Mercurial > hg > nginx
annotate src/http/modules/ngx_http_ssl_module.c @ 5152:2ff51c32791f stable-1.2
Merge of r5078: removed zero termination of shm zone names.
It was added in r2717 and no longer needed since r2721,
where the termination was added to ngx_shm_alloc() and
ngx_init_zone_pool(). Since then it only corrupted error
messages about invalid zones.
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Fri, 29 Mar 2013 17:15:34 +0000 |
parents | c3b276283e4a |
children |
rev | line source |
---|---|
441
da8c5707af39
nginx-0.1.0-2004-09-28-12:34:51 import; set copyright and remove unused files
Igor Sysoev <igor@sysoev.ru>
parents:
396
diff
changeset
|
1 |
da8c5707af39
nginx-0.1.0-2004-09-28-12:34:51 import; set copyright and remove unused files
Igor Sysoev <igor@sysoev.ru>
parents:
396
diff
changeset
|
2 /* |
444
42d11f017717
nginx-0.1.0-2004-09-29-20:00:49 import; remove years from copyright
Igor Sysoev <igor@sysoev.ru>
parents:
441
diff
changeset
|
3 * Copyright (C) Igor Sysoev |
4412 | 4 * Copyright (C) Nginx, Inc. |
441
da8c5707af39
nginx-0.1.0-2004-09-28-12:34:51 import; set copyright and remove unused files
Igor Sysoev <igor@sysoev.ru>
parents:
396
diff
changeset
|
5 */ |
da8c5707af39
nginx-0.1.0-2004-09-28-12:34:51 import; set copyright and remove unused files
Igor Sysoev <igor@sysoev.ru>
parents:
396
diff
changeset
|
6 |
383
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
7 |
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
8 #include <ngx_config.h> |
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
9 #include <ngx_core.h> |
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
10 #include <ngx_http.h> |
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
11 |
573 | 12 |
671 | 13 typedef ngx_int_t (*ngx_ssl_variable_handler_pt)(ngx_connection_t *c, |
14 ngx_pool_t *pool, ngx_str_t *s); | |
611 | 15 |
16 | |
3960 | 17 #define NGX_DEFAULT_CIPHERS "HIGH:!aNULL:!MD5" |
18 #define NGX_DEFAULT_ECDH_CURVE "prime256v1" | |
383
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
19 |
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
20 |
671 | 21 static ngx_int_t ngx_http_ssl_static_variable(ngx_http_request_t *r, |
611 | 22 ngx_http_variable_value_t *v, uintptr_t data); |
671 | 23 static ngx_int_t ngx_http_ssl_variable(ngx_http_request_t *r, |
647 | 24 ngx_http_variable_value_t *v, uintptr_t data); |
611 | 25 |
26 static ngx_int_t ngx_http_ssl_add_variables(ngx_conf_t *cf); | |
383
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
27 static void *ngx_http_ssl_create_srv_conf(ngx_conf_t *cf); |
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
28 static char *ngx_http_ssl_merge_srv_conf(ngx_conf_t *cf, |
501 | 29 void *parent, void *child); |
383
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
30 |
2224 | 31 static char *ngx_http_ssl_enable(ngx_conf_t *cf, ngx_command_t *cmd, |
32 void *conf); | |
973 | 33 static char *ngx_http_ssl_session_cache(ngx_conf_t *cf, ngx_command_t *cmd, |
34 void *conf); | |
35 | |
383
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
36 |
547 | 37 static ngx_conf_bitmask_t ngx_http_ssl_protocols[] = { |
38 { ngx_string("SSLv2"), NGX_SSL_SSLv2 }, | |
39 { ngx_string("SSLv3"), NGX_SSL_SSLv3 }, | |
40 { ngx_string("TLSv1"), NGX_SSL_TLSv1 }, | |
4400
a0505851e70c
Added support for TLSv1.1, TLSv1.2 in ssl_protocols directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4273
diff
changeset
|
41 { ngx_string("TLSv1.1"), NGX_SSL_TLSv1_1 }, |
a0505851e70c
Added support for TLSv1.1, TLSv1.2 in ssl_protocols directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4273
diff
changeset
|
42 { ngx_string("TLSv1.2"), NGX_SSL_TLSv1_2 }, |
547 | 43 { ngx_null_string, 0 } |
44 }; | |
45 | |
46 | |
2123 | 47 static ngx_conf_enum_t ngx_http_ssl_verify[] = { |
48 { ngx_string("off"), 0 }, | |
49 { ngx_string("on"), 1 }, | |
2994 | 50 { ngx_string("optional"), 2 }, |
4904
c3b276283e4a
Merge of r4885: ssl_verify_client optional_no_ca.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4412
diff
changeset
|
51 { ngx_string("optional_no_ca"), 3 }, |
2123 | 52 { ngx_null_string, 0 } |
53 }; | |
54 | |
55 | |
395
f8f0f1834266
nginx-0.0.7-2004-07-16-21:11:43 import
Igor Sysoev <igor@sysoev.ru>
parents:
394
diff
changeset
|
56 static ngx_command_t ngx_http_ssl_commands[] = { |
383
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
57 |
393
5659d773cfa8
nginx-0.0.7-2004-07-15-20:35:51 import
Igor Sysoev <igor@sysoev.ru>
parents:
392
diff
changeset
|
58 { ngx_string("ssl"), |
599 | 59 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_FLAG, |
2224 | 60 ngx_http_ssl_enable, |
383
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
61 NGX_HTTP_SRV_CONF_OFFSET, |
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
62 offsetof(ngx_http_ssl_srv_conf_t, enable), |
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
63 NULL }, |
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
64 |
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
65 { ngx_string("ssl_certificate"), |
599 | 66 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_TAKE1, |
383
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
67 ngx_conf_set_str_slot, |
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
68 NGX_HTTP_SRV_CONF_OFFSET, |
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
69 offsetof(ngx_http_ssl_srv_conf_t, certificate), |
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
70 NULL }, |
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
71 |
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
72 { ngx_string("ssl_certificate_key"), |
599 | 73 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_TAKE1, |
383
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
74 ngx_conf_set_str_slot, |
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
75 NGX_HTTP_SRV_CONF_OFFSET, |
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
76 offsetof(ngx_http_ssl_srv_conf_t, certificate_key), |
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
77 NULL }, |
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
78 |
2044 | 79 { ngx_string("ssl_dhparam"), |
80 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_TAKE1, | |
81 ngx_conf_set_str_slot, | |
82 NGX_HTTP_SRV_CONF_OFFSET, | |
83 offsetof(ngx_http_ssl_srv_conf_t, dhparam), | |
84 NULL }, | |
85 | |
3960 | 86 { ngx_string("ssl_ecdh_curve"), |
87 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_TAKE1, | |
88 ngx_conf_set_str_slot, | |
89 NGX_HTTP_SRV_CONF_OFFSET, | |
90 offsetof(ngx_http_ssl_srv_conf_t, ecdh_curve), | |
91 NULL }, | |
92 | |
547 | 93 { ngx_string("ssl_protocols"), |
563 | 94 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_1MORE, |
547 | 95 ngx_conf_set_bitmask_slot, |
96 NGX_HTTP_SRV_CONF_OFFSET, | |
97 offsetof(ngx_http_ssl_srv_conf_t, protocols), | |
98 &ngx_http_ssl_protocols }, | |
99 | |
479 | 100 { ngx_string("ssl_ciphers"), |
563 | 101 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_TAKE1, |
479 | 102 ngx_conf_set_str_slot, |
103 NGX_HTTP_SRV_CONF_OFFSET, | |
104 offsetof(ngx_http_ssl_srv_conf_t, ciphers), | |
105 NULL }, | |
106 | |
647 | 107 { ngx_string("ssl_verify_client"), |
4273
e444e8f6538b
Fixed NGX_CONF_TAKE1/NGX_CONF_FLAG misuse.
Sergey Budnevitch <sb@waeme.net>
parents:
4234
diff
changeset
|
108 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_TAKE1, |
2123 | 109 ngx_conf_set_enum_slot, |
647 | 110 NGX_HTTP_SRV_CONF_OFFSET, |
111 offsetof(ngx_http_ssl_srv_conf_t, verify), | |
2123 | 112 &ngx_http_ssl_verify }, |
647 | 113 |
114 { ngx_string("ssl_verify_depth"), | |
115 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_1MORE, | |
116 ngx_conf_set_num_slot, | |
117 NGX_HTTP_SRV_CONF_OFFSET, | |
118 offsetof(ngx_http_ssl_srv_conf_t, verify_depth), | |
119 NULL }, | |
120 | |
121 { ngx_string("ssl_client_certificate"), | |
122 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_TAKE1, | |
123 ngx_conf_set_str_slot, | |
124 NGX_HTTP_SRV_CONF_OFFSET, | |
125 offsetof(ngx_http_ssl_srv_conf_t, client_certificate), | |
126 NULL }, | |
127 | |
547 | 128 { ngx_string("ssl_prefer_server_ciphers"), |
129 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_FLAG, | |
130 ngx_conf_set_flag_slot, | |
131 NGX_HTTP_SRV_CONF_OFFSET, | |
132 offsetof(ngx_http_ssl_srv_conf_t, prefer_server_ciphers), | |
133 NULL }, | |
134 | |
973 | 135 { ngx_string("ssl_session_cache"), |
136 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_TAKE12, | |
137 ngx_http_ssl_session_cache, | |
138 NGX_HTTP_SRV_CONF_OFFSET, | |
139 0, | |
140 NULL }, | |
141 | |
573 | 142 { ngx_string("ssl_session_timeout"), |
143 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_TAKE1, | |
144 ngx_conf_set_sec_slot, | |
145 NGX_HTTP_SRV_CONF_OFFSET, | |
146 offsetof(ngx_http_ssl_srv_conf_t, session_timeout), | |
147 NULL }, | |
148 | |
2995 | 149 { ngx_string("ssl_crl"), |
150 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_TAKE1, | |
151 ngx_conf_set_str_slot, | |
152 NGX_HTTP_SRV_CONF_OFFSET, | |
153 offsetof(ngx_http_ssl_srv_conf_t, crl), | |
154 NULL }, | |
155 | |
383
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
156 ngx_null_command |
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
157 }; |
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
158 |
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
159 |
395
f8f0f1834266
nginx-0.0.7-2004-07-16-21:11:43 import
Igor Sysoev <igor@sysoev.ru>
parents:
394
diff
changeset
|
160 static ngx_http_module_t ngx_http_ssl_module_ctx = { |
611 | 161 ngx_http_ssl_add_variables, /* preconfiguration */ |
509 | 162 NULL, /* postconfiguration */ |
383
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
163 |
541 | 164 NULL, /* create main configuration */ |
165 NULL, /* init main configuration */ | |
383
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
166 |
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
167 ngx_http_ssl_create_srv_conf, /* create server configuration */ |
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
168 ngx_http_ssl_merge_srv_conf, /* merge server configuration */ |
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
169 |
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
170 NULL, /* create location configuration */ |
485 | 171 NULL /* merge location configuration */ |
383
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
172 }; |
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
173 |
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
174 |
395
f8f0f1834266
nginx-0.0.7-2004-07-16-21:11:43 import
Igor Sysoev <igor@sysoev.ru>
parents:
394
diff
changeset
|
175 ngx_module_t ngx_http_ssl_module = { |
509 | 176 NGX_MODULE_V1, |
395
f8f0f1834266
nginx-0.0.7-2004-07-16-21:11:43 import
Igor Sysoev <igor@sysoev.ru>
parents:
394
diff
changeset
|
177 &ngx_http_ssl_module_ctx, /* module context */ |
f8f0f1834266
nginx-0.0.7-2004-07-16-21:11:43 import
Igor Sysoev <igor@sysoev.ru>
parents:
394
diff
changeset
|
178 ngx_http_ssl_commands, /* module directives */ |
383
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
179 NGX_HTTP_MODULE, /* module type */ |
541 | 180 NULL, /* init master */ |
393
5659d773cfa8
nginx-0.0.7-2004-07-15-20:35:51 import
Igor Sysoev <igor@sysoev.ru>
parents:
392
diff
changeset
|
181 NULL, /* init module */ |
541 | 182 NULL, /* init process */ |
183 NULL, /* init thread */ | |
184 NULL, /* exit thread */ | |
185 NULL, /* exit process */ | |
186 NULL, /* exit master */ | |
187 NGX_MODULE_V1_PADDING | |
383
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
188 }; |
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
189 |
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
190 |
611 | 191 static ngx_http_variable_t ngx_http_ssl_vars[] = { |
192 | |
671 | 193 { ngx_string("ssl_protocol"), NULL, ngx_http_ssl_static_variable, |
1565 | 194 (uintptr_t) ngx_ssl_get_protocol, NGX_HTTP_VAR_CHANGEABLE, 0 }, |
611 | 195 |
671 | 196 { ngx_string("ssl_cipher"), NULL, ngx_http_ssl_static_variable, |
1565 | 197 (uintptr_t) ngx_ssl_get_cipher_name, NGX_HTTP_VAR_CHANGEABLE, 0 }, |
611 | 198 |
3154 | 199 { ngx_string("ssl_session_id"), NULL, ngx_http_ssl_variable, |
200 (uintptr_t) ngx_ssl_get_session_id, NGX_HTTP_VAR_CHANGEABLE, 0 }, | |
201 | |
2045 | 202 { ngx_string("ssl_client_cert"), NULL, ngx_http_ssl_variable, |
203 (uintptr_t) ngx_ssl_get_certificate, NGX_HTTP_VAR_CHANGEABLE, 0 }, | |
204 | |
2123 | 205 { ngx_string("ssl_client_raw_cert"), NULL, ngx_http_ssl_variable, |
206 (uintptr_t) ngx_ssl_get_raw_certificate, | |
207 NGX_HTTP_VAR_CHANGEABLE, 0 }, | |
208 | |
671 | 209 { ngx_string("ssl_client_s_dn"), NULL, ngx_http_ssl_variable, |
1565 | 210 (uintptr_t) ngx_ssl_get_subject_dn, NGX_HTTP_VAR_CHANGEABLE, 0 }, |
647 | 211 |
671 | 212 { ngx_string("ssl_client_i_dn"), NULL, ngx_http_ssl_variable, |
1565 | 213 (uintptr_t) ngx_ssl_get_issuer_dn, NGX_HTTP_VAR_CHANGEABLE, 0 }, |
671 | 214 |
215 { ngx_string("ssl_client_serial"), NULL, ngx_http_ssl_variable, | |
1565 | 216 (uintptr_t) ngx_ssl_get_serial_number, NGX_HTTP_VAR_CHANGEABLE, 0 }, |
647 | 217 |
2994 | 218 { ngx_string("ssl_client_verify"), NULL, ngx_http_ssl_variable, |
219 (uintptr_t) ngx_ssl_get_client_verify, NGX_HTTP_VAR_CHANGEABLE, 0 }, | |
220 | |
637 | 221 { ngx_null_string, NULL, NULL, 0, 0, 0 } |
611 | 222 }; |
223 | |
224 | |
974
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
973
diff
changeset
|
225 static ngx_str_t ngx_http_ssl_sess_id_ctx = ngx_string("HTTP"); |
973 | 226 |
227 | |
228 static ngx_int_t | |
671 | 229 ngx_http_ssl_static_variable(ngx_http_request_t *r, |
611 | 230 ngx_http_variable_value_t *v, uintptr_t data) |
231 { | |
671 | 232 ngx_ssl_variable_handler_pt handler = (ngx_ssl_variable_handler_pt) data; |
611 | 233 |
1310
33d6c994a0b2
Sun Studio on sparc uses different bit order
Igor Sysoev <igor@sysoev.ru>
parents:
1219
diff
changeset
|
234 size_t len; |
33d6c994a0b2
Sun Studio on sparc uses different bit order
Igor Sysoev <igor@sysoev.ru>
parents:
1219
diff
changeset
|
235 ngx_str_t s; |
611 | 236 |
237 if (r->connection->ssl) { | |
238 | |
1310
33d6c994a0b2
Sun Studio on sparc uses different bit order
Igor Sysoev <igor@sysoev.ru>
parents:
1219
diff
changeset
|
239 (void) handler(r->connection, NULL, &s); |
33d6c994a0b2
Sun Studio on sparc uses different bit order
Igor Sysoev <igor@sysoev.ru>
parents:
1219
diff
changeset
|
240 |
33d6c994a0b2
Sun Studio on sparc uses different bit order
Igor Sysoev <igor@sysoev.ru>
parents:
1219
diff
changeset
|
241 v->data = s.data; |
611 | 242 |
671 | 243 for (len = 0; v->data[len]; len++) { /* void */ } |
611 | 244 |
245 v->len = len; | |
246 v->valid = 1; | |
1565 | 247 v->no_cacheable = 0; |
611 | 248 v->not_found = 0; |
249 | |
250 return NGX_OK; | |
251 } | |
252 | |
253 v->not_found = 1; | |
254 | |
255 return NGX_OK; | |
256 } | |
257 | |
258 | |
259 static ngx_int_t | |
671 | 260 ngx_http_ssl_variable(ngx_http_request_t *r, ngx_http_variable_value_t *v, |
647 | 261 uintptr_t data) |
262 { | |
671 | 263 ngx_ssl_variable_handler_pt handler = (ngx_ssl_variable_handler_pt) data; |
647 | 264 |
1310
33d6c994a0b2
Sun Studio on sparc uses different bit order
Igor Sysoev <igor@sysoev.ru>
parents:
1219
diff
changeset
|
265 ngx_str_t s; |
33d6c994a0b2
Sun Studio on sparc uses different bit order
Igor Sysoev <igor@sysoev.ru>
parents:
1219
diff
changeset
|
266 |
647 | 267 if (r->connection->ssl) { |
1310
33d6c994a0b2
Sun Studio on sparc uses different bit order
Igor Sysoev <igor@sysoev.ru>
parents:
1219
diff
changeset
|
268 |
33d6c994a0b2
Sun Studio on sparc uses different bit order
Igor Sysoev <igor@sysoev.ru>
parents:
1219
diff
changeset
|
269 if (handler(r->connection, r->pool, &s) != NGX_OK) { |
647 | 270 return NGX_ERROR; |
271 } | |
272 | |
1310
33d6c994a0b2
Sun Studio on sparc uses different bit order
Igor Sysoev <igor@sysoev.ru>
parents:
1219
diff
changeset
|
273 v->len = s.len; |
33d6c994a0b2
Sun Studio on sparc uses different bit order
Igor Sysoev <igor@sysoev.ru>
parents:
1219
diff
changeset
|
274 v->data = s.data; |
33d6c994a0b2
Sun Studio on sparc uses different bit order
Igor Sysoev <igor@sysoev.ru>
parents:
1219
diff
changeset
|
275 |
647 | 276 if (v->len) { |
277 v->valid = 1; | |
1565 | 278 v->no_cacheable = 0; |
647 | 279 v->not_found = 0; |
280 | |
281 return NGX_OK; | |
282 } | |
283 } | |
284 | |
285 v->not_found = 1; | |
286 | |
287 return NGX_OK; | |
288 } | |
289 | |
290 | |
291 static ngx_int_t | |
611 | 292 ngx_http_ssl_add_variables(ngx_conf_t *cf) |
293 { | |
294 ngx_http_variable_t *var, *v; | |
295 | |
296 for (v = ngx_http_ssl_vars; v->name.len; v++) { | |
297 var = ngx_http_add_variable(cf, &v->name, v->flags); | |
298 if (var == NULL) { | |
299 return NGX_ERROR; | |
300 } | |
301 | |
637 | 302 var->get_handler = v->get_handler; |
611 | 303 var->data = v->data; |
304 } | |
305 | |
306 return NGX_OK; | |
307 } | |
308 | |
309 | |
501 | 310 static void * |
311 ngx_http_ssl_create_srv_conf(ngx_conf_t *cf) | |
383
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
312 { |
971 | 313 ngx_http_ssl_srv_conf_t *sscf; |
383
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
314 |
971 | 315 sscf = ngx_pcalloc(cf->pool, sizeof(ngx_http_ssl_srv_conf_t)); |
316 if (sscf == NULL) { | |
2912
c7d57b539248
return NULL instead of NGX_CONF_ERROR on a create conf failure
Igor Sysoev <igor@sysoev.ru>
parents:
2716
diff
changeset
|
317 return NULL; |
383
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
318 } |
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
319 |
479 | 320 /* |
321 * set by ngx_pcalloc(): | |
322 * | |
971 | 323 * sscf->protocols = 0; |
2044 | 324 * sscf->certificate = { 0, NULL }; |
325 * sscf->certificate_key = { 0, NULL }; | |
326 * sscf->dhparam = { 0, NULL }; | |
3960 | 327 * sscf->ecdh_curve = { 0, NULL }; |
2044 | 328 * sscf->client_certificate = { 0, NULL }; |
2995 | 329 * sscf->crl = { 0, NULL }; |
3516
dd1570b6f237
ngx_str_set() and ngx_str_null()
Igor Sysoev <igor@sysoev.ru>
parents:
3209
diff
changeset
|
330 * sscf->ciphers = { 0, NULL }; |
973 | 331 * sscf->shm_zone = NULL; |
479 | 332 */ |
333 | |
971 | 334 sscf->enable = NGX_CONF_UNSET; |
2123 | 335 sscf->prefer_server_ciphers = NGX_CONF_UNSET; |
2710 | 336 sscf->verify = NGX_CONF_UNSET_UINT; |
337 sscf->verify_depth = NGX_CONF_UNSET_UINT; | |
973 | 338 sscf->builtin_session_cache = NGX_CONF_UNSET; |
339 sscf->session_timeout = NGX_CONF_UNSET; | |
383
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
340 |
971 | 341 return sscf; |
383
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
342 } |
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
343 |
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
344 |
501 | 345 static char * |
346 ngx_http_ssl_merge_srv_conf(ngx_conf_t *cf, void *parent, void *child) | |
383
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
347 { |
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
348 ngx_http_ssl_srv_conf_t *prev = parent; |
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
349 ngx_http_ssl_srv_conf_t *conf = child; |
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
350 |
563 | 351 ngx_pool_cleanup_t *cln; |
352 | |
4234
d5462eab1440
Fixed segfault on configuration testing with ssl (ticket #37).
Maxim Dounin <mdounin@mdounin.ru>
parents:
4153
diff
changeset
|
353 if (conf->enable == NGX_CONF_UNSET) { |
d5462eab1440
Fixed segfault on configuration testing with ssl (ticket #37).
Maxim Dounin <mdounin@mdounin.ru>
parents:
4153
diff
changeset
|
354 if (prev->enable == NGX_CONF_UNSET) { |
d5462eab1440
Fixed segfault on configuration testing with ssl (ticket #37).
Maxim Dounin <mdounin@mdounin.ru>
parents:
4153
diff
changeset
|
355 conf->enable = 0; |
d5462eab1440
Fixed segfault on configuration testing with ssl (ticket #37).
Maxim Dounin <mdounin@mdounin.ru>
parents:
4153
diff
changeset
|
356 |
d5462eab1440
Fixed segfault on configuration testing with ssl (ticket #37).
Maxim Dounin <mdounin@mdounin.ru>
parents:
4153
diff
changeset
|
357 } else { |
d5462eab1440
Fixed segfault on configuration testing with ssl (ticket #37).
Maxim Dounin <mdounin@mdounin.ru>
parents:
4153
diff
changeset
|
358 conf->enable = prev->enable; |
d5462eab1440
Fixed segfault on configuration testing with ssl (ticket #37).
Maxim Dounin <mdounin@mdounin.ru>
parents:
4153
diff
changeset
|
359 conf->file = prev->file; |
d5462eab1440
Fixed segfault on configuration testing with ssl (ticket #37).
Maxim Dounin <mdounin@mdounin.ru>
parents:
4153
diff
changeset
|
360 conf->line = prev->line; |
d5462eab1440
Fixed segfault on configuration testing with ssl (ticket #37).
Maxim Dounin <mdounin@mdounin.ru>
parents:
4153
diff
changeset
|
361 } |
d5462eab1440
Fixed segfault on configuration testing with ssl (ticket #37).
Maxim Dounin <mdounin@mdounin.ru>
parents:
4153
diff
changeset
|
362 } |
383
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
363 |
573 | 364 ngx_conf_merge_value(conf->session_timeout, |
365 prev->session_timeout, 300); | |
366 | |
547 | 367 ngx_conf_merge_value(conf->prefer_server_ciphers, |
368 prev->prefer_server_ciphers, 0); | |
369 | |
370 ngx_conf_merge_bitmask_value(conf->protocols, prev->protocols, | |
4400
a0505851e70c
Added support for TLSv1.1, TLSv1.2 in ssl_protocols directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4273
diff
changeset
|
371 (NGX_CONF_BITMASK_SET|NGX_SSL_SSLv3|NGX_SSL_TLSv1 |
a0505851e70c
Added support for TLSv1.1, TLSv1.2 in ssl_protocols directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4273
diff
changeset
|
372 |NGX_SSL_TLSv1_1|NGX_SSL_TLSv1_2)); |
547 | 373 |
2123 | 374 ngx_conf_merge_uint_value(conf->verify, prev->verify, 0); |
375 ngx_conf_merge_uint_value(conf->verify_depth, prev->verify_depth, 1); | |
647 | 376 |
2224 | 377 ngx_conf_merge_str_value(conf->certificate, prev->certificate, ""); |
378 ngx_conf_merge_str_value(conf->certificate_key, prev->certificate_key, ""); | |
383
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
379 |
2044 | 380 ngx_conf_merge_str_value(conf->dhparam, prev->dhparam, ""); |
381 | |
647 | 382 ngx_conf_merge_str_value(conf->client_certificate, prev->client_certificate, |
383 ""); | |
2995 | 384 ngx_conf_merge_str_value(conf->crl, prev->crl, ""); |
647 | 385 |
3960 | 386 ngx_conf_merge_str_value(conf->ecdh_curve, prev->ecdh_curve, |
387 NGX_DEFAULT_ECDH_CURVE); | |
388 | |
2124 | 389 ngx_conf_merge_str_value(conf->ciphers, prev->ciphers, NGX_DEFAULT_CIPHERS); |
479 | 390 |
391 | |
547 | 392 conf->ssl.log = cf->log; |
386
fa72605e7089
nginx-0.0.7-2004-07-12-01:03:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
385
diff
changeset
|
393 |
2224 | 394 if (conf->enable) { |
395 | |
396 if (conf->certificate.len == 0) { | |
397 ngx_log_error(NGX_LOG_EMERG, cf->log, 0, | |
398 "no \"ssl_certificate\" is defined for " | |
399 "the \"ssl\" directive in %s:%ui", | |
400 conf->file, conf->line); | |
401 return NGX_CONF_ERROR; | |
402 } | |
403 | |
404 if (conf->certificate_key.len == 0) { | |
405 ngx_log_error(NGX_LOG_EMERG, cf->log, 0, | |
406 "no \"ssl_certificate_key\" is defined for " | |
407 "the \"ssl\" directive in %s:%ui", | |
408 conf->file, conf->line); | |
409 return NGX_CONF_ERROR; | |
410 } | |
411 | |
412 } else { | |
413 | |
414 if (conf->certificate.len == 0) { | |
415 return NGX_CONF_OK; | |
416 } | |
417 | |
418 if (conf->certificate_key.len == 0) { | |
419 ngx_log_error(NGX_LOG_EMERG, cf->log, 0, | |
420 "no \"ssl_certificate_key\" is defined " | |
421 "for certificate \"%V\"", &conf->certificate); | |
422 return NGX_CONF_ERROR; | |
423 } | |
424 } | |
425 | |
969 | 426 if (ngx_ssl_create(&conf->ssl, conf->protocols, conf) != NGX_OK) { |
386
fa72605e7089
nginx-0.0.7-2004-07-12-01:03:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
385
diff
changeset
|
427 return NGX_CONF_ERROR; |
fa72605e7089
nginx-0.0.7-2004-07-12-01:03:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
385
diff
changeset
|
428 } |
fa72605e7089
nginx-0.0.7-2004-07-12-01:03:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
385
diff
changeset
|
429 |
1219 | 430 #ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME |
431 | |
432 if (SSL_CTX_set_tlsext_servername_callback(conf->ssl.ctx, | |
433 ngx_http_ssl_servername) | |
434 == 0) | |
435 { | |
3140
ba9a8ba4207e
*) issue warning instead of failure: this is too common case
Igor Sysoev <igor@sysoev.ru>
parents:
2996
diff
changeset
|
436 ngx_log_error(NGX_LOG_WARN, cf->log, 0, |
3209 | 437 "nginx was built with SNI support, however, now it is linked " |
3140
ba9a8ba4207e
*) issue warning instead of failure: this is too common case
Igor Sysoev <igor@sysoev.ru>
parents:
2996
diff
changeset
|
438 "dynamically to an OpenSSL library which has no tlsext support, " |
ba9a8ba4207e
*) issue warning instead of failure: this is too common case
Igor Sysoev <igor@sysoev.ru>
parents:
2996
diff
changeset
|
439 "therefore SNI is not available"); |
1219 | 440 } |
441 | |
442 #endif | |
443 | |
563 | 444 cln = ngx_pool_cleanup_add(cf->pool, 0); |
445 if (cln == NULL) { | |
509 | 446 return NGX_CONF_ERROR; |
447 } | |
448 | |
563 | 449 cln->handler = ngx_ssl_cleanup_ctx; |
450 cln->data = &conf->ssl; | |
451 | |
452 if (ngx_ssl_certificate(cf, &conf->ssl, &conf->certificate, | |
970 | 453 &conf->certificate_key) |
454 != NGX_OK) | |
529 | 455 { |
386
fa72605e7089
nginx-0.0.7-2004-07-12-01:03:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
385
diff
changeset
|
456 return NGX_CONF_ERROR; |
fa72605e7089
nginx-0.0.7-2004-07-12-01:03:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
385
diff
changeset
|
457 } |
fa72605e7089
nginx-0.0.7-2004-07-12-01:03:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
385
diff
changeset
|
458 |
547 | 459 if (SSL_CTX_set_cipher_list(conf->ssl.ctx, |
563 | 460 (const char *) conf->ciphers.data) |
461 == 0) | |
529 | 462 { |
395
f8f0f1834266
nginx-0.0.7-2004-07-16-21:11:43 import
Igor Sysoev <igor@sysoev.ru>
parents:
394
diff
changeset
|
463 ngx_ssl_error(NGX_LOG_EMERG, cf->log, 0, |
547 | 464 "SSL_CTX_set_cipher_list(\"%V\") failed", |
465 &conf->ciphers); | |
466 } | |
467 | |
647 | 468 if (conf->verify) { |
2123 | 469 |
4904
c3b276283e4a
Merge of r4885: ssl_verify_client optional_no_ca.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4412
diff
changeset
|
470 if (conf->client_certificate.len == 0 && conf->verify != 3) { |
2123 | 471 ngx_log_error(NGX_LOG_EMERG, cf->log, 0, |
472 "no ssl_client_certificate for ssl_client_verify"); | |
473 return NGX_CONF_ERROR; | |
474 } | |
475 | |
671 | 476 if (ngx_ssl_client_certificate(cf, &conf->ssl, |
970 | 477 &conf->client_certificate, |
478 conf->verify_depth) | |
671 | 479 != NGX_OK) |
480 { | |
481 return NGX_CONF_ERROR; | |
647 | 482 } |
2995 | 483 |
484 if (ngx_ssl_crl(cf, &conf->ssl, &conf->crl) != NGX_OK) { | |
485 return NGX_CONF_ERROR; | |
486 } | |
647 | 487 } |
488 | |
547 | 489 if (conf->prefer_server_ciphers) { |
490 SSL_CTX_set_options(conf->ssl.ctx, SSL_OP_CIPHER_SERVER_PREFERENCE); | |
491 } | |
492 | |
493 /* a temporary 512-bit RSA key is required for export versions of MSIE */ | |
3959
b1f48fa31e6c
MSIE export versions are rare now, so RSA 512 key is generated on demand
Igor Sysoev <igor@sysoev.ru>
parents:
3938
diff
changeset
|
494 SSL_CTX_set_tmp_rsa_callback(conf->ssl.ctx, ngx_ssl_rsa512_key_callback); |
386
fa72605e7089
nginx-0.0.7-2004-07-12-01:03:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
385
diff
changeset
|
495 |
2044 | 496 if (ngx_ssl_dhparam(cf, &conf->ssl, &conf->dhparam) != NGX_OK) { |
497 return NGX_CONF_ERROR; | |
498 } | |
499 | |
3960 | 500 if (ngx_ssl_ecdh_curve(cf, &conf->ssl, &conf->ecdh_curve) != NGX_OK) { |
501 return NGX_CONF_ERROR; | |
502 } | |
503 | |
973 | 504 ngx_conf_merge_value(conf->builtin_session_cache, |
2032 | 505 prev->builtin_session_cache, NGX_SSL_NONE_SCACHE); |
973 | 506 |
507 if (conf->shm_zone == NULL) { | |
508 conf->shm_zone = prev->shm_zone; | |
509 } | |
510 | |
974
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
973
diff
changeset
|
511 if (ngx_ssl_session_cache(&conf->ssl, &ngx_http_ssl_sess_id_ctx, |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
973
diff
changeset
|
512 conf->builtin_session_cache, |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
973
diff
changeset
|
513 conf->shm_zone, conf->session_timeout) |
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
973
diff
changeset
|
514 != NGX_OK) |
973 | 515 { |
974
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
973
diff
changeset
|
516 return NGX_CONF_ERROR; |
973 | 517 } |
573 | 518 |
383
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
519 return NGX_CONF_OK; |
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
520 } |
563 | 521 |
522 | |
973 | 523 static char * |
2224 | 524 ngx_http_ssl_enable(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) |
525 { | |
526 ngx_http_ssl_srv_conf_t *sscf = conf; | |
527 | |
528 char *rv; | |
529 | |
530 rv = ngx_conf_set_flag_slot(cf, cmd, conf); | |
531 | |
532 if (rv != NGX_CONF_OK) { | |
533 return rv; | |
534 } | |
535 | |
536 sscf->file = cf->conf_file->file.name.data; | |
537 sscf->line = cf->conf_file->line; | |
538 | |
539 return NGX_CONF_OK; | |
540 } | |
541 | |
542 | |
543 static char * | |
973 | 544 ngx_http_ssl_session_cache(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) |
545 { | |
546 ngx_http_ssl_srv_conf_t *sscf = conf; | |
547 | |
548 size_t len; | |
549 ngx_str_t *value, name, size; | |
550 ngx_int_t n; | |
551 ngx_uint_t i, j; | |
552 | |
553 value = cf->args->elts; | |
554 | |
555 for (i = 1; i < cf->args->nelts; i++) { | |
556 | |
1778 | 557 if (ngx_strcmp(value[i].data, "off") == 0) { |
558 sscf->builtin_session_cache = NGX_SSL_NO_SCACHE; | |
559 continue; | |
560 } | |
561 | |
2032 | 562 if (ngx_strcmp(value[i].data, "none") == 0) { |
563 sscf->builtin_session_cache = NGX_SSL_NONE_SCACHE; | |
564 continue; | |
565 } | |
566 | |
973 | 567 if (ngx_strcmp(value[i].data, "builtin") == 0) { |
974
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
973
diff
changeset
|
568 sscf->builtin_session_cache = NGX_SSL_DFLT_BUILTIN_SCACHE; |
973 | 569 continue; |
570 } | |
571 | |
572 if (value[i].len > sizeof("builtin:") - 1 | |
573 && ngx_strncmp(value[i].data, "builtin:", sizeof("builtin:") - 1) | |
574 == 0) | |
575 { | |
576 n = ngx_atoi(value[i].data + sizeof("builtin:") - 1, | |
577 value[i].len - (sizeof("builtin:") - 1)); | |
578 | |
579 if (n == NGX_ERROR) { | |
580 goto invalid; | |
581 } | |
582 | |
583 sscf->builtin_session_cache = n; | |
584 | |
585 continue; | |
586 } | |
587 | |
588 if (value[i].len > sizeof("shared:") - 1 | |
589 && ngx_strncmp(value[i].data, "shared:", sizeof("shared:") - 1) | |
590 == 0) | |
591 { | |
592 len = 0; | |
593 | |
594 for (j = sizeof("shared:") - 1; j < value[i].len; j++) { | |
595 if (value[i].data[j] == ':') { | |
596 break; | |
597 } | |
598 | |
599 len++; | |
600 } | |
601 | |
602 if (len == 0) { | |
603 goto invalid; | |
604 } | |
605 | |
606 name.len = len; | |
607 name.data = value[i].data + sizeof("shared:") - 1; | |
608 | |
609 size.len = value[i].len - j - 1; | |
610 size.data = name.data + len + 1; | |
611 | |
612 n = ngx_parse_size(&size); | |
613 | |
614 if (n == NGX_ERROR) { | |
615 goto invalid; | |
616 } | |
617 | |
618 if (n < (ngx_int_t) (8 * ngx_pagesize)) { | |
619 ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, | |
974
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
973
diff
changeset
|
620 "session cache \"%V\" is too small", |
973 | 621 &value[i]); |
622 | |
623 return NGX_CONF_ERROR; | |
624 } | |
625 | |
626 sscf->shm_zone = ngx_shared_memory_add(cf, &name, n, | |
627 &ngx_http_ssl_module); | |
628 if (sscf->shm_zone == NULL) { | |
629 return NGX_CONF_ERROR; | |
630 } | |
631 | |
4153
7de74ed694c8
Fix for "ssl_session_cache builtin" (broken since 1.1.1, r3993).
Maxim Dounin <mdounin@mdounin.ru>
parents:
3992
diff
changeset
|
632 sscf->shm_zone->init = ngx_ssl_session_cache_init; |
7de74ed694c8
Fix for "ssl_session_cache builtin" (broken since 1.1.1, r3993).
Maxim Dounin <mdounin@mdounin.ru>
parents:
3992
diff
changeset
|
633 |
973 | 634 continue; |
635 } | |
636 | |
637 goto invalid; | |
638 } | |
639 | |
640 if (sscf->shm_zone && sscf->builtin_session_cache == NGX_CONF_UNSET) { | |
974
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
973
diff
changeset
|
641 sscf->builtin_session_cache = NGX_SSL_NO_BUILTIN_SCACHE; |
973 | 642 } |
643 | |
644 return NGX_CONF_OK; | |
645 | |
646 invalid: | |
647 | |
648 ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, | |
649 "invalid session cache \"%V\"", &value[i]); | |
650 | |
651 return NGX_CONF_ERROR; | |
652 } |