Mercurial > hg > nginx-vendor-current
comparison src/http/modules/ngx_http_ssl_module.c @ 112:408f195b3482 NGINX_0_3_3
nginx 0.3.3
*) Change: the "bl" and "af" parameters of the "listen" directive was
renamed to the "backlog" and "accept_filter".
*) Feature: the "rcvbuf" and "sndbuf" parameters of the "listen"
directive.
*) Change: the "$msec" log parameter does not require now the
additional the gettimeofday() system call.
*) Feature: the -t switch now tests the "listen" directives.
*) Bugfix: if the invalid address was specified in the "listen"
directive, then after the -HUP signal nginx left an open socket in
the CLOSED state.
*) Bugfix: the mime type may be incorrectly set to default value for
index file with variable in the name; bug appeared in 0.3.0.
*) Feature: the "timer_resolution" directive.
*) Feature: the millisecond "$upstream_response_time" log parameter.
*) Bugfix: a temporary file with client request body now is removed
just after the response header was transferred to a client.
*) Bugfix: OpenSSL 0.9.6 compatibility.
*) Bugfix: the SSL certificate and key file paths could not be relative.
*) Bugfix: the "ssl_prefer_server_ciphers" directive did not work in
the ngx_imap_ssl_module.
*) Bugfix: the "ssl_protocols" directive allowed to specify the single
protocol only.
author | Igor Sysoev <http://sysoev.ru> |
---|---|
date | Wed, 19 Oct 2005 00:00:00 +0400 |
parents | ca4f70b3ccc6 |
children | d25a1d6034f1 |
comparison
equal
deleted
inserted
replaced
111:a175b609c76d | 112:408f195b3482 |
---|---|
14 | 14 |
15 | 15 |
16 static void *ngx_http_ssl_create_srv_conf(ngx_conf_t *cf); | 16 static void *ngx_http_ssl_create_srv_conf(ngx_conf_t *cf); |
17 static char *ngx_http_ssl_merge_srv_conf(ngx_conf_t *cf, | 17 static char *ngx_http_ssl_merge_srv_conf(ngx_conf_t *cf, |
18 void *parent, void *child); | 18 void *parent, void *child); |
19 | |
20 #if !defined (SSL_OP_CIPHER_SERVER_PREFERENCE) | |
21 | |
22 static char *ngx_http_ssl_nosupported(ngx_conf_t *cf, ngx_command_t *cmd, | |
23 void *conf); | |
24 | |
25 static char ngx_http_ssl_openssl097[] = "OpenSSL 0.9.7 and higher"; | |
26 | |
27 #endif | |
19 | 28 |
20 | 29 |
21 static ngx_conf_bitmask_t ngx_http_ssl_protocols[] = { | 30 static ngx_conf_bitmask_t ngx_http_ssl_protocols[] = { |
22 { ngx_string("SSLv2"), NGX_SSL_SSLv2 }, | 31 { ngx_string("SSLv2"), NGX_SSL_SSLv2 }, |
23 { ngx_string("SSLv3"), NGX_SSL_SSLv3 }, | 32 { ngx_string("SSLv3"), NGX_SSL_SSLv3 }, |
24 { ngx_string("TLSv1"), NGX_SSL_TLSv1 }, | 33 { ngx_string("TLSv1"), NGX_SSL_TLSv1 }, |
25 { ngx_null_string, 0 } | 34 { ngx_null_string, 0 } |
26 }; | 35 }; |
27 | 36 |
28 | 37 |
38 | |
29 static ngx_command_t ngx_http_ssl_commands[] = { | 39 static ngx_command_t ngx_http_ssl_commands[] = { |
30 | 40 |
31 { ngx_string("ssl"), | 41 { ngx_string("ssl"), |
32 NGX_HTTP_SRV_CONF|NGX_CONF_FLAG, | 42 NGX_HTTP_SRV_CONF|NGX_CONF_FLAG, |
33 ngx_conf_set_flag_slot, | 43 ngx_conf_set_flag_slot, |
48 NGX_HTTP_SRV_CONF_OFFSET, | 58 NGX_HTTP_SRV_CONF_OFFSET, |
49 offsetof(ngx_http_ssl_srv_conf_t, certificate_key), | 59 offsetof(ngx_http_ssl_srv_conf_t, certificate_key), |
50 NULL }, | 60 NULL }, |
51 | 61 |
52 { ngx_string("ssl_protocols"), | 62 { ngx_string("ssl_protocols"), |
53 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_TAKE1, | 63 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_1MORE, |
54 ngx_conf_set_bitmask_slot, | 64 ngx_conf_set_bitmask_slot, |
55 NGX_HTTP_SRV_CONF_OFFSET, | 65 NGX_HTTP_SRV_CONF_OFFSET, |
56 offsetof(ngx_http_ssl_srv_conf_t, protocols), | 66 offsetof(ngx_http_ssl_srv_conf_t, protocols), |
57 &ngx_http_ssl_protocols }, | 67 &ngx_http_ssl_protocols }, |
58 | 68 |
59 { ngx_string("ssl_ciphers"), | 69 { ngx_string("ssl_ciphers"), |
60 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_1MORE, | 70 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_TAKE1, |
61 ngx_conf_set_str_slot, | 71 ngx_conf_set_str_slot, |
62 NGX_HTTP_SRV_CONF_OFFSET, | 72 NGX_HTTP_SRV_CONF_OFFSET, |
63 offsetof(ngx_http_ssl_srv_conf_t, ciphers), | 73 offsetof(ngx_http_ssl_srv_conf_t, ciphers), |
64 NULL }, | 74 NULL }, |
65 | 75 |
66 { ngx_string("ssl_prefer_server_ciphers"), | 76 { ngx_string("ssl_prefer_server_ciphers"), |
67 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_FLAG, | 77 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_FLAG, |
78 #ifdef SSL_OP_CIPHER_SERVER_PREFERENCE | |
68 ngx_conf_set_flag_slot, | 79 ngx_conf_set_flag_slot, |
69 NGX_HTTP_SRV_CONF_OFFSET, | 80 NGX_HTTP_SRV_CONF_OFFSET, |
70 offsetof(ngx_http_ssl_srv_conf_t, prefer_server_ciphers), | 81 offsetof(ngx_http_ssl_srv_conf_t, prefer_server_ciphers), |
71 NULL }, | 82 NULL }, |
83 #else | |
84 ngx_http_ssl_nosupported, 0, 0, ngx_http_ssl_openssl097 }, | |
85 #endif | |
72 | 86 |
73 ngx_null_command | 87 ngx_null_command |
74 }; | 88 }; |
75 | 89 |
76 | 90 |
142 ngx_http_ssl_merge_srv_conf(ngx_conf_t *cf, void *parent, void *child) | 156 ngx_http_ssl_merge_srv_conf(ngx_conf_t *cf, void *parent, void *child) |
143 { | 157 { |
144 ngx_http_ssl_srv_conf_t *prev = parent; | 158 ngx_http_ssl_srv_conf_t *prev = parent; |
145 ngx_http_ssl_srv_conf_t *conf = child; | 159 ngx_http_ssl_srv_conf_t *conf = child; |
146 | 160 |
161 ngx_pool_cleanup_t *cln; | |
162 | |
147 ngx_conf_merge_value(conf->enable, prev->enable, 0); | 163 ngx_conf_merge_value(conf->enable, prev->enable, 0); |
148 | 164 |
149 if (conf->enable == 0) { | 165 if (conf->enable == 0) { |
150 return NGX_CONF_OK; | 166 return NGX_CONF_OK; |
151 } | 167 } |
170 | 186 |
171 if (ngx_ssl_create(&conf->ssl, conf->protocols) != NGX_OK) { | 187 if (ngx_ssl_create(&conf->ssl, conf->protocols) != NGX_OK) { |
172 return NGX_CONF_ERROR; | 188 return NGX_CONF_ERROR; |
173 } | 189 } |
174 | 190 |
175 if (ngx_pool_cleanup_add(cf->pool, ngx_ssl_cleanup_ctx, &conf->ssl) == NULL) | 191 cln = ngx_pool_cleanup_add(cf->pool, 0); |
192 if (cln == NULL) { | |
193 return NGX_CONF_ERROR; | |
194 } | |
195 | |
196 cln->handler = ngx_ssl_cleanup_ctx; | |
197 cln->data = &conf->ssl; | |
198 | |
199 if (ngx_ssl_certificate(cf, &conf->ssl, &conf->certificate, | |
200 &conf->certificate_key) != NGX_OK) | |
176 { | 201 { |
177 return NGX_CONF_ERROR; | 202 return NGX_CONF_ERROR; |
178 } | 203 } |
179 | 204 |
180 if (ngx_ssl_certificate(&conf->ssl, conf->certificate.data, | |
181 conf->certificate_key.data) != NGX_OK) | |
182 { | |
183 return NGX_CONF_ERROR; | |
184 } | |
185 | |
186 if (SSL_CTX_set_cipher_list(conf->ssl.ctx, | 205 if (SSL_CTX_set_cipher_list(conf->ssl.ctx, |
187 (const char *) conf->ciphers.data) == 0) | 206 (const char *) conf->ciphers.data) |
207 == 0) | |
188 { | 208 { |
189 ngx_ssl_error(NGX_LOG_EMERG, cf->log, 0, | 209 ngx_ssl_error(NGX_LOG_EMERG, cf->log, 0, |
190 "SSL_CTX_set_cipher_list(\"%V\") failed", | 210 "SSL_CTX_set_cipher_list(\"%V\") failed", |
191 &conf->ciphers); | 211 &conf->ciphers); |
192 } | 212 } |
193 | 213 |
214 #ifdef SSL_OP_CIPHER_SERVER_PREFERENCE | |
215 | |
194 if (conf->prefer_server_ciphers) { | 216 if (conf->prefer_server_ciphers) { |
195 SSL_CTX_set_options(conf->ssl.ctx, SSL_OP_CIPHER_SERVER_PREFERENCE); | 217 SSL_CTX_set_options(conf->ssl.ctx, SSL_OP_CIPHER_SERVER_PREFERENCE); |
196 } | 218 } |
197 | 219 |
220 #endif | |
221 | |
198 /* a temporary 512-bit RSA key is required for export versions of MSIE */ | 222 /* a temporary 512-bit RSA key is required for export versions of MSIE */ |
199 if (ngx_ssl_generate_rsa512_key(&conf->ssl) != NGX_OK) { | 223 if (ngx_ssl_generate_rsa512_key(&conf->ssl) != NGX_OK) { |
200 return NGX_CONF_ERROR; | 224 return NGX_CONF_ERROR; |
201 } | 225 } |
202 | 226 |
205 SSL_CTX_set_session_id_context(conf->ssl.ctx, ngx_http_session_id_ctx, | 229 SSL_CTX_set_session_id_context(conf->ssl.ctx, ngx_http_session_id_ctx, |
206 sizeof(ngx_http_session_id_ctx) - 1); | 230 sizeof(ngx_http_session_id_ctx) - 1); |
207 | 231 |
208 return NGX_CONF_OK; | 232 return NGX_CONF_OK; |
209 } | 233 } |
234 | |
235 | |
236 #if !defined (SSL_OP_CIPHER_SERVER_PREFERENCE) | |
237 | |
238 static char * | |
239 ngx_http_ssl_nosupported(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) | |
240 { | |
241 ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, | |
242 "\"%V\" directive is available only in %s,", | |
243 &cmd->name, cmd->post); | |
244 | |
245 return NGX_CONF_ERROR; | |
246 } | |
247 | |
248 #endif |