nginx-vendor-current: src/event/ngx_event

annotate src/event/ngx_event_openssl.c @ 688:f31b19fe7f48 NGINX_1_3_7

nginx 1.3.7 *) Feature: OCSP stapling support. Thanks to Comodo, DigiCert and GlobalSign for sponsoring this work. *) Feature: the "ssl_trusted_certificate" directive. *) Feature: resolver now randomly rotates addresses returned from cache. Thanks to Anton Jouline. *) Bugfix: OpenSSL 0.9.7 compatibility.

author	Igor Sysoev <http://sysoev.ru>
date	Tue, 02 Oct 2012 00:00:00 +0400
parents	981b4c44593b
children

rev	line source
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	2 /*
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	3 * Copyright (C) Igor Sysoev
660 d0f7a625f27c nginx 1.1.14 Igor Sysoev <http://sysoev.ru> parents: 658 diff changeset	4 * Copyright (C) Nginx, Inc.
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	5 */
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	6
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	7
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	8 #include <ngx_config.h>
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	9 #include <ngx_core.h>
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	10 #include <ngx_event.h>
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	11
90 71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	12
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	13 typedef struct {
446 15a022ee809b nginx 0.7.35 Igor Sysoev <http://sysoev.ru> parents: 430 diff changeset	14 ngx_uint_t engine; /* unsigned engine:1; */
90 71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	15 } ngx_openssl_conf_t;
28 7ca9bdc82b3f nginx 0.1.14 Igor Sysoev <http://sysoev.ru> parents: 22 diff changeset	16
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	17
220 559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	18 static int ngx_http_ssl_verify_callback(int ok, X509_STORE_CTX *x509_store);
542 2b9e388c61f1 nginx 0.8.23 Igor Sysoev <http://sysoev.ru> parents: 540 diff changeset	19 static void ngx_ssl_info_callback(const ngx_ssl_conn_t *ssl_conn, int where,
2b9e388c61f1 nginx 0.8.23 Igor Sysoev <http://sysoev.ru> parents: 540 diff changeset	20 int ret);
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	21 static void ngx_ssl_handshake_handler(ngx_event_t *ev);
38 2879cd3a40cb nginx 0.1.19 Igor Sysoev <http://sysoev.ru> parents: 28 diff changeset	22 static ngx_int_t ngx_ssl_handle_recv(ngx_connection_t *c, int n);
22 8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	23 static void ngx_ssl_write_handler(ngx_event_t *wev);
8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	24 static void ngx_ssl_read_handler(ngx_event_t *rev);
126 df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	25 static void ngx_ssl_shutdown_handler(ngx_event_t *ev);
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	26 static void ngx_ssl_connection_error(ngx_connection_t *c, int sslerr,
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	27 ngx_err_t err, char *text);
358 9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	28 static void ngx_ssl_clear_error(ngx_log_t *log);
272 29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	29
634 23ef0645ea57 nginx 1.1.1 Igor Sysoev <http://sysoev.ru> parents: 632 diff changeset	30 ngx_int_t ngx_ssl_session_cache_init(ngx_shm_zone_t shm_zone, void data);
272 29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	31 static int ngx_ssl_new_session(ngx_ssl_conn_t *ssl_conn,
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	32 ngx_ssl_session_t *sess);
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	33 static ngx_ssl_session_t ngx_ssl_get_cached_session(ngx_ssl_conn_t ssl_conn,
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	34 u_char id, int len, int copy);
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	35 static void ngx_ssl_remove_session(SSL_CTX ssl, ngx_ssl_session_t sess);
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	36 static void ngx_ssl_expire_sessions(ngx_ssl_session_cache_t *cache,
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	37 ngx_slab_pool_t *shpool, ngx_uint_t n);
274 052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	38 static void ngx_ssl_session_rbtree_insert_value(ngx_rbtree_node_t *temp,
052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	39 ngx_rbtree_node_t node, ngx_rbtree_node_t sentinel);
272 29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	40
90 71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	41 static void ngx_openssl_create_conf(ngx_cycle_t cycle);
446 15a022ee809b nginx 0.7.35 Igor Sysoev <http://sysoev.ru> parents: 430 diff changeset	42 static char ngx_openssl_engine(ngx_conf_t cf, ngx_command_t cmd, void conf);
120 e85dca77c46a nginx 0.3.7 Igor Sysoev <http://sysoev.ru> parents: 112 diff changeset	43 static void ngx_openssl_exit(ngx_cycle_t *cycle);
90 71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	44
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	45
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	46 static ngx_command_t ngx_openssl_commands[] = {
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	47
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	48 { ngx_string("ssl_engine"),
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	49 NGX_MAIN_CONF\|NGX_DIRECT_CONF\|NGX_CONF_TAKE1,
446 15a022ee809b nginx 0.7.35 Igor Sysoev <http://sysoev.ru> parents: 430 diff changeset	50 ngx_openssl_engine,
90 71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	51 0,
446 15a022ee809b nginx 0.7.35 Igor Sysoev <http://sysoev.ru> parents: 430 diff changeset	52 0,
90 71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	53 NULL },
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	54
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	55 ngx_null_command
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	56 };
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	57
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	58
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	59 static ngx_core_module_t ngx_openssl_module_ctx = {
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	60 ngx_string("openssl"),
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	61 ngx_openssl_create_conf,
446 15a022ee809b nginx 0.7.35 Igor Sysoev <http://sysoev.ru> parents: 430 diff changeset	62 NULL
126 df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	63 };
90 71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	64
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	65
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	66 ngx_module_t ngx_openssl_module = {
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	67 NGX_MODULE_V1,
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	68 &ngx_openssl_module_ctx, /* module context */
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	69 ngx_openssl_commands, /* module directives */
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	70 NGX_CORE_MODULE, /* module type */
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	71 NULL, /* init master */
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	72 NULL, /* init module */
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	73 NULL, /* init process */
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	74 NULL, /* init thread */
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	75 NULL, /* exit thread */
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	76 NULL, /* exit process */
120 e85dca77c46a nginx 0.3.7 Igor Sysoev <http://sysoev.ru> parents: 112 diff changeset	77 ngx_openssl_exit, /* exit master */
90 71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	78 NGX_MODULE_V1_PADDING
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	79 };
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	80
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	81
272 29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	82 int ngx_ssl_connection_index;
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	83 int ngx_ssl_server_conf_index;
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	84 int ngx_ssl_session_cache_index;
688 f31b19fe7f48 nginx 1.3.7 Igor Sysoev <http://sysoev.ru> parents: 678 diff changeset	85 int ngx_ssl_certificate_index;
f31b19fe7f48 nginx 1.3.7 Igor Sysoev <http://sysoev.ru> parents: 678 diff changeset	86 int ngx_ssl_stapling_index;
220 559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	87
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	88
38 2879cd3a40cb nginx 0.1.19 Igor Sysoev <http://sysoev.ru> parents: 28 diff changeset	89 ngx_int_t
2879cd3a40cb nginx 0.1.19 Igor Sysoev <http://sysoev.ru> parents: 28 diff changeset	90 ngx_ssl_init(ngx_log_t *log)
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	91 {
272 29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	92 OPENSSL_config(NULL);
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	93
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	94 SSL_library_init();
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	95 SSL_load_error_strings();
90 71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	96
564 da3c99095432 nginx 0.8.34 Igor Sysoev <http://sysoev.ru> parents: 552 diff changeset	97 OpenSSL_add_all_algorithms();
da3c99095432 nginx 0.8.34 Igor Sysoev <http://sysoev.ru> parents: 552 diff changeset	98
688 f31b19fe7f48 nginx 1.3.7 Igor Sysoev <http://sysoev.ru> parents: 678 diff changeset	99 #if OPENSSL_VERSION_NUMBER >= 0x0090800fL
678 981b4c44593b nginx 1.3.2 Igor Sysoev <http://sysoev.ru> parents: 676 diff changeset	100 #ifndef SSL_OP_NO_COMPRESSION
981b4c44593b nginx 1.3.2 Igor Sysoev <http://sysoev.ru> parents: 676 diff changeset	101 {
981b4c44593b nginx 1.3.2 Igor Sysoev <http://sysoev.ru> parents: 676 diff changeset	102 /*
981b4c44593b nginx 1.3.2 Igor Sysoev <http://sysoev.ru> parents: 676 diff changeset	103 * Disable gzip compression in OpenSSL prior to 1.0.0 version,
981b4c44593b nginx 1.3.2 Igor Sysoev <http://sysoev.ru> parents: 676 diff changeset	104 * this saves about 522K per connection.
981b4c44593b nginx 1.3.2 Igor Sysoev <http://sysoev.ru> parents: 676 diff changeset	105 */
688 f31b19fe7f48 nginx 1.3.7 Igor Sysoev <http://sysoev.ru> parents: 678 diff changeset	106 int n;
678 981b4c44593b nginx 1.3.2 Igor Sysoev <http://sysoev.ru> parents: 676 diff changeset	107 STACK_OF(SSL_COMP) *ssl_comp_methods;
981b4c44593b nginx 1.3.2 Igor Sysoev <http://sysoev.ru> parents: 676 diff changeset	108
981b4c44593b nginx 1.3.2 Igor Sysoev <http://sysoev.ru> parents: 676 diff changeset	109 ssl_comp_methods = SSL_COMP_get_compression_methods();
981b4c44593b nginx 1.3.2 Igor Sysoev <http://sysoev.ru> parents: 676 diff changeset	110 n = sk_SSL_COMP_num(ssl_comp_methods);
981b4c44593b nginx 1.3.2 Igor Sysoev <http://sysoev.ru> parents: 676 diff changeset	111
688 f31b19fe7f48 nginx 1.3.7 Igor Sysoev <http://sysoev.ru> parents: 678 diff changeset	112 while (n--) {
f31b19fe7f48 nginx 1.3.7 Igor Sysoev <http://sysoev.ru> parents: 678 diff changeset	113 (void) sk_SSL_COMP_pop(ssl_comp_methods);
678 981b4c44593b nginx 1.3.2 Igor Sysoev <http://sysoev.ru> parents: 676 diff changeset	114 }
981b4c44593b nginx 1.3.2 Igor Sysoev <http://sysoev.ru> parents: 676 diff changeset	115 }
981b4c44593b nginx 1.3.2 Igor Sysoev <http://sysoev.ru> parents: 676 diff changeset	116 #endif
688 f31b19fe7f48 nginx 1.3.7 Igor Sysoev <http://sysoev.ru> parents: 678 diff changeset	117 #endif
678 981b4c44593b nginx 1.3.2 Igor Sysoev <http://sysoev.ru> parents: 676 diff changeset	118
272 29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	119 ngx_ssl_connection_index = SSL_get_ex_new_index(0, NULL, NULL, NULL, NULL);
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	120
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	121 if (ngx_ssl_connection_index == -1) {
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	122 ngx_ssl_error(NGX_LOG_ALERT, log, 0, "SSL_get_ex_new_index() failed");
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	123 return NGX_ERROR;
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	124 }
220 559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	125
272 29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	126 ngx_ssl_server_conf_index = SSL_CTX_get_ex_new_index(0, NULL, NULL, NULL,
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	127 NULL);
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	128 if (ngx_ssl_server_conf_index == -1) {
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	129 ngx_ssl_error(NGX_LOG_ALERT, log, 0,
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	130 "SSL_CTX_get_ex_new_index() failed");
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	131 return NGX_ERROR;
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	132 }
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	133
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	134 ngx_ssl_session_cache_index = SSL_CTX_get_ex_new_index(0, NULL, NULL, NULL,
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	135 NULL);
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	136 if (ngx_ssl_session_cache_index == -1) {
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	137 ngx_ssl_error(NGX_LOG_ALERT, log, 0,
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	138 "SSL_CTX_get_ex_new_index() failed");
220 559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	139 return NGX_ERROR;
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	140 }
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	141
688 f31b19fe7f48 nginx 1.3.7 Igor Sysoev <http://sysoev.ru> parents: 678 diff changeset	142 ngx_ssl_certificate_index = SSL_CTX_get_ex_new_index(0, NULL, NULL, NULL,
f31b19fe7f48 nginx 1.3.7 Igor Sysoev <http://sysoev.ru> parents: 678 diff changeset	143 NULL);
f31b19fe7f48 nginx 1.3.7 Igor Sysoev <http://sysoev.ru> parents: 678 diff changeset	144 if (ngx_ssl_certificate_index == -1) {
f31b19fe7f48 nginx 1.3.7 Igor Sysoev <http://sysoev.ru> parents: 678 diff changeset	145 ngx_ssl_error(NGX_LOG_ALERT, log, 0,
f31b19fe7f48 nginx 1.3.7 Igor Sysoev <http://sysoev.ru> parents: 678 diff changeset	146 "SSL_CTX_get_ex_new_index() failed");
f31b19fe7f48 nginx 1.3.7 Igor Sysoev <http://sysoev.ru> parents: 678 diff changeset	147 return NGX_ERROR;
f31b19fe7f48 nginx 1.3.7 Igor Sysoev <http://sysoev.ru> parents: 678 diff changeset	148 }
f31b19fe7f48 nginx 1.3.7 Igor Sysoev <http://sysoev.ru> parents: 678 diff changeset	149
f31b19fe7f48 nginx 1.3.7 Igor Sysoev <http://sysoev.ru> parents: 678 diff changeset	150 ngx_ssl_stapling_index = SSL_CTX_get_ex_new_index(0, NULL, NULL, NULL,
f31b19fe7f48 nginx 1.3.7 Igor Sysoev <http://sysoev.ru> parents: 678 diff changeset	151 NULL);
f31b19fe7f48 nginx 1.3.7 Igor Sysoev <http://sysoev.ru> parents: 678 diff changeset	152 if (ngx_ssl_stapling_index == -1) {
f31b19fe7f48 nginx 1.3.7 Igor Sysoev <http://sysoev.ru> parents: 678 diff changeset	153 ngx_ssl_error(NGX_LOG_ALERT, log, 0,
f31b19fe7f48 nginx 1.3.7 Igor Sysoev <http://sysoev.ru> parents: 678 diff changeset	154 "SSL_CTX_get_ex_new_index() failed");
f31b19fe7f48 nginx 1.3.7 Igor Sysoev <http://sysoev.ru> parents: 678 diff changeset	155 return NGX_ERROR;
f31b19fe7f48 nginx 1.3.7 Igor Sysoev <http://sysoev.ru> parents: 678 diff changeset	156 }
f31b19fe7f48 nginx 1.3.7 Igor Sysoev <http://sysoev.ru> parents: 678 diff changeset	157
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	158 return NGX_OK;
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	159 }
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	160
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	161
38 2879cd3a40cb nginx 0.1.19 Igor Sysoev <http://sysoev.ru> parents: 28 diff changeset	162 ngx_int_t
272 29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	163 ngx_ssl_create(ngx_ssl_t ssl, ngx_uint_t protocols, void data)
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	164 {
126 df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	165 ssl->ctx = SSL_CTX_new(SSLv23_method());
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	166
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	167 if (ssl->ctx == NULL) {
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	168 ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0, "SSL_CTX_new() failed");
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	169 return NGX_ERROR;
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	170 }
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	171
272 29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	172 if (SSL_CTX_set_ex_data(ssl->ctx, ngx_ssl_server_conf_index, data) == 0) {
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	173 ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0,
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	174 "SSL_CTX_set_ex_data() failed");
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	175 return NGX_ERROR;
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	176 }
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	177
126 df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	178 /* client side options */
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	179
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	180 SSL_CTX_set_options(ssl->ctx, SSL_OP_MICROSOFT_SESS_ID_BUG);
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	181 SSL_CTX_set_options(ssl->ctx, SSL_OP_NETSCAPE_CHALLENGE_BUG);
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	182
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	183 /* server side options */
112 408f195b3482 nginx 0.3.3 Igor Sysoev <http://sysoev.ru> parents: 108 diff changeset	184
408f195b3482 nginx 0.3.3 Igor Sysoev <http://sysoev.ru> parents: 108 diff changeset	185 SSL_CTX_set_options(ssl->ctx, SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG);
408f195b3482 nginx 0.3.3 Igor Sysoev <http://sysoev.ru> parents: 108 diff changeset	186 SSL_CTX_set_options(ssl->ctx, SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER);
408f195b3482 nginx 0.3.3 Igor Sysoev <http://sysoev.ru> parents: 108 diff changeset	187
408f195b3482 nginx 0.3.3 Igor Sysoev <http://sysoev.ru> parents: 108 diff changeset	188 /* this option allow a potential SSL 2.0 rollback (CAN-2005-2969) */
408f195b3482 nginx 0.3.3 Igor Sysoev <http://sysoev.ru> parents: 108 diff changeset	189 SSL_CTX_set_options(ssl->ctx, SSL_OP_MSIE_SSLV2_RSA_PADDING);
408f195b3482 nginx 0.3.3 Igor Sysoev <http://sysoev.ru> parents: 108 diff changeset	190
408f195b3482 nginx 0.3.3 Igor Sysoev <http://sysoev.ru> parents: 108 diff changeset	191 SSL_CTX_set_options(ssl->ctx, SSL_OP_SSLEAY_080_CLIENT_DH_BUG);
408f195b3482 nginx 0.3.3 Igor Sysoev <http://sysoev.ru> parents: 108 diff changeset	192 SSL_CTX_set_options(ssl->ctx, SSL_OP_TLS_D5_BUG);
408f195b3482 nginx 0.3.3 Igor Sysoev <http://sysoev.ru> parents: 108 diff changeset	193 SSL_CTX_set_options(ssl->ctx, SSL_OP_TLS_BLOCK_PADDING_BUG);
408f195b3482 nginx 0.3.3 Igor Sysoev <http://sysoev.ru> parents: 108 diff changeset	194
408f195b3482 nginx 0.3.3 Igor Sysoev <http://sysoev.ru> parents: 108 diff changeset	195 SSL_CTX_set_options(ssl->ctx, SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS);
408f195b3482 nginx 0.3.3 Igor Sysoev <http://sysoev.ru> parents: 108 diff changeset	196
380 bc21d9cd9c54 nginx 0.7.2 Igor Sysoev <http://sysoev.ru> parents: 378 diff changeset	197 SSL_CTX_set_options(ssl->ctx, SSL_OP_SINGLE_DH_USE);
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	198
658 5a4401b9551b nginx 1.1.13 Igor Sysoev <http://sysoev.ru> parents: 646 diff changeset	199 if (!(protocols & NGX_SSL_SSLv2)) {
5a4401b9551b nginx 1.1.13 Igor Sysoev <http://sysoev.ru> parents: 646 diff changeset	200 SSL_CTX_set_options(ssl->ctx, SSL_OP_NO_SSLv2);
5a4401b9551b nginx 1.1.13 Igor Sysoev <http://sysoev.ru> parents: 646 diff changeset	201 }
5a4401b9551b nginx 1.1.13 Igor Sysoev <http://sysoev.ru> parents: 646 diff changeset	202 if (!(protocols & NGX_SSL_SSLv3)) {
5a4401b9551b nginx 1.1.13 Igor Sysoev <http://sysoev.ru> parents: 646 diff changeset	203 SSL_CTX_set_options(ssl->ctx, SSL_OP_NO_SSLv3);
5a4401b9551b nginx 1.1.13 Igor Sysoev <http://sysoev.ru> parents: 646 diff changeset	204 }
5a4401b9551b nginx 1.1.13 Igor Sysoev <http://sysoev.ru> parents: 646 diff changeset	205 if (!(protocols & NGX_SSL_TLSv1)) {
5a4401b9551b nginx 1.1.13 Igor Sysoev <http://sysoev.ru> parents: 646 diff changeset	206 SSL_CTX_set_options(ssl->ctx, SSL_OP_NO_TLSv1);
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	207 }
658 5a4401b9551b nginx 1.1.13 Igor Sysoev <http://sysoev.ru> parents: 646 diff changeset	208 #ifdef SSL_OP_NO_TLSv1_1
5a4401b9551b nginx 1.1.13 Igor Sysoev <http://sysoev.ru> parents: 646 diff changeset	209 if (!(protocols & NGX_SSL_TLSv1_1)) {
5a4401b9551b nginx 1.1.13 Igor Sysoev <http://sysoev.ru> parents: 646 diff changeset	210 SSL_CTX_set_options(ssl->ctx, SSL_OP_NO_TLSv1_1);
5a4401b9551b nginx 1.1.13 Igor Sysoev <http://sysoev.ru> parents: 646 diff changeset	211 }
5a4401b9551b nginx 1.1.13 Igor Sysoev <http://sysoev.ru> parents: 646 diff changeset	212 #endif
5a4401b9551b nginx 1.1.13 Igor Sysoev <http://sysoev.ru> parents: 646 diff changeset	213 #ifdef SSL_OP_NO_TLSv1_2
5a4401b9551b nginx 1.1.13 Igor Sysoev <http://sysoev.ru> parents: 646 diff changeset	214 if (!(protocols & NGX_SSL_TLSv1_2)) {
5a4401b9551b nginx 1.1.13 Igor Sysoev <http://sysoev.ru> parents: 646 diff changeset	215 SSL_CTX_set_options(ssl->ctx, SSL_OP_NO_TLSv1_2);
5a4401b9551b nginx 1.1.13 Igor Sysoev <http://sysoev.ru> parents: 646 diff changeset	216 }
5a4401b9551b nginx 1.1.13 Igor Sysoev <http://sysoev.ru> parents: 646 diff changeset	217 #endif
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	218
644 6f21ae02fb01 nginx 1.1.6 Igor Sysoev <http://sysoev.ru> parents: 636 diff changeset	219 #ifdef SSL_OP_NO_COMPRESSION
6f21ae02fb01 nginx 1.1.6 Igor Sysoev <http://sysoev.ru> parents: 636 diff changeset	220 SSL_CTX_set_options(ssl->ctx, SSL_OP_NO_COMPRESSION);
6f21ae02fb01 nginx 1.1.6 Igor Sysoev <http://sysoev.ru> parents: 636 diff changeset	221 #endif
6f21ae02fb01 nginx 1.1.6 Igor Sysoev <http://sysoev.ru> parents: 636 diff changeset	222
6f21ae02fb01 nginx 1.1.6 Igor Sysoev <http://sysoev.ru> parents: 636 diff changeset	223 #ifdef SSL_MODE_RELEASE_BUFFERS
6f21ae02fb01 nginx 1.1.6 Igor Sysoev <http://sysoev.ru> parents: 636 diff changeset	224 SSL_CTX_set_mode(ssl->ctx, SSL_MODE_RELEASE_BUFFERS);
6f21ae02fb01 nginx 1.1.6 Igor Sysoev <http://sysoev.ru> parents: 636 diff changeset	225 #endif
6f21ae02fb01 nginx 1.1.6 Igor Sysoev <http://sysoev.ru> parents: 636 diff changeset	226
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	227 SSL_CTX_set_read_ahead(ssl->ctx, 1);
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	228
542 2b9e388c61f1 nginx 0.8.23 Igor Sysoev <http://sysoev.ru> parents: 540 diff changeset	229 SSL_CTX_set_info_callback(ssl->ctx, ngx_ssl_info_callback);
2b9e388c61f1 nginx 0.8.23 Igor Sysoev <http://sysoev.ru> parents: 540 diff changeset	230
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	231 return NGX_OK;
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	232 }
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	233
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	234
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	235 ngx_int_t
112 408f195b3482 nginx 0.3.3 Igor Sysoev <http://sysoev.ru> parents: 108 diff changeset	236 ngx_ssl_certificate(ngx_conf_t cf, ngx_ssl_t ssl, ngx_str_t *cert,
408f195b3482 nginx 0.3.3 Igor Sysoev <http://sysoev.ru> parents: 108 diff changeset	237 ngx_str_t *key)
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	238 {
688 f31b19fe7f48 nginx 1.3.7 Igor Sysoev <http://sysoev.ru> parents: 678 diff changeset	239 BIO *bio;
f31b19fe7f48 nginx 1.3.7 Igor Sysoev <http://sysoev.ru> parents: 678 diff changeset	240 X509 *x509;
f31b19fe7f48 nginx 1.3.7 Igor Sysoev <http://sysoev.ru> parents: 678 diff changeset	241 u_long n;
f31b19fe7f48 nginx 1.3.7 Igor Sysoev <http://sysoev.ru> parents: 678 diff changeset	242
454 a8424ffa495c nginx 0.7.39 Igor Sysoev <http://sysoev.ru> parents: 446 diff changeset	243 if (ngx_conf_full_name(cf->cycle, cert, 1) != NGX_OK) {
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	244 return NGX_ERROR;
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	245 }
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	246
688 f31b19fe7f48 nginx 1.3.7 Igor Sysoev <http://sysoev.ru> parents: 678 diff changeset	247 /*
f31b19fe7f48 nginx 1.3.7 Igor Sysoev <http://sysoev.ru> parents: 678 diff changeset	248 * we can't use SSL_CTX_use_certificate_chain_file() as it doesn't
f31b19fe7f48 nginx 1.3.7 Igor Sysoev <http://sysoev.ru> parents: 678 diff changeset	249 * allow to access certificate later from SSL_CTX, so we reimplement
f31b19fe7f48 nginx 1.3.7 Igor Sysoev <http://sysoev.ru> parents: 678 diff changeset	250 * it here
f31b19fe7f48 nginx 1.3.7 Igor Sysoev <http://sysoev.ru> parents: 678 diff changeset	251 */
f31b19fe7f48 nginx 1.3.7 Igor Sysoev <http://sysoev.ru> parents: 678 diff changeset	252
f31b19fe7f48 nginx 1.3.7 Igor Sysoev <http://sysoev.ru> parents: 678 diff changeset	253 bio = BIO_new_file((char *) cert->data, "r");
f31b19fe7f48 nginx 1.3.7 Igor Sysoev <http://sysoev.ru> parents: 678 diff changeset	254 if (bio == NULL) {
f31b19fe7f48 nginx 1.3.7 Igor Sysoev <http://sysoev.ru> parents: 678 diff changeset	255 ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0,
f31b19fe7f48 nginx 1.3.7 Igor Sysoev <http://sysoev.ru> parents: 678 diff changeset	256 "BIO_new_file(\"%s\") failed", cert->data);
f31b19fe7f48 nginx 1.3.7 Igor Sysoev <http://sysoev.ru> parents: 678 diff changeset	257 return NGX_ERROR;
f31b19fe7f48 nginx 1.3.7 Igor Sysoev <http://sysoev.ru> parents: 678 diff changeset	258 }
f31b19fe7f48 nginx 1.3.7 Igor Sysoev <http://sysoev.ru> parents: 678 diff changeset	259
f31b19fe7f48 nginx 1.3.7 Igor Sysoev <http://sysoev.ru> parents: 678 diff changeset	260 x509 = PEM_read_bio_X509_AUX(bio, NULL, NULL, NULL);
f31b19fe7f48 nginx 1.3.7 Igor Sysoev <http://sysoev.ru> parents: 678 diff changeset	261 if (x509 == NULL) {
f31b19fe7f48 nginx 1.3.7 Igor Sysoev <http://sysoev.ru> parents: 678 diff changeset	262 ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0,
f31b19fe7f48 nginx 1.3.7 Igor Sysoev <http://sysoev.ru> parents: 678 diff changeset	263 "PEM_read_bio_X509_AUX(\"%s\") failed", cert->data);
f31b19fe7f48 nginx 1.3.7 Igor Sysoev <http://sysoev.ru> parents: 678 diff changeset	264 BIO_free(bio);
f31b19fe7f48 nginx 1.3.7 Igor Sysoev <http://sysoev.ru> parents: 678 diff changeset	265 return NGX_ERROR;
f31b19fe7f48 nginx 1.3.7 Igor Sysoev <http://sysoev.ru> parents: 678 diff changeset	266 }
f31b19fe7f48 nginx 1.3.7 Igor Sysoev <http://sysoev.ru> parents: 678 diff changeset	267
f31b19fe7f48 nginx 1.3.7 Igor Sysoev <http://sysoev.ru> parents: 678 diff changeset	268 if (SSL_CTX_use_certificate(ssl->ctx, x509) == 0) {
f31b19fe7f48 nginx 1.3.7 Igor Sysoev <http://sysoev.ru> parents: 678 diff changeset	269 ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0,
f31b19fe7f48 nginx 1.3.7 Igor Sysoev <http://sysoev.ru> parents: 678 diff changeset	270 "SSL_CTX_use_certificate(\"%s\") failed", cert->data);
f31b19fe7f48 nginx 1.3.7 Igor Sysoev <http://sysoev.ru> parents: 678 diff changeset	271 X509_free(x509);
f31b19fe7f48 nginx 1.3.7 Igor Sysoev <http://sysoev.ru> parents: 678 diff changeset	272 BIO_free(bio);
f31b19fe7f48 nginx 1.3.7 Igor Sysoev <http://sysoev.ru> parents: 678 diff changeset	273 return NGX_ERROR;
f31b19fe7f48 nginx 1.3.7 Igor Sysoev <http://sysoev.ru> parents: 678 diff changeset	274 }
f31b19fe7f48 nginx 1.3.7 Igor Sysoev <http://sysoev.ru> parents: 678 diff changeset	275
f31b19fe7f48 nginx 1.3.7 Igor Sysoev <http://sysoev.ru> parents: 678 diff changeset	276 if (SSL_CTX_set_ex_data(ssl->ctx, ngx_ssl_certificate_index, x509)
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	277 == 0)
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	278 {
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	279 ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0,
688 f31b19fe7f48 nginx 1.3.7 Igor Sysoev <http://sysoev.ru> parents: 678 diff changeset	280 "SSL_CTX_set_ex_data() failed");
112 408f195b3482 nginx 0.3.3 Igor Sysoev <http://sysoev.ru> parents: 108 diff changeset	281 return NGX_ERROR;
408f195b3482 nginx 0.3.3 Igor Sysoev <http://sysoev.ru> parents: 108 diff changeset	282 }
408f195b3482 nginx 0.3.3 Igor Sysoev <http://sysoev.ru> parents: 108 diff changeset	283
688 f31b19fe7f48 nginx 1.3.7 Igor Sysoev <http://sysoev.ru> parents: 678 diff changeset	284 X509_free(x509);
f31b19fe7f48 nginx 1.3.7 Igor Sysoev <http://sysoev.ru> parents: 678 diff changeset	285
f31b19fe7f48 nginx 1.3.7 Igor Sysoev <http://sysoev.ru> parents: 678 diff changeset	286 /* read rest of the chain */
f31b19fe7f48 nginx 1.3.7 Igor Sysoev <http://sysoev.ru> parents: 678 diff changeset	287
f31b19fe7f48 nginx 1.3.7 Igor Sysoev <http://sysoev.ru> parents: 678 diff changeset	288 for ( ;; ) {
f31b19fe7f48 nginx 1.3.7 Igor Sysoev <http://sysoev.ru> parents: 678 diff changeset	289
f31b19fe7f48 nginx 1.3.7 Igor Sysoev <http://sysoev.ru> parents: 678 diff changeset	290 x509 = PEM_read_bio_X509(bio, NULL, NULL, NULL);
f31b19fe7f48 nginx 1.3.7 Igor Sysoev <http://sysoev.ru> parents: 678 diff changeset	291 if (x509 == NULL) {
f31b19fe7f48 nginx 1.3.7 Igor Sysoev <http://sysoev.ru> parents: 678 diff changeset	292 n = ERR_peek_last_error();
f31b19fe7f48 nginx 1.3.7 Igor Sysoev <http://sysoev.ru> parents: 678 diff changeset	293
f31b19fe7f48 nginx 1.3.7 Igor Sysoev <http://sysoev.ru> parents: 678 diff changeset	294 if (ERR_GET_LIB(n) == ERR_LIB_PEM
f31b19fe7f48 nginx 1.3.7 Igor Sysoev <http://sysoev.ru> parents: 678 diff changeset	295 && ERR_GET_REASON(n) == PEM_R_NO_START_LINE)
f31b19fe7f48 nginx 1.3.7 Igor Sysoev <http://sysoev.ru> parents: 678 diff changeset	296 {
f31b19fe7f48 nginx 1.3.7 Igor Sysoev <http://sysoev.ru> parents: 678 diff changeset	297 /* end of file */
f31b19fe7f48 nginx 1.3.7 Igor Sysoev <http://sysoev.ru> parents: 678 diff changeset	298 ERR_clear_error();
f31b19fe7f48 nginx 1.3.7 Igor Sysoev <http://sysoev.ru> parents: 678 diff changeset	299 break;
f31b19fe7f48 nginx 1.3.7 Igor Sysoev <http://sysoev.ru> parents: 678 diff changeset	300 }
f31b19fe7f48 nginx 1.3.7 Igor Sysoev <http://sysoev.ru> parents: 678 diff changeset	301
f31b19fe7f48 nginx 1.3.7 Igor Sysoev <http://sysoev.ru> parents: 678 diff changeset	302 /* some real error */
f31b19fe7f48 nginx 1.3.7 Igor Sysoev <http://sysoev.ru> parents: 678 diff changeset	303
f31b19fe7f48 nginx 1.3.7 Igor Sysoev <http://sysoev.ru> parents: 678 diff changeset	304 ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0,
f31b19fe7f48 nginx 1.3.7 Igor Sysoev <http://sysoev.ru> parents: 678 diff changeset	305 "PEM_read_bio_X509(\"%s\") failed", cert->data);
f31b19fe7f48 nginx 1.3.7 Igor Sysoev <http://sysoev.ru> parents: 678 diff changeset	306 BIO_free(bio);
f31b19fe7f48 nginx 1.3.7 Igor Sysoev <http://sysoev.ru> parents: 678 diff changeset	307 return NGX_ERROR;
f31b19fe7f48 nginx 1.3.7 Igor Sysoev <http://sysoev.ru> parents: 678 diff changeset	308 }
f31b19fe7f48 nginx 1.3.7 Igor Sysoev <http://sysoev.ru> parents: 678 diff changeset	309
f31b19fe7f48 nginx 1.3.7 Igor Sysoev <http://sysoev.ru> parents: 678 diff changeset	310 if (SSL_CTX_add_extra_chain_cert(ssl->ctx, x509) == 0) {
f31b19fe7f48 nginx 1.3.7 Igor Sysoev <http://sysoev.ru> parents: 678 diff changeset	311 ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0,
f31b19fe7f48 nginx 1.3.7 Igor Sysoev <http://sysoev.ru> parents: 678 diff changeset	312 "SSL_CTX_add_extra_chain_cert(\"%s\") failed",
f31b19fe7f48 nginx 1.3.7 Igor Sysoev <http://sysoev.ru> parents: 678 diff changeset	313 cert->data);
f31b19fe7f48 nginx 1.3.7 Igor Sysoev <http://sysoev.ru> parents: 678 diff changeset	314 X509_free(x509);
f31b19fe7f48 nginx 1.3.7 Igor Sysoev <http://sysoev.ru> parents: 678 diff changeset	315 BIO_free(bio);
f31b19fe7f48 nginx 1.3.7 Igor Sysoev <http://sysoev.ru> parents: 678 diff changeset	316 return NGX_ERROR;
f31b19fe7f48 nginx 1.3.7 Igor Sysoev <http://sysoev.ru> parents: 678 diff changeset	317 }
f31b19fe7f48 nginx 1.3.7 Igor Sysoev <http://sysoev.ru> parents: 678 diff changeset	318 }
f31b19fe7f48 nginx 1.3.7 Igor Sysoev <http://sysoev.ru> parents: 678 diff changeset	319
f31b19fe7f48 nginx 1.3.7 Igor Sysoev <http://sysoev.ru> parents: 678 diff changeset	320 BIO_free(bio);
f31b19fe7f48 nginx 1.3.7 Igor Sysoev <http://sysoev.ru> parents: 678 diff changeset	321
454 a8424ffa495c nginx 0.7.39 Igor Sysoev <http://sysoev.ru> parents: 446 diff changeset	322 if (ngx_conf_full_name(cf->cycle, key, 1) != NGX_OK) {
112 408f195b3482 nginx 0.3.3 Igor Sysoev <http://sysoev.ru> parents: 108 diff changeset	323 return NGX_ERROR;
408f195b3482 nginx 0.3.3 Igor Sysoev <http://sysoev.ru> parents: 108 diff changeset	324 }
408f195b3482 nginx 0.3.3 Igor Sysoev <http://sysoev.ru> parents: 108 diff changeset	325
408f195b3482 nginx 0.3.3 Igor Sysoev <http://sysoev.ru> parents: 108 diff changeset	326 if (SSL_CTX_use_PrivateKey_file(ssl->ctx, (char *) key->data,
196 8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	327 SSL_FILETYPE_PEM)
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	328 == 0)
112 408f195b3482 nginx 0.3.3 Igor Sysoev <http://sysoev.ru> parents: 108 diff changeset	329 {
408f195b3482 nginx 0.3.3 Igor Sysoev <http://sysoev.ru> parents: 108 diff changeset	330 ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0,
408f195b3482 nginx 0.3.3 Igor Sysoev <http://sysoev.ru> parents: 108 diff changeset	331 "SSL_CTX_use_PrivateKey_file(\"%s\") failed", key->data);
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	332 return NGX_ERROR;
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	333 }
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	334
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	335 return NGX_OK;
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	336 }
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	337
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	338
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	339 ngx_int_t
220 559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	340 ngx_ssl_client_certificate(ngx_conf_t cf, ngx_ssl_t ssl, ngx_str_t *cert,
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	341 ngx_int_t depth)
196 8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	342 {
220 559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	343 STACK_OF(X509_NAME) *list;
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	344
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	345 SSL_CTX_set_verify(ssl->ctx, SSL_VERIFY_PEER, ngx_http_ssl_verify_callback);
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	346
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	347 SSL_CTX_set_verify_depth(ssl->ctx, depth);
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	348
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	349 if (cert->len == 0) {
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	350 return NGX_OK;
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	351 }
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	352
454 a8424ffa495c nginx 0.7.39 Igor Sysoev <http://sysoev.ru> parents: 446 diff changeset	353 if (ngx_conf_full_name(cf->cycle, cert, 1) != NGX_OK) {
196 8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	354 return NGX_ERROR;
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	355 }
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	356
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	357 if (SSL_CTX_load_verify_locations(ssl->ctx, (char *) cert->data, NULL)
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	358 == 0)
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	359 {
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	360 ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0,
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	361 "SSL_CTX_load_verify_locations(\"%s\") failed",
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	362 cert->data);
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	363 return NGX_ERROR;
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	364 }
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	365
220 559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	366 list = SSL_load_client_CA_file((char *) cert->data);
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	367
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	368 if (list == NULL) {
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	369 ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0,
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	370 "SSL_load_client_CA_file(\"%s\") failed", cert->data);
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	371 return NGX_ERROR;
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	372 }
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	373
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	374 /*
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	375 * before 0.9.7h and 0.9.8 SSL_load_client_CA_file()
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	376 * always leaved an error in the error queue
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	377 */
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	378
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	379 ERR_clear_error();
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	380
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	381 SSL_CTX_set_client_CA_list(ssl->ctx, list);
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	382
196 8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	383 return NGX_OK;
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	384 }
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	385
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	386
510 24b676623d4f nginx 0.8.7 Igor Sysoev <http://sysoev.ru> parents: 496 diff changeset	387 ngx_int_t
688 f31b19fe7f48 nginx 1.3.7 Igor Sysoev <http://sysoev.ru> parents: 678 diff changeset	388 ngx_ssl_trusted_certificate(ngx_conf_t cf, ngx_ssl_t ssl, ngx_str_t *cert,
f31b19fe7f48 nginx 1.3.7 Igor Sysoev <http://sysoev.ru> parents: 678 diff changeset	389 ngx_int_t depth)
f31b19fe7f48 nginx 1.3.7 Igor Sysoev <http://sysoev.ru> parents: 678 diff changeset	390 {
f31b19fe7f48 nginx 1.3.7 Igor Sysoev <http://sysoev.ru> parents: 678 diff changeset	391 SSL_CTX_set_verify_depth(ssl->ctx, depth);
f31b19fe7f48 nginx 1.3.7 Igor Sysoev <http://sysoev.ru> parents: 678 diff changeset	392
f31b19fe7f48 nginx 1.3.7 Igor Sysoev <http://sysoev.ru> parents: 678 diff changeset	393 if (cert->len == 0) {
f31b19fe7f48 nginx 1.3.7 Igor Sysoev <http://sysoev.ru> parents: 678 diff changeset	394 return NGX_OK;
f31b19fe7f48 nginx 1.3.7 Igor Sysoev <http://sysoev.ru> parents: 678 diff changeset	395 }
f31b19fe7f48 nginx 1.3.7 Igor Sysoev <http://sysoev.ru> parents: 678 diff changeset	396
f31b19fe7f48 nginx 1.3.7 Igor Sysoev <http://sysoev.ru> parents: 678 diff changeset	397 if (ngx_conf_full_name(cf->cycle, cert, 1) != NGX_OK) {
f31b19fe7f48 nginx 1.3.7 Igor Sysoev <http://sysoev.ru> parents: 678 diff changeset	398 return NGX_ERROR;
f31b19fe7f48 nginx 1.3.7 Igor Sysoev <http://sysoev.ru> parents: 678 diff changeset	399 }
f31b19fe7f48 nginx 1.3.7 Igor Sysoev <http://sysoev.ru> parents: 678 diff changeset	400
f31b19fe7f48 nginx 1.3.7 Igor Sysoev <http://sysoev.ru> parents: 678 diff changeset	401 if (SSL_CTX_load_verify_locations(ssl->ctx, (char *) cert->data, NULL)
f31b19fe7f48 nginx 1.3.7 Igor Sysoev <http://sysoev.ru> parents: 678 diff changeset	402 == 0)
f31b19fe7f48 nginx 1.3.7 Igor Sysoev <http://sysoev.ru> parents: 678 diff changeset	403 {
f31b19fe7f48 nginx 1.3.7 Igor Sysoev <http://sysoev.ru> parents: 678 diff changeset	404 ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0,
f31b19fe7f48 nginx 1.3.7 Igor Sysoev <http://sysoev.ru> parents: 678 diff changeset	405 "SSL_CTX_load_verify_locations(\"%s\") failed",
f31b19fe7f48 nginx 1.3.7 Igor Sysoev <http://sysoev.ru> parents: 678 diff changeset	406 cert->data);
f31b19fe7f48 nginx 1.3.7 Igor Sysoev <http://sysoev.ru> parents: 678 diff changeset	407 return NGX_ERROR;
f31b19fe7f48 nginx 1.3.7 Igor Sysoev <http://sysoev.ru> parents: 678 diff changeset	408 }
f31b19fe7f48 nginx 1.3.7 Igor Sysoev <http://sysoev.ru> parents: 678 diff changeset	409
f31b19fe7f48 nginx 1.3.7 Igor Sysoev <http://sysoev.ru> parents: 678 diff changeset	410 return NGX_OK;
f31b19fe7f48 nginx 1.3.7 Igor Sysoev <http://sysoev.ru> parents: 678 diff changeset	411 }
f31b19fe7f48 nginx 1.3.7 Igor Sysoev <http://sysoev.ru> parents: 678 diff changeset	412
f31b19fe7f48 nginx 1.3.7 Igor Sysoev <http://sysoev.ru> parents: 678 diff changeset	413
f31b19fe7f48 nginx 1.3.7 Igor Sysoev <http://sysoev.ru> parents: 678 diff changeset	414 ngx_int_t
510 24b676623d4f nginx 0.8.7 Igor Sysoev <http://sysoev.ru> parents: 496 diff changeset	415 ngx_ssl_crl(ngx_conf_t cf, ngx_ssl_t ssl, ngx_str_t *crl)
24b676623d4f nginx 0.8.7 Igor Sysoev <http://sysoev.ru> parents: 496 diff changeset	416 {
24b676623d4f nginx 0.8.7 Igor Sysoev <http://sysoev.ru> parents: 496 diff changeset	417 X509_STORE *store;
24b676623d4f nginx 0.8.7 Igor Sysoev <http://sysoev.ru> parents: 496 diff changeset	418 X509_LOOKUP *lookup;
24b676623d4f nginx 0.8.7 Igor Sysoev <http://sysoev.ru> parents: 496 diff changeset	419
24b676623d4f nginx 0.8.7 Igor Sysoev <http://sysoev.ru> parents: 496 diff changeset	420 if (crl->len == 0) {
24b676623d4f nginx 0.8.7 Igor Sysoev <http://sysoev.ru> parents: 496 diff changeset	421 return NGX_OK;
24b676623d4f nginx 0.8.7 Igor Sysoev <http://sysoev.ru> parents: 496 diff changeset	422 }
24b676623d4f nginx 0.8.7 Igor Sysoev <http://sysoev.ru> parents: 496 diff changeset	423
24b676623d4f nginx 0.8.7 Igor Sysoev <http://sysoev.ru> parents: 496 diff changeset	424 if (ngx_conf_full_name(cf->cycle, crl, 1) != NGX_OK) {
24b676623d4f nginx 0.8.7 Igor Sysoev <http://sysoev.ru> parents: 496 diff changeset	425 return NGX_ERROR;
24b676623d4f nginx 0.8.7 Igor Sysoev <http://sysoev.ru> parents: 496 diff changeset	426 }
24b676623d4f nginx 0.8.7 Igor Sysoev <http://sysoev.ru> parents: 496 diff changeset	427
24b676623d4f nginx 0.8.7 Igor Sysoev <http://sysoev.ru> parents: 496 diff changeset	428 store = SSL_CTX_get_cert_store(ssl->ctx);
24b676623d4f nginx 0.8.7 Igor Sysoev <http://sysoev.ru> parents: 496 diff changeset	429
24b676623d4f nginx 0.8.7 Igor Sysoev <http://sysoev.ru> parents: 496 diff changeset	430 if (store == NULL) {
24b676623d4f nginx 0.8.7 Igor Sysoev <http://sysoev.ru> parents: 496 diff changeset	431 ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0,
24b676623d4f nginx 0.8.7 Igor Sysoev <http://sysoev.ru> parents: 496 diff changeset	432 "SSL_CTX_get_cert_store() failed");
24b676623d4f nginx 0.8.7 Igor Sysoev <http://sysoev.ru> parents: 496 diff changeset	433 return NGX_ERROR;
24b676623d4f nginx 0.8.7 Igor Sysoev <http://sysoev.ru> parents: 496 diff changeset	434 }
24b676623d4f nginx 0.8.7 Igor Sysoev <http://sysoev.ru> parents: 496 diff changeset	435
24b676623d4f nginx 0.8.7 Igor Sysoev <http://sysoev.ru> parents: 496 diff changeset	436 lookup = X509_STORE_add_lookup(store, X509_LOOKUP_file());
24b676623d4f nginx 0.8.7 Igor Sysoev <http://sysoev.ru> parents: 496 diff changeset	437
24b676623d4f nginx 0.8.7 Igor Sysoev <http://sysoev.ru> parents: 496 diff changeset	438 if (lookup == NULL) {
24b676623d4f nginx 0.8.7 Igor Sysoev <http://sysoev.ru> parents: 496 diff changeset	439 ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0,
24b676623d4f nginx 0.8.7 Igor Sysoev <http://sysoev.ru> parents: 496 diff changeset	440 "X509_STORE_add_lookup() failed");
24b676623d4f nginx 0.8.7 Igor Sysoev <http://sysoev.ru> parents: 496 diff changeset	441 return NGX_ERROR;
24b676623d4f nginx 0.8.7 Igor Sysoev <http://sysoev.ru> parents: 496 diff changeset	442 }
24b676623d4f nginx 0.8.7 Igor Sysoev <http://sysoev.ru> parents: 496 diff changeset	443
24b676623d4f nginx 0.8.7 Igor Sysoev <http://sysoev.ru> parents: 496 diff changeset	444 if (X509_LOOKUP_load_file(lookup, (char *) crl->data, X509_FILETYPE_PEM)
24b676623d4f nginx 0.8.7 Igor Sysoev <http://sysoev.ru> parents: 496 diff changeset	445 == 0)
24b676623d4f nginx 0.8.7 Igor Sysoev <http://sysoev.ru> parents: 496 diff changeset	446 {
24b676623d4f nginx 0.8.7 Igor Sysoev <http://sysoev.ru> parents: 496 diff changeset	447 ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0,
24b676623d4f nginx 0.8.7 Igor Sysoev <http://sysoev.ru> parents: 496 diff changeset	448 "X509_LOOKUP_load_file(\"%s\") failed", crl->data);
24b676623d4f nginx 0.8.7 Igor Sysoev <http://sysoev.ru> parents: 496 diff changeset	449 return NGX_ERROR;
24b676623d4f nginx 0.8.7 Igor Sysoev <http://sysoev.ru> parents: 496 diff changeset	450 }
24b676623d4f nginx 0.8.7 Igor Sysoev <http://sysoev.ru> parents: 496 diff changeset	451
24b676623d4f nginx 0.8.7 Igor Sysoev <http://sysoev.ru> parents: 496 diff changeset	452 X509_STORE_set_flags(store,
24b676623d4f nginx 0.8.7 Igor Sysoev <http://sysoev.ru> parents: 496 diff changeset	453 X509_V_FLAG_CRL_CHECK\|X509_V_FLAG_CRL_CHECK_ALL);
24b676623d4f nginx 0.8.7 Igor Sysoev <http://sysoev.ru> parents: 496 diff changeset	454
24b676623d4f nginx 0.8.7 Igor Sysoev <http://sysoev.ru> parents: 496 diff changeset	455 return NGX_OK;
24b676623d4f nginx 0.8.7 Igor Sysoev <http://sysoev.ru> parents: 496 diff changeset	456 }
24b676623d4f nginx 0.8.7 Igor Sysoev <http://sysoev.ru> parents: 496 diff changeset	457
24b676623d4f nginx 0.8.7 Igor Sysoev <http://sysoev.ru> parents: 496 diff changeset	458
220 559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	459 static int
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	460 ngx_http_ssl_verify_callback(int ok, X509_STORE_CTX *x509_store)
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	461 {
372 6639b93e81b2 nginx 0.6.30 Igor Sysoev <http://sysoev.ru> parents: 370 diff changeset	462 #if (NGX_DEBUG)
220 559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	463 char subject, issuer;
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	464 int err, depth;
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	465 X509 *cert;
372 6639b93e81b2 nginx 0.6.30 Igor Sysoev <http://sysoev.ru> parents: 370 diff changeset	466 X509_NAME sname, iname;
220 559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	467 ngx_connection_t *c;
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	468 ngx_ssl_conn_t *ssl_conn;
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	469
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	470 ssl_conn = X509_STORE_CTX_get_ex_data(x509_store,
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	471 SSL_get_ex_data_X509_STORE_CTX_idx());
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	472
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	473 c = ngx_ssl_get_connection(ssl_conn);
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	474
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	475 cert = X509_STORE_CTX_get_current_cert(x509_store);
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	476 err = X509_STORE_CTX_get_error(x509_store);
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	477 depth = X509_STORE_CTX_get_error_depth(x509_store);
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	478
372 6639b93e81b2 nginx 0.6.30 Igor Sysoev <http://sysoev.ru> parents: 370 diff changeset	479 sname = X509_get_subject_name(cert);
6639b93e81b2 nginx 0.6.30 Igor Sysoev <http://sysoev.ru> parents: 370 diff changeset	480 subject = sname ? X509_NAME_oneline(sname, NULL, 0) : "(none)";
6639b93e81b2 nginx 0.6.30 Igor Sysoev <http://sysoev.ru> parents: 370 diff changeset	481
6639b93e81b2 nginx 0.6.30 Igor Sysoev <http://sysoev.ru> parents: 370 diff changeset	482 iname = X509_get_issuer_name(cert);
6639b93e81b2 nginx 0.6.30 Igor Sysoev <http://sysoev.ru> parents: 370 diff changeset	483 issuer = iname ? X509_NAME_oneline(iname, NULL, 0) : "(none)";
220 559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	484
272 29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	485 ngx_log_debug5(NGX_LOG_DEBUG_EVENT, c->log, 0,
220 559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	486 "verify:%d, error:%d, depth:%d, "
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	487 "subject:\"%s\",issuer: \"%s\"",
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	488 ok, err, depth, subject, issuer);
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	489
372 6639b93e81b2 nginx 0.6.30 Igor Sysoev <http://sysoev.ru> parents: 370 diff changeset	490 if (sname) {
6639b93e81b2 nginx 0.6.30 Igor Sysoev <http://sysoev.ru> parents: 370 diff changeset	491 OPENSSL_free(subject);
6639b93e81b2 nginx 0.6.30 Igor Sysoev <http://sysoev.ru> parents: 370 diff changeset	492 }
6639b93e81b2 nginx 0.6.30 Igor Sysoev <http://sysoev.ru> parents: 370 diff changeset	493
6639b93e81b2 nginx 0.6.30 Igor Sysoev <http://sysoev.ru> parents: 370 diff changeset	494 if (iname) {
6639b93e81b2 nginx 0.6.30 Igor Sysoev <http://sysoev.ru> parents: 370 diff changeset	495 OPENSSL_free(issuer);
6639b93e81b2 nginx 0.6.30 Igor Sysoev <http://sysoev.ru> parents: 370 diff changeset	496 }
6639b93e81b2 nginx 0.6.30 Igor Sysoev <http://sysoev.ru> parents: 370 diff changeset	497 #endif
6639b93e81b2 nginx 0.6.30 Igor Sysoev <http://sysoev.ru> parents: 370 diff changeset	498
220 559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	499 return 1;
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	500 }
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	501
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	502
542 2b9e388c61f1 nginx 0.8.23 Igor Sysoev <http://sysoev.ru> parents: 540 diff changeset	503 static void
2b9e388c61f1 nginx 0.8.23 Igor Sysoev <http://sysoev.ru> parents: 540 diff changeset	504 ngx_ssl_info_callback(const ngx_ssl_conn_t *ssl_conn, int where, int ret)
2b9e388c61f1 nginx 0.8.23 Igor Sysoev <http://sysoev.ru> parents: 540 diff changeset	505 {
2b9e388c61f1 nginx 0.8.23 Igor Sysoev <http://sysoev.ru> parents: 540 diff changeset	506 ngx_connection_t *c;
2b9e388c61f1 nginx 0.8.23 Igor Sysoev <http://sysoev.ru> parents: 540 diff changeset	507
2b9e388c61f1 nginx 0.8.23 Igor Sysoev <http://sysoev.ru> parents: 540 diff changeset	508 if (where & SSL_CB_HANDSHAKE_START) {
2b9e388c61f1 nginx 0.8.23 Igor Sysoev <http://sysoev.ru> parents: 540 diff changeset	509 c = ngx_ssl_get_connection((ngx_ssl_conn_t *) ssl_conn);
2b9e388c61f1 nginx 0.8.23 Igor Sysoev <http://sysoev.ru> parents: 540 diff changeset	510
2b9e388c61f1 nginx 0.8.23 Igor Sysoev <http://sysoev.ru> parents: 540 diff changeset	511 if (c->ssl->handshaked) {
2b9e388c61f1 nginx 0.8.23 Igor Sysoev <http://sysoev.ru> parents: 540 diff changeset	512 c->ssl->renegotiation = 1;
2b9e388c61f1 nginx 0.8.23 Igor Sysoev <http://sysoev.ru> parents: 540 diff changeset	513 ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL renegotiation");
2b9e388c61f1 nginx 0.8.23 Igor Sysoev <http://sysoev.ru> parents: 540 diff changeset	514 }
2b9e388c61f1 nginx 0.8.23 Igor Sysoev <http://sysoev.ru> parents: 540 diff changeset	515 }
2b9e388c61f1 nginx 0.8.23 Igor Sysoev <http://sysoev.ru> parents: 540 diff changeset	516 }
2b9e388c61f1 nginx 0.8.23 Igor Sysoev <http://sysoev.ru> parents: 540 diff changeset	517
2b9e388c61f1 nginx 0.8.23 Igor Sysoev <http://sysoev.ru> parents: 540 diff changeset	518
632 5b73504dd4ba nginx 1.1.0 Igor Sysoev <http://sysoev.ru> parents: 612 diff changeset	519 RSA *
5b73504dd4ba nginx 1.1.0 Igor Sysoev <http://sysoev.ru> parents: 612 diff changeset	520 ngx_ssl_rsa512_key_callback(SSL *ssl, int is_export, int key_length)
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	521 {
632 5b73504dd4ba nginx 1.1.0 Igor Sysoev <http://sysoev.ru> parents: 612 diff changeset	522 static RSA *key;
5b73504dd4ba nginx 1.1.0 Igor Sysoev <http://sysoev.ru> parents: 612 diff changeset	523
5b73504dd4ba nginx 1.1.0 Igor Sysoev <http://sysoev.ru> parents: 612 diff changeset	524 if (key_length == 512) {
5b73504dd4ba nginx 1.1.0 Igor Sysoev <http://sysoev.ru> parents: 612 diff changeset	525 if (key == NULL) {
5b73504dd4ba nginx 1.1.0 Igor Sysoev <http://sysoev.ru> parents: 612 diff changeset	526 key = RSA_generate_key(512, RSA_F4, NULL, NULL);
5b73504dd4ba nginx 1.1.0 Igor Sysoev <http://sysoev.ru> parents: 612 diff changeset	527 }
108 cf3d6edb3ad6 nginx 0.3.1 Igor Sysoev <http://sysoev.ru> parents: 98 diff changeset	528 }
cf3d6edb3ad6 nginx 0.3.1 Igor Sysoev <http://sysoev.ru> parents: 98 diff changeset	529
632 5b73504dd4ba nginx 1.1.0 Igor Sysoev <http://sysoev.ru> parents: 612 diff changeset	530 return key;
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	531 }
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	532
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	533
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	534 ngx_int_t
380 bc21d9cd9c54 nginx 0.7.2 Igor Sysoev <http://sysoev.ru> parents: 378 diff changeset	535 ngx_ssl_dhparam(ngx_conf_t cf, ngx_ssl_t ssl, ngx_str_t *file)
bc21d9cd9c54 nginx 0.7.2 Igor Sysoev <http://sysoev.ru> parents: 378 diff changeset	536 {
bc21d9cd9c54 nginx 0.7.2 Igor Sysoev <http://sysoev.ru> parents: 378 diff changeset	537 DH *dh;
bc21d9cd9c54 nginx 0.7.2 Igor Sysoev <http://sysoev.ru> parents: 378 diff changeset	538 BIO *bio;
bc21d9cd9c54 nginx 0.7.2 Igor Sysoev <http://sysoev.ru> parents: 378 diff changeset	539
bc21d9cd9c54 nginx 0.7.2 Igor Sysoev <http://sysoev.ru> parents: 378 diff changeset	540 /*
bc21d9cd9c54 nginx 0.7.2 Igor Sysoev <http://sysoev.ru> parents: 378 diff changeset	541 * -----BEGIN DH PARAMETERS-----
bc21d9cd9c54 nginx 0.7.2 Igor Sysoev <http://sysoev.ru> parents: 378 diff changeset	542 * MIGHAoGBALu8LcrYRnSQfEP89YDpz9vZWKP1aLQtSwju1OsPs1BMbAMCducQgAxc
bc21d9cd9c54 nginx 0.7.2 Igor Sysoev <http://sysoev.ru> parents: 378 diff changeset	543 * y7qokiYUxb7spWWl/fHSh6K8BJvmd4Bg6RqSp1fjBI9osHb302zI8pul34HcLKcl
bc21d9cd9c54 nginx 0.7.2 Igor Sysoev <http://sysoev.ru> parents: 378 diff changeset	544 * 7OZicMyaUDXYzs7vnqAnSmOrHlj6/UmI0PZdFGdX2gcd8EXP4WubAgEC
bc21d9cd9c54 nginx 0.7.2 Igor Sysoev <http://sysoev.ru> parents: 378 diff changeset	545 * -----END DH PARAMETERS-----
bc21d9cd9c54 nginx 0.7.2 Igor Sysoev <http://sysoev.ru> parents: 378 diff changeset	546 */
bc21d9cd9c54 nginx 0.7.2 Igor Sysoev <http://sysoev.ru> parents: 378 diff changeset	547
bc21d9cd9c54 nginx 0.7.2 Igor Sysoev <http://sysoev.ru> parents: 378 diff changeset	548 static unsigned char dh1024_p[] = {
bc21d9cd9c54 nginx 0.7.2 Igor Sysoev <http://sysoev.ru> parents: 378 diff changeset	549 0xBB, 0xBC, 0x2D, 0xCA, 0xD8, 0x46, 0x74, 0x90, 0x7C, 0x43, 0xFC, 0xF5,
bc21d9cd9c54 nginx 0.7.2 Igor Sysoev <http://sysoev.ru> parents: 378 diff changeset	550 0x80, 0xE9, 0xCF, 0xDB, 0xD9, 0x58, 0xA3, 0xF5, 0x68, 0xB4, 0x2D, 0x4B,
bc21d9cd9c54 nginx 0.7.2 Igor Sysoev <http://sysoev.ru> parents: 378 diff changeset	551 0x08, 0xEE, 0xD4, 0xEB, 0x0F, 0xB3, 0x50, 0x4C, 0x6C, 0x03, 0x02, 0x76,
bc21d9cd9c54 nginx 0.7.2 Igor Sysoev <http://sysoev.ru> parents: 378 diff changeset	552 0xE7, 0x10, 0x80, 0x0C, 0x5C, 0xCB, 0xBA, 0xA8, 0x92, 0x26, 0x14, 0xC5,
bc21d9cd9c54 nginx 0.7.2 Igor Sysoev <http://sysoev.ru> parents: 378 diff changeset	553 0xBE, 0xEC, 0xA5, 0x65, 0xA5, 0xFD, 0xF1, 0xD2, 0x87, 0xA2, 0xBC, 0x04,
bc21d9cd9c54 nginx 0.7.2 Igor Sysoev <http://sysoev.ru> parents: 378 diff changeset	554 0x9B, 0xE6, 0x77, 0x80, 0x60, 0xE9, 0x1A, 0x92, 0xA7, 0x57, 0xE3, 0x04,
bc21d9cd9c54 nginx 0.7.2 Igor Sysoev <http://sysoev.ru> parents: 378 diff changeset	555 0x8F, 0x68, 0xB0, 0x76, 0xF7, 0xD3, 0x6C, 0xC8, 0xF2, 0x9B, 0xA5, 0xDF,
bc21d9cd9c54 nginx 0.7.2 Igor Sysoev <http://sysoev.ru> parents: 378 diff changeset	556 0x81, 0xDC, 0x2C, 0xA7, 0x25, 0xEC, 0xE6, 0x62, 0x70, 0xCC, 0x9A, 0x50,
bc21d9cd9c54 nginx 0.7.2 Igor Sysoev <http://sysoev.ru> parents: 378 diff changeset	557 0x35, 0xD8, 0xCE, 0xCE, 0xEF, 0x9E, 0xA0, 0x27, 0x4A, 0x63, 0xAB, 0x1E,
bc21d9cd9c54 nginx 0.7.2 Igor Sysoev <http://sysoev.ru> parents: 378 diff changeset	558 0x58, 0xFA, 0xFD, 0x49, 0x88, 0xD0, 0xF6, 0x5D, 0x14, 0x67, 0x57, 0xDA,
bc21d9cd9c54 nginx 0.7.2 Igor Sysoev <http://sysoev.ru> parents: 378 diff changeset	559 0x07, 0x1D, 0xF0, 0x45, 0xCF, 0xE1, 0x6B, 0x9B
bc21d9cd9c54 nginx 0.7.2 Igor Sysoev <http://sysoev.ru> parents: 378 diff changeset	560 };
bc21d9cd9c54 nginx 0.7.2 Igor Sysoev <http://sysoev.ru> parents: 378 diff changeset	561
bc21d9cd9c54 nginx 0.7.2 Igor Sysoev <http://sysoev.ru> parents: 378 diff changeset	562 static unsigned char dh1024_g[] = { 0x02 };
bc21d9cd9c54 nginx 0.7.2 Igor Sysoev <http://sysoev.ru> parents: 378 diff changeset	563
bc21d9cd9c54 nginx 0.7.2 Igor Sysoev <http://sysoev.ru> parents: 378 diff changeset	564
bc21d9cd9c54 nginx 0.7.2 Igor Sysoev <http://sysoev.ru> parents: 378 diff changeset	565 if (file->len == 0) {
bc21d9cd9c54 nginx 0.7.2 Igor Sysoev <http://sysoev.ru> parents: 378 diff changeset	566
bc21d9cd9c54 nginx 0.7.2 Igor Sysoev <http://sysoev.ru> parents: 378 diff changeset	567 dh = DH_new();
bc21d9cd9c54 nginx 0.7.2 Igor Sysoev <http://sysoev.ru> parents: 378 diff changeset	568 if (dh == NULL) {
bc21d9cd9c54 nginx 0.7.2 Igor Sysoev <http://sysoev.ru> parents: 378 diff changeset	569 ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0, "DH_new() failed");
bc21d9cd9c54 nginx 0.7.2 Igor Sysoev <http://sysoev.ru> parents: 378 diff changeset	570 return NGX_ERROR;
bc21d9cd9c54 nginx 0.7.2 Igor Sysoev <http://sysoev.ru> parents: 378 diff changeset	571 }
bc21d9cd9c54 nginx 0.7.2 Igor Sysoev <http://sysoev.ru> parents: 378 diff changeset	572
bc21d9cd9c54 nginx 0.7.2 Igor Sysoev <http://sysoev.ru> parents: 378 diff changeset	573 dh->p = BN_bin2bn(dh1024_p, sizeof(dh1024_p), NULL);
bc21d9cd9c54 nginx 0.7.2 Igor Sysoev <http://sysoev.ru> parents: 378 diff changeset	574 dh->g = BN_bin2bn(dh1024_g, sizeof(dh1024_g), NULL);
bc21d9cd9c54 nginx 0.7.2 Igor Sysoev <http://sysoev.ru> parents: 378 diff changeset	575
bc21d9cd9c54 nginx 0.7.2 Igor Sysoev <http://sysoev.ru> parents: 378 diff changeset	576 if (dh->p == NULL \|\| dh->g == NULL) {
bc21d9cd9c54 nginx 0.7.2 Igor Sysoev <http://sysoev.ru> parents: 378 diff changeset	577 ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0, "BN_bin2bn() failed");
bc21d9cd9c54 nginx 0.7.2 Igor Sysoev <http://sysoev.ru> parents: 378 diff changeset	578 DH_free(dh);
bc21d9cd9c54 nginx 0.7.2 Igor Sysoev <http://sysoev.ru> parents: 378 diff changeset	579 return NGX_ERROR;
bc21d9cd9c54 nginx 0.7.2 Igor Sysoev <http://sysoev.ru> parents: 378 diff changeset	580 }
bc21d9cd9c54 nginx 0.7.2 Igor Sysoev <http://sysoev.ru> parents: 378 diff changeset	581
bc21d9cd9c54 nginx 0.7.2 Igor Sysoev <http://sysoev.ru> parents: 378 diff changeset	582 SSL_CTX_set_tmp_dh(ssl->ctx, dh);
bc21d9cd9c54 nginx 0.7.2 Igor Sysoev <http://sysoev.ru> parents: 378 diff changeset	583
bc21d9cd9c54 nginx 0.7.2 Igor Sysoev <http://sysoev.ru> parents: 378 diff changeset	584 DH_free(dh);
bc21d9cd9c54 nginx 0.7.2 Igor Sysoev <http://sysoev.ru> parents: 378 diff changeset	585
bc21d9cd9c54 nginx 0.7.2 Igor Sysoev <http://sysoev.ru> parents: 378 diff changeset	586 return NGX_OK;
bc21d9cd9c54 nginx 0.7.2 Igor Sysoev <http://sysoev.ru> parents: 378 diff changeset	587 }
bc21d9cd9c54 nginx 0.7.2 Igor Sysoev <http://sysoev.ru> parents: 378 diff changeset	588
454 a8424ffa495c nginx 0.7.39 Igor Sysoev <http://sysoev.ru> parents: 446 diff changeset	589 if (ngx_conf_full_name(cf->cycle, file, 1) != NGX_OK) {
380 bc21d9cd9c54 nginx 0.7.2 Igor Sysoev <http://sysoev.ru> parents: 378 diff changeset	590 return NGX_ERROR;
bc21d9cd9c54 nginx 0.7.2 Igor Sysoev <http://sysoev.ru> parents: 378 diff changeset	591 }
bc21d9cd9c54 nginx 0.7.2 Igor Sysoev <http://sysoev.ru> parents: 378 diff changeset	592
bc21d9cd9c54 nginx 0.7.2 Igor Sysoev <http://sysoev.ru> parents: 378 diff changeset	593 bio = BIO_new_file((char *) file->data, "r");
bc21d9cd9c54 nginx 0.7.2 Igor Sysoev <http://sysoev.ru> parents: 378 diff changeset	594 if (bio == NULL) {
bc21d9cd9c54 nginx 0.7.2 Igor Sysoev <http://sysoev.ru> parents: 378 diff changeset	595 ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0,
bc21d9cd9c54 nginx 0.7.2 Igor Sysoev <http://sysoev.ru> parents: 378 diff changeset	596 "BIO_new_file(\"%s\") failed", file->data);
bc21d9cd9c54 nginx 0.7.2 Igor Sysoev <http://sysoev.ru> parents: 378 diff changeset	597 return NGX_ERROR;
bc21d9cd9c54 nginx 0.7.2 Igor Sysoev <http://sysoev.ru> parents: 378 diff changeset	598 }
bc21d9cd9c54 nginx 0.7.2 Igor Sysoev <http://sysoev.ru> parents: 378 diff changeset	599
bc21d9cd9c54 nginx 0.7.2 Igor Sysoev <http://sysoev.ru> parents: 378 diff changeset	600 dh = PEM_read_bio_DHparams(bio, NULL, NULL, NULL);
bc21d9cd9c54 nginx 0.7.2 Igor Sysoev <http://sysoev.ru> parents: 378 diff changeset	601 if (dh == NULL) {
bc21d9cd9c54 nginx 0.7.2 Igor Sysoev <http://sysoev.ru> parents: 378 diff changeset	602 ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0,
bc21d9cd9c54 nginx 0.7.2 Igor Sysoev <http://sysoev.ru> parents: 378 diff changeset	603 "PEM_read_bio_DHparams(\"%s\") failed", file->data);
bc21d9cd9c54 nginx 0.7.2 Igor Sysoev <http://sysoev.ru> parents: 378 diff changeset	604 BIO_free(bio);
bc21d9cd9c54 nginx 0.7.2 Igor Sysoev <http://sysoev.ru> parents: 378 diff changeset	605 return NGX_ERROR;
bc21d9cd9c54 nginx 0.7.2 Igor Sysoev <http://sysoev.ru> parents: 378 diff changeset	606 }
bc21d9cd9c54 nginx 0.7.2 Igor Sysoev <http://sysoev.ru> parents: 378 diff changeset	607
bc21d9cd9c54 nginx 0.7.2 Igor Sysoev <http://sysoev.ru> parents: 378 diff changeset	608 SSL_CTX_set_tmp_dh(ssl->ctx, dh);
bc21d9cd9c54 nginx 0.7.2 Igor Sysoev <http://sysoev.ru> parents: 378 diff changeset	609
bc21d9cd9c54 nginx 0.7.2 Igor Sysoev <http://sysoev.ru> parents: 378 diff changeset	610 DH_free(dh);
bc21d9cd9c54 nginx 0.7.2 Igor Sysoev <http://sysoev.ru> parents: 378 diff changeset	611 BIO_free(bio);
bc21d9cd9c54 nginx 0.7.2 Igor Sysoev <http://sysoev.ru> parents: 378 diff changeset	612
bc21d9cd9c54 nginx 0.7.2 Igor Sysoev <http://sysoev.ru> parents: 378 diff changeset	613 return NGX_OK;
bc21d9cd9c54 nginx 0.7.2 Igor Sysoev <http://sysoev.ru> parents: 378 diff changeset	614 }
bc21d9cd9c54 nginx 0.7.2 Igor Sysoev <http://sysoev.ru> parents: 378 diff changeset	615
666 bf8b55a5ac89 nginx 1.1.17 Igor Sysoev <http://sysoev.ru> parents: 664 diff changeset	616
632 5b73504dd4ba nginx 1.1.0 Igor Sysoev <http://sysoev.ru> parents: 612 diff changeset	617 ngx_int_t
5b73504dd4ba nginx 1.1.0 Igor Sysoev <http://sysoev.ru> parents: 612 diff changeset	618 ngx_ssl_ecdh_curve(ngx_conf_t cf, ngx_ssl_t ssl, ngx_str_t *name)
5b73504dd4ba nginx 1.1.0 Igor Sysoev <http://sysoev.ru> parents: 612 diff changeset	619 {
5b73504dd4ba nginx 1.1.0 Igor Sysoev <http://sysoev.ru> parents: 612 diff changeset	620 #if OPENSSL_VERSION_NUMBER >= 0x0090800fL
5b73504dd4ba nginx 1.1.0 Igor Sysoev <http://sysoev.ru> parents: 612 diff changeset	621 #ifndef OPENSSL_NO_ECDH
5b73504dd4ba nginx 1.1.0 Igor Sysoev <http://sysoev.ru> parents: 612 diff changeset	622 int nid;
5b73504dd4ba nginx 1.1.0 Igor Sysoev <http://sysoev.ru> parents: 612 diff changeset	623 EC_KEY *ecdh;
5b73504dd4ba nginx 1.1.0 Igor Sysoev <http://sysoev.ru> parents: 612 diff changeset	624
5b73504dd4ba nginx 1.1.0 Igor Sysoev <http://sysoev.ru> parents: 612 diff changeset	625 /*
5b73504dd4ba nginx 1.1.0 Igor Sysoev <http://sysoev.ru> parents: 612 diff changeset	626 * Elliptic-Curve Diffie-Hellman parameters are either "named curves"
670 ad45b044f1e5 nginx 1.1.19 Igor Sysoev <http://sysoev.ru> parents: 666 diff changeset	627 * from RFC 4492 section 5.1.1, or explicitly described curves over
632 5b73504dd4ba nginx 1.1.0 Igor Sysoev <http://sysoev.ru> parents: 612 diff changeset	628 * binary fields. OpenSSL only supports the "named curves", which provide
5b73504dd4ba nginx 1.1.0 Igor Sysoev <http://sysoev.ru> parents: 612 diff changeset	629 * maximum interoperability.
5b73504dd4ba nginx 1.1.0 Igor Sysoev <http://sysoev.ru> parents: 612 diff changeset	630 */
5b73504dd4ba nginx 1.1.0 Igor Sysoev <http://sysoev.ru> parents: 612 diff changeset	631
5b73504dd4ba nginx 1.1.0 Igor Sysoev <http://sysoev.ru> parents: 612 diff changeset	632 nid = OBJ_sn2nid((const char *) name->data);
5b73504dd4ba nginx 1.1.0 Igor Sysoev <http://sysoev.ru> parents: 612 diff changeset	633 if (nid == 0) {
5b73504dd4ba nginx 1.1.0 Igor Sysoev <http://sysoev.ru> parents: 612 diff changeset	634 ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0,
5b73504dd4ba nginx 1.1.0 Igor Sysoev <http://sysoev.ru> parents: 612 diff changeset	635 "Unknown curve name \"%s\"", name->data);
5b73504dd4ba nginx 1.1.0 Igor Sysoev <http://sysoev.ru> parents: 612 diff changeset	636 return NGX_ERROR;
5b73504dd4ba nginx 1.1.0 Igor Sysoev <http://sysoev.ru> parents: 612 diff changeset	637 }
5b73504dd4ba nginx 1.1.0 Igor Sysoev <http://sysoev.ru> parents: 612 diff changeset	638
5b73504dd4ba nginx 1.1.0 Igor Sysoev <http://sysoev.ru> parents: 612 diff changeset	639 ecdh = EC_KEY_new_by_curve_name(nid);
5b73504dd4ba nginx 1.1.0 Igor Sysoev <http://sysoev.ru> parents: 612 diff changeset	640 if (ecdh == NULL) {
5b73504dd4ba nginx 1.1.0 Igor Sysoev <http://sysoev.ru> parents: 612 diff changeset	641 ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0,
5b73504dd4ba nginx 1.1.0 Igor Sysoev <http://sysoev.ru> parents: 612 diff changeset	642 "Unable to create curve \"%s\"", name->data);
5b73504dd4ba nginx 1.1.0 Igor Sysoev <http://sysoev.ru> parents: 612 diff changeset	643 return NGX_ERROR;
5b73504dd4ba nginx 1.1.0 Igor Sysoev <http://sysoev.ru> parents: 612 diff changeset	644 }
5b73504dd4ba nginx 1.1.0 Igor Sysoev <http://sysoev.ru> parents: 612 diff changeset	645
5b73504dd4ba nginx 1.1.0 Igor Sysoev <http://sysoev.ru> parents: 612 diff changeset	646 SSL_CTX_set_tmp_ecdh(ssl->ctx, ecdh);
5b73504dd4ba nginx 1.1.0 Igor Sysoev <http://sysoev.ru> parents: 612 diff changeset	647
5b73504dd4ba nginx 1.1.0 Igor Sysoev <http://sysoev.ru> parents: 612 diff changeset	648 SSL_CTX_set_options(ssl->ctx, SSL_OP_SINGLE_ECDH_USE);
5b73504dd4ba nginx 1.1.0 Igor Sysoev <http://sysoev.ru> parents: 612 diff changeset	649
5b73504dd4ba nginx 1.1.0 Igor Sysoev <http://sysoev.ru> parents: 612 diff changeset	650 EC_KEY_free(ecdh);
5b73504dd4ba nginx 1.1.0 Igor Sysoev <http://sysoev.ru> parents: 612 diff changeset	651 #endif
5b73504dd4ba nginx 1.1.0 Igor Sysoev <http://sysoev.ru> parents: 612 diff changeset	652 #endif
5b73504dd4ba nginx 1.1.0 Igor Sysoev <http://sysoev.ru> parents: 612 diff changeset	653
5b73504dd4ba nginx 1.1.0 Igor Sysoev <http://sysoev.ru> parents: 612 diff changeset	654 return NGX_OK;
5b73504dd4ba nginx 1.1.0 Igor Sysoev <http://sysoev.ru> parents: 612 diff changeset	655 }
380 bc21d9cd9c54 nginx 0.7.2 Igor Sysoev <http://sysoev.ru> parents: 378 diff changeset	656
666 bf8b55a5ac89 nginx 1.1.17 Igor Sysoev <http://sysoev.ru> parents: 664 diff changeset	657
380 bc21d9cd9c54 nginx 0.7.2 Igor Sysoev <http://sysoev.ru> parents: 378 diff changeset	658 ngx_int_t
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	659 ngx_ssl_create_connection(ngx_ssl_t ssl, ngx_connection_t c, ngx_uint_t flags)
126 df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	660 {
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	661 ngx_ssl_connection_t *sc;
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	662
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	663 sc = ngx_pcalloc(c->pool, sizeof(ngx_ssl_connection_t));
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	664 if (sc == NULL) {
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	665 return NGX_ERROR;
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	666 }
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	667
358 9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	668 sc->buffer = ((flags & NGX_SSL_BUFFER) != 0);
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	669
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	670 sc->connection = SSL_new(ssl->ctx);
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	671
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	672 if (sc->connection == NULL) {
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	673 ngx_ssl_error(NGX_LOG_ALERT, c->log, 0, "SSL_new() failed");
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	674 return NGX_ERROR;
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	675 }
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	676
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	677 if (SSL_set_fd(sc->connection, c->fd) == 0) {
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	678 ngx_ssl_error(NGX_LOG_ALERT, c->log, 0, "SSL_set_fd() failed");
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	679 return NGX_ERROR;
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	680 }
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	681
126 df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	682 if (flags & NGX_SSL_CLIENT) {
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	683 SSL_set_connect_state(sc->connection);
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	684
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	685 } else {
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	686 SSL_set_accept_state(sc->connection);
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	687 }
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	688
272 29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	689 if (SSL_set_ex_data(sc->connection, ngx_ssl_connection_index, c) == 0) {
220 559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	690 ngx_ssl_error(NGX_LOG_ALERT, c->log, 0, "SSL_set_ex_data() failed");
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	691 return NGX_ERROR;
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	692 }
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	693
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	694 c->ssl = sc;
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	695
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	696 return NGX_OK;
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	697 }
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	698
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	699
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	700 ngx_int_t
126 df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	701 ngx_ssl_set_session(ngx_connection_t c, ngx_ssl_session_t session)
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	702 {
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	703 if (session) {
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	704 if (SSL_set_session(c->ssl->connection, session) == 0) {
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	705 ngx_ssl_error(NGX_LOG_ALERT, c->log, 0, "SSL_set_session() failed");
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	706 return NGX_ERROR;
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	707 }
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	708 }
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	709
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	710 return NGX_OK;
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	711 }
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	712
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	713
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	714 ngx_int_t
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	715 ngx_ssl_handshake(ngx_connection_t *c)
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	716 {
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	717 int n, sslerr;
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	718 ngx_err_t err;
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	719
358 9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	720 ngx_ssl_clear_error(c->log);
9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	721
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	722 n = SSL_do_handshake(c->ssl->connection);
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	723
126 df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	724 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL_do_handshake: %d", n);
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	725
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	726 if (n == 1) {
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	727
430 dac47e9ef0d5 nginx 0.7.27 Igor Sysoev <http://sysoev.ru> parents: 420 diff changeset	728 if (ngx_handle_read_event(c->read, 0) != NGX_OK) {
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	729 return NGX_ERROR;
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	730 }
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	731
430 dac47e9ef0d5 nginx 0.7.27 Igor Sysoev <http://sysoev.ru> parents: 420 diff changeset	732 if (ngx_handle_write_event(c->write, 0) != NGX_OK) {
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	733 return NGX_ERROR;
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	734 }
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	735
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	736 #if (NGX_DEBUG)
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	737 {
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	738 char buf[129], s, d;
612 ce857f6b74a7 nginx 0.9.4 Igor Sysoev <http://sysoev.ru> parents: 608 diff changeset	739 #if OPENSSL_VERSION_NUMBER >= 0x10000000L
566 be4f34123024 nginx 0.8.35 Igor Sysoev <http://sysoev.ru> parents: 564 diff changeset	740 const
be4f34123024 nginx 0.8.35 Igor Sysoev <http://sysoev.ru> parents: 564 diff changeset	741 #endif
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	742 SSL_CIPHER *cipher;
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	743
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	744 cipher = SSL_get_current_cipher(c->ssl->connection);
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	745
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	746 if (cipher) {
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	747 SSL_CIPHER_description(cipher, &buf[1], 128);
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	748
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	749 for (s = &buf[1], d = buf; *s; s++) {
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	750 if (s == ' ' && d == ' ') {
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	751 continue;
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	752 }
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	753
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	754 if (s == LF \|\| s == CR) {
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	755 continue;
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	756 }
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	757
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	758 ++d = s;
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	759 }
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	760
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	761 if (*d != ' ') {
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	762 d++;
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	763 }
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	764
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	765 *d = '\0';
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	766
132 91372f004adf nginx 0.3.13 Igor Sysoev <http://sysoev.ru> parents: 126 diff changeset	767 ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0,
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	768 "SSL: %s, cipher: \"%s\"",
126 df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	769 SSL_get_version(c->ssl->connection), &buf[1]);
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	770
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	771 if (SSL_session_reused(c->ssl->connection)) {
132 91372f004adf nginx 0.3.13 Igor Sysoev <http://sysoev.ru> parents: 126 diff changeset	772 ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0,
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	773 "SSL reused session");
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	774 }
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	775
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	776 } else {
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	777 ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0,
126 df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	778 "SSL no shared ciphers");
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	779 }
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	780 }
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	781 #endif
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	782
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	783 c->ssl->handshaked = 1;
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	784
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	785 c->recv = ngx_ssl_recv;
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	786 c->send = ngx_ssl_write;
126 df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	787 c->recv_chain = ngx_ssl_recv_chain;
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	788 c->send_chain = ngx_ssl_send_chain;
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	789
542 2b9e388c61f1 nginx 0.8.23 Igor Sysoev <http://sysoev.ru> parents: 540 diff changeset	790 /* initial handshake done, disable renegotiation (CVE-2009-3555) */
2b9e388c61f1 nginx 0.8.23 Igor Sysoev <http://sysoev.ru> parents: 540 diff changeset	791 if (c->ssl->connection->s3) {
2b9e388c61f1 nginx 0.8.23 Igor Sysoev <http://sysoev.ru> parents: 540 diff changeset	792 c->ssl->connection->s3->flags \|= SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS;
2b9e388c61f1 nginx 0.8.23 Igor Sysoev <http://sysoev.ru> parents: 540 diff changeset	793 }
2b9e388c61f1 nginx 0.8.23 Igor Sysoev <http://sysoev.ru> parents: 540 diff changeset	794
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	795 return NGX_OK;
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	796 }
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	797
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	798 sslerr = SSL_get_error(c->ssl->connection, n);
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	799
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	800 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL_get_error: %d", sslerr);
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	801
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	802 if (sslerr == SSL_ERROR_WANT_READ) {
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	803 c->read->ready = 0;
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	804 c->read->handler = ngx_ssl_handshake_handler;
140 55a211e5eeb7 nginx 0.3.17 Igor Sysoev <http://sysoev.ru> parents: 138 diff changeset	805 c->write->handler = ngx_ssl_handshake_handler;
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	806
430 dac47e9ef0d5 nginx 0.7.27 Igor Sysoev <http://sysoev.ru> parents: 420 diff changeset	807 if (ngx_handle_read_event(c->read, 0) != NGX_OK) {
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	808 return NGX_ERROR;
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	809 }
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	810
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	811 return NGX_AGAIN;
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	812 }
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	813
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	814 if (sslerr == SSL_ERROR_WANT_WRITE) {
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	815 c->write->ready = 0;
140 55a211e5eeb7 nginx 0.3.17 Igor Sysoev <http://sysoev.ru> parents: 138 diff changeset	816 c->read->handler = ngx_ssl_handshake_handler;
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	817 c->write->handler = ngx_ssl_handshake_handler;
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	818
430 dac47e9ef0d5 nginx 0.7.27 Igor Sysoev <http://sysoev.ru> parents: 420 diff changeset	819 if (ngx_handle_write_event(c->write, 0) != NGX_OK) {
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	820 return NGX_ERROR;
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	821 }
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	822
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	823 return NGX_AGAIN;
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	824 }
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	825
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	826 err = (sslerr == SSL_ERROR_SYSCALL) ? ngx_errno : 0;
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	827
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	828 c->ssl->no_wait_shutdown = 1;
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	829 c->ssl->no_send_shutdown = 1;
140 55a211e5eeb7 nginx 0.3.17 Igor Sysoev <http://sysoev.ru> parents: 138 diff changeset	830 c->read->eof = 1;
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	831
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	832 if (sslerr == SSL_ERROR_ZERO_RETURN \|\| ERR_peek_error() == 0) {
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	833 ngx_log_error(NGX_LOG_INFO, c->log, err,
126 df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	834 "peer closed connection in SSL handshake");
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	835
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	836 return NGX_ERROR;
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	837 }
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	838
140 55a211e5eeb7 nginx 0.3.17 Igor Sysoev <http://sysoev.ru> parents: 138 diff changeset	839 c->read->error = 1;
55a211e5eeb7 nginx 0.3.17 Igor Sysoev <http://sysoev.ru> parents: 138 diff changeset	840
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	841 ngx_ssl_connection_error(c, sslerr, err, "SSL_do_handshake() failed");
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	842
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	843 return NGX_ERROR;
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	844 }
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	845
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	846
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	847 static void
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	848 ngx_ssl_handshake_handler(ngx_event_t *ev)
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	849 {
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	850 ngx_connection_t *c;
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	851
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	852 c = ev->data;
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	853
98 8bf57caa374a nginx 0.2.3 Igor Sysoev <http://sysoev.ru> parents: 96 diff changeset	854 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0,
126 df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	855 "SSL handshake handler: %d", ev->write);
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	856
140 55a211e5eeb7 nginx 0.3.17 Igor Sysoev <http://sysoev.ru> parents: 138 diff changeset	857 if (ev->timedout) {
55a211e5eeb7 nginx 0.3.17 Igor Sysoev <http://sysoev.ru> parents: 138 diff changeset	858 c->ssl->handler(c);
55a211e5eeb7 nginx 0.3.17 Igor Sysoev <http://sysoev.ru> parents: 138 diff changeset	859 return;
55a211e5eeb7 nginx 0.3.17 Igor Sysoev <http://sysoev.ru> parents: 138 diff changeset	860 }
55a211e5eeb7 nginx 0.3.17 Igor Sysoev <http://sysoev.ru> parents: 138 diff changeset	861
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	862 if (ngx_ssl_handshake(c) == NGX_AGAIN) {
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	863 return;
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	864 }
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	865
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	866 c->ssl->handler(c);
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	867 }
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	868
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	869
38 2879cd3a40cb nginx 0.1.19 Igor Sysoev <http://sysoev.ru> parents: 28 diff changeset	870 ssize_t
126 df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	871 ngx_ssl_recv_chain(ngx_connection_t c, ngx_chain_t cl)
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	872 {
294 27d9d1f26b38 nginx 0.5.17 Igor Sysoev <http://sysoev.ru> parents: 276 diff changeset	873 u_char *last;
126 df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	874 ssize_t n, bytes;
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	875 ngx_buf_t *b;
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	876
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	877 bytes = 0;
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	878
294 27d9d1f26b38 nginx 0.5.17 Igor Sysoev <http://sysoev.ru> parents: 276 diff changeset	879 b = cl->buf;
27d9d1f26b38 nginx 0.5.17 Igor Sysoev <http://sysoev.ru> parents: 276 diff changeset	880 last = b->last;
27d9d1f26b38 nginx 0.5.17 Igor Sysoev <http://sysoev.ru> parents: 276 diff changeset	881
27d9d1f26b38 nginx 0.5.17 Igor Sysoev <http://sysoev.ru> parents: 276 diff changeset	882 for ( ;; ) {
27d9d1f26b38 nginx 0.5.17 Igor Sysoev <http://sysoev.ru> parents: 276 diff changeset	883
27d9d1f26b38 nginx 0.5.17 Igor Sysoev <http://sysoev.ru> parents: 276 diff changeset	884 n = ngx_ssl_recv(c, last, b->end - last);
126 df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	885
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	886 if (n > 0) {
294 27d9d1f26b38 nginx 0.5.17 Igor Sysoev <http://sysoev.ru> parents: 276 diff changeset	887 last += n;
126 df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	888 bytes += n;
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	889
294 27d9d1f26b38 nginx 0.5.17 Igor Sysoev <http://sysoev.ru> parents: 276 diff changeset	890 if (last == b->end) {
126 df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	891 cl = cl->next;
294 27d9d1f26b38 nginx 0.5.17 Igor Sysoev <http://sysoev.ru> parents: 276 diff changeset	892
27d9d1f26b38 nginx 0.5.17 Igor Sysoev <http://sysoev.ru> parents: 276 diff changeset	893 if (cl == NULL) {
27d9d1f26b38 nginx 0.5.17 Igor Sysoev <http://sysoev.ru> parents: 276 diff changeset	894 return bytes;
27d9d1f26b38 nginx 0.5.17 Igor Sysoev <http://sysoev.ru> parents: 276 diff changeset	895 }
27d9d1f26b38 nginx 0.5.17 Igor Sysoev <http://sysoev.ru> parents: 276 diff changeset	896
27d9d1f26b38 nginx 0.5.17 Igor Sysoev <http://sysoev.ru> parents: 276 diff changeset	897 b = cl->buf;
27d9d1f26b38 nginx 0.5.17 Igor Sysoev <http://sysoev.ru> parents: 276 diff changeset	898 last = b->last;
126 df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	899 }
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	900
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	901 continue;
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	902 }
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	903
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	904 if (bytes) {
382 984bb0b1399b nginx 0.7.3 Igor Sysoev <http://sysoev.ru> parents: 380 diff changeset	905
984bb0b1399b nginx 0.7.3 Igor Sysoev <http://sysoev.ru> parents: 380 diff changeset	906 if (n == 0 \|\| n == NGX_ERROR) {
984bb0b1399b nginx 0.7.3 Igor Sysoev <http://sysoev.ru> parents: 380 diff changeset	907 c->read->ready = 1;
984bb0b1399b nginx 0.7.3 Igor Sysoev <http://sysoev.ru> parents: 380 diff changeset	908 }
984bb0b1399b nginx 0.7.3 Igor Sysoev <http://sysoev.ru> parents: 380 diff changeset	909
126 df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	910 return bytes;
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	911 }
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	912
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	913 return n;
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	914 }
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	915 }
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	916
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	917
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	918 ssize_t
38 2879cd3a40cb nginx 0.1.19 Igor Sysoev <http://sysoev.ru> parents: 28 diff changeset	919 ngx_ssl_recv(ngx_connection_t c, u_char buf, size_t size)
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	920 {
38 2879cd3a40cb nginx 0.1.19 Igor Sysoev <http://sysoev.ru> parents: 28 diff changeset	921 int n, bytes;
2879cd3a40cb nginx 0.1.19 Igor Sysoev <http://sysoev.ru> parents: 28 diff changeset	922
2879cd3a40cb nginx 0.1.19 Igor Sysoev <http://sysoev.ru> parents: 28 diff changeset	923 if (c->ssl->last == NGX_ERROR) {
330 5e3b425174f6 nginx 0.6.9 Igor Sysoev <http://sysoev.ru> parents: 324 diff changeset	924 c->read->error = 1;
38 2879cd3a40cb nginx 0.1.19 Igor Sysoev <http://sysoev.ru> parents: 28 diff changeset	925 return NGX_ERROR;
2879cd3a40cb nginx 0.1.19 Igor Sysoev <http://sysoev.ru> parents: 28 diff changeset	926 }
2879cd3a40cb nginx 0.1.19 Igor Sysoev <http://sysoev.ru> parents: 28 diff changeset	927
126 df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	928 if (c->ssl->last == NGX_DONE) {
330 5e3b425174f6 nginx 0.6.9 Igor Sysoev <http://sysoev.ru> parents: 324 diff changeset	929 c->read->ready = 0;
5e3b425174f6 nginx 0.6.9 Igor Sysoev <http://sysoev.ru> parents: 324 diff changeset	930 c->read->eof = 1;
126 df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	931 return 0;
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	932 }
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	933
38 2879cd3a40cb nginx 0.1.19 Igor Sysoev <http://sysoev.ru> parents: 28 diff changeset	934 bytes = 0;
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	935
358 9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	936 ngx_ssl_clear_error(c->log);
9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	937
38 2879cd3a40cb nginx 0.1.19 Igor Sysoev <http://sysoev.ru> parents: 28 diff changeset	938 /*
2879cd3a40cb nginx 0.1.19 Igor Sysoev <http://sysoev.ru> parents: 28 diff changeset	939 * SSL_read() may return data in parts, so try to read
2879cd3a40cb nginx 0.1.19 Igor Sysoev <http://sysoev.ru> parents: 28 diff changeset	940 * until SSL_read() would return no data
2879cd3a40cb nginx 0.1.19 Igor Sysoev <http://sysoev.ru> parents: 28 diff changeset	941 */
2879cd3a40cb nginx 0.1.19 Igor Sysoev <http://sysoev.ru> parents: 28 diff changeset	942
2879cd3a40cb nginx 0.1.19 Igor Sysoev <http://sysoev.ru> parents: 28 diff changeset	943 for ( ;; ) {
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	944
92 45945fa8b8ba nginx 0.2.0 Igor Sysoev <http://sysoev.ru> parents: 90 diff changeset	945 n = SSL_read(c->ssl->connection, buf, size);
38 2879cd3a40cb nginx 0.1.19 Igor Sysoev <http://sysoev.ru> parents: 28 diff changeset	946
126 df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	947 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL_read: %d", n);
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	948
38 2879cd3a40cb nginx 0.1.19 Igor Sysoev <http://sysoev.ru> parents: 28 diff changeset	949 if (n > 0) {
2879cd3a40cb nginx 0.1.19 Igor Sysoev <http://sysoev.ru> parents: 28 diff changeset	950 bytes += n;
2879cd3a40cb nginx 0.1.19 Igor Sysoev <http://sysoev.ru> parents: 28 diff changeset	951 }
2879cd3a40cb nginx 0.1.19 Igor Sysoev <http://sysoev.ru> parents: 28 diff changeset	952
2879cd3a40cb nginx 0.1.19 Igor Sysoev <http://sysoev.ru> parents: 28 diff changeset	953 c->ssl->last = ngx_ssl_handle_recv(c, n);
2879cd3a40cb nginx 0.1.19 Igor Sysoev <http://sysoev.ru> parents: 28 diff changeset	954
330 5e3b425174f6 nginx 0.6.9 Igor Sysoev <http://sysoev.ru> parents: 324 diff changeset	955 if (c->ssl->last == NGX_OK) {
5e3b425174f6 nginx 0.6.9 Igor Sysoev <http://sysoev.ru> parents: 324 diff changeset	956
5e3b425174f6 nginx 0.6.9 Igor Sysoev <http://sysoev.ru> parents: 324 diff changeset	957 size -= n;
5e3b425174f6 nginx 0.6.9 Igor Sysoev <http://sysoev.ru> parents: 324 diff changeset	958
5e3b425174f6 nginx 0.6.9 Igor Sysoev <http://sysoev.ru> parents: 324 diff changeset	959 if (size == 0) {
38 2879cd3a40cb nginx 0.1.19 Igor Sysoev <http://sysoev.ru> parents: 28 diff changeset	960 return bytes;
126 df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	961 }
38 2879cd3a40cb nginx 0.1.19 Igor Sysoev <http://sysoev.ru> parents: 28 diff changeset	962
330 5e3b425174f6 nginx 0.6.9 Igor Sysoev <http://sysoev.ru> parents: 324 diff changeset	963 buf += n;
5e3b425174f6 nginx 0.6.9 Igor Sysoev <http://sysoev.ru> parents: 324 diff changeset	964
5e3b425174f6 nginx 0.6.9 Igor Sysoev <http://sysoev.ru> parents: 324 diff changeset	965 continue;
5e3b425174f6 nginx 0.6.9 Igor Sysoev <http://sysoev.ru> parents: 324 diff changeset	966 }
5e3b425174f6 nginx 0.6.9 Igor Sysoev <http://sysoev.ru> parents: 324 diff changeset	967
5e3b425174f6 nginx 0.6.9 Igor Sysoev <http://sysoev.ru> parents: 324 diff changeset	968 if (bytes) {
5e3b425174f6 nginx 0.6.9 Igor Sysoev <http://sysoev.ru> parents: 324 diff changeset	969 return bytes;
5e3b425174f6 nginx 0.6.9 Igor Sysoev <http://sysoev.ru> parents: 324 diff changeset	970 }
5e3b425174f6 nginx 0.6.9 Igor Sysoev <http://sysoev.ru> parents: 324 diff changeset	971
5e3b425174f6 nginx 0.6.9 Igor Sysoev <http://sysoev.ru> parents: 324 diff changeset	972 switch (c->ssl->last) {
5e3b425174f6 nginx 0.6.9 Igor Sysoev <http://sysoev.ru> parents: 324 diff changeset	973
5e3b425174f6 nginx 0.6.9 Igor Sysoev <http://sysoev.ru> parents: 324 diff changeset	974 case NGX_DONE:
5e3b425174f6 nginx 0.6.9 Igor Sysoev <http://sysoev.ru> parents: 324 diff changeset	975 c->read->ready = 0;
5e3b425174f6 nginx 0.6.9 Igor Sysoev <http://sysoev.ru> parents: 324 diff changeset	976 c->read->eof = 1;
5e3b425174f6 nginx 0.6.9 Igor Sysoev <http://sysoev.ru> parents: 324 diff changeset	977 return 0;
5e3b425174f6 nginx 0.6.9 Igor Sysoev <http://sysoev.ru> parents: 324 diff changeset	978
5e3b425174f6 nginx 0.6.9 Igor Sysoev <http://sysoev.ru> parents: 324 diff changeset	979 case NGX_ERROR:
5e3b425174f6 nginx 0.6.9 Igor Sysoev <http://sysoev.ru> parents: 324 diff changeset	980 c->read->error = 1;
5e3b425174f6 nginx 0.6.9 Igor Sysoev <http://sysoev.ru> parents: 324 diff changeset	981
664 f5b859b2f097 nginx 1.1.16 Igor Sysoev <http://sysoev.ru> parents: 660 diff changeset	982 /* fall through */
330 5e3b425174f6 nginx 0.6.9 Igor Sysoev <http://sysoev.ru> parents: 324 diff changeset	983
5e3b425174f6 nginx 0.6.9 Igor Sysoev <http://sysoev.ru> parents: 324 diff changeset	984 case NGX_AGAIN:
126 df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	985 return c->ssl->last;
28 7ca9bdc82b3f nginx 0.1.14 Igor Sysoev <http://sysoev.ru> parents: 22 diff changeset	986 }
38 2879cd3a40cb nginx 0.1.19 Igor Sysoev <http://sysoev.ru> parents: 28 diff changeset	987 }
2879cd3a40cb nginx 0.1.19 Igor Sysoev <http://sysoev.ru> parents: 28 diff changeset	988 }
2879cd3a40cb nginx 0.1.19 Igor Sysoev <http://sysoev.ru> parents: 28 diff changeset	989
2879cd3a40cb nginx 0.1.19 Igor Sysoev <http://sysoev.ru> parents: 28 diff changeset	990
2879cd3a40cb nginx 0.1.19 Igor Sysoev <http://sysoev.ru> parents: 28 diff changeset	991 static ngx_int_t
2879cd3a40cb nginx 0.1.19 Igor Sysoev <http://sysoev.ru> parents: 28 diff changeset	992 ngx_ssl_handle_recv(ngx_connection_t *c, int n)
2879cd3a40cb nginx 0.1.19 Igor Sysoev <http://sysoev.ru> parents: 28 diff changeset	993 {
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	994 int sslerr;
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	995 ngx_err_t err;
38 2879cd3a40cb nginx 0.1.19 Igor Sysoev <http://sysoev.ru> parents: 28 diff changeset	996
542 2b9e388c61f1 nginx 0.8.23 Igor Sysoev <http://sysoev.ru> parents: 540 diff changeset	997 if (c->ssl->renegotiation) {
2b9e388c61f1 nginx 0.8.23 Igor Sysoev <http://sysoev.ru> parents: 540 diff changeset	998 /*
2b9e388c61f1 nginx 0.8.23 Igor Sysoev <http://sysoev.ru> parents: 540 diff changeset	999 * disable renegotiation (CVE-2009-3555):
2b9e388c61f1 nginx 0.8.23 Igor Sysoev <http://sysoev.ru> parents: 540 diff changeset	1000 * OpenSSL (at least up to 0.9.8l) does not handle disabled
2b9e388c61f1 nginx 0.8.23 Igor Sysoev <http://sysoev.ru> parents: 540 diff changeset	1001 * renegotiation gracefully, so drop connection here
2b9e388c61f1 nginx 0.8.23 Igor Sysoev <http://sysoev.ru> parents: 540 diff changeset	1002 */
2b9e388c61f1 nginx 0.8.23 Igor Sysoev <http://sysoev.ru> parents: 540 diff changeset	1003
2b9e388c61f1 nginx 0.8.23 Igor Sysoev <http://sysoev.ru> parents: 540 diff changeset	1004 ngx_log_error(NGX_LOG_NOTICE, c->log, 0, "SSL renegotiation disabled");
2b9e388c61f1 nginx 0.8.23 Igor Sysoev <http://sysoev.ru> parents: 540 diff changeset	1005
646 615b5ea36fc0 nginx 1.1.7 Igor Sysoev <http://sysoev.ru> parents: 644 diff changeset	1006 while (ERR_peek_error()) {
615b5ea36fc0 nginx 1.1.7 Igor Sysoev <http://sysoev.ru> parents: 644 diff changeset	1007 ngx_ssl_error(NGX_LOG_DEBUG, c->log, 0,
615b5ea36fc0 nginx 1.1.7 Igor Sysoev <http://sysoev.ru> parents: 644 diff changeset	1008 "ignoring stale global SSL error");
615b5ea36fc0 nginx 1.1.7 Igor Sysoev <http://sysoev.ru> parents: 644 diff changeset	1009 }
615b5ea36fc0 nginx 1.1.7 Igor Sysoev <http://sysoev.ru> parents: 644 diff changeset	1010
615b5ea36fc0 nginx 1.1.7 Igor Sysoev <http://sysoev.ru> parents: 644 diff changeset	1011 ERR_clear_error();
615b5ea36fc0 nginx 1.1.7 Igor Sysoev <http://sysoev.ru> parents: 644 diff changeset	1012
542 2b9e388c61f1 nginx 0.8.23 Igor Sysoev <http://sysoev.ru> parents: 540 diff changeset	1013 c->ssl->no_wait_shutdown = 1;
2b9e388c61f1 nginx 0.8.23 Igor Sysoev <http://sysoev.ru> parents: 540 diff changeset	1014 c->ssl->no_send_shutdown = 1;
2b9e388c61f1 nginx 0.8.23 Igor Sysoev <http://sysoev.ru> parents: 540 diff changeset	1015
2b9e388c61f1 nginx 0.8.23 Igor Sysoev <http://sysoev.ru> parents: 540 diff changeset	1016 return NGX_ERROR;
2b9e388c61f1 nginx 0.8.23 Igor Sysoev <http://sysoev.ru> parents: 540 diff changeset	1017 }
2b9e388c61f1 nginx 0.8.23 Igor Sysoev <http://sysoev.ru> parents: 540 diff changeset	1018
38 2879cd3a40cb nginx 0.1.19 Igor Sysoev <http://sysoev.ru> parents: 28 diff changeset	1019 if (n > 0) {
28 7ca9bdc82b3f nginx 0.1.14 Igor Sysoev <http://sysoev.ru> parents: 22 diff changeset	1020
22 8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	1021 if (c->ssl->saved_write_handler) {
8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	1022
58 b55cbf18157e nginx 0.1.29 Igor Sysoev <http://sysoev.ru> parents: 50 diff changeset	1023 c->write->handler = c->ssl->saved_write_handler;
22 8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	1024 c->ssl->saved_write_handler = NULL;
8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	1025 c->write->ready = 1;
8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	1026
430 dac47e9ef0d5 nginx 0.7.27 Igor Sysoev <http://sysoev.ru> parents: 420 diff changeset	1027 if (ngx_handle_write_event(c->write, 0) != NGX_OK) {
22 8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	1028 return NGX_ERROR;
8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	1029 }
8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	1030
112 408f195b3482 nginx 0.3.3 Igor Sysoev <http://sysoev.ru> parents: 108 diff changeset	1031 ngx_post_event(c->write, &ngx_posted_events);
22 8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	1032 }
8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	1033
38 2879cd3a40cb nginx 0.1.19 Igor Sysoev <http://sysoev.ru> parents: 28 diff changeset	1034 return NGX_OK;
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1035 }
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1036
92 45945fa8b8ba nginx 0.2.0 Igor Sysoev <http://sysoev.ru> parents: 90 diff changeset	1037 sslerr = SSL_get_error(c->ssl->connection, n);
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1038
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1039 err = (sslerr == SSL_ERROR_SYSCALL) ? ngx_errno : 0;
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1040
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1041 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL_get_error: %d", sslerr);
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1042
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1043 if (sslerr == SSL_ERROR_WANT_READ) {
4 4b2dafa26fe2 nginx 0.1.2 Igor Sysoev <http://sysoev.ru> parents: 2 diff changeset	1044 c->read->ready = 0;
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1045 return NGX_AGAIN;
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1046 }
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1047
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1048 if (sslerr == SSL_ERROR_WANT_WRITE) {
88 e916a291e9aa nginx 0.1.44 Igor Sysoev <http://sysoev.ru> parents: 62 diff changeset	1049
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	1050 ngx_log_error(NGX_LOG_INFO, c->log, 0,
126 df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	1051 "peer started SSL renegotiation");
22 8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	1052
8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	1053 c->write->ready = 0;
8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	1054
430 dac47e9ef0d5 nginx 0.7.27 Igor Sysoev <http://sysoev.ru> parents: 420 diff changeset	1055 if (ngx_handle_write_event(c->write, 0) != NGX_OK) {
22 8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	1056 return NGX_ERROR;
8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	1057 }
8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	1058
8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	1059 /*
8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	1060 * we do not set the timer because there is already the read event timer
8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	1061 */
8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	1062
8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	1063 if (c->ssl->saved_write_handler == NULL) {
58 b55cbf18157e nginx 0.1.29 Igor Sysoev <http://sysoev.ru> parents: 50 diff changeset	1064 c->ssl->saved_write_handler = c->write->handler;
b55cbf18157e nginx 0.1.29 Igor Sysoev <http://sysoev.ru> parents: 50 diff changeset	1065 c->write->handler = ngx_ssl_write_handler;
22 8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	1066 }
8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	1067
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1068 return NGX_AGAIN;
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1069 }
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1070
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	1071 c->ssl->no_wait_shutdown = 1;
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	1072 c->ssl->no_send_shutdown = 1;
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1073
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1074 if (sslerr == SSL_ERROR_ZERO_RETURN \|\| ERR_peek_error() == 0) {
126 df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	1075 ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0,
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	1076 "peer shutdown SSL cleanly");
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	1077 return NGX_DONE;
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1078 }
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1079
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	1080 ngx_ssl_connection_error(c, sslerr, err, "SSL_read() failed");
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1081
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1082 return NGX_ERROR;
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1083 }
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1084
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1085
38 2879cd3a40cb nginx 0.1.19 Igor Sysoev <http://sysoev.ru> parents: 28 diff changeset	1086 static void
2879cd3a40cb nginx 0.1.19 Igor Sysoev <http://sysoev.ru> parents: 28 diff changeset	1087 ngx_ssl_write_handler(ngx_event_t *wev)
22 8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	1088 {
8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	1089 ngx_connection_t *c;
8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	1090
8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	1091 c = wev->data;
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	1092
58 b55cbf18157e nginx 0.1.29 Igor Sysoev <http://sysoev.ru> parents: 50 diff changeset	1093 c->read->handler(c->read);
22 8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	1094 }
8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	1095
8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	1096
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1097 /*
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1098 * OpenSSL has no SSL_writev() so we copy several bufs into our 16K buffer
22 8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	1099 * before the SSL_write() call to decrease a SSL overhead.
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1100 *
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1101 * Besides for protocols such as HTTP it is possible to always buffer
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1102 * the output to decrease a SSL overhead some more.
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1103 */
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1104
38 2879cd3a40cb nginx 0.1.19 Igor Sysoev <http://sysoev.ru> parents: 28 diff changeset	1105 ngx_chain_t *
2879cd3a40cb nginx 0.1.19 Igor Sysoev <http://sysoev.ru> parents: 28 diff changeset	1106 ngx_ssl_send_chain(ngx_connection_t c, ngx_chain_t in, off_t limit)
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1107 {
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1108 int n;
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1109 ngx_uint_t flush;
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1110 ssize_t send, size;
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1111 ngx_buf_t *buf;
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1112
416 b4f69f2ef02c nginx 0.7.20 Igor Sysoev <http://sysoev.ru> parents: 394 diff changeset	1113 if (!c->ssl->buffer) {
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1114
126 df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	1115 while (in) {
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	1116 if (ngx_buf_special(in->buf)) {
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	1117 in = in->next;
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	1118 continue;
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	1119 }
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1120
126 df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	1121 n = ngx_ssl_write(c, in->buf->pos, in->buf->last - in->buf->pos);
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	1122
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	1123 if (n == NGX_ERROR) {
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	1124 return NGX_CHAIN_ERROR;
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	1125 }
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1126
126 df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	1127 if (n == NGX_AGAIN) {
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	1128 return in;
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	1129 }
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	1130
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	1131 in->buf->pos += n;
674 4dcaf40cc702 nginx 1.3.0 Igor Sysoev <http://sysoev.ru> parents: 670 diff changeset	1132 c->sent += n;
126 df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	1133
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	1134 if (in->buf->pos == in->buf->last) {
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	1135 in = in->next;
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	1136 }
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1137 }
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1138
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1139 return in;
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1140 }
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1141
22 8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	1142
632 5b73504dd4ba nginx 1.1.0 Igor Sysoev <http://sysoev.ru> parents: 612 diff changeset	1143 /* the maximum limit size is the maximum int32_t value - the page size */
5b73504dd4ba nginx 1.1.0 Igor Sysoev <http://sysoev.ru> parents: 612 diff changeset	1144
5b73504dd4ba nginx 1.1.0 Igor Sysoev <http://sysoev.ru> parents: 612 diff changeset	1145 if (limit == 0 \|\| limit > (off_t) (NGX_MAX_INT32_VALUE - ngx_pagesize)) {
5b73504dd4ba nginx 1.1.0 Igor Sysoev <http://sysoev.ru> parents: 612 diff changeset	1146 limit = NGX_MAX_INT32_VALUE - ngx_pagesize;
22 8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	1147 }
8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	1148
126 df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	1149 buf = c->ssl->buf;
358 9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	1150
9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	1151 if (buf == NULL) {
9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	1152 buf = ngx_create_temp_buf(c->pool, NGX_SSL_BUFSIZE);
9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	1153 if (buf == NULL) {
9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	1154 return NGX_CHAIN_ERROR;
9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	1155 }
9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	1156
9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	1157 c->ssl->buf = buf;
9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	1158 }
9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	1159
9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	1160 if (buf->start == NULL) {
9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	1161 buf->start = ngx_palloc(c->pool, NGX_SSL_BUFSIZE);
9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	1162 if (buf->start == NULL) {
9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	1163 return NGX_CHAIN_ERROR;
9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	1164 }
9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	1165
9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	1166 buf->pos = buf->start;
9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	1167 buf->last = buf->start;
9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	1168 buf->end = buf->start + NGX_SSL_BUFSIZE;
9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	1169 }
9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	1170
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1171 send = 0;
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1172 flush = (in == NULL) ? 1 : 0;
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1173
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1174 for ( ;; ) {
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1175
540 c04fa65fe604 nginx 0.8.22 Igor Sysoev <http://sysoev.ru> parents: 530 diff changeset	1176 while (in && buf->last < buf->end && send < limit) {
132 91372f004adf nginx 0.3.13 Igor Sysoev <http://sysoev.ru> parents: 126 diff changeset	1177 if (in->buf->last_buf \|\| in->buf->flush) {
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1178 flush = 1;
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1179 }
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1180
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1181 if (ngx_buf_special(in->buf)) {
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1182 in = in->next;
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1183 continue;
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1184 }
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1185
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1186 size = in->buf->last - in->buf->pos;
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1187
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1188 if (size > buf->end - buf->last) {
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1189 size = buf->end - buf->last;
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1190 }
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1191
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1192 if (send + size > limit) {
126 df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	1193 size = (ssize_t) (limit - send);
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1194 flush = 1;
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1195 }
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1196
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1197 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0,
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1198 "SSL buf copy: %d", size);
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1199
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1200 ngx_memcpy(buf->last, in->buf->pos, size);
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1201
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1202 buf->last += size;
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1203 in->buf->pos += size;
540 c04fa65fe604 nginx 0.8.22 Igor Sysoev <http://sysoev.ru> parents: 530 diff changeset	1204 send += size;
126 df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	1205
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1206 if (in->buf->pos == in->buf->last) {
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1207 in = in->next;
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1208 }
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1209 }
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1210
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1211 size = buf->last - buf->pos;
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1212
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1213 if (!flush && buf->last < buf->end && c->ssl->buffer) {
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1214 break;
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1215 }
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1216
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1217 n = ngx_ssl_write(c, buf->pos, size);
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1218
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1219 if (n == NGX_ERROR) {
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1220 return NGX_CHAIN_ERROR;
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1221 }
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1222
60 df7d3fff122b nginx 0.1.30 Igor Sysoev <http://sysoev.ru> parents: 58 diff changeset	1223 if (n == NGX_AGAIN) {
146 36af50a5582d nginx 0.3.20 Igor Sysoev <http://sysoev.ru> parents: 140 diff changeset	1224 c->buffered \|= NGX_SSL_BUFFERED;
60 df7d3fff122b nginx 0.1.30 Igor Sysoev <http://sysoev.ru> parents: 58 diff changeset	1225 return in;
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1226 }
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1227
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1228 buf->pos += n;
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1229 c->sent += n;
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1230
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1231 if (n < size) {
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1232 break;
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1233 }
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1234
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1235 if (buf->pos == buf->last) {
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1236 buf->pos = buf->start;
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1237 buf->last = buf->start;
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1238 }
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1239
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1240 if (in == NULL \|\| send == limit) {
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1241 break;
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1242 }
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1243 }
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1244
146 36af50a5582d nginx 0.3.20 Igor Sysoev <http://sysoev.ru> parents: 140 diff changeset	1245 if (buf->pos < buf->last) {
36af50a5582d nginx 0.3.20 Igor Sysoev <http://sysoev.ru> parents: 140 diff changeset	1246 c->buffered \|= NGX_SSL_BUFFERED;
36af50a5582d nginx 0.3.20 Igor Sysoev <http://sysoev.ru> parents: 140 diff changeset	1247
36af50a5582d nginx 0.3.20 Igor Sysoev <http://sysoev.ru> parents: 140 diff changeset	1248 } else {
36af50a5582d nginx 0.3.20 Igor Sysoev <http://sysoev.ru> parents: 140 diff changeset	1249 c->buffered &= ~NGX_SSL_BUFFERED;
36af50a5582d nginx 0.3.20 Igor Sysoev <http://sysoev.ru> parents: 140 diff changeset	1250 }
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1251
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1252 return in;
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1253 }
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1254
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1255
88 e916a291e9aa nginx 0.1.44 Igor Sysoev <http://sysoev.ru> parents: 62 diff changeset	1256 ssize_t
38 2879cd3a40cb nginx 0.1.19 Igor Sysoev <http://sysoev.ru> parents: 28 diff changeset	1257 ngx_ssl_write(ngx_connection_t c, u_char data, size_t size)
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1258 {
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	1259 int n, sslerr;
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	1260 ngx_err_t err;
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1261
358 9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	1262 ngx_ssl_clear_error(c->log);
9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	1263
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1264 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL to write: %d", size);
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1265
92 45945fa8b8ba nginx 0.2.0 Igor Sysoev <http://sysoev.ru> parents: 90 diff changeset	1266 n = SSL_write(c->ssl->connection, data, size);
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1267
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1268 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL_write: %d", n);
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1269
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1270 if (n > 0) {
88 e916a291e9aa nginx 0.1.44 Igor Sysoev <http://sysoev.ru> parents: 62 diff changeset	1271
22 8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	1272 if (c->ssl->saved_read_handler) {
8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	1273
58 b55cbf18157e nginx 0.1.29 Igor Sysoev <http://sysoev.ru> parents: 50 diff changeset	1274 c->read->handler = c->ssl->saved_read_handler;
22 8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	1275 c->ssl->saved_read_handler = NULL;
8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	1276 c->read->ready = 1;
8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	1277
430 dac47e9ef0d5 nginx 0.7.27 Igor Sysoev <http://sysoev.ru> parents: 420 diff changeset	1278 if (ngx_handle_read_event(c->read, 0) != NGX_OK) {
22 8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	1279 return NGX_ERROR;
8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	1280 }
8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	1281
112 408f195b3482 nginx 0.3.3 Igor Sysoev <http://sysoev.ru> parents: 108 diff changeset	1282 ngx_post_event(c->read, &ngx_posted_events);
22 8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	1283 }
8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	1284
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1285 return n;
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1286 }
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1287
92 45945fa8b8ba nginx 0.2.0 Igor Sysoev <http://sysoev.ru> parents: 90 diff changeset	1288 sslerr = SSL_get_error(c->ssl->connection, n);
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1289
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1290 err = (sslerr == SSL_ERROR_SYSCALL) ? ngx_errno : 0;
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1291
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1292 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL_get_error: %d", sslerr);
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1293
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1294 if (sslerr == SSL_ERROR_WANT_WRITE) {
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1295 c->write->ready = 0;
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1296 return NGX_AGAIN;
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1297 }
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1298
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1299 if (sslerr == SSL_ERROR_WANT_READ) {
2 cc9f381affaa nginx 0.1.1 Igor Sysoev <http://sysoev.ru> parents: 0 diff changeset	1300
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	1301 ngx_log_error(NGX_LOG_INFO, c->log, 0,
126 df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	1302 "peer started SSL renegotiation");
22 8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	1303
8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	1304 c->read->ready = 0;
8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	1305
430 dac47e9ef0d5 nginx 0.7.27 Igor Sysoev <http://sysoev.ru> parents: 420 diff changeset	1306 if (ngx_handle_read_event(c->read, 0) != NGX_OK) {
22 8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	1307 return NGX_ERROR;
8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	1308 }
8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	1309
8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	1310 /*
8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	1311 * we do not set the timer because there is already
8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	1312 * the write event timer
8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	1313 */
8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	1314
8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	1315 if (c->ssl->saved_read_handler == NULL) {
58 b55cbf18157e nginx 0.1.29 Igor Sysoev <http://sysoev.ru> parents: 50 diff changeset	1316 c->ssl->saved_read_handler = c->read->handler;
b55cbf18157e nginx 0.1.29 Igor Sysoev <http://sysoev.ru> parents: 50 diff changeset	1317 c->read->handler = ngx_ssl_read_handler;
22 8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	1318 }
8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	1319
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1320 return NGX_AGAIN;
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1321 }
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1322
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	1323 c->ssl->no_wait_shutdown = 1;
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	1324 c->ssl->no_send_shutdown = 1;
140 55a211e5eeb7 nginx 0.3.17 Igor Sysoev <http://sysoev.ru> parents: 138 diff changeset	1325 c->write->error = 1;
92 45945fa8b8ba nginx 0.2.0 Igor Sysoev <http://sysoev.ru> parents: 90 diff changeset	1326
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	1327 ngx_ssl_connection_error(c, sslerr, err, "SSL_write() failed");
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1328
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1329 return NGX_ERROR;
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1330 }
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1331
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1332
38 2879cd3a40cb nginx 0.1.19 Igor Sysoev <http://sysoev.ru> parents: 28 diff changeset	1333 static void
2879cd3a40cb nginx 0.1.19 Igor Sysoev <http://sysoev.ru> parents: 28 diff changeset	1334 ngx_ssl_read_handler(ngx_event_t *rev)
22 8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	1335 {
8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	1336 ngx_connection_t *c;
8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	1337
8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	1338 c = rev->data;
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	1339
58 b55cbf18157e nginx 0.1.29 Igor Sysoev <http://sysoev.ru> parents: 50 diff changeset	1340 c->write->handler(c->write);
22 8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	1341 }
8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	1342
8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	1343
358 9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	1344 void
9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	1345 ngx_ssl_free_buffer(ngx_connection_t *c)
9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	1346 {
360 2b41fbc2e39e nginx 0.6.24 Igor Sysoev <http://sysoev.ru> parents: 358 diff changeset	1347 if (c->ssl->buf && c->ssl->buf->start) {
2b41fbc2e39e nginx 0.6.24 Igor Sysoev <http://sysoev.ru> parents: 358 diff changeset	1348 if (ngx_pfree(c->pool, c->ssl->buf->start) == NGX_OK) {
2b41fbc2e39e nginx 0.6.24 Igor Sysoev <http://sysoev.ru> parents: 358 diff changeset	1349 c->ssl->buf->start = NULL;
2b41fbc2e39e nginx 0.6.24 Igor Sysoev <http://sysoev.ru> parents: 358 diff changeset	1350 }
358 9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	1351 }
9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	1352 }
9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	1353
9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	1354
38 2879cd3a40cb nginx 0.1.19 Igor Sysoev <http://sysoev.ru> parents: 28 diff changeset	1355 ngx_int_t
2879cd3a40cb nginx 0.1.19 Igor Sysoev <http://sysoev.ru> parents: 28 diff changeset	1356 ngx_ssl_shutdown(ngx_connection_t *c)
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1357 {
358 9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	1358 int n, sslerr, mode;
9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	1359 ngx_err_t err;
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1360
126 df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	1361 if (c->timedout) {
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	1362 mode = SSL_RECEIVED_SHUTDOWN\|SSL_SENT_SHUTDOWN;
636 943566b4d82e nginx 1.1.2 Igor Sysoev <http://sysoev.ru> parents: 634 diff changeset	1363 SSL_set_quiet_shutdown(c->ssl->connection, 1);
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1364
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	1365 } else {
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	1366 mode = SSL_get_shutdown(c->ssl->connection);
22 8b6db3bda591 nginx 0.1.11 Igor Sysoev <http://sysoev.ru> parents: 18 diff changeset	1367
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	1368 if (c->ssl->no_wait_shutdown) {
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	1369 mode \|= SSL_RECEIVED_SHUTDOWN;
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1370 }
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1371
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	1372 if (c->ssl->no_send_shutdown) {
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	1373 mode \|= SSL_SENT_SHUTDOWN;
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1374 }
636 943566b4d82e nginx 1.1.2 Igor Sysoev <http://sysoev.ru> parents: 634 diff changeset	1375
943566b4d82e nginx 1.1.2 Igor Sysoev <http://sysoev.ru> parents: 634 diff changeset	1376 if (c->ssl->no_wait_shutdown && c->ssl->no_send_shutdown) {
943566b4d82e nginx 1.1.2 Igor Sysoev <http://sysoev.ru> parents: 634 diff changeset	1377 SSL_set_quiet_shutdown(c->ssl->connection, 1);
943566b4d82e nginx 1.1.2 Igor Sysoev <http://sysoev.ru> parents: 634 diff changeset	1378 }
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1379 }
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1380
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	1381 SSL_set_shutdown(c->ssl->connection, mode);
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	1382
358 9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	1383 ngx_ssl_clear_error(c->log);
9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	1384
9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	1385 n = SSL_shutdown(c->ssl->connection);
9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	1386
9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	1387 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL_shutdown: %d", n);
9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	1388
10 46833bd150cb nginx 0.1.5 Igor Sysoev <http://sysoev.ru> parents: 4 diff changeset	1389 sslerr = 0;
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1390
364 a39aab45a53f nginx 0.6.26 Igor Sysoev <http://sysoev.ru> parents: 360 diff changeset	1391 /* SSL_shutdown() never returns -1, on error it returns 0 */
a39aab45a53f nginx 0.6.26 Igor Sysoev <http://sysoev.ru> parents: 360 diff changeset	1392
a39aab45a53f nginx 0.6.26 Igor Sysoev <http://sysoev.ru> parents: 360 diff changeset	1393 if (n != 1 && ERR_peek_error()) {
92 45945fa8b8ba nginx 0.2.0 Igor Sysoev <http://sysoev.ru> parents: 90 diff changeset	1394 sslerr = SSL_get_error(c->ssl->connection, n);
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1395
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1396 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0,
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1397 "SSL_get_error: %d", sslerr);
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1398 }
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1399
364 a39aab45a53f nginx 0.6.26 Igor Sysoev <http://sysoev.ru> parents: 360 diff changeset	1400 if (n == 1 \|\| sslerr == 0 \|\| sslerr == SSL_ERROR_ZERO_RETURN) {
358 9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	1401 SSL_free(c->ssl->connection);
9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	1402 c->ssl = NULL;
9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	1403
9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	1404 return NGX_OK;
9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	1405 }
9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	1406
9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	1407 if (sslerr == SSL_ERROR_WANT_READ \|\| sslerr == SSL_ERROR_WANT_WRITE) {
126 df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	1408 c->read->handler = ngx_ssl_shutdown_handler;
138 8e6d4d96ec4c nginx 0.3.16 Igor Sysoev <http://sysoev.ru> parents: 132 diff changeset	1409 c->write->handler = ngx_ssl_shutdown_handler;
126 df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	1410
430 dac47e9ef0d5 nginx 0.7.27 Igor Sysoev <http://sysoev.ru> parents: 420 diff changeset	1411 if (ngx_handle_read_event(c->read, 0) != NGX_OK) {
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1412 return NGX_ERROR;
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1413 }
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1414
430 dac47e9ef0d5 nginx 0.7.27 Igor Sysoev <http://sysoev.ru> parents: 420 diff changeset	1415 if (ngx_handle_write_event(c->write, 0) != NGX_OK) {
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1416 return NGX_ERROR;
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1417 }
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1418
358 9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	1419 if (sslerr == SSL_ERROR_WANT_READ) {
138 8e6d4d96ec4c nginx 0.3.16 Igor Sysoev <http://sysoev.ru> parents: 132 diff changeset	1420 ngx_add_timer(c->read, 30000);
8e6d4d96ec4c nginx 0.3.16 Igor Sysoev <http://sysoev.ru> parents: 132 diff changeset	1421 }
8e6d4d96ec4c nginx 0.3.16 Igor Sysoev <http://sysoev.ru> parents: 132 diff changeset	1422
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1423 return NGX_AGAIN;
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1424 }
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1425
140 55a211e5eeb7 nginx 0.3.17 Igor Sysoev <http://sysoev.ru> parents: 138 diff changeset	1426 err = (sslerr == SSL_ERROR_SYSCALL) ? ngx_errno : 0;
55a211e5eeb7 nginx 0.3.17 Igor Sysoev <http://sysoev.ru> parents: 138 diff changeset	1427
55a211e5eeb7 nginx 0.3.17 Igor Sysoev <http://sysoev.ru> parents: 138 diff changeset	1428 ngx_ssl_connection_error(c, sslerr, err, "SSL_shutdown() failed");
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1429
92 45945fa8b8ba nginx 0.2.0 Igor Sysoev <http://sysoev.ru> parents: 90 diff changeset	1430 SSL_free(c->ssl->connection);
45945fa8b8ba nginx 0.2.0 Igor Sysoev <http://sysoev.ru> parents: 90 diff changeset	1431 c->ssl = NULL;
45945fa8b8ba nginx 0.2.0 Igor Sysoev <http://sysoev.ru> parents: 90 diff changeset	1432
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1433 return NGX_ERROR;
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1434 }
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1435
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1436
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	1437 static void
126 df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	1438 ngx_ssl_shutdown_handler(ngx_event_t *ev)
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	1439 {
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	1440 ngx_connection_t *c;
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	1441 ngx_connection_handler_pt handler;
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	1442
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	1443 c = ev->data;
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	1444 handler = c->ssl->handler;
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	1445
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	1446 if (ev->timedout) {
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	1447 c->timedout = 1;
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	1448 }
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	1449
272 29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1450 ngx_log_debug0(NGX_LOG_DEBUG_EVENT, ev->log, 0, "SSL shutdown handler");
126 df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	1451
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	1452 if (ngx_ssl_shutdown(c) == NGX_AGAIN) {
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	1453 return;
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	1454 }
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	1455
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	1456 handler(c);
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	1457 }
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	1458
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	1459
df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	1460 static void
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	1461 ngx_ssl_connection_error(ngx_connection_t *c, int sslerr, ngx_err_t err,
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	1462 char *text)
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	1463 {
364 a39aab45a53f nginx 0.6.26 Igor Sysoev <http://sysoev.ru> parents: 360 diff changeset	1464 int n;
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	1465 ngx_uint_t level;
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	1466
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	1467 level = NGX_LOG_CRIT;
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	1468
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	1469 if (sslerr == SSL_ERROR_SYSCALL) {
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	1470
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	1471 if (err == NGX_ECONNRESET
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	1472 \|\| err == NGX_EPIPE
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	1473 \|\| err == NGX_ENOTCONN
138 8e6d4d96ec4c nginx 0.3.16 Igor Sysoev <http://sysoev.ru> parents: 132 diff changeset	1474 \|\| err == NGX_ETIMEDOUT
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	1475 \|\| err == NGX_ECONNREFUSED
364 a39aab45a53f nginx 0.6.26 Igor Sysoev <http://sysoev.ru> parents: 360 diff changeset	1476 \|\| err == NGX_ENETDOWN
a39aab45a53f nginx 0.6.26 Igor Sysoev <http://sysoev.ru> parents: 360 diff changeset	1477 \|\| err == NGX_ENETUNREACH
a39aab45a53f nginx 0.6.26 Igor Sysoev <http://sysoev.ru> parents: 360 diff changeset	1478 \|\| err == NGX_EHOSTDOWN
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	1479 \|\| err == NGX_EHOSTUNREACH)
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	1480 {
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	1481 switch (c->log_error) {
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	1482
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	1483 case NGX_ERROR_IGNORE_ECONNRESET:
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	1484 case NGX_ERROR_INFO:
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	1485 level = NGX_LOG_INFO;
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	1486 break;
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	1487
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	1488 case NGX_ERROR_ERR:
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	1489 level = NGX_LOG_ERR;
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	1490 break;
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	1491
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	1492 default:
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	1493 break;
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	1494 }
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	1495 }
364 a39aab45a53f nginx 0.6.26 Igor Sysoev <http://sysoev.ru> parents: 360 diff changeset	1496
a39aab45a53f nginx 0.6.26 Igor Sysoev <http://sysoev.ru> parents: 360 diff changeset	1497 } else if (sslerr == SSL_ERROR_SSL) {
a39aab45a53f nginx 0.6.26 Igor Sysoev <http://sysoev.ru> parents: 360 diff changeset	1498
a39aab45a53f nginx 0.6.26 Igor Sysoev <http://sysoev.ru> parents: 360 diff changeset	1499 n = ERR_GET_REASON(ERR_peek_error());
a39aab45a53f nginx 0.6.26 Igor Sysoev <http://sysoev.ru> parents: 360 diff changeset	1500
a39aab45a53f nginx 0.6.26 Igor Sysoev <http://sysoev.ru> parents: 360 diff changeset	1501 /* handshake failures */
646 615b5ea36fc0 nginx 1.1.7 Igor Sysoev <http://sysoev.ru> parents: 644 diff changeset	1502 if (n == SSL_R_BAD_CHANGE_CIPHER_SPEC /* 103 */
615b5ea36fc0 nginx 1.1.7 Igor Sysoev <http://sysoev.ru> parents: 644 diff changeset	1503 \|\| n == SSL_R_BLOCK_CIPHER_PAD_IS_WRONG /* 129 */
592 09d5f308901f nginx 0.8.48 Igor Sysoev <http://sysoev.ru> parents: 570 diff changeset	1504 \|\| n == SSL_R_DIGEST_CHECK_FAILED /* 149 */
646 615b5ea36fc0 nginx 1.1.7 Igor Sysoev <http://sysoev.ru> parents: 644 diff changeset	1505 \|\| n == SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST /* 151 */
615b5ea36fc0 nginx 1.1.7 Igor Sysoev <http://sysoev.ru> parents: 644 diff changeset	1506 \|\| n == SSL_R_EXCESSIVE_MESSAGE_SIZE /* 152 */
564 da3c99095432 nginx 0.8.34 Igor Sysoev <http://sysoev.ru> parents: 552 diff changeset	1507 \|\| n == SSL_R_LENGTH_MISMATCH /* 159 */
420 ad0a34a8efa6 nginx 0.7.22 Igor Sysoev <http://sysoev.ru> parents: 416 diff changeset	1508 \|\| n == SSL_R_NO_CIPHERS_PASSED /* 182 */
564 da3c99095432 nginx 0.8.34 Igor Sysoev <http://sysoev.ru> parents: 552 diff changeset	1509 \|\| n == SSL_R_NO_CIPHERS_SPECIFIED /* 183 */
646 615b5ea36fc0 nginx 1.1.7 Igor Sysoev <http://sysoev.ru> parents: 644 diff changeset	1510 \|\| n == SSL_R_NO_COMPRESSION_SPECIFIED /* 187 */
420 ad0a34a8efa6 nginx 0.7.22 Igor Sysoev <http://sysoev.ru> parents: 416 diff changeset	1511 \|\| n == SSL_R_NO_SHARED_CIPHER /* 193 */
564 da3c99095432 nginx 0.8.34 Igor Sysoev <http://sysoev.ru> parents: 552 diff changeset	1512 \|\| n == SSL_R_RECORD_LENGTH_MISMATCH /* 213 */
646 615b5ea36fc0 nginx 1.1.7 Igor Sysoev <http://sysoev.ru> parents: 644 diff changeset	1513 #ifdef SSL_R_PARSE_TLSEXT
615b5ea36fc0 nginx 1.1.7 Igor Sysoev <http://sysoev.ru> parents: 644 diff changeset	1514 \|\| n == SSL_R_PARSE_TLSEXT /* 227 */
615b5ea36fc0 nginx 1.1.7 Igor Sysoev <http://sysoev.ru> parents: 644 diff changeset	1515 #endif
420 ad0a34a8efa6 nginx 0.7.22 Igor Sysoev <http://sysoev.ru> parents: 416 diff changeset	1516 \|\| n == SSL_R_UNEXPECTED_MESSAGE /* 244 */
ad0a34a8efa6 nginx 0.7.22 Igor Sysoev <http://sysoev.ru> parents: 416 diff changeset	1517 \|\| n == SSL_R_UNEXPECTED_RECORD /* 245 */
564 da3c99095432 nginx 0.8.34 Igor Sysoev <http://sysoev.ru> parents: 552 diff changeset	1518 \|\| n == SSL_R_UNKNOWN_ALERT_TYPE /* 246 */
552 43e02819c5cf nginx 0.8.28 Igor Sysoev <http://sysoev.ru> parents: 542 diff changeset	1519 \|\| n == SSL_R_UNKNOWN_PROTOCOL /* 252 */
420 ad0a34a8efa6 nginx 0.7.22 Igor Sysoev <http://sysoev.ru> parents: 416 diff changeset	1520 \|\| n == SSL_R_WRONG_VERSION_NUMBER /* 267 */
ad0a34a8efa6 nginx 0.7.22 Igor Sysoev <http://sysoev.ru> parents: 416 diff changeset	1521 \|\| n == SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC /* 281 */
646 615b5ea36fc0 nginx 1.1.7 Igor Sysoev <http://sysoev.ru> parents: 644 diff changeset	1522 #ifdef SSL_R_RENEGOTIATE_EXT_TOO_LONG
615b5ea36fc0 nginx 1.1.7 Igor Sysoev <http://sysoev.ru> parents: 644 diff changeset	1523 \|\| n == SSL_R_RENEGOTIATE_EXT_TOO_LONG /* 335 */
615b5ea36fc0 nginx 1.1.7 Igor Sysoev <http://sysoev.ru> parents: 644 diff changeset	1524 \|\| n == SSL_R_RENEGOTIATION_ENCODING_ERR /* 336 */
615b5ea36fc0 nginx 1.1.7 Igor Sysoev <http://sysoev.ru> parents: 644 diff changeset	1525 \|\| n == SSL_R_RENEGOTIATION_MISMATCH /* 337 */
615b5ea36fc0 nginx 1.1.7 Igor Sysoev <http://sysoev.ru> parents: 644 diff changeset	1526 #endif
615b5ea36fc0 nginx 1.1.7 Igor Sysoev <http://sysoev.ru> parents: 644 diff changeset	1527 #ifdef SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED
615b5ea36fc0 nginx 1.1.7 Igor Sysoev <http://sysoev.ru> parents: 644 diff changeset	1528 \|\| n == SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED /* 338 */
615b5ea36fc0 nginx 1.1.7 Igor Sysoev <http://sysoev.ru> parents: 644 diff changeset	1529 #endif
615b5ea36fc0 nginx 1.1.7 Igor Sysoev <http://sysoev.ru> parents: 644 diff changeset	1530 #ifdef SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING
615b5ea36fc0 nginx 1.1.7 Igor Sysoev <http://sysoev.ru> parents: 644 diff changeset	1531 \|\| n == SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING /* 345 */
615b5ea36fc0 nginx 1.1.7 Igor Sysoev <http://sysoev.ru> parents: 644 diff changeset	1532 #endif
364 a39aab45a53f nginx 0.6.26 Igor Sysoev <http://sysoev.ru> parents: 360 diff changeset	1533 \|\| n == 1000 /* SSL_R_SSLV3_ALERT_CLOSE_NOTIFY */
420 ad0a34a8efa6 nginx 0.7.22 Igor Sysoev <http://sysoev.ru> parents: 416 diff changeset	1534 \|\| n == SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE /* 1010 */
ad0a34a8efa6 nginx 0.7.22 Igor Sysoev <http://sysoev.ru> parents: 416 diff changeset	1535 \|\| n == SSL_R_SSLV3_ALERT_BAD_RECORD_MAC /* 1020 */
ad0a34a8efa6 nginx 0.7.22 Igor Sysoev <http://sysoev.ru> parents: 416 diff changeset	1536 \|\| n == SSL_R_TLSV1_ALERT_DECRYPTION_FAILED /* 1021 */
ad0a34a8efa6 nginx 0.7.22 Igor Sysoev <http://sysoev.ru> parents: 416 diff changeset	1537 \|\| n == SSL_R_TLSV1_ALERT_RECORD_OVERFLOW /* 1022 */
ad0a34a8efa6 nginx 0.7.22 Igor Sysoev <http://sysoev.ru> parents: 416 diff changeset	1538 \|\| n == SSL_R_SSLV3_ALERT_DECOMPRESSION_FAILURE /* 1030 */
ad0a34a8efa6 nginx 0.7.22 Igor Sysoev <http://sysoev.ru> parents: 416 diff changeset	1539 \|\| n == SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE /* 1040 */
ad0a34a8efa6 nginx 0.7.22 Igor Sysoev <http://sysoev.ru> parents: 416 diff changeset	1540 \|\| n == SSL_R_SSLV3_ALERT_NO_CERTIFICATE /* 1041 */
ad0a34a8efa6 nginx 0.7.22 Igor Sysoev <http://sysoev.ru> parents: 416 diff changeset	1541 \|\| n == SSL_R_SSLV3_ALERT_BAD_CERTIFICATE /* 1042 */
ad0a34a8efa6 nginx 0.7.22 Igor Sysoev <http://sysoev.ru> parents: 416 diff changeset	1542 \|\| n == SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE /* 1043 */
ad0a34a8efa6 nginx 0.7.22 Igor Sysoev <http://sysoev.ru> parents: 416 diff changeset	1543 \|\| n == SSL_R_SSLV3_ALERT_CERTIFICATE_REVOKED /* 1044 */
ad0a34a8efa6 nginx 0.7.22 Igor Sysoev <http://sysoev.ru> parents: 416 diff changeset	1544 \|\| n == SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED /* 1045 */
ad0a34a8efa6 nginx 0.7.22 Igor Sysoev <http://sysoev.ru> parents: 416 diff changeset	1545 \|\| n == SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN /* 1046 */
ad0a34a8efa6 nginx 0.7.22 Igor Sysoev <http://sysoev.ru> parents: 416 diff changeset	1546 \|\| n == SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER /* 1047 */
ad0a34a8efa6 nginx 0.7.22 Igor Sysoev <http://sysoev.ru> parents: 416 diff changeset	1547 \|\| n == SSL_R_TLSV1_ALERT_UNKNOWN_CA /* 1048 */
ad0a34a8efa6 nginx 0.7.22 Igor Sysoev <http://sysoev.ru> parents: 416 diff changeset	1548 \|\| n == SSL_R_TLSV1_ALERT_ACCESS_DENIED /* 1049 */
ad0a34a8efa6 nginx 0.7.22 Igor Sysoev <http://sysoev.ru> parents: 416 diff changeset	1549 \|\| n == SSL_R_TLSV1_ALERT_DECODE_ERROR /* 1050 */
ad0a34a8efa6 nginx 0.7.22 Igor Sysoev <http://sysoev.ru> parents: 416 diff changeset	1550 \|\| n == SSL_R_TLSV1_ALERT_DECRYPT_ERROR /* 1051 */
ad0a34a8efa6 nginx 0.7.22 Igor Sysoev <http://sysoev.ru> parents: 416 diff changeset	1551 \|\| n == SSL_R_TLSV1_ALERT_EXPORT_RESTRICTION /* 1060 */
ad0a34a8efa6 nginx 0.7.22 Igor Sysoev <http://sysoev.ru> parents: 416 diff changeset	1552 \|\| n == SSL_R_TLSV1_ALERT_PROTOCOL_VERSION /* 1070 */
ad0a34a8efa6 nginx 0.7.22 Igor Sysoev <http://sysoev.ru> parents: 416 diff changeset	1553 \|\| n == SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY /* 1071 */
ad0a34a8efa6 nginx 0.7.22 Igor Sysoev <http://sysoev.ru> parents: 416 diff changeset	1554 \|\| n == SSL_R_TLSV1_ALERT_INTERNAL_ERROR /* 1080 */
ad0a34a8efa6 nginx 0.7.22 Igor Sysoev <http://sysoev.ru> parents: 416 diff changeset	1555 \|\| n == SSL_R_TLSV1_ALERT_USER_CANCELLED /* 1090 */
ad0a34a8efa6 nginx 0.7.22 Igor Sysoev <http://sysoev.ru> parents: 416 diff changeset	1556 \|\| n == SSL_R_TLSV1_ALERT_NO_RENEGOTIATION) /* 1100 */
364 a39aab45a53f nginx 0.6.26 Igor Sysoev <http://sysoev.ru> parents: 360 diff changeset	1557 {
a39aab45a53f nginx 0.6.26 Igor Sysoev <http://sysoev.ru> parents: 360 diff changeset	1558 switch (c->log_error) {
a39aab45a53f nginx 0.6.26 Igor Sysoev <http://sysoev.ru> parents: 360 diff changeset	1559
a39aab45a53f nginx 0.6.26 Igor Sysoev <http://sysoev.ru> parents: 360 diff changeset	1560 case NGX_ERROR_IGNORE_ECONNRESET:
a39aab45a53f nginx 0.6.26 Igor Sysoev <http://sysoev.ru> parents: 360 diff changeset	1561 case NGX_ERROR_INFO:
a39aab45a53f nginx 0.6.26 Igor Sysoev <http://sysoev.ru> parents: 360 diff changeset	1562 level = NGX_LOG_INFO;
a39aab45a53f nginx 0.6.26 Igor Sysoev <http://sysoev.ru> parents: 360 diff changeset	1563 break;
a39aab45a53f nginx 0.6.26 Igor Sysoev <http://sysoev.ru> parents: 360 diff changeset	1564
a39aab45a53f nginx 0.6.26 Igor Sysoev <http://sysoev.ru> parents: 360 diff changeset	1565 case NGX_ERROR_ERR:
a39aab45a53f nginx 0.6.26 Igor Sysoev <http://sysoev.ru> parents: 360 diff changeset	1566 level = NGX_LOG_ERR;
a39aab45a53f nginx 0.6.26 Igor Sysoev <http://sysoev.ru> parents: 360 diff changeset	1567 break;
a39aab45a53f nginx 0.6.26 Igor Sysoev <http://sysoev.ru> parents: 360 diff changeset	1568
a39aab45a53f nginx 0.6.26 Igor Sysoev <http://sysoev.ru> parents: 360 diff changeset	1569 default:
a39aab45a53f nginx 0.6.26 Igor Sysoev <http://sysoev.ru> parents: 360 diff changeset	1570 break;
a39aab45a53f nginx 0.6.26 Igor Sysoev <http://sysoev.ru> parents: 360 diff changeset	1571 }
a39aab45a53f nginx 0.6.26 Igor Sysoev <http://sysoev.ru> parents: 360 diff changeset	1572 }
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	1573 }
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	1574
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	1575 ngx_ssl_error(level, c->log, err, text);
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	1576 }
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	1577
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	1578
358 9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	1579 static void
9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	1580 ngx_ssl_clear_error(ngx_log_t *log)
9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	1581 {
364 a39aab45a53f nginx 0.6.26 Igor Sysoev <http://sysoev.ru> parents: 360 diff changeset	1582 while (ERR_peek_error()) {
358 9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	1583 ngx_ssl_error(NGX_LOG_ALERT, log, 0, "ignoring stale global SSL error");
9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	1584 }
364 a39aab45a53f nginx 0.6.26 Igor Sysoev <http://sysoev.ru> parents: 360 diff changeset	1585
a39aab45a53f nginx 0.6.26 Igor Sysoev <http://sysoev.ru> parents: 360 diff changeset	1586 ERR_clear_error();
358 9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	1587 }
9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	1588
9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	1589
132 91372f004adf nginx 0.3.13 Igor Sysoev <http://sysoev.ru> parents: 126 diff changeset	1590 void ngx_cdecl
38 2879cd3a40cb nginx 0.1.19 Igor Sysoev <http://sysoev.ru> parents: 28 diff changeset	1591 ngx_ssl_error(ngx_uint_t level, ngx_log_t log, ngx_err_t err, char fmt, ...)
126 df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	1592 {
688 f31b19fe7f48 nginx 1.3.7 Igor Sysoev <http://sysoev.ru> parents: 678 diff changeset	1593 int flags;
f31b19fe7f48 nginx 1.3.7 Igor Sysoev <http://sysoev.ru> parents: 678 diff changeset	1594 u_long n;
f31b19fe7f48 nginx 1.3.7 Igor Sysoev <http://sysoev.ru> parents: 678 diff changeset	1595 va_list args;
f31b19fe7f48 nginx 1.3.7 Igor Sysoev <http://sysoev.ru> parents: 678 diff changeset	1596 u_char p, last;
f31b19fe7f48 nginx 1.3.7 Igor Sysoev <http://sysoev.ru> parents: 678 diff changeset	1597 u_char errstr[NGX_MAX_CONF_ERRSTR];
f31b19fe7f48 nginx 1.3.7 Igor Sysoev <http://sysoev.ru> parents: 678 diff changeset	1598 const char *data;
10 46833bd150cb nginx 0.1.5 Igor Sysoev <http://sysoev.ru> parents: 4 diff changeset	1599
46833bd150cb nginx 0.1.5 Igor Sysoev <http://sysoev.ru> parents: 4 diff changeset	1600 last = errstr + NGX_MAX_CONF_ERRSTR;
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1601
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1602 va_start(args, fmt);
484 ed5e10fb40fc nginx 0.7.54 Igor Sysoev <http://sysoev.ru> parents: 480 diff changeset	1603 p = ngx_vslprintf(errstr, last - 1, fmt, args);
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1604 va_end(args);
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1605
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	1606 p = ngx_cpystrn(p, (u_char *) " (SSL:", last - p);
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	1607
364 a39aab45a53f nginx 0.6.26 Igor Sysoev <http://sysoev.ru> parents: 360 diff changeset	1608 for ( ;; ) {
132 91372f004adf nginx 0.3.13 Igor Sysoev <http://sysoev.ru> parents: 126 diff changeset	1609
688 f31b19fe7f48 nginx 1.3.7 Igor Sysoev <http://sysoev.ru> parents: 678 diff changeset	1610 n = ERR_peek_error_line_data(NULL, NULL, &data, &flags);
132 91372f004adf nginx 0.3.13 Igor Sysoev <http://sysoev.ru> parents: 126 diff changeset	1611
91372f004adf nginx 0.3.13 Igor Sysoev <http://sysoev.ru> parents: 126 diff changeset	1612 if (n == 0) {
91372f004adf nginx 0.3.13 Igor Sysoev <http://sysoev.ru> parents: 126 diff changeset	1613 break;
91372f004adf nginx 0.3.13 Igor Sysoev <http://sysoev.ru> parents: 126 diff changeset	1614 }
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	1615
364 a39aab45a53f nginx 0.6.26 Igor Sysoev <http://sysoev.ru> parents: 360 diff changeset	1616 if (p >= last) {
688 f31b19fe7f48 nginx 1.3.7 Igor Sysoev <http://sysoev.ru> parents: 678 diff changeset	1617 goto next;
364 a39aab45a53f nginx 0.6.26 Igor Sysoev <http://sysoev.ru> parents: 360 diff changeset	1618 }
a39aab45a53f nginx 0.6.26 Igor Sysoev <http://sysoev.ru> parents: 360 diff changeset	1619
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	1620 *p++ = ' ';
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1621
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	1622 ERR_error_string_n(n, (char *) p, last - p);
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	1623
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	1624 while (p < last && *p) {
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	1625 p++;
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	1626 }
688 f31b19fe7f48 nginx 1.3.7 Igor Sysoev <http://sysoev.ru> parents: 678 diff changeset	1627
f31b19fe7f48 nginx 1.3.7 Igor Sysoev <http://sysoev.ru> parents: 678 diff changeset	1628 if (p < last && *data && (flags & ERR_TXT_STRING)) {
f31b19fe7f48 nginx 1.3.7 Igor Sysoev <http://sysoev.ru> parents: 678 diff changeset	1629 *p++ = ':';
f31b19fe7f48 nginx 1.3.7 Igor Sysoev <http://sysoev.ru> parents: 678 diff changeset	1630 p = ngx_cpystrn(p, (u_char *) data, last - p);
f31b19fe7f48 nginx 1.3.7 Igor Sysoev <http://sysoev.ru> parents: 678 diff changeset	1631 }
f31b19fe7f48 nginx 1.3.7 Igor Sysoev <http://sysoev.ru> parents: 678 diff changeset	1632
f31b19fe7f48 nginx 1.3.7 Igor Sysoev <http://sysoev.ru> parents: 678 diff changeset	1633 next:
f31b19fe7f48 nginx 1.3.7 Igor Sysoev <http://sysoev.ru> parents: 678 diff changeset	1634
f31b19fe7f48 nginx 1.3.7 Igor Sysoev <http://sysoev.ru> parents: 678 diff changeset	1635 (void) ERR_get_error();
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	1636 }
0 f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1637
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1638 ngx_log_error(level, log, err, "%s)", errstr);
f0b350454894 nginx 0.1.0 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1639 }
58 b55cbf18157e nginx 0.1.29 Igor Sysoev <http://sysoev.ru> parents: 50 diff changeset	1640
b55cbf18157e nginx 0.1.29 Igor Sysoev <http://sysoev.ru> parents: 50 diff changeset	1641
272 29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1642 ngx_int_t
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1643 ngx_ssl_session_cache(ngx_ssl_t ssl, ngx_str_t sess_ctx,
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1644 ssize_t builtin_session_cache, ngx_shm_zone_t *shm_zone, time_t timeout)
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1645 {
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1646 long cache_mode;
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1647
358 9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	1648 if (builtin_session_cache == NGX_SSL_NO_SCACHE) {
9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	1649 SSL_CTX_set_session_cache_mode(ssl->ctx, SSL_SESS_CACHE_OFF);
9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	1650 return NGX_OK;
9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	1651 }
9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	1652
564 da3c99095432 nginx 0.8.34 Igor Sysoev <http://sysoev.ru> parents: 552 diff changeset	1653 SSL_CTX_set_session_id_context(ssl->ctx, sess_ctx->data, sess_ctx->len);
da3c99095432 nginx 0.8.34 Igor Sysoev <http://sysoev.ru> parents: 552 diff changeset	1654
378 820f6378fc00 nginx 0.7.1 Igor Sysoev <http://sysoev.ru> parents: 372 diff changeset	1655 if (builtin_session_cache == NGX_SSL_NONE_SCACHE) {
820f6378fc00 nginx 0.7.1 Igor Sysoev <http://sysoev.ru> parents: 372 diff changeset	1656
820f6378fc00 nginx 0.7.1 Igor Sysoev <http://sysoev.ru> parents: 372 diff changeset	1657 /*
820f6378fc00 nginx 0.7.1 Igor Sysoev <http://sysoev.ru> parents: 372 diff changeset	1658 * If the server explicitly says that it does not support
820f6378fc00 nginx 0.7.1 Igor Sysoev <http://sysoev.ru> parents: 372 diff changeset	1659 * session reuse (see SSL_SESS_CACHE_OFF above), then
820f6378fc00 nginx 0.7.1 Igor Sysoev <http://sysoev.ru> parents: 372 diff changeset	1660 * Outlook Express fails to upload a sent email to
820f6378fc00 nginx 0.7.1 Igor Sysoev <http://sysoev.ru> parents: 372 diff changeset	1661 * the Sent Items folder on the IMAP server via a separate IMAP
820f6378fc00 nginx 0.7.1 Igor Sysoev <http://sysoev.ru> parents: 372 diff changeset	1662 * connection in the background. Therefore we have a special
820f6378fc00 nginx 0.7.1 Igor Sysoev <http://sysoev.ru> parents: 372 diff changeset	1663 * mode (SSL_SESS_CACHE_SERVER\|SSL_SESS_CACHE_NO_INTERNAL_STORE)
820f6378fc00 nginx 0.7.1 Igor Sysoev <http://sysoev.ru> parents: 372 diff changeset	1664 * where the server pretends that it supports session reuse,
820f6378fc00 nginx 0.7.1 Igor Sysoev <http://sysoev.ru> parents: 372 diff changeset	1665 * but it does not actually store any session.
820f6378fc00 nginx 0.7.1 Igor Sysoev <http://sysoev.ru> parents: 372 diff changeset	1666 */
820f6378fc00 nginx 0.7.1 Igor Sysoev <http://sysoev.ru> parents: 372 diff changeset	1667
820f6378fc00 nginx 0.7.1 Igor Sysoev <http://sysoev.ru> parents: 372 diff changeset	1668 SSL_CTX_set_session_cache_mode(ssl->ctx,
820f6378fc00 nginx 0.7.1 Igor Sysoev <http://sysoev.ru> parents: 372 diff changeset	1669 SSL_SESS_CACHE_SERVER
820f6378fc00 nginx 0.7.1 Igor Sysoev <http://sysoev.ru> parents: 372 diff changeset	1670 \|SSL_SESS_CACHE_NO_AUTO_CLEAR
820f6378fc00 nginx 0.7.1 Igor Sysoev <http://sysoev.ru> parents: 372 diff changeset	1671 \|SSL_SESS_CACHE_NO_INTERNAL_STORE);
820f6378fc00 nginx 0.7.1 Igor Sysoev <http://sysoev.ru> parents: 372 diff changeset	1672
820f6378fc00 nginx 0.7.1 Igor Sysoev <http://sysoev.ru> parents: 372 diff changeset	1673 SSL_CTX_sess_set_cache_size(ssl->ctx, 1);
820f6378fc00 nginx 0.7.1 Igor Sysoev <http://sysoev.ru> parents: 372 diff changeset	1674
820f6378fc00 nginx 0.7.1 Igor Sysoev <http://sysoev.ru> parents: 372 diff changeset	1675 return NGX_OK;
820f6378fc00 nginx 0.7.1 Igor Sysoev <http://sysoev.ru> parents: 372 diff changeset	1676 }
820f6378fc00 nginx 0.7.1 Igor Sysoev <http://sysoev.ru> parents: 372 diff changeset	1677
272 29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1678 cache_mode = SSL_SESS_CACHE_SERVER;
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1679
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1680 if (shm_zone && builtin_session_cache == NGX_SSL_NO_BUILTIN_SCACHE) {
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1681 cache_mode \|= SSL_SESS_CACHE_NO_INTERNAL;
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1682 }
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1683
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1684 SSL_CTX_set_session_cache_mode(ssl->ctx, cache_mode);
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1685
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1686 if (builtin_session_cache != NGX_SSL_NO_BUILTIN_SCACHE) {
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1687
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1688 if (builtin_session_cache != NGX_SSL_DFLT_BUILTIN_SCACHE) {
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1689 SSL_CTX_sess_set_cache_size(ssl->ctx, builtin_session_cache);
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1690 }
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1691 }
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1692
480 549994537f15 nginx 0.7.52 Igor Sysoev <http://sysoev.ru> parents: 468 diff changeset	1693 SSL_CTX_set_timeout(ssl->ctx, (long) timeout);
274 052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1694
272 29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1695 if (shm_zone) {
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1696 SSL_CTX_sess_set_new_cb(ssl->ctx, ngx_ssl_new_session);
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1697 SSL_CTX_sess_set_get_cb(ssl->ctx, ngx_ssl_get_cached_session);
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1698 SSL_CTX_sess_set_remove_cb(ssl->ctx, ngx_ssl_remove_session);
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1699
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1700 if (SSL_CTX_set_ex_data(ssl->ctx, ngx_ssl_session_cache_index, shm_zone)
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1701 == 0)
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1702 {
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1703 ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0,
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1704 "SSL_CTX_set_ex_data() failed");
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1705 return NGX_ERROR;
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1706 }
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1707 }
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1708
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1709 return NGX_OK;
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1710 }
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1711
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1712
634 23ef0645ea57 nginx 1.1.1 Igor Sysoev <http://sysoev.ru> parents: 632 diff changeset	1713 ngx_int_t
272 29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1714 ngx_ssl_session_cache_init(ngx_shm_zone_t shm_zone, void data)
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1715 {
468 56baf312c1b5 nginx 0.7.46 Igor Sysoev <http://sysoev.ru> parents: 454 diff changeset	1716 size_t len;
272 29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1717 ngx_slab_pool_t *shpool;
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1718 ngx_ssl_session_cache_t *cache;
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1719
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1720 if (data) {
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1721 shm_zone->data = data;
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1722 return NGX_OK;
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1723 }
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1724
480 549994537f15 nginx 0.7.52 Igor Sysoev <http://sysoev.ru> parents: 468 diff changeset	1725 if (shm_zone->shm.exists) {
549994537f15 nginx 0.7.52 Igor Sysoev <http://sysoev.ru> parents: 468 diff changeset	1726 shm_zone->data = data;
549994537f15 nginx 0.7.52 Igor Sysoev <http://sysoev.ru> parents: 468 diff changeset	1727 return NGX_OK;
549994537f15 nginx 0.7.52 Igor Sysoev <http://sysoev.ru> parents: 468 diff changeset	1728 }
549994537f15 nginx 0.7.52 Igor Sysoev <http://sysoev.ru> parents: 468 diff changeset	1729
272 29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1730 shpool = (ngx_slab_pool_t *) shm_zone->shm.addr;
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1731
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1732 cache = ngx_slab_alloc(shpool, sizeof(ngx_ssl_session_cache_t));
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1733 if (cache == NULL) {
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1734 return NGX_ERROR;
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1735 }
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1736
480 549994537f15 nginx 0.7.52 Igor Sysoev <http://sysoev.ru> parents: 468 diff changeset	1737 shpool->data = cache;
549994537f15 nginx 0.7.52 Igor Sysoev <http://sysoev.ru> parents: 468 diff changeset	1738 shm_zone->data = cache;
549994537f15 nginx 0.7.52 Igor Sysoev <http://sysoev.ru> parents: 468 diff changeset	1739
358 9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	1740 ngx_rbtree_init(&cache->session_rbtree, &cache->sentinel,
356 b743d290eb3b nginx 0.6.22 Igor Sysoev <http://sysoev.ru> parents: 332 diff changeset	1741 ngx_ssl_session_rbtree_insert_value);
272 29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1742
358 9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	1743 ngx_queue_init(&cache->expire_queue);
9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	1744
480 549994537f15 nginx 0.7.52 Igor Sysoev <http://sysoev.ru> parents: 468 diff changeset	1745 len = sizeof(" in SSL session shared cache \"\"") + shm_zone->shm.name.len;
468 56baf312c1b5 nginx 0.7.46 Igor Sysoev <http://sysoev.ru> parents: 454 diff changeset	1746
56baf312c1b5 nginx 0.7.46 Igor Sysoev <http://sysoev.ru> parents: 454 diff changeset	1747 shpool->log_ctx = ngx_slab_alloc(shpool, len);
56baf312c1b5 nginx 0.7.46 Igor Sysoev <http://sysoev.ru> parents: 454 diff changeset	1748 if (shpool->log_ctx == NULL) {
56baf312c1b5 nginx 0.7.46 Igor Sysoev <http://sysoev.ru> parents: 454 diff changeset	1749 return NGX_ERROR;
56baf312c1b5 nginx 0.7.46 Igor Sysoev <http://sysoev.ru> parents: 454 diff changeset	1750 }
56baf312c1b5 nginx 0.7.46 Igor Sysoev <http://sysoev.ru> parents: 454 diff changeset	1751
56baf312c1b5 nginx 0.7.46 Igor Sysoev <http://sysoev.ru> parents: 454 diff changeset	1752 ngx_sprintf(shpool->log_ctx, " in SSL session shared cache \"%V\"%Z",
480 549994537f15 nginx 0.7.52 Igor Sysoev <http://sysoev.ru> parents: 468 diff changeset	1753 &shm_zone->shm.name);
272 29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1754
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1755 return NGX_OK;
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1756 }
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1757
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1758
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1759 /*
274 052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1760 * The length of the session id is 16 bytes for SSLv2 sessions and
052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1761 * between 1 and 32 bytes for SSLv3/TLSv1, typically 32 bytes.
052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1762 * It seems that the typical length of the external ASN1 representation
052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1763 * of a session is 118 or 119 bytes for SSLv3/TSLv1.
052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1764 *
052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1765 * Thus on 32-bit platforms we allocate separately an rbtree node,
052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1766 * a session id, and an ASN1 representation, they take accordingly
052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1767 * 64, 32, and 128 bytes.
052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1768 *
052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1769 * On 64-bit platforms we allocate separately an rbtree node + session_id,
052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1770 * and an ASN1 representation, they take accordingly 128 and 128 bytes.
052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1771 *
272 29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1772 * OpenSSL's i2d_SSL_SESSION() and d2i_SSL_SESSION are slow,
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1773 * so they are outside the code locked by shared pool mutex
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1774 */
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1775
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1776 static int
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1777 ngx_ssl_new_session(ngx_ssl_conn_t ssl_conn, ngx_ssl_session_t sess)
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1778 {
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1779 int len;
274 052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1780 u_char p, id, *cached_sess;
272 29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1781 uint32_t hash;
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1782 SSL_CTX *ssl_ctx;
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1783 ngx_shm_zone_t *shm_zone;
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1784 ngx_connection_t *c;
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1785 ngx_slab_pool_t *shpool;
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1786 ngx_ssl_sess_id_t *sess_id;
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1787 ngx_ssl_session_cache_t *cache;
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1788 u_char buf[NGX_SSL_MAX_SESSION_SIZE];
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1789
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1790 len = i2d_SSL_SESSION(sess, NULL);
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1791
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1792 /* do not cache too big session */
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1793
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1794 if (len > (int) NGX_SSL_MAX_SESSION_SIZE) {
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1795 return 0;
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1796 }
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1797
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1798 p = buf;
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1799 i2d_SSL_SESSION(sess, &p);
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1800
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1801 c = ngx_ssl_get_connection(ssl_conn);
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1802
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1803 ssl_ctx = SSL_get_SSL_CTX(ssl_conn);
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1804 shm_zone = SSL_CTX_get_ex_data(ssl_ctx, ngx_ssl_session_cache_index);
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1805
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1806 cache = shm_zone->data;
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1807 shpool = (ngx_slab_pool_t *) shm_zone->shm.addr;
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1808
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1809 ngx_shmtx_lock(&shpool->mutex);
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1810
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1811 /* drop one or two expired sessions */
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1812 ngx_ssl_expire_sessions(cache, shpool, 1);
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1813
274 052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1814 cached_sess = ngx_slab_alloc_locked(shpool, len);
272 29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1815
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1816 if (cached_sess == NULL) {
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1817
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1818 /* drop the oldest non-expired session and try once more */
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1819
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1820 ngx_ssl_expire_sessions(cache, shpool, 0);
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1821
274 052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1822 cached_sess = ngx_slab_alloc_locked(shpool, len);
272 29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1823
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1824 if (cached_sess == NULL) {
274 052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1825 sess_id = NULL;
272 29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1826 goto failed;
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1827 }
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1828 }
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1829
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1830 sess_id = ngx_slab_alloc_locked(shpool, sizeof(ngx_ssl_sess_id_t));
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1831 if (sess_id == NULL) {
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1832 goto failed;
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1833 }
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1834
274 052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1835 #if (NGX_PTR_SIZE == 8)
052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1836
052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1837 id = sess_id->sess_id;
052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1838
052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1839 #else
052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1840
052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1841 id = ngx_slab_alloc_locked(shpool, sess->session_id_length);
052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1842 if (id == NULL) {
052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1843 goto failed;
052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1844 }
052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1845
052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1846 #endif
052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1847
052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1848 ngx_memcpy(cached_sess, buf, len);
272 29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1849
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1850 ngx_memcpy(id, sess->session_id, sess->session_id_length);
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1851
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1852 hash = ngx_crc32_short(sess->session_id, sess->session_id_length);
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1853
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1854 ngx_log_debug3(NGX_LOG_DEBUG_EVENT, c->log, 0,
530 4c5d2c627a6c nginx 0.8.17 Igor Sysoev <http://sysoev.ru> parents: 510 diff changeset	1855 "ssl new session: %08XD:%d:%d",
272 29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1856 hash, sess->session_id_length, len);
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1857
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1858 sess_id->node.key = hash;
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1859 sess_id->node.data = (u_char) sess->session_id_length;
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1860 sess_id->id = id;
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1861 sess_id->len = len;
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1862 sess_id->session = cached_sess;
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1863
358 9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	1864 sess_id->expire = ngx_time() + SSL_CTX_get_timeout(ssl_ctx);
9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	1865
9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	1866 ngx_queue_insert_head(&cache->expire_queue, &sess_id->queue);
9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	1867
9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	1868 ngx_rbtree_insert(&cache->session_rbtree, &sess_id->node);
272 29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1869
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1870 ngx_shmtx_unlock(&shpool->mutex);
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1871
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1872 return 0;
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1873
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1874 failed:
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1875
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1876 if (cached_sess) {
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1877 ngx_slab_free_locked(shpool, cached_sess);
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1878 }
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1879
274 052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1880 if (sess_id) {
052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1881 ngx_slab_free_locked(shpool, sess_id);
272 29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1882 }
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1883
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1884 ngx_shmtx_unlock(&shpool->mutex);
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1885
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1886 ngx_log_error(NGX_LOG_ALERT, c->log, 0,
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1887 "could not add new SSL session to the session cache");
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1888
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1889 return 0;
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1890 }
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1891
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1892
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1893 static ngx_ssl_session_t *
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1894 ngx_ssl_get_cached_session(ngx_ssl_conn_t ssl_conn, u_char id, int len,
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1895 int *copy)
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1896 {
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1897 #if OPENSSL_VERSION_NUMBER >= 0x0090707fL
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1898 const
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1899 #endif
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1900 u_char *p;
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1901 uint32_t hash;
274 052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1902 ngx_int_t rc;
272 29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1903 ngx_shm_zone_t *shm_zone;
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1904 ngx_slab_pool_t *shpool;
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1905 ngx_rbtree_node_t node, sentinel;
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1906 ngx_ssl_session_t *sess;
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1907 ngx_ssl_sess_id_t *sess_id;
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1908 ngx_ssl_session_cache_t *cache;
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1909 u_char buf[NGX_SSL_MAX_SESSION_SIZE];
632 5b73504dd4ba nginx 1.1.0 Igor Sysoev <http://sysoev.ru> parents: 612 diff changeset	1910 #if (NGX_DEBUG)
5b73504dd4ba nginx 1.1.0 Igor Sysoev <http://sysoev.ru> parents: 612 diff changeset	1911 ngx_connection_t *c;
5b73504dd4ba nginx 1.1.0 Igor Sysoev <http://sysoev.ru> parents: 612 diff changeset	1912 #endif
272 29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1913
274 052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1914 hash = ngx_crc32_short(id, (size_t) len);
272 29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1915 *copy = 0;
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1916
632 5b73504dd4ba nginx 1.1.0 Igor Sysoev <http://sysoev.ru> parents: 612 diff changeset	1917 #if (NGX_DEBUG)
5b73504dd4ba nginx 1.1.0 Igor Sysoev <http://sysoev.ru> parents: 612 diff changeset	1918 c = ngx_ssl_get_connection(ssl_conn);
5b73504dd4ba nginx 1.1.0 Igor Sysoev <http://sysoev.ru> parents: 612 diff changeset	1919
272 29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1920 ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0,
530 4c5d2c627a6c nginx 0.8.17 Igor Sysoev <http://sysoev.ru> parents: 510 diff changeset	1921 "ssl get session: %08XD:%d", hash, len);
632 5b73504dd4ba nginx 1.1.0 Igor Sysoev <http://sysoev.ru> parents: 612 diff changeset	1922 #endif
272 29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1923
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1924 shm_zone = SSL_CTX_get_ex_data(SSL_get_SSL_CTX(ssl_conn),
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1925 ngx_ssl_session_cache_index);
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1926
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1927 cache = shm_zone->data;
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1928
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1929 sess = NULL;
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1930
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1931 shpool = (ngx_slab_pool_t *) shm_zone->shm.addr;
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1932
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1933 ngx_shmtx_lock(&shpool->mutex);
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1934
358 9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	1935 node = cache->session_rbtree.root;
9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	1936 sentinel = cache->session_rbtree.sentinel;
272 29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1937
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1938 while (node != sentinel) {
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1939
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1940 if (hash < node->key) {
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1941 node = node->left;
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1942 continue;
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1943 }
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1944
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1945 if (hash > node->key) {
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1946 node = node->right;
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1947 continue;
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1948 }
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1949
274 052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1950 /* hash == node->key */
052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1951
664 f5b859b2f097 nginx 1.1.16 Igor Sysoev <http://sysoev.ru> parents: 660 diff changeset	1952 sess_id = (ngx_ssl_sess_id_t *) node;
f5b859b2f097 nginx 1.1.16 Igor Sysoev <http://sysoev.ru> parents: 660 diff changeset	1953
f5b859b2f097 nginx 1.1.16 Igor Sysoev <http://sysoev.ru> parents: 660 diff changeset	1954 rc = ngx_memn2cmp(id, sess_id->id, (size_t) len, (size_t) node->data);
f5b859b2f097 nginx 1.1.16 Igor Sysoev <http://sysoev.ru> parents: 660 diff changeset	1955
f5b859b2f097 nginx 1.1.16 Igor Sysoev <http://sysoev.ru> parents: 660 diff changeset	1956 if (rc == 0) {
f5b859b2f097 nginx 1.1.16 Igor Sysoev <http://sysoev.ru> parents: 660 diff changeset	1957
f5b859b2f097 nginx 1.1.16 Igor Sysoev <http://sysoev.ru> parents: 660 diff changeset	1958 if (sess_id->expire > ngx_time()) {
f5b859b2f097 nginx 1.1.16 Igor Sysoev <http://sysoev.ru> parents: 660 diff changeset	1959 ngx_memcpy(buf, sess_id->session, sess_id->len);
f5b859b2f097 nginx 1.1.16 Igor Sysoev <http://sysoev.ru> parents: 660 diff changeset	1960
f5b859b2f097 nginx 1.1.16 Igor Sysoev <http://sysoev.ru> parents: 660 diff changeset	1961 ngx_shmtx_unlock(&shpool->mutex);
f5b859b2f097 nginx 1.1.16 Igor Sysoev <http://sysoev.ru> parents: 660 diff changeset	1962
f5b859b2f097 nginx 1.1.16 Igor Sysoev <http://sysoev.ru> parents: 660 diff changeset	1963 p = buf;
f5b859b2f097 nginx 1.1.16 Igor Sysoev <http://sysoev.ru> parents: 660 diff changeset	1964 sess = d2i_SSL_SESSION(NULL, &p, sess_id->len);
f5b859b2f097 nginx 1.1.16 Igor Sysoev <http://sysoev.ru> parents: 660 diff changeset	1965
f5b859b2f097 nginx 1.1.16 Igor Sysoev <http://sysoev.ru> parents: 660 diff changeset	1966 return sess;
f5b859b2f097 nginx 1.1.16 Igor Sysoev <http://sysoev.ru> parents: 660 diff changeset	1967 }
f5b859b2f097 nginx 1.1.16 Igor Sysoev <http://sysoev.ru> parents: 660 diff changeset	1968
f5b859b2f097 nginx 1.1.16 Igor Sysoev <http://sysoev.ru> parents: 660 diff changeset	1969 ngx_queue_remove(&sess_id->queue);
f5b859b2f097 nginx 1.1.16 Igor Sysoev <http://sysoev.ru> parents: 660 diff changeset	1970
f5b859b2f097 nginx 1.1.16 Igor Sysoev <http://sysoev.ru> parents: 660 diff changeset	1971 ngx_rbtree_delete(&cache->session_rbtree, node);
f5b859b2f097 nginx 1.1.16 Igor Sysoev <http://sysoev.ru> parents: 660 diff changeset	1972
f5b859b2f097 nginx 1.1.16 Igor Sysoev <http://sysoev.ru> parents: 660 diff changeset	1973 ngx_slab_free_locked(shpool, sess_id->session);
274 052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1974 #if (NGX_PTR_SIZE == 4)
664 f5b859b2f097 nginx 1.1.16 Igor Sysoev <http://sysoev.ru> parents: 660 diff changeset	1975 ngx_slab_free_locked(shpool, sess_id->id);
274 052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1976 #endif
664 f5b859b2f097 nginx 1.1.16 Igor Sysoev <http://sysoev.ru> parents: 660 diff changeset	1977 ngx_slab_free_locked(shpool, sess_id);
f5b859b2f097 nginx 1.1.16 Igor Sysoev <http://sysoev.ru> parents: 660 diff changeset	1978
f5b859b2f097 nginx 1.1.16 Igor Sysoev <http://sysoev.ru> parents: 660 diff changeset	1979 sess = NULL;
f5b859b2f097 nginx 1.1.16 Igor Sysoev <http://sysoev.ru> parents: 660 diff changeset	1980
f5b859b2f097 nginx 1.1.16 Igor Sysoev <http://sysoev.ru> parents: 660 diff changeset	1981 goto done;
f5b859b2f097 nginx 1.1.16 Igor Sysoev <http://sysoev.ru> parents: 660 diff changeset	1982 }
f5b859b2f097 nginx 1.1.16 Igor Sysoev <http://sysoev.ru> parents: 660 diff changeset	1983
f5b859b2f097 nginx 1.1.16 Igor Sysoev <http://sysoev.ru> parents: 660 diff changeset	1984 node = (rc < 0) ? node->left : node->right;
272 29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1985 }
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1986
274 052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1987 done:
052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	1988
272 29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1989 ngx_shmtx_unlock(&shpool->mutex);
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1990
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1991 return sess;
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1992 }
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1993
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	1994
366 babd3d9efb62 nginx 0.6.27 Igor Sysoev <http://sysoev.ru> parents: 364 diff changeset	1995 void
babd3d9efb62 nginx 0.6.27 Igor Sysoev <http://sysoev.ru> parents: 364 diff changeset	1996 ngx_ssl_remove_cached_session(SSL_CTX ssl, ngx_ssl_session_t sess)
babd3d9efb62 nginx 0.6.27 Igor Sysoev <http://sysoev.ru> parents: 364 diff changeset	1997 {
babd3d9efb62 nginx 0.6.27 Igor Sysoev <http://sysoev.ru> parents: 364 diff changeset	1998 SSL_CTX_remove_session(ssl, sess);
babd3d9efb62 nginx 0.6.27 Igor Sysoev <http://sysoev.ru> parents: 364 diff changeset	1999
babd3d9efb62 nginx 0.6.27 Igor Sysoev <http://sysoev.ru> parents: 364 diff changeset	2000 ngx_ssl_remove_session(ssl, sess);
babd3d9efb62 nginx 0.6.27 Igor Sysoev <http://sysoev.ru> parents: 364 diff changeset	2001 }
babd3d9efb62 nginx 0.6.27 Igor Sysoev <http://sysoev.ru> parents: 364 diff changeset	2002
babd3d9efb62 nginx 0.6.27 Igor Sysoev <http://sysoev.ru> parents: 364 diff changeset	2003
272 29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	2004 static void
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	2005 ngx_ssl_remove_session(SSL_CTX ssl, ngx_ssl_session_t sess)
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	2006 {
274 052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	2007 size_t len;
052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	2008 u_char *id;
272 29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	2009 uint32_t hash;
274 052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	2010 ngx_int_t rc;
272 29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	2011 ngx_shm_zone_t *shm_zone;
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	2012 ngx_slab_pool_t *shpool;
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	2013 ngx_rbtree_node_t node, sentinel;
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	2014 ngx_ssl_sess_id_t *sess_id;
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	2015 ngx_ssl_session_cache_t *cache;
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	2016
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	2017 shm_zone = SSL_CTX_get_ex_data(ssl, ngx_ssl_session_cache_index);
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	2018
366 babd3d9efb62 nginx 0.6.27 Igor Sysoev <http://sysoev.ru> parents: 364 diff changeset	2019 if (shm_zone == NULL) {
babd3d9efb62 nginx 0.6.27 Igor Sysoev <http://sysoev.ru> parents: 364 diff changeset	2020 return;
babd3d9efb62 nginx 0.6.27 Igor Sysoev <http://sysoev.ru> parents: 364 diff changeset	2021 }
babd3d9efb62 nginx 0.6.27 Igor Sysoev <http://sysoev.ru> parents: 364 diff changeset	2022
272 29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	2023 cache = shm_zone->data;
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	2024
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	2025 id = sess->session_id;
274 052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	2026 len = (size_t) sess->session_id_length;
052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	2027
052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	2028 hash = ngx_crc32_short(id, len);
272 29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	2029
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	2030 ngx_log_debug2(NGX_LOG_DEBUG_EVENT, ngx_cycle->log, 0,
530 4c5d2c627a6c nginx 0.8.17 Igor Sysoev <http://sysoev.ru> parents: 510 diff changeset	2031 "ssl remove session: %08XD:%uz", hash, len);
272 29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	2032
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	2033 shpool = (ngx_slab_pool_t *) shm_zone->shm.addr;
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	2034
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	2035 ngx_shmtx_lock(&shpool->mutex);
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	2036
358 9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	2037 node = cache->session_rbtree.root;
9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	2038 sentinel = cache->session_rbtree.sentinel;
272 29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	2039
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	2040 while (node != sentinel) {
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	2041
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	2042 if (hash < node->key) {
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	2043 node = node->left;
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	2044 continue;
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	2045 }
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	2046
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	2047 if (hash > node->key) {
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	2048 node = node->right;
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	2049 continue;
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	2050 }
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	2051
274 052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	2052 /* hash == node->key */
052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	2053
664 f5b859b2f097 nginx 1.1.16 Igor Sysoev <http://sysoev.ru> parents: 660 diff changeset	2054 sess_id = (ngx_ssl_sess_id_t *) node;
f5b859b2f097 nginx 1.1.16 Igor Sysoev <http://sysoev.ru> parents: 660 diff changeset	2055
f5b859b2f097 nginx 1.1.16 Igor Sysoev <http://sysoev.ru> parents: 660 diff changeset	2056 rc = ngx_memn2cmp(id, sess_id->id, len, (size_t) node->data);
f5b859b2f097 nginx 1.1.16 Igor Sysoev <http://sysoev.ru> parents: 660 diff changeset	2057
f5b859b2f097 nginx 1.1.16 Igor Sysoev <http://sysoev.ru> parents: 660 diff changeset	2058 if (rc == 0) {
f5b859b2f097 nginx 1.1.16 Igor Sysoev <http://sysoev.ru> parents: 660 diff changeset	2059
f5b859b2f097 nginx 1.1.16 Igor Sysoev <http://sysoev.ru> parents: 660 diff changeset	2060 ngx_queue_remove(&sess_id->queue);
f5b859b2f097 nginx 1.1.16 Igor Sysoev <http://sysoev.ru> parents: 660 diff changeset	2061
f5b859b2f097 nginx 1.1.16 Igor Sysoev <http://sysoev.ru> parents: 660 diff changeset	2062 ngx_rbtree_delete(&cache->session_rbtree, node);
f5b859b2f097 nginx 1.1.16 Igor Sysoev <http://sysoev.ru> parents: 660 diff changeset	2063
f5b859b2f097 nginx 1.1.16 Igor Sysoev <http://sysoev.ru> parents: 660 diff changeset	2064 ngx_slab_free_locked(shpool, sess_id->session);
274 052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	2065 #if (NGX_PTR_SIZE == 4)
664 f5b859b2f097 nginx 1.1.16 Igor Sysoev <http://sysoev.ru> parents: 660 diff changeset	2066 ngx_slab_free_locked(shpool, sess_id->id);
274 052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	2067 #endif
664 f5b859b2f097 nginx 1.1.16 Igor Sysoev <http://sysoev.ru> parents: 660 diff changeset	2068 ngx_slab_free_locked(shpool, sess_id);
f5b859b2f097 nginx 1.1.16 Igor Sysoev <http://sysoev.ru> parents: 660 diff changeset	2069
f5b859b2f097 nginx 1.1.16 Igor Sysoev <http://sysoev.ru> parents: 660 diff changeset	2070 goto done;
f5b859b2f097 nginx 1.1.16 Igor Sysoev <http://sysoev.ru> parents: 660 diff changeset	2071 }
f5b859b2f097 nginx 1.1.16 Igor Sysoev <http://sysoev.ru> parents: 660 diff changeset	2072
f5b859b2f097 nginx 1.1.16 Igor Sysoev <http://sysoev.ru> parents: 660 diff changeset	2073 node = (rc < 0) ? node->left : node->right;
272 29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	2074 }
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	2075
274 052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	2076 done:
052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	2077
272 29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	2078 ngx_shmtx_unlock(&shpool->mutex);
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	2079 }
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	2080
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	2081
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	2082 static void
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	2083 ngx_ssl_expire_sessions(ngx_ssl_session_cache_t *cache,
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	2084 ngx_slab_pool_t *shpool, ngx_uint_t n)
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	2085 {
358 9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	2086 time_t now;
9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	2087 ngx_queue_t *q;
274 052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	2088 ngx_ssl_sess_id_t *sess_id;
272 29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	2089
358 9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	2090 now = ngx_time();
272 29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	2091
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	2092 while (n < 3) {
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	2093
358 9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	2094 if (ngx_queue_empty(&cache->expire_queue)) {
272 29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	2095 return;
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	2096 }
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	2097
358 9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	2098 q = ngx_queue_last(&cache->expire_queue);
9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	2099
9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	2100 sess_id = ngx_queue_data(q, ngx_ssl_sess_id_t, queue);
9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	2101
9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	2102 if (n++ != 0 && sess_id->expire > now) {
332 3a91bfeffaba nginx 0.6.10 Igor Sysoev <http://sysoev.ru> parents: 330 diff changeset	2103 return;
272 29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	2104 }
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	2105
358 9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	2106 ngx_queue_remove(q);
272 29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	2107
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	2108 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, ngx_cycle->log, 0,
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	2109 "expire session: %08Xi", sess_id->node.key);
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	2110
358 9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	2111 ngx_rbtree_delete(&cache->session_rbtree, &sess_id->node);
9121a0a91f47 nginx 0.6.23 Igor Sysoev <http://sysoev.ru> parents: 356 diff changeset	2112
274 052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	2113 ngx_slab_free_locked(shpool, sess_id->session);
052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	2114 #if (NGX_PTR_SIZE == 4)
272 29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	2115 ngx_slab_free_locked(shpool, sess_id->id);
274 052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	2116 #endif
272 29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	2117 ngx_slab_free_locked(shpool, sess_id);
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	2118 }
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	2119 }
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	2120
29a6403156b0 nginx 0.5.6 Igor Sysoev <http://sysoev.ru> parents: 220 diff changeset	2121
274 052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	2122 static void
052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	2123 ngx_ssl_session_rbtree_insert_value(ngx_rbtree_node_t *temp,
052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	2124 ngx_rbtree_node_t node, ngx_rbtree_node_t sentinel)
052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	2125 {
356 b743d290eb3b nginx 0.6.22 Igor Sysoev <http://sysoev.ru> parents: 332 diff changeset	2126 ngx_rbtree_node_t **p;
b743d290eb3b nginx 0.6.22 Igor Sysoev <http://sysoev.ru> parents: 332 diff changeset	2127 ngx_ssl_sess_id_t sess_id, sess_id_temp;
274 052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	2128
052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	2129 for ( ;; ) {
052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	2130
052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	2131 if (node->key < temp->key) {
052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	2132
356 b743d290eb3b nginx 0.6.22 Igor Sysoev <http://sysoev.ru> parents: 332 diff changeset	2133 p = &temp->left;
274 052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	2134
052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	2135 } else if (node->key > temp->key) {
052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	2136
356 b743d290eb3b nginx 0.6.22 Igor Sysoev <http://sysoev.ru> parents: 332 diff changeset	2137 p = &temp->right;
274 052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	2138
052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	2139 } else { /* node->key == temp->key */
052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	2140
052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	2141 sess_id = (ngx_ssl_sess_id_t *) node;
052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	2142 sess_id_temp = (ngx_ssl_sess_id_t *) temp;
052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	2143
356 b743d290eb3b nginx 0.6.22 Igor Sysoev <http://sysoev.ru> parents: 332 diff changeset	2144 p = (ngx_memn2cmp(sess_id->id, sess_id_temp->id,
b743d290eb3b nginx 0.6.22 Igor Sysoev <http://sysoev.ru> parents: 332 diff changeset	2145 (size_t) node->data, (size_t) temp->data)
b743d290eb3b nginx 0.6.22 Igor Sysoev <http://sysoev.ru> parents: 332 diff changeset	2146 < 0) ? &temp->left : &temp->right;
274 052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	2147 }
356 b743d290eb3b nginx 0.6.22 Igor Sysoev <http://sysoev.ru> parents: 332 diff changeset	2148
b743d290eb3b nginx 0.6.22 Igor Sysoev <http://sysoev.ru> parents: 332 diff changeset	2149 if (*p == sentinel) {
b743d290eb3b nginx 0.6.22 Igor Sysoev <http://sysoev.ru> parents: 332 diff changeset	2150 break;
b743d290eb3b nginx 0.6.22 Igor Sysoev <http://sysoev.ru> parents: 332 diff changeset	2151 }
b743d290eb3b nginx 0.6.22 Igor Sysoev <http://sysoev.ru> parents: 332 diff changeset	2152
b743d290eb3b nginx 0.6.22 Igor Sysoev <http://sysoev.ru> parents: 332 diff changeset	2153 temp = *p;
274 052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	2154 }
052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	2155
356 b743d290eb3b nginx 0.6.22 Igor Sysoev <http://sysoev.ru> parents: 332 diff changeset	2156 *p = node;
274 052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	2157 node->parent = temp;
052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	2158 node->left = sentinel;
052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	2159 node->right = sentinel;
052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	2160 ngx_rbt_red(node);
276 c5c2b2883984 nginx 0.5.8 Igor Sysoev <http://sysoev.ru> parents: 274 diff changeset	2161 }
274 052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	2162
052a7b1d40e5 nginx 0.5.7 Igor Sysoev <http://sysoev.ru> parents: 272 diff changeset	2163
58 b55cbf18157e nginx 0.1.29 Igor Sysoev <http://sysoev.ru> parents: 50 diff changeset	2164 void
b55cbf18157e nginx 0.1.29 Igor Sysoev <http://sysoev.ru> parents: 50 diff changeset	2165 ngx_ssl_cleanup_ctx(void *data)
b55cbf18157e nginx 0.1.29 Igor Sysoev <http://sysoev.ru> parents: 50 diff changeset	2166 {
138 8e6d4d96ec4c nginx 0.3.16 Igor Sysoev <http://sysoev.ru> parents: 132 diff changeset	2167 ngx_ssl_t *ssl = data;
58 b55cbf18157e nginx 0.1.29 Igor Sysoev <http://sysoev.ru> parents: 50 diff changeset	2168
138 8e6d4d96ec4c nginx 0.3.16 Igor Sysoev <http://sysoev.ru> parents: 132 diff changeset	2169 SSL_CTX_free(ssl->ctx);
58 b55cbf18157e nginx 0.1.29 Igor Sysoev <http://sysoev.ru> parents: 50 diff changeset	2170 }
90 71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	2171
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	2172
220 559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	2173 ngx_int_t
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	2174 ngx_ssl_get_protocol(ngx_connection_t c, ngx_pool_t pool, ngx_str_t *s)
160 73e8476f9142 nginx 0.3.27 Igor Sysoev <http://sysoev.ru> parents: 146 diff changeset	2175 {
220 559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	2176 s->data = (u_char *) SSL_get_version(c->ssl->connection);
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	2177 return NGX_OK;
160 73e8476f9142 nginx 0.3.27 Igor Sysoev <http://sysoev.ru> parents: 146 diff changeset	2178 }
73e8476f9142 nginx 0.3.27 Igor Sysoev <http://sysoev.ru> parents: 146 diff changeset	2179
73e8476f9142 nginx 0.3.27 Igor Sysoev <http://sysoev.ru> parents: 146 diff changeset	2180
220 559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	2181 ngx_int_t
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	2182 ngx_ssl_get_cipher_name(ngx_connection_t c, ngx_pool_t pool, ngx_str_t *s)
160 73e8476f9142 nginx 0.3.27 Igor Sysoev <http://sysoev.ru> parents: 146 diff changeset	2183 {
220 559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	2184 s->data = (u_char *) SSL_get_cipher_name(c->ssl->connection);
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	2185 return NGX_OK;
160 73e8476f9142 nginx 0.3.27 Igor Sysoev <http://sysoev.ru> parents: 146 diff changeset	2186 }
73e8476f9142 nginx 0.3.27 Igor Sysoev <http://sysoev.ru> parents: 146 diff changeset	2187
73e8476f9142 nginx 0.3.27 Igor Sysoev <http://sysoev.ru> parents: 146 diff changeset	2188
196 8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	2189 ngx_int_t
530 4c5d2c627a6c nginx 0.8.17 Igor Sysoev <http://sysoev.ru> parents: 510 diff changeset	2190 ngx_ssl_get_session_id(ngx_connection_t c, ngx_pool_t pool, ngx_str_t *s)
4c5d2c627a6c nginx 0.8.17 Igor Sysoev <http://sysoev.ru> parents: 510 diff changeset	2191 {
4c5d2c627a6c nginx 0.8.17 Igor Sysoev <http://sysoev.ru> parents: 510 diff changeset	2192 int len;
4c5d2c627a6c nginx 0.8.17 Igor Sysoev <http://sysoev.ru> parents: 510 diff changeset	2193 u_char p, buf;
4c5d2c627a6c nginx 0.8.17 Igor Sysoev <http://sysoev.ru> parents: 510 diff changeset	2194 SSL_SESSION *sess;
4c5d2c627a6c nginx 0.8.17 Igor Sysoev <http://sysoev.ru> parents: 510 diff changeset	2195
4c5d2c627a6c nginx 0.8.17 Igor Sysoev <http://sysoev.ru> parents: 510 diff changeset	2196 sess = SSL_get0_session(c->ssl->connection);
4c5d2c627a6c nginx 0.8.17 Igor Sysoev <http://sysoev.ru> parents: 510 diff changeset	2197
4c5d2c627a6c nginx 0.8.17 Igor Sysoev <http://sysoev.ru> parents: 510 diff changeset	2198 len = i2d_SSL_SESSION(sess, NULL);
4c5d2c627a6c nginx 0.8.17 Igor Sysoev <http://sysoev.ru> parents: 510 diff changeset	2199
4c5d2c627a6c nginx 0.8.17 Igor Sysoev <http://sysoev.ru> parents: 510 diff changeset	2200 buf = ngx_alloc(len, c->log);
4c5d2c627a6c nginx 0.8.17 Igor Sysoev <http://sysoev.ru> parents: 510 diff changeset	2201 if (buf == NULL) {
4c5d2c627a6c nginx 0.8.17 Igor Sysoev <http://sysoev.ru> parents: 510 diff changeset	2202 return NGX_ERROR;
4c5d2c627a6c nginx 0.8.17 Igor Sysoev <http://sysoev.ru> parents: 510 diff changeset	2203 }
4c5d2c627a6c nginx 0.8.17 Igor Sysoev <http://sysoev.ru> parents: 510 diff changeset	2204
4c5d2c627a6c nginx 0.8.17 Igor Sysoev <http://sysoev.ru> parents: 510 diff changeset	2205 s->len = 2 * len;
4c5d2c627a6c nginx 0.8.17 Igor Sysoev <http://sysoev.ru> parents: 510 diff changeset	2206 s->data = ngx_pnalloc(pool, 2 * len);
4c5d2c627a6c nginx 0.8.17 Igor Sysoev <http://sysoev.ru> parents: 510 diff changeset	2207 if (s->data == NULL) {
4c5d2c627a6c nginx 0.8.17 Igor Sysoev <http://sysoev.ru> parents: 510 diff changeset	2208 ngx_free(buf);
4c5d2c627a6c nginx 0.8.17 Igor Sysoev <http://sysoev.ru> parents: 510 diff changeset	2209 return NGX_ERROR;
4c5d2c627a6c nginx 0.8.17 Igor Sysoev <http://sysoev.ru> parents: 510 diff changeset	2210 }
4c5d2c627a6c nginx 0.8.17 Igor Sysoev <http://sysoev.ru> parents: 510 diff changeset	2211
4c5d2c627a6c nginx 0.8.17 Igor Sysoev <http://sysoev.ru> parents: 510 diff changeset	2212 p = buf;
4c5d2c627a6c nginx 0.8.17 Igor Sysoev <http://sysoev.ru> parents: 510 diff changeset	2213 i2d_SSL_SESSION(sess, &p);
4c5d2c627a6c nginx 0.8.17 Igor Sysoev <http://sysoev.ru> parents: 510 diff changeset	2214
4c5d2c627a6c nginx 0.8.17 Igor Sysoev <http://sysoev.ru> parents: 510 diff changeset	2215 ngx_hex_dump(s->data, buf, len);
4c5d2c627a6c nginx 0.8.17 Igor Sysoev <http://sysoev.ru> parents: 510 diff changeset	2216
4c5d2c627a6c nginx 0.8.17 Igor Sysoev <http://sysoev.ru> parents: 510 diff changeset	2217 ngx_free(buf);
4c5d2c627a6c nginx 0.8.17 Igor Sysoev <http://sysoev.ru> parents: 510 diff changeset	2218
4c5d2c627a6c nginx 0.8.17 Igor Sysoev <http://sysoev.ru> parents: 510 diff changeset	2219 return NGX_OK;
4c5d2c627a6c nginx 0.8.17 Igor Sysoev <http://sysoev.ru> parents: 510 diff changeset	2220 }
4c5d2c627a6c nginx 0.8.17 Igor Sysoev <http://sysoev.ru> parents: 510 diff changeset	2221
4c5d2c627a6c nginx 0.8.17 Igor Sysoev <http://sysoev.ru> parents: 510 diff changeset	2222
4c5d2c627a6c nginx 0.8.17 Igor Sysoev <http://sysoev.ru> parents: 510 diff changeset	2223 ngx_int_t
390 0b6053502c55 nginx 0.7.7 Igor Sysoev <http://sysoev.ru> parents: 382 diff changeset	2224 ngx_ssl_get_raw_certificate(ngx_connection_t c, ngx_pool_t pool, ngx_str_t *s)
380 bc21d9cd9c54 nginx 0.7.2 Igor Sysoev <http://sysoev.ru> parents: 378 diff changeset	2225 {
bc21d9cd9c54 nginx 0.7.2 Igor Sysoev <http://sysoev.ru> parents: 378 diff changeset	2226 size_t len;
bc21d9cd9c54 nginx 0.7.2 Igor Sysoev <http://sysoev.ru> parents: 378 diff changeset	2227 BIO *bio;
bc21d9cd9c54 nginx 0.7.2 Igor Sysoev <http://sysoev.ru> parents: 378 diff changeset	2228 X509 *cert;
bc21d9cd9c54 nginx 0.7.2 Igor Sysoev <http://sysoev.ru> parents: 378 diff changeset	2229
bc21d9cd9c54 nginx 0.7.2 Igor Sysoev <http://sysoev.ru> parents: 378 diff changeset	2230 s->len = 0;
bc21d9cd9c54 nginx 0.7.2 Igor Sysoev <http://sysoev.ru> parents: 378 diff changeset	2231
bc21d9cd9c54 nginx 0.7.2 Igor Sysoev <http://sysoev.ru> parents: 378 diff changeset	2232 cert = SSL_get_peer_certificate(c->ssl->connection);
bc21d9cd9c54 nginx 0.7.2 Igor Sysoev <http://sysoev.ru> parents: 378 diff changeset	2233 if (cert == NULL) {
bc21d9cd9c54 nginx 0.7.2 Igor Sysoev <http://sysoev.ru> parents: 378 diff changeset	2234 return NGX_OK;
bc21d9cd9c54 nginx 0.7.2 Igor Sysoev <http://sysoev.ru> parents: 378 diff changeset	2235 }
bc21d9cd9c54 nginx 0.7.2 Igor Sysoev <http://sysoev.ru> parents: 378 diff changeset	2236
bc21d9cd9c54 nginx 0.7.2 Igor Sysoev <http://sysoev.ru> parents: 378 diff changeset	2237 bio = BIO_new(BIO_s_mem());
bc21d9cd9c54 nginx 0.7.2 Igor Sysoev <http://sysoev.ru> parents: 378 diff changeset	2238 if (bio == NULL) {
bc21d9cd9c54 nginx 0.7.2 Igor Sysoev <http://sysoev.ru> parents: 378 diff changeset	2239 ngx_ssl_error(NGX_LOG_ALERT, c->log, 0, "BIO_new() failed");
bc21d9cd9c54 nginx 0.7.2 Igor Sysoev <http://sysoev.ru> parents: 378 diff changeset	2240 X509_free(cert);
bc21d9cd9c54 nginx 0.7.2 Igor Sysoev <http://sysoev.ru> parents: 378 diff changeset	2241 return NGX_ERROR;
bc21d9cd9c54 nginx 0.7.2 Igor Sysoev <http://sysoev.ru> parents: 378 diff changeset	2242 }
bc21d9cd9c54 nginx 0.7.2 Igor Sysoev <http://sysoev.ru> parents: 378 diff changeset	2243
bc21d9cd9c54 nginx 0.7.2 Igor Sysoev <http://sysoev.ru> parents: 378 diff changeset	2244 if (PEM_write_bio_X509(bio, cert) == 0) {
bc21d9cd9c54 nginx 0.7.2 Igor Sysoev <http://sysoev.ru> parents: 378 diff changeset	2245 ngx_ssl_error(NGX_LOG_ALERT, c->log, 0, "PEM_write_bio_X509() failed");
bc21d9cd9c54 nginx 0.7.2 Igor Sysoev <http://sysoev.ru> parents: 378 diff changeset	2246 goto failed;
bc21d9cd9c54 nginx 0.7.2 Igor Sysoev <http://sysoev.ru> parents: 378 diff changeset	2247 }
bc21d9cd9c54 nginx 0.7.2 Igor Sysoev <http://sysoev.ru> parents: 378 diff changeset	2248
bc21d9cd9c54 nginx 0.7.2 Igor Sysoev <http://sysoev.ru> parents: 378 diff changeset	2249 len = BIO_pending(bio);
bc21d9cd9c54 nginx 0.7.2 Igor Sysoev <http://sysoev.ru> parents: 378 diff changeset	2250 s->len = len;
bc21d9cd9c54 nginx 0.7.2 Igor Sysoev <http://sysoev.ru> parents: 378 diff changeset	2251
382 984bb0b1399b nginx 0.7.3 Igor Sysoev <http://sysoev.ru> parents: 380 diff changeset	2252 s->data = ngx_pnalloc(pool, len);
380 bc21d9cd9c54 nginx 0.7.2 Igor Sysoev <http://sysoev.ru> parents: 378 diff changeset	2253 if (s->data == NULL) {
bc21d9cd9c54 nginx 0.7.2 Igor Sysoev <http://sysoev.ru> parents: 378 diff changeset	2254 goto failed;
bc21d9cd9c54 nginx 0.7.2 Igor Sysoev <http://sysoev.ru> parents: 378 diff changeset	2255 }
bc21d9cd9c54 nginx 0.7.2 Igor Sysoev <http://sysoev.ru> parents: 378 diff changeset	2256
bc21d9cd9c54 nginx 0.7.2 Igor Sysoev <http://sysoev.ru> parents: 378 diff changeset	2257 BIO_read(bio, s->data, len);
bc21d9cd9c54 nginx 0.7.2 Igor Sysoev <http://sysoev.ru> parents: 378 diff changeset	2258
bc21d9cd9c54 nginx 0.7.2 Igor Sysoev <http://sysoev.ru> parents: 378 diff changeset	2259 BIO_free(bio);
bc21d9cd9c54 nginx 0.7.2 Igor Sysoev <http://sysoev.ru> parents: 378 diff changeset	2260 X509_free(cert);
bc21d9cd9c54 nginx 0.7.2 Igor Sysoev <http://sysoev.ru> parents: 378 diff changeset	2261
bc21d9cd9c54 nginx 0.7.2 Igor Sysoev <http://sysoev.ru> parents: 378 diff changeset	2262 return NGX_OK;
bc21d9cd9c54 nginx 0.7.2 Igor Sysoev <http://sysoev.ru> parents: 378 diff changeset	2263
bc21d9cd9c54 nginx 0.7.2 Igor Sysoev <http://sysoev.ru> parents: 378 diff changeset	2264 failed:
bc21d9cd9c54 nginx 0.7.2 Igor Sysoev <http://sysoev.ru> parents: 378 diff changeset	2265
bc21d9cd9c54 nginx 0.7.2 Igor Sysoev <http://sysoev.ru> parents: 378 diff changeset	2266 BIO_free(bio);
bc21d9cd9c54 nginx 0.7.2 Igor Sysoev <http://sysoev.ru> parents: 378 diff changeset	2267 X509_free(cert);
bc21d9cd9c54 nginx 0.7.2 Igor Sysoev <http://sysoev.ru> parents: 378 diff changeset	2268
bc21d9cd9c54 nginx 0.7.2 Igor Sysoev <http://sysoev.ru> parents: 378 diff changeset	2269 return NGX_ERROR;
bc21d9cd9c54 nginx 0.7.2 Igor Sysoev <http://sysoev.ru> parents: 378 diff changeset	2270 }
bc21d9cd9c54 nginx 0.7.2 Igor Sysoev <http://sysoev.ru> parents: 378 diff changeset	2271
bc21d9cd9c54 nginx 0.7.2 Igor Sysoev <http://sysoev.ru> parents: 378 diff changeset	2272
bc21d9cd9c54 nginx 0.7.2 Igor Sysoev <http://sysoev.ru> parents: 378 diff changeset	2273 ngx_int_t
390 0b6053502c55 nginx 0.7.7 Igor Sysoev <http://sysoev.ru> parents: 382 diff changeset	2274 ngx_ssl_get_certificate(ngx_connection_t c, ngx_pool_t pool, ngx_str_t *s)
0b6053502c55 nginx 0.7.7 Igor Sysoev <http://sysoev.ru> parents: 382 diff changeset	2275 {
0b6053502c55 nginx 0.7.7 Igor Sysoev <http://sysoev.ru> parents: 382 diff changeset	2276 u_char *p;
0b6053502c55 nginx 0.7.7 Igor Sysoev <http://sysoev.ru> parents: 382 diff changeset	2277 size_t len;
0b6053502c55 nginx 0.7.7 Igor Sysoev <http://sysoev.ru> parents: 382 diff changeset	2278 ngx_uint_t i;
0b6053502c55 nginx 0.7.7 Igor Sysoev <http://sysoev.ru> parents: 382 diff changeset	2279 ngx_str_t cert;
0b6053502c55 nginx 0.7.7 Igor Sysoev <http://sysoev.ru> parents: 382 diff changeset	2280
0b6053502c55 nginx 0.7.7 Igor Sysoev <http://sysoev.ru> parents: 382 diff changeset	2281 if (ngx_ssl_get_raw_certificate(c, pool, &cert) != NGX_OK) {
0b6053502c55 nginx 0.7.7 Igor Sysoev <http://sysoev.ru> parents: 382 diff changeset	2282 return NGX_ERROR;
0b6053502c55 nginx 0.7.7 Igor Sysoev <http://sysoev.ru> parents: 382 diff changeset	2283 }
0b6053502c55 nginx 0.7.7 Igor Sysoev <http://sysoev.ru> parents: 382 diff changeset	2284
0b6053502c55 nginx 0.7.7 Igor Sysoev <http://sysoev.ru> parents: 382 diff changeset	2285 if (cert.len == 0) {
0b6053502c55 nginx 0.7.7 Igor Sysoev <http://sysoev.ru> parents: 382 diff changeset	2286 s->len = 0;
0b6053502c55 nginx 0.7.7 Igor Sysoev <http://sysoev.ru> parents: 382 diff changeset	2287 return NGX_OK;
0b6053502c55 nginx 0.7.7 Igor Sysoev <http://sysoev.ru> parents: 382 diff changeset	2288 }
0b6053502c55 nginx 0.7.7 Igor Sysoev <http://sysoev.ru> parents: 382 diff changeset	2289
0b6053502c55 nginx 0.7.7 Igor Sysoev <http://sysoev.ru> parents: 382 diff changeset	2290 len = cert.len - 1;
0b6053502c55 nginx 0.7.7 Igor Sysoev <http://sysoev.ru> parents: 382 diff changeset	2291
0b6053502c55 nginx 0.7.7 Igor Sysoev <http://sysoev.ru> parents: 382 diff changeset	2292 for (i = 0; i < cert.len - 1; i++) {
0b6053502c55 nginx 0.7.7 Igor Sysoev <http://sysoev.ru> parents: 382 diff changeset	2293 if (cert.data[i] == LF) {
0b6053502c55 nginx 0.7.7 Igor Sysoev <http://sysoev.ru> parents: 382 diff changeset	2294 len++;
0b6053502c55 nginx 0.7.7 Igor Sysoev <http://sysoev.ru> parents: 382 diff changeset	2295 }
0b6053502c55 nginx 0.7.7 Igor Sysoev <http://sysoev.ru> parents: 382 diff changeset	2296 }
0b6053502c55 nginx 0.7.7 Igor Sysoev <http://sysoev.ru> parents: 382 diff changeset	2297
0b6053502c55 nginx 0.7.7 Igor Sysoev <http://sysoev.ru> parents: 382 diff changeset	2298 s->len = len;
0b6053502c55 nginx 0.7.7 Igor Sysoev <http://sysoev.ru> parents: 382 diff changeset	2299 s->data = ngx_pnalloc(pool, len);
0b6053502c55 nginx 0.7.7 Igor Sysoev <http://sysoev.ru> parents: 382 diff changeset	2300 if (s->data == NULL) {
0b6053502c55 nginx 0.7.7 Igor Sysoev <http://sysoev.ru> parents: 382 diff changeset	2301 return NGX_ERROR;
0b6053502c55 nginx 0.7.7 Igor Sysoev <http://sysoev.ru> parents: 382 diff changeset	2302 }
0b6053502c55 nginx 0.7.7 Igor Sysoev <http://sysoev.ru> parents: 382 diff changeset	2303
0b6053502c55 nginx 0.7.7 Igor Sysoev <http://sysoev.ru> parents: 382 diff changeset	2304 p = s->data;
0b6053502c55 nginx 0.7.7 Igor Sysoev <http://sysoev.ru> parents: 382 diff changeset	2305
510 24b676623d4f nginx 0.8.7 Igor Sysoev <http://sysoev.ru> parents: 496 diff changeset	2306 for (i = 0; i < cert.len - 1; i++) {
390 0b6053502c55 nginx 0.7.7 Igor Sysoev <http://sysoev.ru> parents: 382 diff changeset	2307 *p++ = cert.data[i];
0b6053502c55 nginx 0.7.7 Igor Sysoev <http://sysoev.ru> parents: 382 diff changeset	2308 if (cert.data[i] == LF) {
0b6053502c55 nginx 0.7.7 Igor Sysoev <http://sysoev.ru> parents: 382 diff changeset	2309 *p++ = '\t';
0b6053502c55 nginx 0.7.7 Igor Sysoev <http://sysoev.ru> parents: 382 diff changeset	2310 }
0b6053502c55 nginx 0.7.7 Igor Sysoev <http://sysoev.ru> parents: 382 diff changeset	2311 }
0b6053502c55 nginx 0.7.7 Igor Sysoev <http://sysoev.ru> parents: 382 diff changeset	2312
0b6053502c55 nginx 0.7.7 Igor Sysoev <http://sysoev.ru> parents: 382 diff changeset	2313 return NGX_OK;
0b6053502c55 nginx 0.7.7 Igor Sysoev <http://sysoev.ru> parents: 382 diff changeset	2314 }
0b6053502c55 nginx 0.7.7 Igor Sysoev <http://sysoev.ru> parents: 382 diff changeset	2315
0b6053502c55 nginx 0.7.7 Igor Sysoev <http://sysoev.ru> parents: 382 diff changeset	2316
0b6053502c55 nginx 0.7.7 Igor Sysoev <http://sysoev.ru> parents: 382 diff changeset	2317 ngx_int_t
196 8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	2318 ngx_ssl_get_subject_dn(ngx_connection_t c, ngx_pool_t pool, ngx_str_t *s)
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	2319 {
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	2320 char *p;
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	2321 size_t len;
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	2322 X509 *cert;
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	2323 X509_NAME *name;
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	2324
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	2325 s->len = 0;
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	2326
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	2327 cert = SSL_get_peer_certificate(c->ssl->connection);
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	2328 if (cert == NULL) {
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	2329 return NGX_OK;
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	2330 }
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	2331
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	2332 name = X509_get_subject_name(cert);
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	2333 if (name == NULL) {
372 6639b93e81b2 nginx 0.6.30 Igor Sysoev <http://sysoev.ru> parents: 370 diff changeset	2334 X509_free(cert);
196 8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	2335 return NGX_ERROR;
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	2336 }
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	2337
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	2338 p = X509_NAME_oneline(name, NULL, 0);
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	2339
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	2340 for (len = 0; p[len]; len++) { /* void */ }
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	2341
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	2342 s->len = len;
382 984bb0b1399b nginx 0.7.3 Igor Sysoev <http://sysoev.ru> parents: 380 diff changeset	2343 s->data = ngx_pnalloc(pool, len);
196 8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	2344 if (s->data == NULL) {
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	2345 OPENSSL_free(p);
372 6639b93e81b2 nginx 0.6.30 Igor Sysoev <http://sysoev.ru> parents: 370 diff changeset	2346 X509_free(cert);
196 8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	2347 return NGX_ERROR;
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	2348 }
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	2349
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	2350 ngx_memcpy(s->data, p, len);
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	2351
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	2352 OPENSSL_free(p);
372 6639b93e81b2 nginx 0.6.30 Igor Sysoev <http://sysoev.ru> parents: 370 diff changeset	2353 X509_free(cert);
196 8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	2354
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	2355 return NGX_OK;
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	2356 }
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	2357
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	2358
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	2359 ngx_int_t
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	2360 ngx_ssl_get_issuer_dn(ngx_connection_t c, ngx_pool_t pool, ngx_str_t *s)
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	2361 {
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	2362 char *p;
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	2363 size_t len;
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	2364 X509 *cert;
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	2365 X509_NAME *name;
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	2366
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	2367 s->len = 0;
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	2368
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	2369 cert = SSL_get_peer_certificate(c->ssl->connection);
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	2370 if (cert == NULL) {
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	2371 return NGX_OK;
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	2372 }
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	2373
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	2374 name = X509_get_issuer_name(cert);
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	2375 if (name == NULL) {
372 6639b93e81b2 nginx 0.6.30 Igor Sysoev <http://sysoev.ru> parents: 370 diff changeset	2376 X509_free(cert);
196 8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	2377 return NGX_ERROR;
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	2378 }
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	2379
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	2380 p = X509_NAME_oneline(name, NULL, 0);
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	2381
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	2382 for (len = 0; p[len]; len++) { /* void */ }
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	2383
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	2384 s->len = len;
382 984bb0b1399b nginx 0.7.3 Igor Sysoev <http://sysoev.ru> parents: 380 diff changeset	2385 s->data = ngx_pnalloc(pool, len);
196 8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	2386 if (s->data == NULL) {
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	2387 OPENSSL_free(p);
372 6639b93e81b2 nginx 0.6.30 Igor Sysoev <http://sysoev.ru> parents: 370 diff changeset	2388 X509_free(cert);
196 8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	2389 return NGX_ERROR;
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	2390 }
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	2391
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	2392 ngx_memcpy(s->data, p, len);
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	2393
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	2394 OPENSSL_free(p);
372 6639b93e81b2 nginx 0.6.30 Igor Sysoev <http://sysoev.ru> parents: 370 diff changeset	2395 X509_free(cert);
196 8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	2396
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	2397 return NGX_OK;
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	2398 }
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	2399
8759b346e431 nginx 0.3.45 Igor Sysoev <http://sysoev.ru> parents: 160 diff changeset	2400
220 559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	2401 ngx_int_t
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	2402 ngx_ssl_get_serial_number(ngx_connection_t c, ngx_pool_t pool, ngx_str_t *s)
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	2403 {
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	2404 size_t len;
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	2405 X509 *cert;
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	2406 BIO *bio;
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	2407
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	2408 s->len = 0;
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	2409
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	2410 cert = SSL_get_peer_certificate(c->ssl->connection);
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	2411 if (cert == NULL) {
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	2412 return NGX_OK;
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	2413 }
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	2414
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	2415 bio = BIO_new(BIO_s_mem());
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	2416 if (bio == NULL) {
372 6639b93e81b2 nginx 0.6.30 Igor Sysoev <http://sysoev.ru> parents: 370 diff changeset	2417 X509_free(cert);
220 559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	2418 return NGX_ERROR;
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	2419 }
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	2420
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	2421 i2a_ASN1_INTEGER(bio, X509_get_serialNumber(cert));
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	2422 len = BIO_pending(bio);
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	2423
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	2424 s->len = len;
382 984bb0b1399b nginx 0.7.3 Igor Sysoev <http://sysoev.ru> parents: 380 diff changeset	2425 s->data = ngx_pnalloc(pool, len);
220 559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	2426 if (s->data == NULL) {
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	2427 BIO_free(bio);
372 6639b93e81b2 nginx 0.6.30 Igor Sysoev <http://sysoev.ru> parents: 370 diff changeset	2428 X509_free(cert);
220 559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	2429 return NGX_ERROR;
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	2430 }
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	2431
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	2432 BIO_read(bio, s->data, len);
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	2433 BIO_free(bio);
372 6639b93e81b2 nginx 0.6.30 Igor Sysoev <http://sysoev.ru> parents: 370 diff changeset	2434 X509_free(cert);
220 559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	2435
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	2436 return NGX_OK;
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	2437 }
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	2438
559bc7ec214e nginx 0.3.57 Igor Sysoev <http://sysoev.ru> parents: 196 diff changeset	2439
510 24b676623d4f nginx 0.8.7 Igor Sysoev <http://sysoev.ru> parents: 496 diff changeset	2440 ngx_int_t
24b676623d4f nginx 0.8.7 Igor Sysoev <http://sysoev.ru> parents: 496 diff changeset	2441 ngx_ssl_get_client_verify(ngx_connection_t c, ngx_pool_t pool, ngx_str_t *s)
24b676623d4f nginx 0.8.7 Igor Sysoev <http://sysoev.ru> parents: 496 diff changeset	2442 {
24b676623d4f nginx 0.8.7 Igor Sysoev <http://sysoev.ru> parents: 496 diff changeset	2443 X509 *cert;
24b676623d4f nginx 0.8.7 Igor Sysoev <http://sysoev.ru> parents: 496 diff changeset	2444
24b676623d4f nginx 0.8.7 Igor Sysoev <http://sysoev.ru> parents: 496 diff changeset	2445 if (SSL_get_verify_result(c->ssl->connection) != X509_V_OK) {
570 8246d8a2c2be nginx 0.8.37 Igor Sysoev <http://sysoev.ru> parents: 566 diff changeset	2446 ngx_str_set(s, "FAILED");
510 24b676623d4f nginx 0.8.7 Igor Sysoev <http://sysoev.ru> parents: 496 diff changeset	2447 return NGX_OK;
24b676623d4f nginx 0.8.7 Igor Sysoev <http://sysoev.ru> parents: 496 diff changeset	2448 }
24b676623d4f nginx 0.8.7 Igor Sysoev <http://sysoev.ru> parents: 496 diff changeset	2449
24b676623d4f nginx 0.8.7 Igor Sysoev <http://sysoev.ru> parents: 496 diff changeset	2450 cert = SSL_get_peer_certificate(c->ssl->connection);
24b676623d4f nginx 0.8.7 Igor Sysoev <http://sysoev.ru> parents: 496 diff changeset	2451
24b676623d4f nginx 0.8.7 Igor Sysoev <http://sysoev.ru> parents: 496 diff changeset	2452 if (cert) {
570 8246d8a2c2be nginx 0.8.37 Igor Sysoev <http://sysoev.ru> parents: 566 diff changeset	2453 ngx_str_set(s, "SUCCESS");
510 24b676623d4f nginx 0.8.7 Igor Sysoev <http://sysoev.ru> parents: 496 diff changeset	2454
24b676623d4f nginx 0.8.7 Igor Sysoev <http://sysoev.ru> parents: 496 diff changeset	2455 } else {
570 8246d8a2c2be nginx 0.8.37 Igor Sysoev <http://sysoev.ru> parents: 566 diff changeset	2456 ngx_str_set(s, "NONE");
510 24b676623d4f nginx 0.8.7 Igor Sysoev <http://sysoev.ru> parents: 496 diff changeset	2457 }
24b676623d4f nginx 0.8.7 Igor Sysoev <http://sysoev.ru> parents: 496 diff changeset	2458
24b676623d4f nginx 0.8.7 Igor Sysoev <http://sysoev.ru> parents: 496 diff changeset	2459 X509_free(cert);
24b676623d4f nginx 0.8.7 Igor Sysoev <http://sysoev.ru> parents: 496 diff changeset	2460
24b676623d4f nginx 0.8.7 Igor Sysoev <http://sysoev.ru> parents: 496 diff changeset	2461 return NGX_OK;
24b676623d4f nginx 0.8.7 Igor Sysoev <http://sysoev.ru> parents: 496 diff changeset	2462 }
24b676623d4f nginx 0.8.7 Igor Sysoev <http://sysoev.ru> parents: 496 diff changeset	2463
24b676623d4f nginx 0.8.7 Igor Sysoev <http://sysoev.ru> parents: 496 diff changeset	2464
90 71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	2465 static void *
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	2466 ngx_openssl_create_conf(ngx_cycle_t *cycle)
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	2467 {
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	2468 ngx_openssl_conf_t *oscf;
126 df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	2469
90 71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	2470 oscf = ngx_pcalloc(cycle->pool, sizeof(ngx_openssl_conf_t));
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	2471 if (oscf == NULL) {
496 f39b9e29530d nginx 0.8.0 Igor Sysoev <http://sysoev.ru> parents: 484 diff changeset	2472 return NULL;
90 71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	2473 }
126 df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	2474
90 71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	2475 /*
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	2476 * set by ngx_pcalloc():
126 df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	2477 *
446 15a022ee809b nginx 0.7.35 Igor Sysoev <http://sysoev.ru> parents: 430 diff changeset	2478 * oscf->engine = 0;
126 df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	2479 */
90 71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	2480
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	2481 return oscf;
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	2482 }
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	2483
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	2484
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	2485 static char *
446 15a022ee809b nginx 0.7.35 Igor Sysoev <http://sysoev.ru> parents: 430 diff changeset	2486 ngx_openssl_engine(ngx_conf_t cf, ngx_command_t cmd, void *conf)
90 71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	2487 {
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	2488 ngx_openssl_conf_t *oscf = conf;
120 e85dca77c46a nginx 0.3.7 Igor Sysoev <http://sysoev.ru> parents: 112 diff changeset	2489
446 15a022ee809b nginx 0.7.35 Igor Sysoev <http://sysoev.ru> parents: 430 diff changeset	2490 ENGINE *engine;
15a022ee809b nginx 0.7.35 Igor Sysoev <http://sysoev.ru> parents: 430 diff changeset	2491 ngx_str_t *value;
15a022ee809b nginx 0.7.35 Igor Sysoev <http://sysoev.ru> parents: 430 diff changeset	2492
15a022ee809b nginx 0.7.35 Igor Sysoev <http://sysoev.ru> parents: 430 diff changeset	2493 if (oscf->engine) {
15a022ee809b nginx 0.7.35 Igor Sysoev <http://sysoev.ru> parents: 430 diff changeset	2494 return "is duplicate";
90 71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	2495 }
126 df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 120 diff changeset	2496
446 15a022ee809b nginx 0.7.35 Igor Sysoev <http://sysoev.ru> parents: 430 diff changeset	2497 oscf->engine = 1;
15a022ee809b nginx 0.7.35 Igor Sysoev <http://sysoev.ru> parents: 430 diff changeset	2498
15a022ee809b nginx 0.7.35 Igor Sysoev <http://sysoev.ru> parents: 430 diff changeset	2499 value = cf->args->elts;
15a022ee809b nginx 0.7.35 Igor Sysoev <http://sysoev.ru> parents: 430 diff changeset	2500
15a022ee809b nginx 0.7.35 Igor Sysoev <http://sysoev.ru> parents: 430 diff changeset	2501 engine = ENGINE_by_id((const char *) value[1].data);
90 71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	2502
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	2503 if (engine == NULL) {
446 15a022ee809b nginx 0.7.35 Igor Sysoev <http://sysoev.ru> parents: 430 diff changeset	2504 ngx_ssl_error(NGX_LOG_WARN, cf->log, 0,
15a022ee809b nginx 0.7.35 Igor Sysoev <http://sysoev.ru> parents: 430 diff changeset	2505 "ENGINE_by_id(\"%V\") failed", &value[1]);
90 71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	2506 return NGX_CONF_ERROR;
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	2507 }
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	2508
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	2509 if (ENGINE_set_default(engine, ENGINE_METHOD_ALL) == 0) {
446 15a022ee809b nginx 0.7.35 Igor Sysoev <http://sysoev.ru> parents: 430 diff changeset	2510 ngx_ssl_error(NGX_LOG_WARN, cf->log, 0,
90 71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	2511 "ENGINE_set_default(\"%V\", ENGINE_METHOD_ALL) failed",
446 15a022ee809b nginx 0.7.35 Igor Sysoev <http://sysoev.ru> parents: 430 diff changeset	2512 &value[1]);
15a022ee809b nginx 0.7.35 Igor Sysoev <http://sysoev.ru> parents: 430 diff changeset	2513
15a022ee809b nginx 0.7.35 Igor Sysoev <http://sysoev.ru> parents: 430 diff changeset	2514 ENGINE_free(engine);
15a022ee809b nginx 0.7.35 Igor Sysoev <http://sysoev.ru> parents: 430 diff changeset	2515
90 71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	2516 return NGX_CONF_ERROR;
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	2517 }
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	2518
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	2519 ENGINE_free(engine);
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	2520
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	2521 return NGX_CONF_OK;
446 15a022ee809b nginx 0.7.35 Igor Sysoev <http://sysoev.ru> parents: 430 diff changeset	2522 }
120 e85dca77c46a nginx 0.3.7 Igor Sysoev <http://sysoev.ru> parents: 112 diff changeset	2523
e85dca77c46a nginx 0.3.7 Igor Sysoev <http://sysoev.ru> parents: 112 diff changeset	2524
e85dca77c46a nginx 0.3.7 Igor Sysoev <http://sysoev.ru> parents: 112 diff changeset	2525 static void
e85dca77c46a nginx 0.3.7 Igor Sysoev <http://sysoev.ru> parents: 112 diff changeset	2526 ngx_openssl_exit(ngx_cycle_t *cycle)
e85dca77c46a nginx 0.3.7 Igor Sysoev <http://sysoev.ru> parents: 112 diff changeset	2527 {
564 da3c99095432 nginx 0.8.34 Igor Sysoev <http://sysoev.ru> parents: 552 diff changeset	2528 EVP_cleanup();
120 e85dca77c46a nginx 0.3.7 Igor Sysoev <http://sysoev.ru> parents: 112 diff changeset	2529 ENGINE_cleanup();
e85dca77c46a nginx 0.3.7 Igor Sysoev <http://sysoev.ru> parents: 112 diff changeset	2530 }

Mercurial > hg > nginx-vendor-current

annotate src/event/ngx_event_openssl.c @ 688:f31b19fe7f48 NGINX_1_3_7