Mercurial > hg > nginx
annotate src/http/modules/ngx_http_ssl_module.c @ 3440:88741ec7731a stable-0.7
merge r3294, r3305:
Fix a bug introduced in r2032: After a child process has read a terminate
message from a channel, the process tries to read the channel again.
The kernel (at least FreeBSD) may preempt the process and sends a SIGIO
signal to a master process. The master process sends a new terminate message,
the kernel switches again to the the child process, and the child process
reads the messages instead of an EAGAIN error. And this may repeat over
and over. Being that the child process can not exit the cycle and test
the termination flag set by the message handler.
The fix disallow the master process to send a new terminate message on
SIGIO signal reception. It may send the message only on SIGALARM signal.
| author | Igor Sysoev <igor@sysoev.ru> |
|---|---|
| date | Mon, 01 Feb 2010 15:49:36 +0000 |
| parents | 966f9cf9c7da |
| children |
| rev | line source |
|---|---|
|
441
da8c5707af39
nginx-0.1.0-2004-09-28-12:34:51 import; set copyright and remove unused files
Igor Sysoev <igor@sysoev.ru>
parents:
396
diff
changeset
|
1 |
|
da8c5707af39
nginx-0.1.0-2004-09-28-12:34:51 import; set copyright and remove unused files
Igor Sysoev <igor@sysoev.ru>
parents:
396
diff
changeset
|
2 /* |
|
444
42d11f017717
nginx-0.1.0-2004-09-29-20:00:49 import; remove years from copyright
Igor Sysoev <igor@sysoev.ru>
parents:
441
diff
changeset
|
3 * Copyright (C) Igor Sysoev |
|
441
da8c5707af39
nginx-0.1.0-2004-09-28-12:34:51 import; set copyright and remove unused files
Igor Sysoev <igor@sysoev.ru>
parents:
396
diff
changeset
|
4 */ |
|
da8c5707af39
nginx-0.1.0-2004-09-28-12:34:51 import; set copyright and remove unused files
Igor Sysoev <igor@sysoev.ru>
parents:
396
diff
changeset
|
5 |
|
383
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
6 |
|
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
7 #include <ngx_config.h> |
|
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
8 #include <ngx_core.h> |
|
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
9 #include <ngx_http.h> |
|
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
10 |
| 573 | 11 |
| 671 | 12 typedef ngx_int_t (*ngx_ssl_variable_handler_pt)(ngx_connection_t *c, |
| 13 ngx_pool_t *pool, ngx_str_t *s); | |
| 611 | 14 |
| 15 | |
|
3430
966f9cf9c7da
merge r3155, r3156, r3160, r969, r3191, r3197, r3358:
Igor Sysoev <igor@sysoev.ru>
parents:
3243
diff
changeset
|
16 #define NGX_DEFAULT_CIPHERS "HIGH:!ADH:!MD5" |
|
383
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
17 |
|
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
18 |
| 671 | 19 static ngx_int_t ngx_http_ssl_static_variable(ngx_http_request_t *r, |
| 611 | 20 ngx_http_variable_value_t *v, uintptr_t data); |
| 671 | 21 static ngx_int_t ngx_http_ssl_variable(ngx_http_request_t *r, |
| 647 | 22 ngx_http_variable_value_t *v, uintptr_t data); |
| 611 | 23 |
| 24 static ngx_int_t ngx_http_ssl_add_variables(ngx_conf_t *cf); | |
|
383
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
25 static void *ngx_http_ssl_create_srv_conf(ngx_conf_t *cf); |
|
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
26 static char *ngx_http_ssl_merge_srv_conf(ngx_conf_t *cf, |
| 501 | 27 void *parent, void *child); |
|
383
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
28 |
| 2224 | 29 static char *ngx_http_ssl_enable(ngx_conf_t *cf, ngx_command_t *cmd, |
| 30 void *conf); | |
| 973 | 31 static char *ngx_http_ssl_session_cache(ngx_conf_t *cf, ngx_command_t *cmd, |
| 32 void *conf); | |
| 33 | |
|
383
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
34 |
| 547 | 35 static ngx_conf_bitmask_t ngx_http_ssl_protocols[] = { |
| 36 { ngx_string("SSLv2"), NGX_SSL_SSLv2 }, | |
| 37 { ngx_string("SSLv3"), NGX_SSL_SSLv3 }, | |
| 38 { ngx_string("TLSv1"), NGX_SSL_TLSv1 }, | |
| 39 { ngx_null_string, 0 } | |
| 40 }; | |
| 41 | |
| 42 | |
| 2123 | 43 static ngx_conf_enum_t ngx_http_ssl_verify[] = { |
| 44 { ngx_string("off"), 0 }, | |
| 45 { ngx_string("on"), 1 }, | |
|
3243
08570d26c7c5
merge r2995, r2996, r2997, r2998, r3003, r3141, r3210, r3211, r3232:
Igor Sysoev <igor@sysoev.ru>
parents:
3237
diff
changeset
|
46 { ngx_string("optional"), 2 }, |
| 2123 | 47 { ngx_null_string, 0 } |
| 48 }; | |
| 49 | |
| 50 | |
|
395
f8f0f1834266
nginx-0.0.7-2004-07-16-21:11:43 import
Igor Sysoev <igor@sysoev.ru>
parents:
394
diff
changeset
|
51 static ngx_command_t ngx_http_ssl_commands[] = { |
|
383
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
52 |
|
393
5659d773cfa8
nginx-0.0.7-2004-07-15-20:35:51 import
Igor Sysoev <igor@sysoev.ru>
parents:
392
diff
changeset
|
53 { ngx_string("ssl"), |
| 599 | 54 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_FLAG, |
| 2224 | 55 ngx_http_ssl_enable, |
|
383
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
56 NGX_HTTP_SRV_CONF_OFFSET, |
|
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
57 offsetof(ngx_http_ssl_srv_conf_t, enable), |
|
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
58 NULL }, |
|
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
59 |
|
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
60 { ngx_string("ssl_certificate"), |
| 599 | 61 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_TAKE1, |
|
383
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
62 ngx_conf_set_str_slot, |
|
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
63 NGX_HTTP_SRV_CONF_OFFSET, |
|
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
64 offsetof(ngx_http_ssl_srv_conf_t, certificate), |
|
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
65 NULL }, |
|
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
66 |
|
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
67 { ngx_string("ssl_certificate_key"), |
| 599 | 68 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_TAKE1, |
|
383
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
69 ngx_conf_set_str_slot, |
|
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
70 NGX_HTTP_SRV_CONF_OFFSET, |
|
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
71 offsetof(ngx_http_ssl_srv_conf_t, certificate_key), |
|
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
72 NULL }, |
|
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
73 |
| 2044 | 74 { ngx_string("ssl_dhparam"), |
| 75 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_TAKE1, | |
| 76 ngx_conf_set_str_slot, | |
| 77 NGX_HTTP_SRV_CONF_OFFSET, | |
| 78 offsetof(ngx_http_ssl_srv_conf_t, dhparam), | |
| 79 NULL }, | |
| 80 | |
| 547 | 81 { ngx_string("ssl_protocols"), |
| 563 | 82 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_1MORE, |
| 547 | 83 ngx_conf_set_bitmask_slot, |
| 84 NGX_HTTP_SRV_CONF_OFFSET, | |
| 85 offsetof(ngx_http_ssl_srv_conf_t, protocols), | |
| 86 &ngx_http_ssl_protocols }, | |
| 87 | |
| 479 | 88 { ngx_string("ssl_ciphers"), |
| 563 | 89 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_TAKE1, |
| 479 | 90 ngx_conf_set_str_slot, |
| 91 NGX_HTTP_SRV_CONF_OFFSET, | |
| 92 offsetof(ngx_http_ssl_srv_conf_t, ciphers), | |
| 93 NULL }, | |
| 94 | |
| 647 | 95 { ngx_string("ssl_verify_client"), |
| 667 | 96 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_FLAG, |
| 2123 | 97 ngx_conf_set_enum_slot, |
| 647 | 98 NGX_HTTP_SRV_CONF_OFFSET, |
| 99 offsetof(ngx_http_ssl_srv_conf_t, verify), | |
| 2123 | 100 &ngx_http_ssl_verify }, |
| 647 | 101 |
| 102 { ngx_string("ssl_verify_depth"), | |
| 103 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_1MORE, | |
| 104 ngx_conf_set_num_slot, | |
| 105 NGX_HTTP_SRV_CONF_OFFSET, | |
| 106 offsetof(ngx_http_ssl_srv_conf_t, verify_depth), | |
| 107 NULL }, | |
| 108 | |
| 109 { ngx_string("ssl_client_certificate"), | |
| 110 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_TAKE1, | |
| 111 ngx_conf_set_str_slot, | |
| 112 NGX_HTTP_SRV_CONF_OFFSET, | |
| 113 offsetof(ngx_http_ssl_srv_conf_t, client_certificate), | |
| 114 NULL }, | |
| 115 | |
| 547 | 116 { ngx_string("ssl_prefer_server_ciphers"), |
| 117 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_FLAG, | |
| 118 ngx_conf_set_flag_slot, | |
| 119 NGX_HTTP_SRV_CONF_OFFSET, | |
| 120 offsetof(ngx_http_ssl_srv_conf_t, prefer_server_ciphers), | |
| 121 NULL }, | |
| 122 | |
| 973 | 123 { ngx_string("ssl_session_cache"), |
| 124 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_TAKE12, | |
| 125 ngx_http_ssl_session_cache, | |
| 126 NGX_HTTP_SRV_CONF_OFFSET, | |
| 127 0, | |
| 128 NULL }, | |
| 129 | |
| 573 | 130 { ngx_string("ssl_session_timeout"), |
| 131 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_TAKE1, | |
| 132 ngx_conf_set_sec_slot, | |
| 133 NGX_HTTP_SRV_CONF_OFFSET, | |
| 134 offsetof(ngx_http_ssl_srv_conf_t, session_timeout), | |
| 135 NULL }, | |
| 136 | |
|
3243
08570d26c7c5
merge r2995, r2996, r2997, r2998, r3003, r3141, r3210, r3211, r3232:
Igor Sysoev <igor@sysoev.ru>
parents:
3237
diff
changeset
|
137 { ngx_string("ssl_crl"), |
|
08570d26c7c5
merge r2995, r2996, r2997, r2998, r3003, r3141, r3210, r3211, r3232:
Igor Sysoev <igor@sysoev.ru>
parents:
3237
diff
changeset
|
138 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_TAKE1, |
|
08570d26c7c5
merge r2995, r2996, r2997, r2998, r3003, r3141, r3210, r3211, r3232:
Igor Sysoev <igor@sysoev.ru>
parents:
3237
diff
changeset
|
139 ngx_conf_set_str_slot, |
|
08570d26c7c5
merge r2995, r2996, r2997, r2998, r3003, r3141, r3210, r3211, r3232:
Igor Sysoev <igor@sysoev.ru>
parents:
3237
diff
changeset
|
140 NGX_HTTP_SRV_CONF_OFFSET, |
|
08570d26c7c5
merge r2995, r2996, r2997, r2998, r3003, r3141, r3210, r3211, r3232:
Igor Sysoev <igor@sysoev.ru>
parents:
3237
diff
changeset
|
141 offsetof(ngx_http_ssl_srv_conf_t, crl), |
|
08570d26c7c5
merge r2995, r2996, r2997, r2998, r3003, r3141, r3210, r3211, r3232:
Igor Sysoev <igor@sysoev.ru>
parents:
3237
diff
changeset
|
142 NULL }, |
|
08570d26c7c5
merge r2995, r2996, r2997, r2998, r3003, r3141, r3210, r3211, r3232:
Igor Sysoev <igor@sysoev.ru>
parents:
3237
diff
changeset
|
143 |
|
383
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
144 ngx_null_command |
|
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
145 }; |
|
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
146 |
|
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
147 |
|
395
f8f0f1834266
nginx-0.0.7-2004-07-16-21:11:43 import
Igor Sysoev <igor@sysoev.ru>
parents:
394
diff
changeset
|
148 static ngx_http_module_t ngx_http_ssl_module_ctx = { |
| 611 | 149 ngx_http_ssl_add_variables, /* preconfiguration */ |
| 509 | 150 NULL, /* postconfiguration */ |
|
383
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
151 |
| 541 | 152 NULL, /* create main configuration */ |
| 153 NULL, /* init main configuration */ | |
|
383
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
154 |
|
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
155 ngx_http_ssl_create_srv_conf, /* create server configuration */ |
|
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
156 ngx_http_ssl_merge_srv_conf, /* merge server configuration */ |
|
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
157 |
|
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
158 NULL, /* create location configuration */ |
| 485 | 159 NULL /* merge location configuration */ |
|
383
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
160 }; |
|
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
161 |
|
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
162 |
|
395
f8f0f1834266
nginx-0.0.7-2004-07-16-21:11:43 import
Igor Sysoev <igor@sysoev.ru>
parents:
394
diff
changeset
|
163 ngx_module_t ngx_http_ssl_module = { |
| 509 | 164 NGX_MODULE_V1, |
|
395
f8f0f1834266
nginx-0.0.7-2004-07-16-21:11:43 import
Igor Sysoev <igor@sysoev.ru>
parents:
394
diff
changeset
|
165 &ngx_http_ssl_module_ctx, /* module context */ |
|
f8f0f1834266
nginx-0.0.7-2004-07-16-21:11:43 import
Igor Sysoev <igor@sysoev.ru>
parents:
394
diff
changeset
|
166 ngx_http_ssl_commands, /* module directives */ |
|
383
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
167 NGX_HTTP_MODULE, /* module type */ |
| 541 | 168 NULL, /* init master */ |
|
393
5659d773cfa8
nginx-0.0.7-2004-07-15-20:35:51 import
Igor Sysoev <igor@sysoev.ru>
parents:
392
diff
changeset
|
169 NULL, /* init module */ |
| 541 | 170 NULL, /* init process */ |
| 171 NULL, /* init thread */ | |
| 172 NULL, /* exit thread */ | |
| 173 NULL, /* exit process */ | |
| 174 NULL, /* exit master */ | |
| 175 NGX_MODULE_V1_PADDING | |
|
383
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
176 }; |
|
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
177 |
|
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
178 |
| 611 | 179 static ngx_http_variable_t ngx_http_ssl_vars[] = { |
| 180 | |
| 671 | 181 { ngx_string("ssl_protocol"), NULL, ngx_http_ssl_static_variable, |
| 1565 | 182 (uintptr_t) ngx_ssl_get_protocol, NGX_HTTP_VAR_CHANGEABLE, 0 }, |
| 611 | 183 |
| 671 | 184 { ngx_string("ssl_cipher"), NULL, ngx_http_ssl_static_variable, |
| 1565 | 185 (uintptr_t) ngx_ssl_get_cipher_name, NGX_HTTP_VAR_CHANGEABLE, 0 }, |
| 611 | 186 |
|
3430
966f9cf9c7da
merge r3155, r3156, r3160, r969, r3191, r3197, r3358:
Igor Sysoev <igor@sysoev.ru>
parents:
3243
diff
changeset
|
187 { ngx_string("ssl_session_id"), NULL, ngx_http_ssl_variable, |
|
966f9cf9c7da
merge r3155, r3156, r3160, r969, r3191, r3197, r3358:
Igor Sysoev <igor@sysoev.ru>
parents:
3243
diff
changeset
|
188 (uintptr_t) ngx_ssl_get_session_id, NGX_HTTP_VAR_CHANGEABLE, 0 }, |
|
966f9cf9c7da
merge r3155, r3156, r3160, r969, r3191, r3197, r3358:
Igor Sysoev <igor@sysoev.ru>
parents:
3243
diff
changeset
|
189 |
| 2045 | 190 { ngx_string("ssl_client_cert"), NULL, ngx_http_ssl_variable, |
| 191 (uintptr_t) ngx_ssl_get_certificate, NGX_HTTP_VAR_CHANGEABLE, 0 }, | |
| 192 | |
| 2123 | 193 { ngx_string("ssl_client_raw_cert"), NULL, ngx_http_ssl_variable, |
| 194 (uintptr_t) ngx_ssl_get_raw_certificate, | |
| 195 NGX_HTTP_VAR_CHANGEABLE, 0 }, | |
| 196 | |
| 671 | 197 { ngx_string("ssl_client_s_dn"), NULL, ngx_http_ssl_variable, |
| 1565 | 198 (uintptr_t) ngx_ssl_get_subject_dn, NGX_HTTP_VAR_CHANGEABLE, 0 }, |
| 647 | 199 |
| 671 | 200 { ngx_string("ssl_client_i_dn"), NULL, ngx_http_ssl_variable, |
| 1565 | 201 (uintptr_t) ngx_ssl_get_issuer_dn, NGX_HTTP_VAR_CHANGEABLE, 0 }, |
| 671 | 202 |
| 203 { ngx_string("ssl_client_serial"), NULL, ngx_http_ssl_variable, | |
| 1565 | 204 (uintptr_t) ngx_ssl_get_serial_number, NGX_HTTP_VAR_CHANGEABLE, 0 }, |
| 647 | 205 |
|
3243
08570d26c7c5
merge r2995, r2996, r2997, r2998, r3003, r3141, r3210, r3211, r3232:
Igor Sysoev <igor@sysoev.ru>
parents:
3237
diff
changeset
|
206 { ngx_string("ssl_client_verify"), NULL, ngx_http_ssl_variable, |
|
08570d26c7c5
merge r2995, r2996, r2997, r2998, r3003, r3141, r3210, r3211, r3232:
Igor Sysoev <igor@sysoev.ru>
parents:
3237
diff
changeset
|
207 (uintptr_t) ngx_ssl_get_client_verify, NGX_HTTP_VAR_CHANGEABLE, 0 }, |
|
08570d26c7c5
merge r2995, r2996, r2997, r2998, r3003, r3141, r3210, r3211, r3232:
Igor Sysoev <igor@sysoev.ru>
parents:
3237
diff
changeset
|
208 |
| 637 | 209 { ngx_null_string, NULL, NULL, 0, 0, 0 } |
| 611 | 210 }; |
| 211 | |
| 212 | |
|
974
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
973
diff
changeset
|
213 static ngx_str_t ngx_http_ssl_sess_id_ctx = ngx_string("HTTP"); |
| 973 | 214 |
| 215 | |
| 216 static ngx_int_t | |
| 671 | 217 ngx_http_ssl_static_variable(ngx_http_request_t *r, |
| 611 | 218 ngx_http_variable_value_t *v, uintptr_t data) |
| 219 { | |
| 671 | 220 ngx_ssl_variable_handler_pt handler = (ngx_ssl_variable_handler_pt) data; |
| 611 | 221 |
|
1310
33d6c994a0b2
Sun Studio on sparc uses different bit order
Igor Sysoev <igor@sysoev.ru>
parents:
1219
diff
changeset
|
222 size_t len; |
|
33d6c994a0b2
Sun Studio on sparc uses different bit order
Igor Sysoev <igor@sysoev.ru>
parents:
1219
diff
changeset
|
223 ngx_str_t s; |
| 611 | 224 |
| 225 if (r->connection->ssl) { | |
| 226 | |
|
1310
33d6c994a0b2
Sun Studio on sparc uses different bit order
Igor Sysoev <igor@sysoev.ru>
parents:
1219
diff
changeset
|
227 (void) handler(r->connection, NULL, &s); |
|
33d6c994a0b2
Sun Studio on sparc uses different bit order
Igor Sysoev <igor@sysoev.ru>
parents:
1219
diff
changeset
|
228 |
|
33d6c994a0b2
Sun Studio on sparc uses different bit order
Igor Sysoev <igor@sysoev.ru>
parents:
1219
diff
changeset
|
229 v->data = s.data; |
| 611 | 230 |
| 671 | 231 for (len = 0; v->data[len]; len++) { /* void */ } |
| 611 | 232 |
| 233 v->len = len; | |
| 234 v->valid = 1; | |
| 1565 | 235 v->no_cacheable = 0; |
| 611 | 236 v->not_found = 0; |
| 237 | |
| 238 return NGX_OK; | |
| 239 } | |
| 240 | |
| 241 v->not_found = 1; | |
| 242 | |
| 243 return NGX_OK; | |
| 244 } | |
| 245 | |
| 246 | |
| 247 static ngx_int_t | |
| 671 | 248 ngx_http_ssl_variable(ngx_http_request_t *r, ngx_http_variable_value_t *v, |
| 647 | 249 uintptr_t data) |
| 250 { | |
| 671 | 251 ngx_ssl_variable_handler_pt handler = (ngx_ssl_variable_handler_pt) data; |
| 647 | 252 |
|
1310
33d6c994a0b2
Sun Studio on sparc uses different bit order
Igor Sysoev <igor@sysoev.ru>
parents:
1219
diff
changeset
|
253 ngx_str_t s; |
|
33d6c994a0b2
Sun Studio on sparc uses different bit order
Igor Sysoev <igor@sysoev.ru>
parents:
1219
diff
changeset
|
254 |
| 647 | 255 if (r->connection->ssl) { |
|
1310
33d6c994a0b2
Sun Studio on sparc uses different bit order
Igor Sysoev <igor@sysoev.ru>
parents:
1219
diff
changeset
|
256 |
|
33d6c994a0b2
Sun Studio on sparc uses different bit order
Igor Sysoev <igor@sysoev.ru>
parents:
1219
diff
changeset
|
257 if (handler(r->connection, r->pool, &s) != NGX_OK) { |
| 647 | 258 return NGX_ERROR; |
| 259 } | |
| 260 | |
|
1310
33d6c994a0b2
Sun Studio on sparc uses different bit order
Igor Sysoev <igor@sysoev.ru>
parents:
1219
diff
changeset
|
261 v->len = s.len; |
|
33d6c994a0b2
Sun Studio on sparc uses different bit order
Igor Sysoev <igor@sysoev.ru>
parents:
1219
diff
changeset
|
262 v->data = s.data; |
|
33d6c994a0b2
Sun Studio on sparc uses different bit order
Igor Sysoev <igor@sysoev.ru>
parents:
1219
diff
changeset
|
263 |
| 647 | 264 if (v->len) { |
| 265 v->valid = 1; | |
| 1565 | 266 v->no_cacheable = 0; |
| 647 | 267 v->not_found = 0; |
| 268 | |
| 269 return NGX_OK; | |
| 270 } | |
| 271 } | |
| 272 | |
| 273 v->not_found = 1; | |
| 274 | |
| 275 return NGX_OK; | |
| 276 } | |
| 277 | |
| 278 | |
| 279 static ngx_int_t | |
| 611 | 280 ngx_http_ssl_add_variables(ngx_conf_t *cf) |
| 281 { | |
| 282 ngx_http_variable_t *var, *v; | |
| 283 | |
| 284 for (v = ngx_http_ssl_vars; v->name.len; v++) { | |
| 285 var = ngx_http_add_variable(cf, &v->name, v->flags); | |
| 286 if (var == NULL) { | |
| 287 return NGX_ERROR; | |
| 288 } | |
| 289 | |
| 637 | 290 var->get_handler = v->get_handler; |
| 611 | 291 var->data = v->data; |
| 292 } | |
| 293 | |
| 294 return NGX_OK; | |
| 295 } | |
| 296 | |
| 297 | |
| 501 | 298 static void * |
| 299 ngx_http_ssl_create_srv_conf(ngx_conf_t *cf) | |
|
383
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
300 { |
| 971 | 301 ngx_http_ssl_srv_conf_t *sscf; |
|
383
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
302 |
| 971 | 303 sscf = ngx_pcalloc(cf->pool, sizeof(ngx_http_ssl_srv_conf_t)); |
| 304 if (sscf == NULL) { | |
|
3237
2efa8d2fcde1
merge r2903, r2911, r2912, r3002:
Igor Sysoev <igor@sysoev.ru>
parents:
2716
diff
changeset
|
305 return NULL; |
|
383
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
306 } |
|
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
307 |
| 479 | 308 /* |
| 309 * set by ngx_pcalloc(): | |
| 310 * | |
| 971 | 311 * sscf->protocols = 0; |
| 2044 | 312 * sscf->certificate = { 0, NULL }; |
| 313 * sscf->certificate_key = { 0, NULL }; | |
| 314 * sscf->dhparam = { 0, NULL }; | |
| 315 * sscf->client_certificate = { 0, NULL }; | |
|
3243
08570d26c7c5
merge r2995, r2996, r2997, r2998, r3003, r3141, r3210, r3211, r3232:
Igor Sysoev <igor@sysoev.ru>
parents:
3237
diff
changeset
|
316 * sscf->crl = { 0, NULL }; |
| 971 | 317 * sscf->ciphers.len = 0; |
| 318 * sscf->ciphers.data = NULL; | |
| 973 | 319 * sscf->shm_zone = NULL; |
| 479 | 320 */ |
| 321 | |
| 971 | 322 sscf->enable = NGX_CONF_UNSET; |
| 2123 | 323 sscf->prefer_server_ciphers = NGX_CONF_UNSET; |
| 2710 | 324 sscf->verify = NGX_CONF_UNSET_UINT; |
| 325 sscf->verify_depth = NGX_CONF_UNSET_UINT; | |
| 973 | 326 sscf->builtin_session_cache = NGX_CONF_UNSET; |
| 327 sscf->session_timeout = NGX_CONF_UNSET; | |
|
383
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
328 |
| 971 | 329 return sscf; |
|
383
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
330 } |
|
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
331 |
|
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
332 |
| 501 | 333 static char * |
| 334 ngx_http_ssl_merge_srv_conf(ngx_conf_t *cf, void *parent, void *child) | |
|
383
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
335 { |
|
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
336 ngx_http_ssl_srv_conf_t *prev = parent; |
|
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
337 ngx_http_ssl_srv_conf_t *conf = child; |
|
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
338 |
| 563 | 339 ngx_pool_cleanup_t *cln; |
| 340 | |
|
383
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
341 ngx_conf_merge_value(conf->enable, prev->enable, 0); |
|
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
342 |
| 573 | 343 ngx_conf_merge_value(conf->session_timeout, |
| 344 prev->session_timeout, 300); | |
| 345 | |
| 547 | 346 ngx_conf_merge_value(conf->prefer_server_ciphers, |
| 347 prev->prefer_server_ciphers, 0); | |
| 348 | |
| 349 ngx_conf_merge_bitmask_value(conf->protocols, prev->protocols, | |
|
3430
966f9cf9c7da
merge r3155, r3156, r3160, r969, r3191, r3197, r3358:
Igor Sysoev <igor@sysoev.ru>
parents:
3243
diff
changeset
|
350 (NGX_CONF_BITMASK_SET|NGX_SSL_SSLv3|NGX_SSL_TLSv1)); |
| 547 | 351 |
| 2123 | 352 ngx_conf_merge_uint_value(conf->verify, prev->verify, 0); |
| 353 ngx_conf_merge_uint_value(conf->verify_depth, prev->verify_depth, 1); | |
| 647 | 354 |
| 2224 | 355 ngx_conf_merge_str_value(conf->certificate, prev->certificate, ""); |
| 356 ngx_conf_merge_str_value(conf->certificate_key, prev->certificate_key, ""); | |
|
383
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
357 |
| 2044 | 358 ngx_conf_merge_str_value(conf->dhparam, prev->dhparam, ""); |
| 359 | |
| 647 | 360 ngx_conf_merge_str_value(conf->client_certificate, prev->client_certificate, |
| 361 ""); | |
|
3243
08570d26c7c5
merge r2995, r2996, r2997, r2998, r3003, r3141, r3210, r3211, r3232:
Igor Sysoev <igor@sysoev.ru>
parents:
3237
diff
changeset
|
362 ngx_conf_merge_str_value(conf->crl, prev->crl, ""); |
| 647 | 363 |
| 2124 | 364 ngx_conf_merge_str_value(conf->ciphers, prev->ciphers, NGX_DEFAULT_CIPHERS); |
| 479 | 365 |
| 366 | |
| 547 | 367 conf->ssl.log = cf->log; |
|
386
fa72605e7089
nginx-0.0.7-2004-07-12-01:03:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
385
diff
changeset
|
368 |
| 2224 | 369 if (conf->enable) { |
| 370 | |
| 371 if (conf->certificate.len == 0) { | |
| 372 ngx_log_error(NGX_LOG_EMERG, cf->log, 0, | |
| 373 "no \"ssl_certificate\" is defined for " | |
| 374 "the \"ssl\" directive in %s:%ui", | |
| 375 conf->file, conf->line); | |
| 376 return NGX_CONF_ERROR; | |
| 377 } | |
| 378 | |
| 379 if (conf->certificate_key.len == 0) { | |
| 380 ngx_log_error(NGX_LOG_EMERG, cf->log, 0, | |
| 381 "no \"ssl_certificate_key\" is defined for " | |
| 382 "the \"ssl\" directive in %s:%ui", | |
| 383 conf->file, conf->line); | |
| 384 return NGX_CONF_ERROR; | |
| 385 } | |
| 386 | |
| 387 } else { | |
| 388 | |
| 389 if (conf->certificate.len == 0) { | |
| 390 return NGX_CONF_OK; | |
| 391 } | |
| 392 | |
| 393 if (conf->certificate_key.len == 0) { | |
| 394 ngx_log_error(NGX_LOG_EMERG, cf->log, 0, | |
| 395 "no \"ssl_certificate_key\" is defined " | |
| 396 "for certificate \"%V\"", &conf->certificate); | |
| 397 return NGX_CONF_ERROR; | |
| 398 } | |
| 399 } | |
| 400 | |
| 969 | 401 if (ngx_ssl_create(&conf->ssl, conf->protocols, conf) != NGX_OK) { |
|
386
fa72605e7089
nginx-0.0.7-2004-07-12-01:03:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
385
diff
changeset
|
402 return NGX_CONF_ERROR; |
|
fa72605e7089
nginx-0.0.7-2004-07-12-01:03:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
385
diff
changeset
|
403 } |
|
fa72605e7089
nginx-0.0.7-2004-07-12-01:03:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
385
diff
changeset
|
404 |
| 1219 | 405 #ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME |
| 406 | |
| 407 if (SSL_CTX_set_tlsext_servername_callback(conf->ssl.ctx, | |
| 408 ngx_http_ssl_servername) | |
| 409 == 0) | |
| 410 { | |
|
3243
08570d26c7c5
merge r2995, r2996, r2997, r2998, r3003, r3141, r3210, r3211, r3232:
Igor Sysoev <igor@sysoev.ru>
parents:
3237
diff
changeset
|
411 ngx_log_error(NGX_LOG_WARN, cf->log, 0, |
|
08570d26c7c5
merge r2995, r2996, r2997, r2998, r3003, r3141, r3210, r3211, r3232:
Igor Sysoev <igor@sysoev.ru>
parents:
3237
diff
changeset
|
412 "nginx was built with SNI support, however, now it is linked " |
|
08570d26c7c5
merge r2995, r2996, r2997, r2998, r3003, r3141, r3210, r3211, r3232:
Igor Sysoev <igor@sysoev.ru>
parents:
3237
diff
changeset
|
413 "dynamically to an OpenSSL library which has no tlsext support, " |
|
08570d26c7c5
merge r2995, r2996, r2997, r2998, r3003, r3141, r3210, r3211, r3232:
Igor Sysoev <igor@sysoev.ru>
parents:
3237
diff
changeset
|
414 "therefore SNI is not available"); |
| 1219 | 415 } |
| 416 | |
| 417 #endif | |
| 418 | |
| 563 | 419 cln = ngx_pool_cleanup_add(cf->pool, 0); |
| 420 if (cln == NULL) { | |
| 509 | 421 return NGX_CONF_ERROR; |
| 422 } | |
| 423 | |
| 563 | 424 cln->handler = ngx_ssl_cleanup_ctx; |
| 425 cln->data = &conf->ssl; | |
| 426 | |
| 427 if (ngx_ssl_certificate(cf, &conf->ssl, &conf->certificate, | |
| 970 | 428 &conf->certificate_key) |
| 429 != NGX_OK) | |
| 529 | 430 { |
|
386
fa72605e7089
nginx-0.0.7-2004-07-12-01:03:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
385
diff
changeset
|
431 return NGX_CONF_ERROR; |
|
fa72605e7089
nginx-0.0.7-2004-07-12-01:03:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
385
diff
changeset
|
432 } |
|
fa72605e7089
nginx-0.0.7-2004-07-12-01:03:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
385
diff
changeset
|
433 |
| 547 | 434 if (SSL_CTX_set_cipher_list(conf->ssl.ctx, |
| 563 | 435 (const char *) conf->ciphers.data) |
| 436 == 0) | |
| 529 | 437 { |
|
395
f8f0f1834266
nginx-0.0.7-2004-07-16-21:11:43 import
Igor Sysoev <igor@sysoev.ru>
parents:
394
diff
changeset
|
438 ngx_ssl_error(NGX_LOG_EMERG, cf->log, 0, |
| 547 | 439 "SSL_CTX_set_cipher_list(\"%V\") failed", |
| 440 &conf->ciphers); | |
| 441 } | |
| 442 | |
| 647 | 443 if (conf->verify) { |
| 2123 | 444 |
| 445 if (conf->client_certificate.len == 0) { | |
| 446 ngx_log_error(NGX_LOG_EMERG, cf->log, 0, | |
| 447 "no ssl_client_certificate for ssl_client_verify"); | |
| 448 return NGX_CONF_ERROR; | |
| 449 } | |
| 450 | |
| 671 | 451 if (ngx_ssl_client_certificate(cf, &conf->ssl, |
| 970 | 452 &conf->client_certificate, |
| 453 conf->verify_depth) | |
| 671 | 454 != NGX_OK) |
| 455 { | |
| 456 return NGX_CONF_ERROR; | |
| 647 | 457 } |
|
3243
08570d26c7c5
merge r2995, r2996, r2997, r2998, r3003, r3141, r3210, r3211, r3232:
Igor Sysoev <igor@sysoev.ru>
parents:
3237
diff
changeset
|
458 |
|
08570d26c7c5
merge r2995, r2996, r2997, r2998, r3003, r3141, r3210, r3211, r3232:
Igor Sysoev <igor@sysoev.ru>
parents:
3237
diff
changeset
|
459 if (ngx_ssl_crl(cf, &conf->ssl, &conf->crl) != NGX_OK) { |
|
08570d26c7c5
merge r2995, r2996, r2997, r2998, r3003, r3141, r3210, r3211, r3232:
Igor Sysoev <igor@sysoev.ru>
parents:
3237
diff
changeset
|
460 return NGX_CONF_ERROR; |
|
08570d26c7c5
merge r2995, r2996, r2997, r2998, r3003, r3141, r3210, r3211, r3232:
Igor Sysoev <igor@sysoev.ru>
parents:
3237
diff
changeset
|
461 } |
| 647 | 462 } |
| 463 | |
| 547 | 464 if (conf->prefer_server_ciphers) { |
| 465 SSL_CTX_set_options(conf->ssl.ctx, SSL_OP_CIPHER_SERVER_PREFERENCE); | |
| 466 } | |
| 467 | |
| 468 /* a temporary 512-bit RSA key is required for export versions of MSIE */ | |
| 469 if (ngx_ssl_generate_rsa512_key(&conf->ssl) != NGX_OK) { | |
|
386
fa72605e7089
nginx-0.0.7-2004-07-12-01:03:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
385
diff
changeset
|
470 return NGX_CONF_ERROR; |
|
fa72605e7089
nginx-0.0.7-2004-07-12-01:03:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
385
diff
changeset
|
471 } |
|
fa72605e7089
nginx-0.0.7-2004-07-12-01:03:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
385
diff
changeset
|
472 |
| 2044 | 473 if (ngx_ssl_dhparam(cf, &conf->ssl, &conf->dhparam) != NGX_OK) { |
| 474 return NGX_CONF_ERROR; | |
| 475 } | |
| 476 | |
| 973 | 477 ngx_conf_merge_value(conf->builtin_session_cache, |
| 2032 | 478 prev->builtin_session_cache, NGX_SSL_NONE_SCACHE); |
| 973 | 479 |
| 480 if (conf->shm_zone == NULL) { | |
| 481 conf->shm_zone = prev->shm_zone; | |
| 482 } | |
| 483 | |
|
974
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
973
diff
changeset
|
484 if (ngx_ssl_session_cache(&conf->ssl, &ngx_http_ssl_sess_id_ctx, |
|
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
973
diff
changeset
|
485 conf->builtin_session_cache, |
|
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
973
diff
changeset
|
486 conf->shm_zone, conf->session_timeout) |
|
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
973
diff
changeset
|
487 != NGX_OK) |
| 973 | 488 { |
|
974
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
973
diff
changeset
|
489 return NGX_CONF_ERROR; |
| 973 | 490 } |
| 573 | 491 |
|
383
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
492 return NGX_CONF_OK; |
|
c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
493 } |
| 563 | 494 |
| 495 | |
| 973 | 496 static char * |
| 2224 | 497 ngx_http_ssl_enable(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) |
| 498 { | |
| 499 ngx_http_ssl_srv_conf_t *sscf = conf; | |
| 500 | |
| 501 char *rv; | |
| 502 | |
| 503 rv = ngx_conf_set_flag_slot(cf, cmd, conf); | |
| 504 | |
| 505 if (rv != NGX_CONF_OK) { | |
| 506 return rv; | |
| 507 } | |
| 508 | |
| 509 sscf->file = cf->conf_file->file.name.data; | |
| 510 sscf->line = cf->conf_file->line; | |
| 511 | |
| 512 return NGX_CONF_OK; | |
| 513 } | |
| 514 | |
| 515 | |
| 516 static char * | |
| 973 | 517 ngx_http_ssl_session_cache(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) |
| 518 { | |
| 519 ngx_http_ssl_srv_conf_t *sscf = conf; | |
| 520 | |
| 521 size_t len; | |
| 522 ngx_str_t *value, name, size; | |
| 523 ngx_int_t n; | |
| 524 ngx_uint_t i, j; | |
| 525 | |
| 526 value = cf->args->elts; | |
| 527 | |
| 528 for (i = 1; i < cf->args->nelts; i++) { | |
| 529 | |
| 1778 | 530 if (ngx_strcmp(value[i].data, "off") == 0) { |
| 531 sscf->builtin_session_cache = NGX_SSL_NO_SCACHE; | |
| 532 continue; | |
| 533 } | |
| 534 | |
| 2032 | 535 if (ngx_strcmp(value[i].data, "none") == 0) { |
| 536 sscf->builtin_session_cache = NGX_SSL_NONE_SCACHE; | |
| 537 continue; | |
| 538 } | |
| 539 | |
| 973 | 540 if (ngx_strcmp(value[i].data, "builtin") == 0) { |
|
974
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
973
diff
changeset
|
541 sscf->builtin_session_cache = NGX_SSL_DFLT_BUILTIN_SCACHE; |
| 973 | 542 continue; |
| 543 } | |
| 544 | |
| 545 if (value[i].len > sizeof("builtin:") - 1 | |
| 546 && ngx_strncmp(value[i].data, "builtin:", sizeof("builtin:") - 1) | |
| 547 == 0) | |
| 548 { | |
| 549 n = ngx_atoi(value[i].data + sizeof("builtin:") - 1, | |
| 550 value[i].len - (sizeof("builtin:") - 1)); | |
| 551 | |
| 552 if (n == NGX_ERROR) { | |
| 553 goto invalid; | |
| 554 } | |
| 555 | |
| 556 sscf->builtin_session_cache = n; | |
| 557 | |
| 558 continue; | |
| 559 } | |
| 560 | |
| 561 if (value[i].len > sizeof("shared:") - 1 | |
| 562 && ngx_strncmp(value[i].data, "shared:", sizeof("shared:") - 1) | |
| 563 == 0) | |
| 564 { | |
| 565 len = 0; | |
| 566 | |
| 567 for (j = sizeof("shared:") - 1; j < value[i].len; j++) { | |
| 568 if (value[i].data[j] == ':') { | |
|
2716
d5896f6608e8
move zone name from ngx_shm_zone_t to ngx_shm_t to use Win32 shared memory
Igor Sysoev <igor@sysoev.ru>
parents:
2710
diff
changeset
|
569 value[i].data[j] = '\0'; |
| 973 | 570 break; |
| 571 } | |
| 572 | |
| 573 len++; | |
| 574 } | |
| 575 | |
| 576 if (len == 0) { | |
| 577 goto invalid; | |
| 578 } | |
| 579 | |
| 580 name.len = len; | |
| 581 name.data = value[i].data + sizeof("shared:") - 1; | |
| 582 | |
| 583 size.len = value[i].len - j - 1; | |
| 584 size.data = name.data + len + 1; | |
| 585 | |
| 586 n = ngx_parse_size(&size); | |
| 587 | |
| 588 if (n == NGX_ERROR) { | |
| 589 goto invalid; | |
| 590 } | |
| 591 | |
| 592 if (n < (ngx_int_t) (8 * ngx_pagesize)) { | |
| 593 ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, | |
|
974
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
973
diff
changeset
|
594 "session cache \"%V\" is too small", |
| 973 | 595 &value[i]); |
| 596 | |
| 597 return NGX_CONF_ERROR; | |
| 598 } | |
| 599 | |
| 600 sscf->shm_zone = ngx_shared_memory_add(cf, &name, n, | |
| 601 &ngx_http_ssl_module); | |
| 602 if (sscf->shm_zone == NULL) { | |
| 603 return NGX_CONF_ERROR; | |
| 604 } | |
| 605 | |
| 606 continue; | |
| 607 } | |
| 608 | |
| 609 goto invalid; | |
| 610 } | |
| 611 | |
| 612 if (sscf->shm_zone && sscf->builtin_session_cache == NGX_CONF_UNSET) { | |
|
974
8dfb3aa75de2
move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents:
973
diff
changeset
|
613 sscf->builtin_session_cache = NGX_SSL_NO_BUILTIN_SCACHE; |
| 973 | 614 } |
| 615 | |
| 616 return NGX_CONF_OK; | |
| 617 | |
| 618 invalid: | |
| 619 | |
| 620 ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, | |
| 621 "invalid session cache \"%V\"", &value[i]); | |
| 622 | |
| 623 return NGX_CONF_ERROR; | |
| 624 } |