Mercurial > hg > nginx-vendor-current
comparison src/http/modules/ngx_http_ssl_module.c @ 690:b5b7eea22fda NGINX_1_3_8
nginx 1.3.8
*) Feature: the "optional_no_ca" parameter of the "ssl_verify_client"
directive.
Thanks to Mike Kazantsev and Eric O'Connor.
*) Feature: the $bytes_sent, $connection, and $connection_requests
variables can now be used not only in the "log_format" directive.
Thanks to Benjamin Grössing.
*) Feature: the "auto" parameter of the "worker_processes" directive.
*) Bugfix: "cache file ... has md5 collision" alert.
*) Bugfix: in the ngx_http_gunzip_filter_module.
*) Bugfix: in the "ssl_stapling" directive.
author | Igor Sysoev <http://sysoev.ru> |
---|---|
date | Tue, 30 Oct 2012 00:00:00 +0400 |
parents | f31b19fe7f48 |
children |
comparison
equal
deleted
inserted
replaced
689:4d942f0d1703 | 690:b5b7eea22fda |
---|---|
48 | 48 |
49 static ngx_conf_enum_t ngx_http_ssl_verify[] = { | 49 static ngx_conf_enum_t ngx_http_ssl_verify[] = { |
50 { ngx_string("off"), 0 }, | 50 { ngx_string("off"), 0 }, |
51 { ngx_string("on"), 1 }, | 51 { ngx_string("on"), 1 }, |
52 { ngx_string("optional"), 2 }, | 52 { ngx_string("optional"), 2 }, |
53 { ngx_string("optional_no_ca"), 3 }, | |
53 { ngx_null_string, 0 } | 54 { ngx_null_string, 0 } |
54 }; | 55 }; |
55 | 56 |
56 | 57 |
57 static ngx_command_t ngx_http_ssl_commands[] = { | 58 static ngx_command_t ngx_http_ssl_commands[] = { |
513 &conf->ciphers); | 514 &conf->ciphers); |
514 } | 515 } |
515 | 516 |
516 if (conf->verify) { | 517 if (conf->verify) { |
517 | 518 |
518 if (conf->client_certificate.len == 0) { | 519 if (conf->client_certificate.len == 0 && conf->verify != 3) { |
519 ngx_log_error(NGX_LOG_EMERG, cf->log, 0, | 520 ngx_log_error(NGX_LOG_EMERG, cf->log, 0, |
520 "no ssl_client_certificate for ssl_client_verify"); | 521 "no ssl_client_certificate for ssl_client_verify"); |
521 return NGX_CONF_ERROR; | 522 return NGX_CONF_ERROR; |
522 } | 523 } |
523 | 524 |
734 | 735 |
735 for (s = 0; s < cmcf->servers.nelts; s++) { | 736 for (s = 0; s < cmcf->servers.nelts; s++) { |
736 | 737 |
737 sscf = cscfp[s]->ctx->srv_conf[ngx_http_ssl_module.ctx_index]; | 738 sscf = cscfp[s]->ctx->srv_conf[ngx_http_ssl_module.ctx_index]; |
738 | 739 |
739 if (!sscf->stapling) { | 740 if (sscf->ssl.ctx == NULL || !sscf->stapling) { |
740 continue; | 741 continue; |
741 } | 742 } |
742 | 743 |
743 clcf = cscfp[s]->ctx->loc_conf[ngx_http_core_module.ctx_index]; | 744 clcf = cscfp[s]->ctx->loc_conf[ngx_http_core_module.ctx_index]; |
744 | 745 |