nginx: src/http/modules/ngx_http_ssl

annotate src/http/modules/ngx_http_ssl_module.h @ 7653:8409f9df6219

SSL: client certificate validation with OCSP (ticket #1534). OCSP validation for client certificates is enabled by the "ssl_ocsp" directive. OCSP responder can be optionally specified by "ssl_ocsp_responder". When session is reused, peer chain is not available for validation. If the verified chain contains certificates from the peer chain not available at the server, validation will fail.

author	Roman Arutyunyan <arut@nginx.com>
date	Fri, 22 May 2020 17:30:12 +0300
parents	be2af41d3620
children	b56f725dd4bb

rev	line source
441 da8c5707af39 nginx-0.1.0-2004-09-28-12:34:51 import; set copyright and remove unused files Igor Sysoev <igor@sysoev.ru> parents: 395 diff changeset	1
da8c5707af39 nginx-0.1.0-2004-09-28-12:34:51 import; set copyright and remove unused files Igor Sysoev <igor@sysoev.ru> parents: 395 diff changeset	2 /*
444 42d11f017717 nginx-0.1.0-2004-09-29-20:00:49 import; remove years from copyright Igor Sysoev <igor@sysoev.ru> parents: 441 diff changeset	3 * Copyright (C) Igor Sysoev
4412 d620f497c50f Copyright updated. Maxim Konovalov <maxim@nginx.com> parents: 3960 diff changeset	4 * Copyright (C) Nginx, Inc.
441 da8c5707af39 nginx-0.1.0-2004-09-28-12:34:51 import; set copyright and remove unused files Igor Sysoev <igor@sysoev.ru> parents: 395 diff changeset	5 */
da8c5707af39 nginx-0.1.0-2004-09-28-12:34:51 import; set copyright and remove unused files Igor Sysoev <igor@sysoev.ru> parents: 395 diff changeset	6
da8c5707af39 nginx-0.1.0-2004-09-28-12:34:51 import; set copyright and remove unused files Igor Sysoev <igor@sysoev.ru> parents: 395 diff changeset	7
395 f8f0f1834266 nginx-0.0.7-2004-07-16-21:11:43 import Igor Sysoev <igor@sysoev.ru> parents: 393 diff changeset	8 #ifndef _NGX_HTTP_SSL_H_INCLUDED_
f8f0f1834266 nginx-0.0.7-2004-07-16-21:11:43 import Igor Sysoev <igor@sysoev.ru> parents: 393 diff changeset	9 #define _NGX_HTTP_SSL_H_INCLUDED_
383 c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	10
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	11
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	12 #include <ngx_config.h>
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	13 #include <ngx_core.h>
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	14 #include <ngx_http.h>
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	15
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	16
973 e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 647 diff changeset	17 typedef struct {
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 647 diff changeset	18 ngx_flag_t enable;
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 647 diff changeset	19
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 647 diff changeset	20 ngx_ssl_t ssl;
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 647 diff changeset	21
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 647 diff changeset	22 ngx_flag_t prefer_server_ciphers;
7333 ba971deb4b44 SSL: support for TLSv1.3 early data with BoringSSL. Maxim Dounin <mdounin@mdounin.ru> parents: 6550 diff changeset	23 ngx_flag_t early_data;
573 58475592100c nginx-0.3.8-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 547 diff changeset	24
973 e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 647 diff changeset	25 ngx_uint_t protocols;
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 647 diff changeset	26
2123 9697407e9ecb ) ssl_verify_client ask Igor Sysoev <igor@sysoev.ru>* parents: 2044 diff changeset	27 ngx_uint_t verify;
9697407e9ecb ) ssl_verify_client ask Igor Sysoev <igor@sysoev.ru>* parents: 2044 diff changeset	28 ngx_uint_t verify_depth;
973 e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 647 diff changeset	29
5487 a297b7ad6f94 SSL: ssl_buffer_size directive. Maxim Dounin <mdounin@mdounin.ru> parents: 5425 diff changeset	30 size_t buffer_size;
a297b7ad6f94 SSL: ssl_buffer_size directive. Maxim Dounin <mdounin@mdounin.ru> parents: 5425 diff changeset	31
973 e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 647 diff changeset	32 ssize_t builtin_session_cache;
393 5659d773cfa8 nginx-0.0.7-2004-07-15-20:35:51 import Igor Sysoev <igor@sysoev.ru> parents: 392 diff changeset	33
973 e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 647 diff changeset	34 time_t session_timeout;
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 647 diff changeset	35
6550 51e1f047d15d SSL: support for multiple certificates (ticket #814). Maxim Dounin <mdounin@mdounin.ru> parents: 5744 diff changeset	36 ngx_array_t *certificates;
51e1f047d15d SSL: support for multiple certificates (ticket #814). Maxim Dounin <mdounin@mdounin.ru> parents: 5744 diff changeset	37 ngx_array_t *certificate_keys;
51e1f047d15d SSL: support for multiple certificates (ticket #814). Maxim Dounin <mdounin@mdounin.ru> parents: 5744 diff changeset	38
7462 be2af41d3620 SSL: variables support in ssl_certificate and ssl_certificate_key. Maxim Dounin <mdounin@mdounin.ru> parents: 7333 diff changeset	39 ngx_array_t *certificate_values;
be2af41d3620 SSL: variables support in ssl_certificate and ssl_certificate_key. Maxim Dounin <mdounin@mdounin.ru> parents: 7333 diff changeset	40 ngx_array_t *certificate_key_values;
be2af41d3620 SSL: variables support in ssl_certificate and ssl_certificate_key. Maxim Dounin <mdounin@mdounin.ru> parents: 7333 diff changeset	41
2044 f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 974 diff changeset	42 ngx_str_t dhparam;
3960 0832a6997227 ECDHE support Igor Sysoev <igor@sysoev.ru> parents: 2995 diff changeset	43 ngx_str_t ecdh_curve;
973 e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 647 diff changeset	44 ngx_str_t client_certificate;
4872 7c3cca603438 OCSP stapling: ssl_trusted_certificate directive. Maxim Dounin <mdounin@mdounin.ru> parents: 4412 diff changeset	45 ngx_str_t trusted_certificate;
2995 cc07d164f0dc ssl_crl Igor Sysoev <igor@sysoev.ru> parents: 2224 diff changeset	46 ngx_str_t crl;
973 e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 647 diff changeset	47
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 647 diff changeset	48 ngx_str_t ciphers;
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 647 diff changeset	49
5744 42114bf12da0 SSL: the "ssl_password_file" directive. Valentin Bartenev <vbart@nginx.com> parents: 5503 diff changeset	50 ngx_array_t *passwords;
42114bf12da0 SSL: the "ssl_password_file" directive. Valentin Bartenev <vbart@nginx.com> parents: 5503 diff changeset	51
973 e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 647 diff changeset	52 ngx_shm_zone_t *shm_zone;
2224 109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2123 diff changeset	53
5503 d049b0ea00a3 SSL: ssl_session_tickets directive. Dirkjan Bussink <d.bussink@gmail.com> parents: 5487 diff changeset	54 ngx_flag_t session_tickets;
5425 1356a3b96924 SSL: added ability to set keys used for Session Tickets (RFC5077). Piotr Sikora <piotr@cloudflare.com> parents: 4879 diff changeset	55 ngx_array_t *session_ticket_keys;
1356a3b96924 SSL: added ability to set keys used for Session Tickets (RFC5077). Piotr Sikora <piotr@cloudflare.com> parents: 4879 diff changeset	56
7653 8409f9df6219 SSL: client certificate validation with OCSP (ticket #1534). Roman Arutyunyan <arut@nginx.com> parents: 7462 diff changeset	57 ngx_uint_t ocsp;
8409f9df6219 SSL: client certificate validation with OCSP (ticket #1534). Roman Arutyunyan <arut@nginx.com> parents: 7462 diff changeset	58 ngx_str_t ocsp_responder;
8409f9df6219 SSL: client certificate validation with OCSP (ticket #1534). Roman Arutyunyan <arut@nginx.com> parents: 7462 diff changeset	59
4873 dd74fd35ceb5 OCSP stapling: ssl_stapling_file support. Maxim Dounin <mdounin@mdounin.ru> parents: 4872 diff changeset	60 ngx_flag_t stapling;
4879 4a804fd04e6c OCSP stapling: ssl_stapling_verify directive. Maxim Dounin <mdounin@mdounin.ru> parents: 4875 diff changeset	61 ngx_flag_t stapling_verify;
4873 dd74fd35ceb5 OCSP stapling: ssl_stapling_file support. Maxim Dounin <mdounin@mdounin.ru> parents: 4872 diff changeset	62 ngx_str_t stapling_file;
4875 386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4873 diff changeset	63 ngx_str_t stapling_responder;
4873 dd74fd35ceb5 OCSP stapling: ssl_stapling_file support. Maxim Dounin <mdounin@mdounin.ru> parents: 4872 diff changeset	64
2224 109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2123 diff changeset	65 u_char *file;
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2123 diff changeset	66 ngx_uint_t line;
393 5659d773cfa8 nginx-0.0.7-2004-07-15-20:35:51 import Igor Sysoev <igor@sysoev.ru> parents: 392 diff changeset	67 } ngx_http_ssl_srv_conf_t;
386 fa72605e7089 nginx-0.0.7-2004-07-12-01:03:47 import Igor Sysoev <igor@sysoev.ru> parents: 384 diff changeset	68
fa72605e7089 nginx-0.0.7-2004-07-12-01:03:47 import Igor Sysoev <igor@sysoev.ru> parents: 384 diff changeset	69
395 f8f0f1834266 nginx-0.0.7-2004-07-16-21:11:43 import Igor Sysoev <igor@sysoev.ru> parents: 393 diff changeset	70 extern ngx_module_t ngx_http_ssl_module;
393 5659d773cfa8 nginx-0.0.7-2004-07-15-20:35:51 import Igor Sysoev <igor@sysoev.ru> parents: 392 diff changeset	71
5659d773cfa8 nginx-0.0.7-2004-07-15-20:35:51 import Igor Sysoev <igor@sysoev.ru> parents: 392 diff changeset	72
395 f8f0f1834266 nginx-0.0.7-2004-07-16-21:11:43 import Igor Sysoev <igor@sysoev.ru> parents: 393 diff changeset	73 #endif /* _NGX_HTTP_SSL_H_INCLUDED_ */

Mercurial > hg > nginx

annotate src/http/modules/ngx_http_ssl_module.h @ 7653:8409f9df6219