if !defined (SSL_OP_CIPHER_SERVER_PREFERENCE) |
426 | 435 |
427 static char * | 436 static char * |
428 ngx_http_ssl_nosupported(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) | 437 ngx_http_ssl_nosupported(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) |
429 { | 438 { |