Mercurial > hg > nginx-vendor-current
comparison src/event/ngx_event_openssl.c @ 632:5b73504dd4ba NGINX_1_1_0
nginx 1.1.0
*) Feature: cache loader run time decrease.
*) Feature: "loader_files", "loader_sleep", and "loader_threshold"
options of the "proxy/fastcgi/scgi/uwsgi_cache_path" directives.
*) Feature: loading time decrease of configuration with large number of
HTTPS sites.
*) Feature: now nginx supports ECDHE key exchange ciphers.
Thanks to Adrian Kotelba.
*) Feature: the "lingering_close" directive.
Thanks to Maxim Dounin.
*) Bugfix: in closing connection for pipelined requests.
Thanks to Maxim Dounin.
*) Bugfix: nginx did not disable gzipping if client sent "gzip;q=0" in
"Accept-Encoding" request header line.
*) Bugfix: in timeout in unbuffered proxied mode.
Thanks to Maxim Dounin.
*) Bugfix: memory leaks when a "proxy_pass" directive contains
variables and proxies to an HTTPS backend.
Thanks to Maxim Dounin.
*) Bugfix: in parameter validaiton of a "proxy_pass" directive with
variables.
Thanks to Lanshun Zhou.
*) Bugfix: SSL did not work on QNX.
Thanks to Maxim Dounin.
*) Bugfix: SSL modules could not be built by gcc 4.6 without
--with-debug option.
author | Igor Sysoev <http://sysoev.ru> |
---|---|
date | Mon, 01 Aug 2011 00:00:00 +0400 |
parents | ce857f6b74a7 |
children | 23ef0645ea57 |
comparison
equal
deleted
inserted
replaced
631:9b978fa3cd33 | 632:5b73504dd4ba |
---|---|
369 } | 369 } |
370 } | 370 } |
371 } | 371 } |
372 | 372 |
373 | 373 |
374 ngx_int_t | 374 RSA * |
375 ngx_ssl_generate_rsa512_key(ngx_ssl_t *ssl) | 375 ngx_ssl_rsa512_key_callback(SSL *ssl, int is_export, int key_length) |
376 { | 376 { |
377 RSA *key; | 377 static RSA *key; |
378 | 378 |
379 if (SSL_CTX_need_tmp_RSA(ssl->ctx) == 0) { | 379 if (key_length == 512) { |
380 return NGX_OK; | 380 if (key == NULL) { |
381 } | 381 key = RSA_generate_key(512, RSA_F4, NULL, NULL); |
382 | 382 } |
383 key = RSA_generate_key(512, RSA_F4, NULL, NULL); | 383 } |
384 | 384 |
385 if (key) { | 385 return key; |
386 SSL_CTX_set_tmp_rsa(ssl->ctx, key); | |
387 | |
388 RSA_free(key); | |
389 | |
390 return NGX_OK; | |
391 } | |
392 | |
393 ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0, "RSA_generate_key(512) failed"); | |
394 | |
395 return NGX_ERROR; | |
396 } | 386 } |
397 | 387 |
398 | 388 |
399 ngx_int_t | 389 ngx_int_t |
400 ngx_ssl_dhparam(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *file) | 390 ngx_ssl_dhparam(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *file) |
476 BIO_free(bio); | 466 BIO_free(bio); |
477 | 467 |
478 return NGX_OK; | 468 return NGX_OK; |
479 } | 469 } |
480 | 470 |
471 ngx_int_t | |
472 ngx_ssl_ecdh_curve(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *name) | |
473 { | |
474 #if OPENSSL_VERSION_NUMBER >= 0x0090800fL | |
475 #ifndef OPENSSL_NO_ECDH | |
476 int nid; | |
477 EC_KEY *ecdh; | |
478 | |
479 /* | |
480 * Elliptic-Curve Diffie-Hellman parameters are either "named curves" | |
481 * from RFC 4492 section 5.1.1, or explicitely described curves over | |
482 * binary fields. OpenSSL only supports the "named curves", which provide | |
483 * maximum interoperability. | |
484 */ | |
485 | |
486 nid = OBJ_sn2nid((const char *) name->data); | |
487 if (nid == 0) { | |
488 ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0, | |
489 "Unknown curve name \"%s\"", name->data); | |
490 return NGX_ERROR; | |
491 } | |
492 | |
493 ecdh = EC_KEY_new_by_curve_name(nid); | |
494 if (ecdh == NULL) { | |
495 ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0, | |
496 "Unable to create curve \"%s\"", name->data); | |
497 return NGX_ERROR; | |
498 } | |
499 | |
500 SSL_CTX_set_tmp_ecdh(ssl->ctx, ecdh); | |
501 | |
502 SSL_CTX_set_options(ssl->ctx, SSL_OP_SINGLE_ECDH_USE); | |
503 | |
504 EC_KEY_free(ecdh); | |
505 #endif | |
506 #endif | |
507 | |
508 return NGX_OK; | |
509 } | |
481 | 510 |
482 ngx_int_t | 511 ngx_int_t |
483 ngx_ssl_create_connection(ngx_ssl_t *ssl, ngx_connection_t *c, ngx_uint_t flags) | 512 ngx_ssl_create_connection(ngx_ssl_t *ssl, ngx_connection_t *c, ngx_uint_t flags) |
484 { | 513 { |
485 ngx_ssl_connection_t *sc; | 514 ngx_ssl_connection_t *sc; |
955 | 984 |
956 return in; | 985 return in; |
957 } | 986 } |
958 | 987 |
959 | 988 |
960 /* the maximum limit size is the maximum uint32_t value - the page size */ | 989 /* the maximum limit size is the maximum int32_t value - the page size */ |
961 | 990 |
962 if (limit == 0 || limit > (off_t) (NGX_MAX_UINT32_VALUE - ngx_pagesize)) { | 991 if (limit == 0 || limit > (off_t) (NGX_MAX_INT32_VALUE - ngx_pagesize)) { |
963 limit = NGX_MAX_UINT32_VALUE - ngx_pagesize; | 992 limit = NGX_MAX_INT32_VALUE - ngx_pagesize; |
964 } | 993 } |
965 | 994 |
966 buf = c->ssl->buf; | 995 buf = c->ssl->buf; |
967 | 996 |
968 if (buf == NULL) { | 997 if (buf == NULL) { |
1685 u_char *p; | 1714 u_char *p; |
1686 uint32_t hash; | 1715 uint32_t hash; |
1687 ngx_int_t rc; | 1716 ngx_int_t rc; |
1688 ngx_shm_zone_t *shm_zone; | 1717 ngx_shm_zone_t *shm_zone; |
1689 ngx_slab_pool_t *shpool; | 1718 ngx_slab_pool_t *shpool; |
1690 ngx_connection_t *c; | |
1691 ngx_rbtree_node_t *node, *sentinel; | 1719 ngx_rbtree_node_t *node, *sentinel; |
1692 ngx_ssl_session_t *sess; | 1720 ngx_ssl_session_t *sess; |
1693 ngx_ssl_sess_id_t *sess_id; | 1721 ngx_ssl_sess_id_t *sess_id; |
1694 ngx_ssl_session_cache_t *cache; | 1722 ngx_ssl_session_cache_t *cache; |
1695 u_char buf[NGX_SSL_MAX_SESSION_SIZE]; | 1723 u_char buf[NGX_SSL_MAX_SESSION_SIZE]; |
1696 | 1724 #if (NGX_DEBUG) |
1697 c = ngx_ssl_get_connection(ssl_conn); | 1725 ngx_connection_t *c; |
1726 #endif | |
1698 | 1727 |
1699 hash = ngx_crc32_short(id, (size_t) len); | 1728 hash = ngx_crc32_short(id, (size_t) len); |
1700 *copy = 0; | 1729 *copy = 0; |
1701 | 1730 |
1731 #if (NGX_DEBUG) | |
1732 c = ngx_ssl_get_connection(ssl_conn); | |
1733 | |
1702 ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0, | 1734 ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0, |
1703 "ssl get session: %08XD:%d", hash, len); | 1735 "ssl get session: %08XD:%d", hash, len); |
1736 #endif | |
1704 | 1737 |
1705 shm_zone = SSL_CTX_get_ex_data(SSL_get_SSL_CTX(ssl_conn), | 1738 shm_zone = SSL_CTX_get_ex_data(SSL_get_SSL_CTX(ssl_conn), |
1706 ngx_ssl_session_cache_index); | 1739 ngx_ssl_session_cache_index); |
1707 | 1740 |
1708 cache = shm_zone->data; | 1741 cache = shm_zone->data; |