nginx: src/http/modules/ngx_http_ssl

annotate src/http/modules/ngx_http_ssl_module.c @ 4872:7c3cca603438

OCSP stapling: ssl_trusted_certificate directive. The directive allows to specify additional trusted Certificate Authority certificates to be used during certificate verification. In contrast to ssl_client_certificate DNs of these cerificates aren't sent to a client during handshake. Trusted certificates are loaded regardless of the fact whether client certificates verification is enabled as the same certificates will be used for OCSP stapling, during construction of an OCSP request and for verification of an OCSP response. The same applies to a CRL (which is now always loaded).

author	Maxim Dounin <mdounin@mdounin.ru>
date	Mon, 01 Oct 2012 12:39:36 +0000
parents	d620f497c50f
children	dd74fd35ceb5

rev	line source
441 da8c5707af39 nginx-0.1.0-2004-09-28-12:34:51 import; set copyright and remove unused files Igor Sysoev <igor@sysoev.ru> parents: 396 diff changeset	1
da8c5707af39 nginx-0.1.0-2004-09-28-12:34:51 import; set copyright and remove unused files Igor Sysoev <igor@sysoev.ru> parents: 396 diff changeset	2 /*
444 42d11f017717 nginx-0.1.0-2004-09-29-20:00:49 import; remove years from copyright Igor Sysoev <igor@sysoev.ru> parents: 441 diff changeset	3 * Copyright (C) Igor Sysoev
4412 d620f497c50f Copyright updated. Maxim Konovalov <maxim@nginx.com> parents: 4400 diff changeset	4 * Copyright (C) Nginx, Inc.
441 da8c5707af39 nginx-0.1.0-2004-09-28-12:34:51 import; set copyright and remove unused files Igor Sysoev <igor@sysoev.ru> parents: 396 diff changeset	5 */
da8c5707af39 nginx-0.1.0-2004-09-28-12:34:51 import; set copyright and remove unused files Igor Sysoev <igor@sysoev.ru> parents: 396 diff changeset	6
383 c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	7
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	8 #include <ngx_config.h>
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	9 #include <ngx_core.h>
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	10 #include <ngx_http.h>
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	11
573 58475592100c nginx-0.3.8-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 563 diff changeset	12
671 cec32b3753ac nginx-0.3.57-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 669 diff changeset	13 typedef ngx_int_t (ngx_ssl_variable_handler_pt)(ngx_connection_t c,
cec32b3753ac nginx-0.3.57-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 669 diff changeset	14 ngx_pool_t pool, ngx_str_t s);
611 3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	15
3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	16
3960 0832a6997227 ECDHE support Igor Sysoev <igor@sysoev.ru> parents: 3959 diff changeset	17 #define NGX_DEFAULT_CIPHERS "HIGH:!aNULL:!MD5"
0832a6997227 ECDHE support Igor Sysoev <igor@sysoev.ru> parents: 3959 diff changeset	18 #define NGX_DEFAULT_ECDH_CURVE "prime256v1"
383 c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	19
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	20
671 cec32b3753ac nginx-0.3.57-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 669 diff changeset	21 static ngx_int_t ngx_http_ssl_static_variable(ngx_http_request_t *r,
611 3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	22 ngx_http_variable_value_t *v, uintptr_t data);
671 cec32b3753ac nginx-0.3.57-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 669 diff changeset	23 static ngx_int_t ngx_http_ssl_variable(ngx_http_request_t *r,
647 95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	24 ngx_http_variable_value_t *v, uintptr_t data);
611 3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	25
3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	26 static ngx_int_t ngx_http_ssl_add_variables(ngx_conf_t *cf);
383 c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	27 static void ngx_http_ssl_create_srv_conf(ngx_conf_t cf);
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	28 static char ngx_http_ssl_merge_srv_conf(ngx_conf_t cf,
501 d4ea69372b94 nginx-0.1.25-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 485 diff changeset	29 void parent, void child);
383 c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	30
2224 109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	31 static char ngx_http_ssl_enable(ngx_conf_t cf, ngx_command_t *cmd,
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	32 void *conf);
973 e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	33 static char ngx_http_ssl_session_cache(ngx_conf_t cf, ngx_command_t *cmd,
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	34 void *conf);
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	35
383 c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	36
547 818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	37 static ngx_conf_bitmask_t ngx_http_ssl_protocols[] = {
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	38 { ngx_string("SSLv2"), NGX_SSL_SSLv2 },
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	39 { ngx_string("SSLv3"), NGX_SSL_SSLv3 },
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	40 { ngx_string("TLSv1"), NGX_SSL_TLSv1 },
4400 a0505851e70c Added support for TLSv1.1, TLSv1.2 in ssl_protocols directive. Maxim Dounin <mdounin@mdounin.ru> parents: 4273 diff changeset	41 { ngx_string("TLSv1.1"), NGX_SSL_TLSv1_1 },
a0505851e70c Added support for TLSv1.1, TLSv1.2 in ssl_protocols directive. Maxim Dounin <mdounin@mdounin.ru> parents: 4273 diff changeset	42 { ngx_string("TLSv1.2"), NGX_SSL_TLSv1_2 },
547 818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	43 { ngx_null_string, 0 }
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	44 };
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	45
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	46
2123 9697407e9ecb ) ssl_verify_client ask Igor Sysoev <igor@sysoev.ru>* parents: 2045 diff changeset	47 static ngx_conf_enum_t ngx_http_ssl_verify[] = {
9697407e9ecb ) ssl_verify_client ask Igor Sysoev <igor@sysoev.ru>* parents: 2045 diff changeset	48 { ngx_string("off"), 0 },
9697407e9ecb ) ssl_verify_client ask Igor Sysoev <igor@sysoev.ru>* parents: 2045 diff changeset	49 { ngx_string("on"), 1 },
2994 f33c48457d0c ) $ssl_client_verify Igor Sysoev <igor@sysoev.ru>* parents: 2912 diff changeset	50 { ngx_string("optional"), 2 },
2123 9697407e9ecb ) ssl_verify_client ask Igor Sysoev <igor@sysoev.ru>* parents: 2045 diff changeset	51 { ngx_null_string, 0 }
9697407e9ecb ) ssl_verify_client ask Igor Sysoev <igor@sysoev.ru>* parents: 2045 diff changeset	52 };
9697407e9ecb ) ssl_verify_client ask Igor Sysoev <igor@sysoev.ru>* parents: 2045 diff changeset	53
9697407e9ecb ) ssl_verify_client ask Igor Sysoev <igor@sysoev.ru>* parents: 2045 diff changeset	54
395 f8f0f1834266 nginx-0.0.7-2004-07-16-21:11:43 import Igor Sysoev <igor@sysoev.ru> parents: 394 diff changeset	55 static ngx_command_t ngx_http_ssl_commands[] = {
383 c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	56
393 5659d773cfa8 nginx-0.0.7-2004-07-15-20:35:51 import Igor Sysoev <igor@sysoev.ru> parents: 392 diff changeset	57 { ngx_string("ssl"),
599 869b6444d234 nginx-0.3.21-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 573 diff changeset	58 NGX_HTTP_MAIN_CONF\|NGX_HTTP_SRV_CONF\|NGX_CONF_FLAG,
2224 109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	59 ngx_http_ssl_enable,
383 c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	60 NGX_HTTP_SRV_CONF_OFFSET,
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	61 offsetof(ngx_http_ssl_srv_conf_t, enable),
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	62 NULL },
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	63
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	64 { ngx_string("ssl_certificate"),
599 869b6444d234 nginx-0.3.21-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 573 diff changeset	65 NGX_HTTP_MAIN_CONF\|NGX_HTTP_SRV_CONF\|NGX_CONF_TAKE1,
383 c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	66 ngx_conf_set_str_slot,
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	67 NGX_HTTP_SRV_CONF_OFFSET,
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	68 offsetof(ngx_http_ssl_srv_conf_t, certificate),
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	69 NULL },
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	70
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	71 { ngx_string("ssl_certificate_key"),
599 869b6444d234 nginx-0.3.21-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 573 diff changeset	72 NGX_HTTP_MAIN_CONF\|NGX_HTTP_SRV_CONF\|NGX_CONF_TAKE1,
383 c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	73 ngx_conf_set_str_slot,
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	74 NGX_HTTP_SRV_CONF_OFFSET,
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	75 offsetof(ngx_http_ssl_srv_conf_t, certificate_key),
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	76 NULL },
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	77
2044 f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	78 { ngx_string("ssl_dhparam"),
f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	79 NGX_HTTP_MAIN_CONF\|NGX_HTTP_SRV_CONF\|NGX_CONF_TAKE1,
f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	80 ngx_conf_set_str_slot,
f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	81 NGX_HTTP_SRV_CONF_OFFSET,
f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	82 offsetof(ngx_http_ssl_srv_conf_t, dhparam),
f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	83 NULL },
f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	84
3960 0832a6997227 ECDHE support Igor Sysoev <igor@sysoev.ru> parents: 3959 diff changeset	85 { ngx_string("ssl_ecdh_curve"),
0832a6997227 ECDHE support Igor Sysoev <igor@sysoev.ru> parents: 3959 diff changeset	86 NGX_HTTP_MAIN_CONF\|NGX_HTTP_SRV_CONF\|NGX_CONF_TAKE1,
0832a6997227 ECDHE support Igor Sysoev <igor@sysoev.ru> parents: 3959 diff changeset	87 ngx_conf_set_str_slot,
0832a6997227 ECDHE support Igor Sysoev <igor@sysoev.ru> parents: 3959 diff changeset	88 NGX_HTTP_SRV_CONF_OFFSET,
0832a6997227 ECDHE support Igor Sysoev <igor@sysoev.ru> parents: 3959 diff changeset	89 offsetof(ngx_http_ssl_srv_conf_t, ecdh_curve),
0832a6997227 ECDHE support Igor Sysoev <igor@sysoev.ru> parents: 3959 diff changeset	90 NULL },
0832a6997227 ECDHE support Igor Sysoev <igor@sysoev.ru> parents: 3959 diff changeset	91
547 818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	92 { ngx_string("ssl_protocols"),
563 9c2f3ed7a247 nginx-0.3.3-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 547 diff changeset	93 NGX_HTTP_MAIN_CONF\|NGX_HTTP_SRV_CONF\|NGX_CONF_1MORE,
547 818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	94 ngx_conf_set_bitmask_slot,
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	95 NGX_HTTP_SRV_CONF_OFFSET,
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	96 offsetof(ngx_http_ssl_srv_conf_t, protocols),
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	97 &ngx_http_ssl_protocols },
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	98
479 c52408583801 nginx-0.1.14-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 444 diff changeset	99 { ngx_string("ssl_ciphers"),
563 9c2f3ed7a247 nginx-0.3.3-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 547 diff changeset	100 NGX_HTTP_MAIN_CONF\|NGX_HTTP_SRV_CONF\|NGX_CONF_TAKE1,
479 c52408583801 nginx-0.1.14-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 444 diff changeset	101 ngx_conf_set_str_slot,
c52408583801 nginx-0.1.14-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 444 diff changeset	102 NGX_HTTP_SRV_CONF_OFFSET,
c52408583801 nginx-0.1.14-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 444 diff changeset	103 offsetof(ngx_http_ssl_srv_conf_t, ciphers),
c52408583801 nginx-0.1.14-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 444 diff changeset	104 NULL },
c52408583801 nginx-0.1.14-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 444 diff changeset	105
647 95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	106 { ngx_string("ssl_verify_client"),
4273 e444e8f6538b Fixed NGX_CONF_TAKE1/NGX_CONF_FLAG misuse. Sergey Budnevitch <sb@waeme.net> parents: 4234 diff changeset	107 NGX_HTTP_MAIN_CONF\|NGX_HTTP_SRV_CONF\|NGX_CONF_TAKE1,
2123 9697407e9ecb ) ssl_verify_client ask Igor Sysoev <igor@sysoev.ru>* parents: 2045 diff changeset	108 ngx_conf_set_enum_slot,
647 95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	109 NGX_HTTP_SRV_CONF_OFFSET,
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	110 offsetof(ngx_http_ssl_srv_conf_t, verify),
2123 9697407e9ecb ) ssl_verify_client ask Igor Sysoev <igor@sysoev.ru>* parents: 2045 diff changeset	111 &ngx_http_ssl_verify },
647 95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	112
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	113 { ngx_string("ssl_verify_depth"),
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	114 NGX_HTTP_MAIN_CONF\|NGX_HTTP_SRV_CONF\|NGX_CONF_1MORE,
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	115 ngx_conf_set_num_slot,
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	116 NGX_HTTP_SRV_CONF_OFFSET,
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	117 offsetof(ngx_http_ssl_srv_conf_t, verify_depth),
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	118 NULL },
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	119
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	120 { ngx_string("ssl_client_certificate"),
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	121 NGX_HTTP_MAIN_CONF\|NGX_HTTP_SRV_CONF\|NGX_CONF_TAKE1,
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	122 ngx_conf_set_str_slot,
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	123 NGX_HTTP_SRV_CONF_OFFSET,
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	124 offsetof(ngx_http_ssl_srv_conf_t, client_certificate),
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	125 NULL },
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	126
4872 7c3cca603438 OCSP stapling: ssl_trusted_certificate directive. Maxim Dounin <mdounin@mdounin.ru> parents: 4412 diff changeset	127 { ngx_string("ssl_trusted_certificate"),
7c3cca603438 OCSP stapling: ssl_trusted_certificate directive. Maxim Dounin <mdounin@mdounin.ru> parents: 4412 diff changeset	128 NGX_HTTP_MAIN_CONF\|NGX_HTTP_SRV_CONF\|NGX_CONF_TAKE1,
7c3cca603438 OCSP stapling: ssl_trusted_certificate directive. Maxim Dounin <mdounin@mdounin.ru> parents: 4412 diff changeset	129 ngx_conf_set_str_slot,
7c3cca603438 OCSP stapling: ssl_trusted_certificate directive. Maxim Dounin <mdounin@mdounin.ru> parents: 4412 diff changeset	130 NGX_HTTP_SRV_CONF_OFFSET,
7c3cca603438 OCSP stapling: ssl_trusted_certificate directive. Maxim Dounin <mdounin@mdounin.ru> parents: 4412 diff changeset	131 offsetof(ngx_http_ssl_srv_conf_t, trusted_certificate),
7c3cca603438 OCSP stapling: ssl_trusted_certificate directive. Maxim Dounin <mdounin@mdounin.ru> parents: 4412 diff changeset	132 NULL },
7c3cca603438 OCSP stapling: ssl_trusted_certificate directive. Maxim Dounin <mdounin@mdounin.ru> parents: 4412 diff changeset	133
547 818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	134 { ngx_string("ssl_prefer_server_ciphers"),
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	135 NGX_HTTP_MAIN_CONF\|NGX_HTTP_SRV_CONF\|NGX_CONF_FLAG,
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	136 ngx_conf_set_flag_slot,
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	137 NGX_HTTP_SRV_CONF_OFFSET,
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	138 offsetof(ngx_http_ssl_srv_conf_t, prefer_server_ciphers),
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	139 NULL },
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	140
973 e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	141 { ngx_string("ssl_session_cache"),
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	142 NGX_HTTP_MAIN_CONF\|NGX_HTTP_SRV_CONF\|NGX_CONF_TAKE12,
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	143 ngx_http_ssl_session_cache,
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	144 NGX_HTTP_SRV_CONF_OFFSET,
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	145 0,
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	146 NULL },
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	147
573 58475592100c nginx-0.3.8-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 563 diff changeset	148 { ngx_string("ssl_session_timeout"),
58475592100c nginx-0.3.8-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 563 diff changeset	149 NGX_HTTP_MAIN_CONF\|NGX_HTTP_SRV_CONF\|NGX_CONF_TAKE1,
58475592100c nginx-0.3.8-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 563 diff changeset	150 ngx_conf_set_sec_slot,
58475592100c nginx-0.3.8-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 563 diff changeset	151 NGX_HTTP_SRV_CONF_OFFSET,
58475592100c nginx-0.3.8-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 563 diff changeset	152 offsetof(ngx_http_ssl_srv_conf_t, session_timeout),
58475592100c nginx-0.3.8-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 563 diff changeset	153 NULL },
58475592100c nginx-0.3.8-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 563 diff changeset	154
2995 cc07d164f0dc ssl_crl Igor Sysoev <igor@sysoev.ru> parents: 2994 diff changeset	155 { ngx_string("ssl_crl"),
cc07d164f0dc ssl_crl Igor Sysoev <igor@sysoev.ru> parents: 2994 diff changeset	156 NGX_HTTP_MAIN_CONF\|NGX_HTTP_SRV_CONF\|NGX_CONF_TAKE1,
cc07d164f0dc ssl_crl Igor Sysoev <igor@sysoev.ru> parents: 2994 diff changeset	157 ngx_conf_set_str_slot,
cc07d164f0dc ssl_crl Igor Sysoev <igor@sysoev.ru> parents: 2994 diff changeset	158 NGX_HTTP_SRV_CONF_OFFSET,
cc07d164f0dc ssl_crl Igor Sysoev <igor@sysoev.ru> parents: 2994 diff changeset	159 offsetof(ngx_http_ssl_srv_conf_t, crl),
cc07d164f0dc ssl_crl Igor Sysoev <igor@sysoev.ru> parents: 2994 diff changeset	160 NULL },
cc07d164f0dc ssl_crl Igor Sysoev <igor@sysoev.ru> parents: 2994 diff changeset	161
383 c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	162 ngx_null_command
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	163 };
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	164
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	165
395 f8f0f1834266 nginx-0.0.7-2004-07-16-21:11:43 import Igor Sysoev <igor@sysoev.ru> parents: 394 diff changeset	166 static ngx_http_module_t ngx_http_ssl_module_ctx = {
611 3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	167 ngx_http_ssl_add_variables, /* preconfiguration */
509 9b8c906f6e63 nginx-0.1.29-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 507 diff changeset	168 NULL, /* postconfiguration */
383 c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	169
541 b09ee85d0ac8 nginx-0.1.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 529 diff changeset	170 NULL, /* create main configuration */
b09ee85d0ac8 nginx-0.1.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 529 diff changeset	171 NULL, /* init main configuration */
383 c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	172
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	173 ngx_http_ssl_create_srv_conf, /* create server configuration */
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	174 ngx_http_ssl_merge_srv_conf, /* merge server configuration */
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	175
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	176 NULL, /* create location configuration */
485 4ebe09b07e30 nginx-0.1.17-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 479 diff changeset	177 NULL /* merge location configuration */
383 c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	178 };
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	179
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	180
395 f8f0f1834266 nginx-0.0.7-2004-07-16-21:11:43 import Igor Sysoev <igor@sysoev.ru> parents: 394 diff changeset	181 ngx_module_t ngx_http_ssl_module = {
509 9b8c906f6e63 nginx-0.1.29-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 507 diff changeset	182 NGX_MODULE_V1,
395 f8f0f1834266 nginx-0.0.7-2004-07-16-21:11:43 import Igor Sysoev <igor@sysoev.ru> parents: 394 diff changeset	183 &ngx_http_ssl_module_ctx, /* module context */
f8f0f1834266 nginx-0.0.7-2004-07-16-21:11:43 import Igor Sysoev <igor@sysoev.ru> parents: 394 diff changeset	184 ngx_http_ssl_commands, /* module directives */
383 c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	185 NGX_HTTP_MODULE, /* module type */
541 b09ee85d0ac8 nginx-0.1.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 529 diff changeset	186 NULL, /* init master */
393 5659d773cfa8 nginx-0.0.7-2004-07-15-20:35:51 import Igor Sysoev <igor@sysoev.ru> parents: 392 diff changeset	187 NULL, /* init module */
541 b09ee85d0ac8 nginx-0.1.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 529 diff changeset	188 NULL, /* init process */
b09ee85d0ac8 nginx-0.1.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 529 diff changeset	189 NULL, /* init thread */
b09ee85d0ac8 nginx-0.1.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 529 diff changeset	190 NULL, /* exit thread */
b09ee85d0ac8 nginx-0.1.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 529 diff changeset	191 NULL, /* exit process */
b09ee85d0ac8 nginx-0.1.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 529 diff changeset	192 NULL, /* exit master */
b09ee85d0ac8 nginx-0.1.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 529 diff changeset	193 NGX_MODULE_V1_PADDING
383 c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	194 };
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	195
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	196
611 3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	197 static ngx_http_variable_t ngx_http_ssl_vars[] = {
3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	198
671 cec32b3753ac nginx-0.3.57-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 669 diff changeset	199 { ngx_string("ssl_protocol"), NULL, ngx_http_ssl_static_variable,
1565 4c43e25d11ea fix English grammar Igor Sysoev <igor@sysoev.ru> parents: 1310 diff changeset	200 (uintptr_t) ngx_ssl_get_protocol, NGX_HTTP_VAR_CHANGEABLE, 0 },
611 3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	201
671 cec32b3753ac nginx-0.3.57-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 669 diff changeset	202 { ngx_string("ssl_cipher"), NULL, ngx_http_ssl_static_variable,
1565 4c43e25d11ea fix English grammar Igor Sysoev <igor@sysoev.ru> parents: 1310 diff changeset	203 (uintptr_t) ngx_ssl_get_cipher_name, NGX_HTTP_VAR_CHANGEABLE, 0 },
611 3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	204
3154 823f72db46c0 $ssl_session_id Igor Sysoev <igor@sysoev.ru> parents: 3140 diff changeset	205 { ngx_string("ssl_session_id"), NULL, ngx_http_ssl_variable,
823f72db46c0 $ssl_session_id Igor Sysoev <igor@sysoev.ru> parents: 3140 diff changeset	206 (uintptr_t) ngx_ssl_get_session_id, NGX_HTTP_VAR_CHANGEABLE, 0 },
823f72db46c0 $ssl_session_id Igor Sysoev <igor@sysoev.ru> parents: 3140 diff changeset	207
2045 2b11822b12d6 $ssl_client_cert Igor Sysoev <igor@sysoev.ru> parents: 2044 diff changeset	208 { ngx_string("ssl_client_cert"), NULL, ngx_http_ssl_variable,
2b11822b12d6 $ssl_client_cert Igor Sysoev <igor@sysoev.ru> parents: 2044 diff changeset	209 (uintptr_t) ngx_ssl_get_certificate, NGX_HTTP_VAR_CHANGEABLE, 0 },
2b11822b12d6 $ssl_client_cert Igor Sysoev <igor@sysoev.ru> parents: 2044 diff changeset	210
2123 9697407e9ecb ) ssl_verify_client ask Igor Sysoev <igor@sysoev.ru>* parents: 2045 diff changeset	211 { ngx_string("ssl_client_raw_cert"), NULL, ngx_http_ssl_variable,
9697407e9ecb ) ssl_verify_client ask Igor Sysoev <igor@sysoev.ru>* parents: 2045 diff changeset	212 (uintptr_t) ngx_ssl_get_raw_certificate,
9697407e9ecb ) ssl_verify_client ask Igor Sysoev <igor@sysoev.ru>* parents: 2045 diff changeset	213 NGX_HTTP_VAR_CHANGEABLE, 0 },
9697407e9ecb ) ssl_verify_client ask Igor Sysoev <igor@sysoev.ru>* parents: 2045 diff changeset	214
671 cec32b3753ac nginx-0.3.57-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 669 diff changeset	215 { ngx_string("ssl_client_s_dn"), NULL, ngx_http_ssl_variable,
1565 4c43e25d11ea fix English grammar Igor Sysoev <igor@sysoev.ru> parents: 1310 diff changeset	216 (uintptr_t) ngx_ssl_get_subject_dn, NGX_HTTP_VAR_CHANGEABLE, 0 },
647 95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	217
671 cec32b3753ac nginx-0.3.57-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 669 diff changeset	218 { ngx_string("ssl_client_i_dn"), NULL, ngx_http_ssl_variable,
1565 4c43e25d11ea fix English grammar Igor Sysoev <igor@sysoev.ru> parents: 1310 diff changeset	219 (uintptr_t) ngx_ssl_get_issuer_dn, NGX_HTTP_VAR_CHANGEABLE, 0 },
671 cec32b3753ac nginx-0.3.57-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 669 diff changeset	220
cec32b3753ac nginx-0.3.57-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 669 diff changeset	221 { ngx_string("ssl_client_serial"), NULL, ngx_http_ssl_variable,
1565 4c43e25d11ea fix English grammar Igor Sysoev <igor@sysoev.ru> parents: 1310 diff changeset	222 (uintptr_t) ngx_ssl_get_serial_number, NGX_HTTP_VAR_CHANGEABLE, 0 },
647 95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	223
2994 f33c48457d0c ) $ssl_client_verify Igor Sysoev <igor@sysoev.ru>* parents: 2912 diff changeset	224 { ngx_string("ssl_client_verify"), NULL, ngx_http_ssl_variable,
f33c48457d0c ) $ssl_client_verify Igor Sysoev <igor@sysoev.ru>* parents: 2912 diff changeset	225 (uintptr_t) ngx_ssl_get_client_verify, NGX_HTTP_VAR_CHANGEABLE, 0 },
f33c48457d0c ) $ssl_client_verify Igor Sysoev <igor@sysoev.ru>* parents: 2912 diff changeset	226
637 e60fe4cf1d4e nginx-0.3.40-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 611 diff changeset	227 { ngx_null_string, NULL, NULL, 0, 0, 0 }
611 3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	228 };
3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	229
3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	230
974 8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 973 diff changeset	231 static ngx_str_t ngx_http_ssl_sess_id_ctx = ngx_string("HTTP");
973 e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	232
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	233
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	234 static ngx_int_t
671 cec32b3753ac nginx-0.3.57-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 669 diff changeset	235 ngx_http_ssl_static_variable(ngx_http_request_t *r,
611 3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	236 ngx_http_variable_value_t *v, uintptr_t data)
3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	237 {
671 cec32b3753ac nginx-0.3.57-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 669 diff changeset	238 ngx_ssl_variable_handler_pt handler = (ngx_ssl_variable_handler_pt) data;
611 3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	239
1310 33d6c994a0b2 Sun Studio on sparc uses different bit order Igor Sysoev <igor@sysoev.ru> parents: 1219 diff changeset	240 size_t len;
33d6c994a0b2 Sun Studio on sparc uses different bit order Igor Sysoev <igor@sysoev.ru> parents: 1219 diff changeset	241 ngx_str_t s;
611 3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	242
3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	243 if (r->connection->ssl) {
3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	244
1310 33d6c994a0b2 Sun Studio on sparc uses different bit order Igor Sysoev <igor@sysoev.ru> parents: 1219 diff changeset	245 (void) handler(r->connection, NULL, &s);
33d6c994a0b2 Sun Studio on sparc uses different bit order Igor Sysoev <igor@sysoev.ru> parents: 1219 diff changeset	246
33d6c994a0b2 Sun Studio on sparc uses different bit order Igor Sysoev <igor@sysoev.ru> parents: 1219 diff changeset	247 v->data = s.data;
611 3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	248
671 cec32b3753ac nginx-0.3.57-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 669 diff changeset	249 for (len = 0; v->data[len]; len++) { /* void */ }
611 3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	250
3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	251 v->len = len;
3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	252 v->valid = 1;
1565 4c43e25d11ea fix English grammar Igor Sysoev <igor@sysoev.ru> parents: 1310 diff changeset	253 v->no_cacheable = 0;
611 3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	254 v->not_found = 0;
3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	255
3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	256 return NGX_OK;
3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	257 }
3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	258
3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	259 v->not_found = 1;
3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	260
3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	261 return NGX_OK;
3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	262 }
3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	263
3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	264
3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	265 static ngx_int_t
671 cec32b3753ac nginx-0.3.57-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 669 diff changeset	266 ngx_http_ssl_variable(ngx_http_request_t r, ngx_http_variable_value_t v,
647 95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	267 uintptr_t data)
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	268 {
671 cec32b3753ac nginx-0.3.57-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 669 diff changeset	269 ngx_ssl_variable_handler_pt handler = (ngx_ssl_variable_handler_pt) data;
647 95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	270
1310 33d6c994a0b2 Sun Studio on sparc uses different bit order Igor Sysoev <igor@sysoev.ru> parents: 1219 diff changeset	271 ngx_str_t s;
33d6c994a0b2 Sun Studio on sparc uses different bit order Igor Sysoev <igor@sysoev.ru> parents: 1219 diff changeset	272
647 95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	273 if (r->connection->ssl) {
1310 33d6c994a0b2 Sun Studio on sparc uses different bit order Igor Sysoev <igor@sysoev.ru> parents: 1219 diff changeset	274
33d6c994a0b2 Sun Studio on sparc uses different bit order Igor Sysoev <igor@sysoev.ru> parents: 1219 diff changeset	275 if (handler(r->connection, r->pool, &s) != NGX_OK) {
647 95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	276 return NGX_ERROR;
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	277 }
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	278
1310 33d6c994a0b2 Sun Studio on sparc uses different bit order Igor Sysoev <igor@sysoev.ru> parents: 1219 diff changeset	279 v->len = s.len;
33d6c994a0b2 Sun Studio on sparc uses different bit order Igor Sysoev <igor@sysoev.ru> parents: 1219 diff changeset	280 v->data = s.data;
33d6c994a0b2 Sun Studio on sparc uses different bit order Igor Sysoev <igor@sysoev.ru> parents: 1219 diff changeset	281
647 95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	282 if (v->len) {
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	283 v->valid = 1;
1565 4c43e25d11ea fix English grammar Igor Sysoev <igor@sysoev.ru> parents: 1310 diff changeset	284 v->no_cacheable = 0;
647 95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	285 v->not_found = 0;
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	286
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	287 return NGX_OK;
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	288 }
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	289 }
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	290
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	291 v->not_found = 1;
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	292
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	293 return NGX_OK;
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	294 }
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	295
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	296
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	297 static ngx_int_t
611 3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	298 ngx_http_ssl_add_variables(ngx_conf_t *cf)
3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	299 {
3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	300 ngx_http_variable_t var, v;
3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	301
3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	302 for (v = ngx_http_ssl_vars; v->name.len; v++) {
3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	303 var = ngx_http_add_variable(cf, &v->name, v->flags);
3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	304 if (var == NULL) {
3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	305 return NGX_ERROR;
3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	306 }
3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	307
637 e60fe4cf1d4e nginx-0.3.40-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 611 diff changeset	308 var->get_handler = v->get_handler;
611 3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	309 var->data = v->data;
3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	310 }
3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	311
3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	312 return NGX_OK;
3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	313 }
3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	314
3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	315
501 d4ea69372b94 nginx-0.1.25-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 485 diff changeset	316 static void *
d4ea69372b94 nginx-0.1.25-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 485 diff changeset	317 ngx_http_ssl_create_srv_conf(ngx_conf_t *cf)
383 c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	318 {
971 948acd940145 style fix: scf > sscf Igor Sysoev <igor@sysoev.ru> parents: 970 diff changeset	319 ngx_http_ssl_srv_conf_t *sscf;
383 c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	320
971 948acd940145 style fix: scf > sscf Igor Sysoev <igor@sysoev.ru> parents: 970 diff changeset	321 sscf = ngx_pcalloc(cf->pool, sizeof(ngx_http_ssl_srv_conf_t));
948acd940145 style fix: scf > sscf Igor Sysoev <igor@sysoev.ru> parents: 970 diff changeset	322 if (sscf == NULL) {
2912 c7d57b539248 return NULL instead of NGX_CONF_ERROR on a create conf failure Igor Sysoev <igor@sysoev.ru> parents: 2716 diff changeset	323 return NULL;
383 c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	324 }
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	325
479 c52408583801 nginx-0.1.14-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 444 diff changeset	326 /*
c52408583801 nginx-0.1.14-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 444 diff changeset	327 * set by ngx_pcalloc():
c52408583801 nginx-0.1.14-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 444 diff changeset	328 *
971 948acd940145 style fix: scf > sscf Igor Sysoev <igor@sysoev.ru> parents: 970 diff changeset	329 * sscf->protocols = 0;
2044 f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	330 * sscf->certificate = { 0, NULL };
f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	331 * sscf->certificate_key = { 0, NULL };
f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	332 * sscf->dhparam = { 0, NULL };
3960 0832a6997227 ECDHE support Igor Sysoev <igor@sysoev.ru> parents: 3959 diff changeset	333 * sscf->ecdh_curve = { 0, NULL };
2044 f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	334 * sscf->client_certificate = { 0, NULL };
4872 7c3cca603438 OCSP stapling: ssl_trusted_certificate directive. Maxim Dounin <mdounin@mdounin.ru> parents: 4412 diff changeset	335 * sscf->trusted_certificate = { 0, NULL };
2995 cc07d164f0dc ssl_crl Igor Sysoev <igor@sysoev.ru> parents: 2994 diff changeset	336 * sscf->crl = { 0, NULL };
3516 dd1570b6f237 ngx_str_set() and ngx_str_null() Igor Sysoev <igor@sysoev.ru> parents: 3209 diff changeset	337 * sscf->ciphers = { 0, NULL };
973 e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	338 * sscf->shm_zone = NULL;
479 c52408583801 nginx-0.1.14-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 444 diff changeset	339 */
c52408583801 nginx-0.1.14-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 444 diff changeset	340
971 948acd940145 style fix: scf > sscf Igor Sysoev <igor@sysoev.ru> parents: 970 diff changeset	341 sscf->enable = NGX_CONF_UNSET;
2123 9697407e9ecb ) ssl_verify_client ask Igor Sysoev <igor@sysoev.ru>* parents: 2045 diff changeset	342 sscf->prefer_server_ciphers = NGX_CONF_UNSET;
2710 218ee852de73 fix building by MSVC8 Igor Sysoev <igor@sysoev.ru> parents: 2224 diff changeset	343 sscf->verify = NGX_CONF_UNSET_UINT;
218ee852de73 fix building by MSVC8 Igor Sysoev <igor@sysoev.ru> parents: 2224 diff changeset	344 sscf->verify_depth = NGX_CONF_UNSET_UINT;
973 e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	345 sscf->builtin_session_cache = NGX_CONF_UNSET;
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	346 sscf->session_timeout = NGX_CONF_UNSET;
383 c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	347
971 948acd940145 style fix: scf > sscf Igor Sysoev <igor@sysoev.ru> parents: 970 diff changeset	348 return sscf;
383 c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	349 }
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	350
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	351
501 d4ea69372b94 nginx-0.1.25-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 485 diff changeset	352 static char *
d4ea69372b94 nginx-0.1.25-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 485 diff changeset	353 ngx_http_ssl_merge_srv_conf(ngx_conf_t cf, void parent, void *child)
383 c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	354 {
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	355 ngx_http_ssl_srv_conf_t *prev = parent;
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	356 ngx_http_ssl_srv_conf_t *conf = child;
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	357
563 9c2f3ed7a247 nginx-0.3.3-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 547 diff changeset	358 ngx_pool_cleanup_t *cln;
9c2f3ed7a247 nginx-0.3.3-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 547 diff changeset	359
4234 d5462eab1440 Fixed segfault on configuration testing with ssl (ticket #37). Maxim Dounin <mdounin@mdounin.ru> parents: 4153 diff changeset	360 if (conf->enable == NGX_CONF_UNSET) {
d5462eab1440 Fixed segfault on configuration testing with ssl (ticket #37). Maxim Dounin <mdounin@mdounin.ru> parents: 4153 diff changeset	361 if (prev->enable == NGX_CONF_UNSET) {
d5462eab1440 Fixed segfault on configuration testing with ssl (ticket #37). Maxim Dounin <mdounin@mdounin.ru> parents: 4153 diff changeset	362 conf->enable = 0;
d5462eab1440 Fixed segfault on configuration testing with ssl (ticket #37). Maxim Dounin <mdounin@mdounin.ru> parents: 4153 diff changeset	363
d5462eab1440 Fixed segfault on configuration testing with ssl (ticket #37). Maxim Dounin <mdounin@mdounin.ru> parents: 4153 diff changeset	364 } else {
d5462eab1440 Fixed segfault on configuration testing with ssl (ticket #37). Maxim Dounin <mdounin@mdounin.ru> parents: 4153 diff changeset	365 conf->enable = prev->enable;
d5462eab1440 Fixed segfault on configuration testing with ssl (ticket #37). Maxim Dounin <mdounin@mdounin.ru> parents: 4153 diff changeset	366 conf->file = prev->file;
d5462eab1440 Fixed segfault on configuration testing with ssl (ticket #37). Maxim Dounin <mdounin@mdounin.ru> parents: 4153 diff changeset	367 conf->line = prev->line;
d5462eab1440 Fixed segfault on configuration testing with ssl (ticket #37). Maxim Dounin <mdounin@mdounin.ru> parents: 4153 diff changeset	368 }
d5462eab1440 Fixed segfault on configuration testing with ssl (ticket #37). Maxim Dounin <mdounin@mdounin.ru> parents: 4153 diff changeset	369 }
383 c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	370
573 58475592100c nginx-0.3.8-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 563 diff changeset	371 ngx_conf_merge_value(conf->session_timeout,
58475592100c nginx-0.3.8-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 563 diff changeset	372 prev->session_timeout, 300);
58475592100c nginx-0.3.8-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 563 diff changeset	373
547 818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	374 ngx_conf_merge_value(conf->prefer_server_ciphers,
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	375 prev->prefer_server_ciphers, 0);
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	376
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	377 ngx_conf_merge_bitmask_value(conf->protocols, prev->protocols,
4400 a0505851e70c Added support for TLSv1.1, TLSv1.2 in ssl_protocols directive. Maxim Dounin <mdounin@mdounin.ru> parents: 4273 diff changeset	378 (NGX_CONF_BITMASK_SET\|NGX_SSL_SSLv3\|NGX_SSL_TLSv1
a0505851e70c Added support for TLSv1.1, TLSv1.2 in ssl_protocols directive. Maxim Dounin <mdounin@mdounin.ru> parents: 4273 diff changeset	379 \|NGX_SSL_TLSv1_1\|NGX_SSL_TLSv1_2));
547 818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	380
2123 9697407e9ecb ) ssl_verify_client ask Igor Sysoev <igor@sysoev.ru>* parents: 2045 diff changeset	381 ngx_conf_merge_uint_value(conf->verify, prev->verify, 0);
9697407e9ecb ) ssl_verify_client ask Igor Sysoev <igor@sysoev.ru>* parents: 2045 diff changeset	382 ngx_conf_merge_uint_value(conf->verify_depth, prev->verify_depth, 1);
647 95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	383
2224 109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	384 ngx_conf_merge_str_value(conf->certificate, prev->certificate, "");
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	385 ngx_conf_merge_str_value(conf->certificate_key, prev->certificate_key, "");
383 c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	386
2044 f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	387 ngx_conf_merge_str_value(conf->dhparam, prev->dhparam, "");
f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	388
647 95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	389 ngx_conf_merge_str_value(conf->client_certificate, prev->client_certificate,
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	390 "");
4872 7c3cca603438 OCSP stapling: ssl_trusted_certificate directive. Maxim Dounin <mdounin@mdounin.ru> parents: 4412 diff changeset	391 ngx_conf_merge_str_value(conf->trusted_certificate,
7c3cca603438 OCSP stapling: ssl_trusted_certificate directive. Maxim Dounin <mdounin@mdounin.ru> parents: 4412 diff changeset	392 prev->trusted_certificate, "");
2995 cc07d164f0dc ssl_crl Igor Sysoev <igor@sysoev.ru> parents: 2994 diff changeset	393 ngx_conf_merge_str_value(conf->crl, prev->crl, "");
647 95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	394
3960 0832a6997227 ECDHE support Igor Sysoev <igor@sysoev.ru> parents: 3959 diff changeset	395 ngx_conf_merge_str_value(conf->ecdh_curve, prev->ecdh_curve,
0832a6997227 ECDHE support Igor Sysoev <igor@sysoev.ru> parents: 3959 diff changeset	396 NGX_DEFAULT_ECDH_CURVE);
0832a6997227 ECDHE support Igor Sysoev <igor@sysoev.ru> parents: 3959 diff changeset	397
2124 e0b424b98f24 fix typo Igor Sysoev <igor@sysoev.ru> parents: 2123 diff changeset	398 ngx_conf_merge_str_value(conf->ciphers, prev->ciphers, NGX_DEFAULT_CIPHERS);
479 c52408583801 nginx-0.1.14-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 444 diff changeset	399
c52408583801 nginx-0.1.14-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 444 diff changeset	400
547 818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	401 conf->ssl.log = cf->log;
386 fa72605e7089 nginx-0.0.7-2004-07-12-01:03:47 import Igor Sysoev <igor@sysoev.ru> parents: 385 diff changeset	402
2224 109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	403 if (conf->enable) {
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	404
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	405 if (conf->certificate.len == 0) {
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	406 ngx_log_error(NGX_LOG_EMERG, cf->log, 0,
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	407 "no \"ssl_certificate\" is defined for "
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	408 "the \"ssl\" directive in %s:%ui",
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	409 conf->file, conf->line);
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	410 return NGX_CONF_ERROR;
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	411 }
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	412
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	413 if (conf->certificate_key.len == 0) {
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	414 ngx_log_error(NGX_LOG_EMERG, cf->log, 0,
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	415 "no \"ssl_certificate_key\" is defined for "
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	416 "the \"ssl\" directive in %s:%ui",
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	417 conf->file, conf->line);
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	418 return NGX_CONF_ERROR;
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	419 }
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	420
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	421 } else {
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	422
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	423 if (conf->certificate.len == 0) {
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	424 return NGX_CONF_OK;
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	425 }
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	426
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	427 if (conf->certificate_key.len == 0) {
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	428 ngx_log_error(NGX_LOG_EMERG, cf->log, 0,
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	429 "no \"ssl_certificate_key\" is defined "
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	430 "for certificate \"%V\"", &conf->certificate);
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	431 return NGX_CONF_ERROR;
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	432 }
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	433 }
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	434
969 065b39794fff ngx_ssl_get_server_conf() Igor Sysoev <igor@sysoev.ru> parents: 671 diff changeset	435 if (ngx_ssl_create(&conf->ssl, conf->protocols, conf) != NGX_OK) {
386 fa72605e7089 nginx-0.0.7-2004-07-12-01:03:47 import Igor Sysoev <igor@sysoev.ru> parents: 385 diff changeset	436 return NGX_CONF_ERROR;
fa72605e7089 nginx-0.0.7-2004-07-12-01:03:47 import Igor Sysoev <igor@sysoev.ru> parents: 385 diff changeset	437 }
fa72605e7089 nginx-0.0.7-2004-07-12-01:03:47 import Igor Sysoev <igor@sysoev.ru> parents: 385 diff changeset	438
1219 86c5c9288acc SNI support Igor Sysoev <igor@sysoev.ru> parents: 974 diff changeset	439 #ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
86c5c9288acc SNI support Igor Sysoev <igor@sysoev.ru> parents: 974 diff changeset	440
86c5c9288acc SNI support Igor Sysoev <igor@sysoev.ru> parents: 974 diff changeset	441 if (SSL_CTX_set_tlsext_servername_callback(conf->ssl.ctx,
86c5c9288acc SNI support Igor Sysoev <igor@sysoev.ru> parents: 974 diff changeset	442 ngx_http_ssl_servername)
86c5c9288acc SNI support Igor Sysoev <igor@sysoev.ru> parents: 974 diff changeset	443 == 0)
86c5c9288acc SNI support Igor Sysoev <igor@sysoev.ru> parents: 974 diff changeset	444 {
3140 ba9a8ba4207e ) issue warning instead of failure: this is too common case Igor Sysoev <igor@sysoev.ru>* parents: 2996 diff changeset	445 ngx_log_error(NGX_LOG_WARN, cf->log, 0,
3209 b82c623a607e fix typo Igor Sysoev <igor@sysoev.ru> parents: 3196 diff changeset	446 "nginx was built with SNI support, however, now it is linked "
3140 ba9a8ba4207e ) issue warning instead of failure: this is too common case Igor Sysoev <igor@sysoev.ru>* parents: 2996 diff changeset	447 "dynamically to an OpenSSL library which has no tlsext support, "
ba9a8ba4207e ) issue warning instead of failure: this is too common case Igor Sysoev <igor@sysoev.ru>* parents: 2996 diff changeset	448 "therefore SNI is not available");
1219 86c5c9288acc SNI support Igor Sysoev <igor@sysoev.ru> parents: 974 diff changeset	449 }
86c5c9288acc SNI support Igor Sysoev <igor@sysoev.ru> parents: 974 diff changeset	450
86c5c9288acc SNI support Igor Sysoev <igor@sysoev.ru> parents: 974 diff changeset	451 #endif
86c5c9288acc SNI support Igor Sysoev <igor@sysoev.ru> parents: 974 diff changeset	452
563 9c2f3ed7a247 nginx-0.3.3-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 547 diff changeset	453 cln = ngx_pool_cleanup_add(cf->pool, 0);
9c2f3ed7a247 nginx-0.3.3-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 547 diff changeset	454 if (cln == NULL) {
509 9b8c906f6e63 nginx-0.1.29-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 507 diff changeset	455 return NGX_CONF_ERROR;
9b8c906f6e63 nginx-0.1.29-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 507 diff changeset	456 }
9b8c906f6e63 nginx-0.1.29-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 507 diff changeset	457
563 9c2f3ed7a247 nginx-0.3.3-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 547 diff changeset	458 cln->handler = ngx_ssl_cleanup_ctx;
9c2f3ed7a247 nginx-0.3.3-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 547 diff changeset	459 cln->data = &conf->ssl;
9c2f3ed7a247 nginx-0.3.3-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 547 diff changeset	460
9c2f3ed7a247 nginx-0.3.3-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 547 diff changeset	461 if (ngx_ssl_certificate(cf, &conf->ssl, &conf->certificate,
970 35f98a8e275f style fix Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	462 &conf->certificate_key)
35f98a8e275f style fix Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	463 != NGX_OK)
529 e5d7d0334fdb nginx-0.1.39-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 509 diff changeset	464 {
386 fa72605e7089 nginx-0.0.7-2004-07-12-01:03:47 import Igor Sysoev <igor@sysoev.ru> parents: 385 diff changeset	465 return NGX_CONF_ERROR;
fa72605e7089 nginx-0.0.7-2004-07-12-01:03:47 import Igor Sysoev <igor@sysoev.ru> parents: 385 diff changeset	466 }
fa72605e7089 nginx-0.0.7-2004-07-12-01:03:47 import Igor Sysoev <igor@sysoev.ru> parents: 385 diff changeset	467
547 818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	468 if (SSL_CTX_set_cipher_list(conf->ssl.ctx,
563 9c2f3ed7a247 nginx-0.3.3-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 547 diff changeset	469 (const char *) conf->ciphers.data)
9c2f3ed7a247 nginx-0.3.3-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 547 diff changeset	470 == 0)
529 e5d7d0334fdb nginx-0.1.39-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 509 diff changeset	471 {
395 f8f0f1834266 nginx-0.0.7-2004-07-16-21:11:43 import Igor Sysoev <igor@sysoev.ru> parents: 394 diff changeset	472 ngx_ssl_error(NGX_LOG_EMERG, cf->log, 0,
547 818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	473 "SSL_CTX_set_cipher_list(\"%V\") failed",
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	474 &conf->ciphers);
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	475 }
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	476
647 95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	477 if (conf->verify) {
2123 9697407e9ecb ) ssl_verify_client ask Igor Sysoev <igor@sysoev.ru>* parents: 2045 diff changeset	478
9697407e9ecb ) ssl_verify_client ask Igor Sysoev <igor@sysoev.ru>* parents: 2045 diff changeset	479 if (conf->client_certificate.len == 0) {
9697407e9ecb ) ssl_verify_client ask Igor Sysoev <igor@sysoev.ru>* parents: 2045 diff changeset	480 ngx_log_error(NGX_LOG_EMERG, cf->log, 0,
9697407e9ecb ) ssl_verify_client ask Igor Sysoev <igor@sysoev.ru>* parents: 2045 diff changeset	481 "no ssl_client_certificate for ssl_client_verify");
9697407e9ecb ) ssl_verify_client ask Igor Sysoev <igor@sysoev.ru>* parents: 2045 diff changeset	482 return NGX_CONF_ERROR;
9697407e9ecb ) ssl_verify_client ask Igor Sysoev <igor@sysoev.ru>* parents: 2045 diff changeset	483 }
9697407e9ecb ) ssl_verify_client ask Igor Sysoev <igor@sysoev.ru>* parents: 2045 diff changeset	484
671 cec32b3753ac nginx-0.3.57-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 669 diff changeset	485 if (ngx_ssl_client_certificate(cf, &conf->ssl,
970 35f98a8e275f style fix Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	486 &conf->client_certificate,
35f98a8e275f style fix Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	487 conf->verify_depth)
671 cec32b3753ac nginx-0.3.57-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 669 diff changeset	488 != NGX_OK)
cec32b3753ac nginx-0.3.57-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 669 diff changeset	489 {
cec32b3753ac nginx-0.3.57-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 669 diff changeset	490 return NGX_CONF_ERROR;
647 95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	491 }
4872 7c3cca603438 OCSP stapling: ssl_trusted_certificate directive. Maxim Dounin <mdounin@mdounin.ru> parents: 4412 diff changeset	492 }
2995 cc07d164f0dc ssl_crl Igor Sysoev <igor@sysoev.ru> parents: 2994 diff changeset	493
4872 7c3cca603438 OCSP stapling: ssl_trusted_certificate directive. Maxim Dounin <mdounin@mdounin.ru> parents: 4412 diff changeset	494 if (ngx_ssl_trusted_certificate(cf, &conf->ssl,
7c3cca603438 OCSP stapling: ssl_trusted_certificate directive. Maxim Dounin <mdounin@mdounin.ru> parents: 4412 diff changeset	495 &conf->trusted_certificate,
7c3cca603438 OCSP stapling: ssl_trusted_certificate directive. Maxim Dounin <mdounin@mdounin.ru> parents: 4412 diff changeset	496 conf->verify_depth)
7c3cca603438 OCSP stapling: ssl_trusted_certificate directive. Maxim Dounin <mdounin@mdounin.ru> parents: 4412 diff changeset	497 != NGX_OK)
7c3cca603438 OCSP stapling: ssl_trusted_certificate directive. Maxim Dounin <mdounin@mdounin.ru> parents: 4412 diff changeset	498 {
7c3cca603438 OCSP stapling: ssl_trusted_certificate directive. Maxim Dounin <mdounin@mdounin.ru> parents: 4412 diff changeset	499 return NGX_CONF_ERROR;
7c3cca603438 OCSP stapling: ssl_trusted_certificate directive. Maxim Dounin <mdounin@mdounin.ru> parents: 4412 diff changeset	500 }
7c3cca603438 OCSP stapling: ssl_trusted_certificate directive. Maxim Dounin <mdounin@mdounin.ru> parents: 4412 diff changeset	501
7c3cca603438 OCSP stapling: ssl_trusted_certificate directive. Maxim Dounin <mdounin@mdounin.ru> parents: 4412 diff changeset	502 if (ngx_ssl_crl(cf, &conf->ssl, &conf->crl) != NGX_OK) {
7c3cca603438 OCSP stapling: ssl_trusted_certificate directive. Maxim Dounin <mdounin@mdounin.ru> parents: 4412 diff changeset	503 return NGX_CONF_ERROR;
647 95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	504 }
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	505
547 818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	506 if (conf->prefer_server_ciphers) {
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	507 SSL_CTX_set_options(conf->ssl.ctx, SSL_OP_CIPHER_SERVER_PREFERENCE);
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	508 }
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	509
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	510 /* a temporary 512-bit RSA key is required for export versions of MSIE */
3959 b1f48fa31e6c MSIE export versions are rare now, so RSA 512 key is generated on demand Igor Sysoev <igor@sysoev.ru> parents: 3938 diff changeset	511 SSL_CTX_set_tmp_rsa_callback(conf->ssl.ctx, ngx_ssl_rsa512_key_callback);
386 fa72605e7089 nginx-0.0.7-2004-07-12-01:03:47 import Igor Sysoev <igor@sysoev.ru> parents: 385 diff changeset	512
2044 f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	513 if (ngx_ssl_dhparam(cf, &conf->ssl, &conf->dhparam) != NGX_OK) {
f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	514 return NGX_CONF_ERROR;
f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	515 }
f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	516
3960 0832a6997227 ECDHE support Igor Sysoev <igor@sysoev.ru> parents: 3959 diff changeset	517 if (ngx_ssl_ecdh_curve(cf, &conf->ssl, &conf->ecdh_curve) != NGX_OK) {
0832a6997227 ECDHE support Igor Sysoev <igor@sysoev.ru> parents: 3959 diff changeset	518 return NGX_CONF_ERROR;
0832a6997227 ECDHE support Igor Sysoev <igor@sysoev.ru> parents: 3959 diff changeset	519 }
0832a6997227 ECDHE support Igor Sysoev <igor@sysoev.ru> parents: 3959 diff changeset	520
973 e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	521 ngx_conf_merge_value(conf->builtin_session_cache,
2032 12b3ad3353f9 ssl_session_cache none Igor Sysoev <igor@sysoev.ru> parents: 1778 diff changeset	522 prev->builtin_session_cache, NGX_SSL_NONE_SCACHE);
973 e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	523
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	524 if (conf->shm_zone == NULL) {
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	525 conf->shm_zone = prev->shm_zone;
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	526 }
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	527
974 8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 973 diff changeset	528 if (ngx_ssl_session_cache(&conf->ssl, &ngx_http_ssl_sess_id_ctx,
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 973 diff changeset	529 conf->builtin_session_cache,
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 973 diff changeset	530 conf->shm_zone, conf->session_timeout)
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 973 diff changeset	531 != NGX_OK)
973 e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	532 {
974 8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 973 diff changeset	533 return NGX_CONF_ERROR;
973 e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	534 }
573 58475592100c nginx-0.3.8-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 563 diff changeset	535
383 c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	536 return NGX_CONF_OK;
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	537 }
563 9c2f3ed7a247 nginx-0.3.3-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 547 diff changeset	538
9c2f3ed7a247 nginx-0.3.3-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 547 diff changeset	539
973 e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	540 static char *
2224 109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	541 ngx_http_ssl_enable(ngx_conf_t cf, ngx_command_t cmd, void *conf)
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	542 {
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	543 ngx_http_ssl_srv_conf_t *sscf = conf;
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	544
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	545 char *rv;
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	546
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	547 rv = ngx_conf_set_flag_slot(cf, cmd, conf);
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	548
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	549 if (rv != NGX_CONF_OK) {
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	550 return rv;
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	551 }
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	552
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	553 sscf->file = cf->conf_file->file.name.data;
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	554 sscf->line = cf->conf_file->line;
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	555
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	556 return NGX_CONF_OK;
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	557 }
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	558
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	559
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	560 static char *
973 e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	561 ngx_http_ssl_session_cache(ngx_conf_t cf, ngx_command_t cmd, void *conf)
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	562 {
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	563 ngx_http_ssl_srv_conf_t *sscf = conf;
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	564
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	565 size_t len;
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	566 ngx_str_t *value, name, size;
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	567 ngx_int_t n;
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	568 ngx_uint_t i, j;
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	569
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	570 value = cf->args->elts;
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	571
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	572 for (i = 1; i < cf->args->nelts; i++) {
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	573
1778 14510c3cc6cb ssl_session_cache off Igor Sysoev <igor@sysoev.ru> parents: 1565 diff changeset	574 if (ngx_strcmp(value[i].data, "off") == 0) {
14510c3cc6cb ssl_session_cache off Igor Sysoev <igor@sysoev.ru> parents: 1565 diff changeset	575 sscf->builtin_session_cache = NGX_SSL_NO_SCACHE;
14510c3cc6cb ssl_session_cache off Igor Sysoev <igor@sysoev.ru> parents: 1565 diff changeset	576 continue;
14510c3cc6cb ssl_session_cache off Igor Sysoev <igor@sysoev.ru> parents: 1565 diff changeset	577 }
14510c3cc6cb ssl_session_cache off Igor Sysoev <igor@sysoev.ru> parents: 1565 diff changeset	578
2032 12b3ad3353f9 ssl_session_cache none Igor Sysoev <igor@sysoev.ru> parents: 1778 diff changeset	579 if (ngx_strcmp(value[i].data, "none") == 0) {
12b3ad3353f9 ssl_session_cache none Igor Sysoev <igor@sysoev.ru> parents: 1778 diff changeset	580 sscf->builtin_session_cache = NGX_SSL_NONE_SCACHE;
12b3ad3353f9 ssl_session_cache none Igor Sysoev <igor@sysoev.ru> parents: 1778 diff changeset	581 continue;
12b3ad3353f9 ssl_session_cache none Igor Sysoev <igor@sysoev.ru> parents: 1778 diff changeset	582 }
12b3ad3353f9 ssl_session_cache none Igor Sysoev <igor@sysoev.ru> parents: 1778 diff changeset	583
973 e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	584 if (ngx_strcmp(value[i].data, "builtin") == 0) {
974 8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 973 diff changeset	585 sscf->builtin_session_cache = NGX_SSL_DFLT_BUILTIN_SCACHE;
973 e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	586 continue;
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	587 }
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	588
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	589 if (value[i].len > sizeof("builtin:") - 1
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	590 && ngx_strncmp(value[i].data, "builtin:", sizeof("builtin:") - 1)
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	591 == 0)
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	592 {
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	593 n = ngx_atoi(value[i].data + sizeof("builtin:") - 1,
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	594 value[i].len - (sizeof("builtin:") - 1));
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	595
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	596 if (n == NGX_ERROR) {
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	597 goto invalid;
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	598 }
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	599
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	600 sscf->builtin_session_cache = n;
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	601
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	602 continue;
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	603 }
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	604
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	605 if (value[i].len > sizeof("shared:") - 1
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	606 && ngx_strncmp(value[i].data, "shared:", sizeof("shared:") - 1)
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	607 == 0)
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	608 {
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	609 len = 0;
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	610
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	611 for (j = sizeof("shared:") - 1; j < value[i].len; j++) {
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	612 if (value[i].data[j] == ':') {
2716 d5896f6608e8 move zone name from ngx_shm_zone_t to ngx_shm_t to use Win32 shared memory Igor Sysoev <igor@sysoev.ru> parents: 2710 diff changeset	613 value[i].data[j] = '\0';
973 e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	614 break;
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	615 }
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	616
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	617 len++;
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	618 }
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	619
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	620 if (len == 0) {
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	621 goto invalid;
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	622 }
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	623
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	624 name.len = len;
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	625 name.data = value[i].data + sizeof("shared:") - 1;
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	626
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	627 size.len = value[i].len - j - 1;
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	628 size.data = name.data + len + 1;
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	629
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	630 n = ngx_parse_size(&size);
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	631
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	632 if (n == NGX_ERROR) {
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	633 goto invalid;
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	634 }
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	635
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	636 if (n < (ngx_int_t) (8 * ngx_pagesize)) {
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	637 ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
974 8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 973 diff changeset	638 "session cache \"%V\" is too small",
973 e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	639 &value[i]);
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	640
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	641 return NGX_CONF_ERROR;
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	642 }
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	643
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	644 sscf->shm_zone = ngx_shared_memory_add(cf, &name, n,
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	645 &ngx_http_ssl_module);
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	646 if (sscf->shm_zone == NULL) {
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	647 return NGX_CONF_ERROR;
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	648 }
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	649
4153 7de74ed694c8 Fix for "ssl_session_cache builtin" (broken since 1.1.1, r3993). Maxim Dounin <mdounin@mdounin.ru> parents: 3992 diff changeset	650 sscf->shm_zone->init = ngx_ssl_session_cache_init;
7de74ed694c8 Fix for "ssl_session_cache builtin" (broken since 1.1.1, r3993). Maxim Dounin <mdounin@mdounin.ru> parents: 3992 diff changeset	651
973 e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	652 continue;
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	653 }
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	654
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	655 goto invalid;
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	656 }
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	657
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	658 if (sscf->shm_zone && sscf->builtin_session_cache == NGX_CONF_UNSET) {
974 8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 973 diff changeset	659 sscf->builtin_session_cache = NGX_SSL_NO_BUILTIN_SCACHE;
973 e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	660 }
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	661
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	662 return NGX_CONF_OK;
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	663
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	664 invalid:
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	665
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	666 ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	667 "invalid session cache \"%V\"", &value[i]);
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	668
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	669 return NGX_CONF_ERROR;
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	670 }

Mercurial > hg > nginx

annotate src/http/modules/ngx_http_ssl_module.c @ 4872:7c3cca603438