Mercurial > hg > nginx-vendor-0-8

comparison src/http/modules/ngx_http_ssl_module.c @ 380:bc21d9cd9c54 NGINX_0_7_2

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
nginx 0.7.2 *) Feature: now nginx supports EDH key exchange ciphers. *) Feature: the "ssl_dhparam" directive. *) Feature: the $ssl_client_cert variable. Thanks to Manlio Perillo. *) Bugfix: after changing URI via a "rewrite" directive nginx did not search a new location; bug appeared in 0.7.1. Thanks to Maxim Dounin. *) Bugfix: nginx could not be built without PCRE library; bug appeared in 0.7.1. *) Bugfix: when a request to a directory was redirected with the slash added, nginx dropped a query string from the original request.
author Igor Sysoev <http://sysoev.ru>
date Mon, 16 Jun 2008 00:00:00 +0400
parents 820f6378fc00
children 0b6053502c55
comparison
equal deleted inserted replaced
379:9d9dad60269f 380:bc21d9cd9c54
68 { ngx_string("ssl_certificate_key"), 68 { ngx_string("ssl_certificate_key"),
69 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_TAKE1, 69 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_TAKE1,
70 ngx_conf_set_str_slot, 70 ngx_conf_set_str_slot,
71 NGX_HTTP_SRV_CONF_OFFSET, 71 NGX_HTTP_SRV_CONF_OFFSET,
72 offsetof(ngx_http_ssl_srv_conf_t, certificate_key), 72 offsetof(ngx_http_ssl_srv_conf_t, certificate_key),
73 NULL },
74
75 { ngx_string("ssl_dhparam"),
76 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_TAKE1,
77 ngx_conf_set_str_slot,
78 NGX_HTTP_SRV_CONF_OFFSET,
79 offsetof(ngx_http_ssl_srv_conf_t, dhparam),
73 NULL }, 80 NULL },
74 81
75 { ngx_string("ssl_protocols"), 82 { ngx_string("ssl_protocols"),
76 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_1MORE, 83 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_1MORE,
77 ngx_conf_set_bitmask_slot, 84 ngx_conf_set_bitmask_slot,
173 (uintptr_t) ngx_ssl_get_protocol, NGX_HTTP_VAR_CHANGEABLE, 0 }, 180 (uintptr_t) ngx_ssl_get_protocol, NGX_HTTP_VAR_CHANGEABLE, 0 },
174 181
175 { ngx_string("ssl_cipher"), NULL, ngx_http_ssl_static_variable, 182 { ngx_string("ssl_cipher"), NULL, ngx_http_ssl_static_variable,
176 (uintptr_t) ngx_ssl_get_cipher_name, NGX_HTTP_VAR_CHANGEABLE, 0 }, 183 (uintptr_t) ngx_ssl_get_cipher_name, NGX_HTTP_VAR_CHANGEABLE, 0 },
177 184
185 { ngx_string("ssl_client_cert"), NULL, ngx_http_ssl_variable,
186 (uintptr_t) ngx_ssl_get_certificate, NGX_HTTP_VAR_CHANGEABLE, 0 },
187
178 { ngx_string("ssl_client_s_dn"), NULL, ngx_http_ssl_variable, 188 { ngx_string("ssl_client_s_dn"), NULL, ngx_http_ssl_variable,
179 (uintptr_t) ngx_ssl_get_subject_dn, NGX_HTTP_VAR_CHANGEABLE, 0 }, 189 (uintptr_t) ngx_ssl_get_subject_dn, NGX_HTTP_VAR_CHANGEABLE, 0 },
180 190
181 { ngx_string("ssl_client_i_dn"), NULL, ngx_http_ssl_variable, 191 { ngx_string("ssl_client_i_dn"), NULL, ngx_http_ssl_variable,
182 (uintptr_t) ngx_ssl_get_issuer_dn, NGX_HTTP_VAR_CHANGEABLE, 0 }, 192 (uintptr_t) ngx_ssl_get_issuer_dn, NGX_HTTP_VAR_CHANGEABLE, 0 },
285 295
286 /* 296 /*
287 * set by ngx_pcalloc(): 297 * set by ngx_pcalloc():
288 * 298 *
289 * sscf->protocols = 0; 299 * sscf->protocols = 0;
290 * sscf->certificate.len = 0; 300 * sscf->certificate = { 0, NULL };
291 * sscf->certificate.data = NULL; 301 * sscf->certificate_key = { 0, NULL };
292 * sscf->certificate_key.len = 0; 302 * sscf->dhparam = { 0, NULL };
293 * sscf->certificate_key.data = NULL; 303 * sscf->client_certificate = { 0, NULL };
294 * sscf->client_certificate.len = 0;
295 * sscf->client_certificate.data = NULL;
296 * sscf->ciphers.len = 0; 304 * sscf->ciphers.len = 0;
297 * sscf->ciphers.data = NULL; 305 * sscf->ciphers.data = NULL;
298 * sscf->shm_zone = NULL; 306 * sscf->shm_zone = NULL;
299 */ 307 */
300 308
339 ngx_conf_merge_str_value(conf->certificate, prev->certificate, 347 ngx_conf_merge_str_value(conf->certificate, prev->certificate,
340 NGX_DEFLAUT_CERTIFICATE); 348 NGX_DEFLAUT_CERTIFICATE);
341 349
342 ngx_conf_merge_str_value(conf->certificate_key, prev->certificate_key, 350 ngx_conf_merge_str_value(conf->certificate_key, prev->certificate_key,
343 NGX_DEFLAUT_CERTIFICATE_KEY); 351 NGX_DEFLAUT_CERTIFICATE_KEY);
352
353 ngx_conf_merge_str_value(conf->dhparam, prev->dhparam, "");
344 354
345 ngx_conf_merge_str_value(conf->client_certificate, prev->client_certificate, 355 ngx_conf_merge_str_value(conf->client_certificate, prev->client_certificate,
346 ""); 356 "");
347 357
348 ngx_conf_merge_str_value(conf->ciphers, prev->ciphers, NGX_DEFLAUT_CIPHERS); 358 ngx_conf_merge_str_value(conf->ciphers, prev->ciphers, NGX_DEFLAUT_CIPHERS);
412 /* a temporary 512-bit RSA key is required for export versions of MSIE */ 422 /* a temporary 512-bit RSA key is required for export versions of MSIE */
413 if (ngx_ssl_generate_rsa512_key(&conf->ssl) != NGX_OK) { 423 if (ngx_ssl_generate_rsa512_key(&conf->ssl) != NGX_OK) {
414 return NGX_CONF_ERROR; 424 return NGX_CONF_ERROR;
415 } 425 }
416 426
427 if (ngx_ssl_dhparam(cf, &conf->ssl, &conf->dhparam) != NGX_OK) {
428 return NGX_CONF_ERROR;
429 }
430
417 ngx_conf_merge_value(conf->builtin_session_cache, 431 ngx_conf_merge_value(conf->builtin_session_cache,
418 prev->builtin_session_cache, NGX_SSL_NONE_SCACHE); 432 prev->builtin_session_cache, NGX_SSL_NONE_SCACHE);
419 433
420 if (conf->shm_zone == NULL) { 434 if (conf->shm_zone == NULL) {
421 conf->shm_zone = prev->shm_zone; 435 conf->shm_zone = prev->shm_zone;