nginx: src/http/modules/ngx_http_ssl

annotate src/http/modules/ngx_http_ssl_module.c @ 3992:a1dd9dc754ab

A new fix for the case when ssl_session_cache defined, but ssl is not enabled in any server. The previous r1033 does not help when unused zone becomes used after reconfiguration, so it is backed out. The initial thought was to make SSL modules independed from SSL implementation and to keep OpenSSL code dependance as much as in separate files.

author	Igor Sysoev <igor@sysoev.ru>
date	Thu, 04 Aug 2011 11:12:30 +0000
parents	0832a6997227
children	7de74ed694c8

rev	line source
441 da8c5707af39 nginx-0.1.0-2004-09-28-12:34:51 import; set copyright and remove unused files Igor Sysoev <igor@sysoev.ru> parents: 396 diff changeset	1
da8c5707af39 nginx-0.1.0-2004-09-28-12:34:51 import; set copyright and remove unused files Igor Sysoev <igor@sysoev.ru> parents: 396 diff changeset	2 /*
444 42d11f017717 nginx-0.1.0-2004-09-29-20:00:49 import; remove years from copyright Igor Sysoev <igor@sysoev.ru> parents: 441 diff changeset	3 * Copyright (C) Igor Sysoev
441 da8c5707af39 nginx-0.1.0-2004-09-28-12:34:51 import; set copyright and remove unused files Igor Sysoev <igor@sysoev.ru> parents: 396 diff changeset	4 */
da8c5707af39 nginx-0.1.0-2004-09-28-12:34:51 import; set copyright and remove unused files Igor Sysoev <igor@sysoev.ru> parents: 396 diff changeset	5
383 c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	6
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	7 #include <ngx_config.h>
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	8 #include <ngx_core.h>
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	9 #include <ngx_http.h>
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	10
573 58475592100c nginx-0.3.8-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 563 diff changeset	11
671 cec32b3753ac nginx-0.3.57-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 669 diff changeset	12 typedef ngx_int_t (ngx_ssl_variable_handler_pt)(ngx_connection_t c,
cec32b3753ac nginx-0.3.57-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 669 diff changeset	13 ngx_pool_t pool, ngx_str_t s);
611 3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	14
3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	15
3960 0832a6997227 ECDHE support Igor Sysoev <igor@sysoev.ru> parents: 3959 diff changeset	16 #define NGX_DEFAULT_CIPHERS "HIGH:!aNULL:!MD5"
0832a6997227 ECDHE support Igor Sysoev <igor@sysoev.ru> parents: 3959 diff changeset	17 #define NGX_DEFAULT_ECDH_CURVE "prime256v1"
383 c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	18
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	19
671 cec32b3753ac nginx-0.3.57-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 669 diff changeset	20 static ngx_int_t ngx_http_ssl_static_variable(ngx_http_request_t *r,
611 3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	21 ngx_http_variable_value_t *v, uintptr_t data);
671 cec32b3753ac nginx-0.3.57-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 669 diff changeset	22 static ngx_int_t ngx_http_ssl_variable(ngx_http_request_t *r,
647 95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	23 ngx_http_variable_value_t *v, uintptr_t data);
611 3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	24
3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	25 static ngx_int_t ngx_http_ssl_add_variables(ngx_conf_t *cf);
383 c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	26 static void ngx_http_ssl_create_srv_conf(ngx_conf_t cf);
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	27 static char ngx_http_ssl_merge_srv_conf(ngx_conf_t cf,
501 d4ea69372b94 nginx-0.1.25-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 485 diff changeset	28 void parent, void child);
383 c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	29
2224 109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	30 static char ngx_http_ssl_enable(ngx_conf_t cf, ngx_command_t *cmd,
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	31 void *conf);
973 e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	32 static char ngx_http_ssl_session_cache(ngx_conf_t cf, ngx_command_t *cmd,
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	33 void *conf);
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	34
383 c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	35
547 818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	36 static ngx_conf_bitmask_t ngx_http_ssl_protocols[] = {
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	37 { ngx_string("SSLv2"), NGX_SSL_SSLv2 },
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	38 { ngx_string("SSLv3"), NGX_SSL_SSLv3 },
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	39 { ngx_string("TLSv1"), NGX_SSL_TLSv1 },
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	40 { ngx_null_string, 0 }
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	41 };
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	42
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	43
2123 9697407e9ecb ) ssl_verify_client ask Igor Sysoev <igor@sysoev.ru>* parents: 2045 diff changeset	44 static ngx_conf_enum_t ngx_http_ssl_verify[] = {
9697407e9ecb ) ssl_verify_client ask Igor Sysoev <igor@sysoev.ru>* parents: 2045 diff changeset	45 { ngx_string("off"), 0 },
9697407e9ecb ) ssl_verify_client ask Igor Sysoev <igor@sysoev.ru>* parents: 2045 diff changeset	46 { ngx_string("on"), 1 },
2994 f33c48457d0c ) $ssl_client_verify Igor Sysoev <igor@sysoev.ru>* parents: 2912 diff changeset	47 { ngx_string("optional"), 2 },
2123 9697407e9ecb ) ssl_verify_client ask Igor Sysoev <igor@sysoev.ru>* parents: 2045 diff changeset	48 { ngx_null_string, 0 }
9697407e9ecb ) ssl_verify_client ask Igor Sysoev <igor@sysoev.ru>* parents: 2045 diff changeset	49 };
9697407e9ecb ) ssl_verify_client ask Igor Sysoev <igor@sysoev.ru>* parents: 2045 diff changeset	50
9697407e9ecb ) ssl_verify_client ask Igor Sysoev <igor@sysoev.ru>* parents: 2045 diff changeset	51
395 f8f0f1834266 nginx-0.0.7-2004-07-16-21:11:43 import Igor Sysoev <igor@sysoev.ru> parents: 394 diff changeset	52 static ngx_command_t ngx_http_ssl_commands[] = {
383 c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	53
393 5659d773cfa8 nginx-0.0.7-2004-07-15-20:35:51 import Igor Sysoev <igor@sysoev.ru> parents: 392 diff changeset	54 { ngx_string("ssl"),
599 869b6444d234 nginx-0.3.21-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 573 diff changeset	55 NGX_HTTP_MAIN_CONF\|NGX_HTTP_SRV_CONF\|NGX_CONF_FLAG,
2224 109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	56 ngx_http_ssl_enable,
383 c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	57 NGX_HTTP_SRV_CONF_OFFSET,
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	58 offsetof(ngx_http_ssl_srv_conf_t, enable),
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	59 NULL },
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	60
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	61 { ngx_string("ssl_certificate"),
599 869b6444d234 nginx-0.3.21-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 573 diff changeset	62 NGX_HTTP_MAIN_CONF\|NGX_HTTP_SRV_CONF\|NGX_CONF_TAKE1,
383 c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	63 ngx_conf_set_str_slot,
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	64 NGX_HTTP_SRV_CONF_OFFSET,
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	65 offsetof(ngx_http_ssl_srv_conf_t, certificate),
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	66 NULL },
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	67
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	68 { ngx_string("ssl_certificate_key"),
599 869b6444d234 nginx-0.3.21-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 573 diff changeset	69 NGX_HTTP_MAIN_CONF\|NGX_HTTP_SRV_CONF\|NGX_CONF_TAKE1,
383 c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	70 ngx_conf_set_str_slot,
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	71 NGX_HTTP_SRV_CONF_OFFSET,
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	72 offsetof(ngx_http_ssl_srv_conf_t, certificate_key),
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	73 NULL },
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	74
2044 f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	75 { ngx_string("ssl_dhparam"),
f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	76 NGX_HTTP_MAIN_CONF\|NGX_HTTP_SRV_CONF\|NGX_CONF_TAKE1,
f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	77 ngx_conf_set_str_slot,
f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	78 NGX_HTTP_SRV_CONF_OFFSET,
f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	79 offsetof(ngx_http_ssl_srv_conf_t, dhparam),
f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	80 NULL },
f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	81
3960 0832a6997227 ECDHE support Igor Sysoev <igor@sysoev.ru> parents: 3959 diff changeset	82 { ngx_string("ssl_ecdh_curve"),
0832a6997227 ECDHE support Igor Sysoev <igor@sysoev.ru> parents: 3959 diff changeset	83 NGX_HTTP_MAIN_CONF\|NGX_HTTP_SRV_CONF\|NGX_CONF_TAKE1,
0832a6997227 ECDHE support Igor Sysoev <igor@sysoev.ru> parents: 3959 diff changeset	84 ngx_conf_set_str_slot,
0832a6997227 ECDHE support Igor Sysoev <igor@sysoev.ru> parents: 3959 diff changeset	85 NGX_HTTP_SRV_CONF_OFFSET,
0832a6997227 ECDHE support Igor Sysoev <igor@sysoev.ru> parents: 3959 diff changeset	86 offsetof(ngx_http_ssl_srv_conf_t, ecdh_curve),
0832a6997227 ECDHE support Igor Sysoev <igor@sysoev.ru> parents: 3959 diff changeset	87 NULL },
0832a6997227 ECDHE support Igor Sysoev <igor@sysoev.ru> parents: 3959 diff changeset	88
547 818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	89 { ngx_string("ssl_protocols"),
563 9c2f3ed7a247 nginx-0.3.3-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 547 diff changeset	90 NGX_HTTP_MAIN_CONF\|NGX_HTTP_SRV_CONF\|NGX_CONF_1MORE,
547 818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	91 ngx_conf_set_bitmask_slot,
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	92 NGX_HTTP_SRV_CONF_OFFSET,
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	93 offsetof(ngx_http_ssl_srv_conf_t, protocols),
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	94 &ngx_http_ssl_protocols },
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	95
479 c52408583801 nginx-0.1.14-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 444 diff changeset	96 { ngx_string("ssl_ciphers"),
563 9c2f3ed7a247 nginx-0.3.3-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 547 diff changeset	97 NGX_HTTP_MAIN_CONF\|NGX_HTTP_SRV_CONF\|NGX_CONF_TAKE1,
479 c52408583801 nginx-0.1.14-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 444 diff changeset	98 ngx_conf_set_str_slot,
c52408583801 nginx-0.1.14-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 444 diff changeset	99 NGX_HTTP_SRV_CONF_OFFSET,
c52408583801 nginx-0.1.14-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 444 diff changeset	100 offsetof(ngx_http_ssl_srv_conf_t, ciphers),
c52408583801 nginx-0.1.14-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 444 diff changeset	101 NULL },
c52408583801 nginx-0.1.14-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 444 diff changeset	102
647 95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	103 { ngx_string("ssl_verify_client"),
667 63a820b0bc6c nginx-0.3.55-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 647 diff changeset	104 NGX_HTTP_MAIN_CONF\|NGX_HTTP_SRV_CONF\|NGX_CONF_FLAG,
2123 9697407e9ecb ) ssl_verify_client ask Igor Sysoev <igor@sysoev.ru>* parents: 2045 diff changeset	105 ngx_conf_set_enum_slot,
647 95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	106 NGX_HTTP_SRV_CONF_OFFSET,
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	107 offsetof(ngx_http_ssl_srv_conf_t, verify),
2123 9697407e9ecb ) ssl_verify_client ask Igor Sysoev <igor@sysoev.ru>* parents: 2045 diff changeset	108 &ngx_http_ssl_verify },
647 95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	109
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	110 { ngx_string("ssl_verify_depth"),
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	111 NGX_HTTP_MAIN_CONF\|NGX_HTTP_SRV_CONF\|NGX_CONF_1MORE,
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	112 ngx_conf_set_num_slot,
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	113 NGX_HTTP_SRV_CONF_OFFSET,
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	114 offsetof(ngx_http_ssl_srv_conf_t, verify_depth),
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	115 NULL },
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	116
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	117 { ngx_string("ssl_client_certificate"),
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	118 NGX_HTTP_MAIN_CONF\|NGX_HTTP_SRV_CONF\|NGX_CONF_TAKE1,
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	119 ngx_conf_set_str_slot,
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	120 NGX_HTTP_SRV_CONF_OFFSET,
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	121 offsetof(ngx_http_ssl_srv_conf_t, client_certificate),
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	122 NULL },
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	123
547 818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	124 { ngx_string("ssl_prefer_server_ciphers"),
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	125 NGX_HTTP_MAIN_CONF\|NGX_HTTP_SRV_CONF\|NGX_CONF_FLAG,
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	126 ngx_conf_set_flag_slot,
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	127 NGX_HTTP_SRV_CONF_OFFSET,
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	128 offsetof(ngx_http_ssl_srv_conf_t, prefer_server_ciphers),
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	129 NULL },
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	130
973 e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	131 { ngx_string("ssl_session_cache"),
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	132 NGX_HTTP_MAIN_CONF\|NGX_HTTP_SRV_CONF\|NGX_CONF_TAKE12,
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	133 ngx_http_ssl_session_cache,
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	134 NGX_HTTP_SRV_CONF_OFFSET,
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	135 0,
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	136 NULL },
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	137
573 58475592100c nginx-0.3.8-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 563 diff changeset	138 { ngx_string("ssl_session_timeout"),
58475592100c nginx-0.3.8-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 563 diff changeset	139 NGX_HTTP_MAIN_CONF\|NGX_HTTP_SRV_CONF\|NGX_CONF_TAKE1,
58475592100c nginx-0.3.8-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 563 diff changeset	140 ngx_conf_set_sec_slot,
58475592100c nginx-0.3.8-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 563 diff changeset	141 NGX_HTTP_SRV_CONF_OFFSET,
58475592100c nginx-0.3.8-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 563 diff changeset	142 offsetof(ngx_http_ssl_srv_conf_t, session_timeout),
58475592100c nginx-0.3.8-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 563 diff changeset	143 NULL },
58475592100c nginx-0.3.8-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 563 diff changeset	144
2995 cc07d164f0dc ssl_crl Igor Sysoev <igor@sysoev.ru> parents: 2994 diff changeset	145 { ngx_string("ssl_crl"),
cc07d164f0dc ssl_crl Igor Sysoev <igor@sysoev.ru> parents: 2994 diff changeset	146 NGX_HTTP_MAIN_CONF\|NGX_HTTP_SRV_CONF\|NGX_CONF_TAKE1,
cc07d164f0dc ssl_crl Igor Sysoev <igor@sysoev.ru> parents: 2994 diff changeset	147 ngx_conf_set_str_slot,
cc07d164f0dc ssl_crl Igor Sysoev <igor@sysoev.ru> parents: 2994 diff changeset	148 NGX_HTTP_SRV_CONF_OFFSET,
cc07d164f0dc ssl_crl Igor Sysoev <igor@sysoev.ru> parents: 2994 diff changeset	149 offsetof(ngx_http_ssl_srv_conf_t, crl),
cc07d164f0dc ssl_crl Igor Sysoev <igor@sysoev.ru> parents: 2994 diff changeset	150 NULL },
cc07d164f0dc ssl_crl Igor Sysoev <igor@sysoev.ru> parents: 2994 diff changeset	151
383 c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	152 ngx_null_command
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	153 };
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	154
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	155
395 f8f0f1834266 nginx-0.0.7-2004-07-16-21:11:43 import Igor Sysoev <igor@sysoev.ru> parents: 394 diff changeset	156 static ngx_http_module_t ngx_http_ssl_module_ctx = {
611 3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	157 ngx_http_ssl_add_variables, /* preconfiguration */
509 9b8c906f6e63 nginx-0.1.29-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 507 diff changeset	158 NULL, /* postconfiguration */
383 c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	159
541 b09ee85d0ac8 nginx-0.1.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 529 diff changeset	160 NULL, /* create main configuration */
b09ee85d0ac8 nginx-0.1.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 529 diff changeset	161 NULL, /* init main configuration */
383 c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	162
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	163 ngx_http_ssl_create_srv_conf, /* create server configuration */
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	164 ngx_http_ssl_merge_srv_conf, /* merge server configuration */
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	165
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	166 NULL, /* create location configuration */
485 4ebe09b07e30 nginx-0.1.17-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 479 diff changeset	167 NULL /* merge location configuration */
383 c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	168 };
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	169
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	170
395 f8f0f1834266 nginx-0.0.7-2004-07-16-21:11:43 import Igor Sysoev <igor@sysoev.ru> parents: 394 diff changeset	171 ngx_module_t ngx_http_ssl_module = {
509 9b8c906f6e63 nginx-0.1.29-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 507 diff changeset	172 NGX_MODULE_V1,
395 f8f0f1834266 nginx-0.0.7-2004-07-16-21:11:43 import Igor Sysoev <igor@sysoev.ru> parents: 394 diff changeset	173 &ngx_http_ssl_module_ctx, /* module context */
f8f0f1834266 nginx-0.0.7-2004-07-16-21:11:43 import Igor Sysoev <igor@sysoev.ru> parents: 394 diff changeset	174 ngx_http_ssl_commands, /* module directives */
383 c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	175 NGX_HTTP_MODULE, /* module type */
541 b09ee85d0ac8 nginx-0.1.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 529 diff changeset	176 NULL, /* init master */
393 5659d773cfa8 nginx-0.0.7-2004-07-15-20:35:51 import Igor Sysoev <igor@sysoev.ru> parents: 392 diff changeset	177 NULL, /* init module */
541 b09ee85d0ac8 nginx-0.1.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 529 diff changeset	178 NULL, /* init process */
b09ee85d0ac8 nginx-0.1.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 529 diff changeset	179 NULL, /* init thread */
b09ee85d0ac8 nginx-0.1.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 529 diff changeset	180 NULL, /* exit thread */
b09ee85d0ac8 nginx-0.1.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 529 diff changeset	181 NULL, /* exit process */
b09ee85d0ac8 nginx-0.1.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 529 diff changeset	182 NULL, /* exit master */
b09ee85d0ac8 nginx-0.1.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 529 diff changeset	183 NGX_MODULE_V1_PADDING
383 c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	184 };
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	185
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	186
611 3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	187 static ngx_http_variable_t ngx_http_ssl_vars[] = {
3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	188
671 cec32b3753ac nginx-0.3.57-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 669 diff changeset	189 { ngx_string("ssl_protocol"), NULL, ngx_http_ssl_static_variable,
1565 4c43e25d11ea fix English grammar Igor Sysoev <igor@sysoev.ru> parents: 1310 diff changeset	190 (uintptr_t) ngx_ssl_get_protocol, NGX_HTTP_VAR_CHANGEABLE, 0 },
611 3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	191
671 cec32b3753ac nginx-0.3.57-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 669 diff changeset	192 { ngx_string("ssl_cipher"), NULL, ngx_http_ssl_static_variable,
1565 4c43e25d11ea fix English grammar Igor Sysoev <igor@sysoev.ru> parents: 1310 diff changeset	193 (uintptr_t) ngx_ssl_get_cipher_name, NGX_HTTP_VAR_CHANGEABLE, 0 },
611 3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	194
3154 823f72db46c0 $ssl_session_id Igor Sysoev <igor@sysoev.ru> parents: 3140 diff changeset	195 { ngx_string("ssl_session_id"), NULL, ngx_http_ssl_variable,
823f72db46c0 $ssl_session_id Igor Sysoev <igor@sysoev.ru> parents: 3140 diff changeset	196 (uintptr_t) ngx_ssl_get_session_id, NGX_HTTP_VAR_CHANGEABLE, 0 },
823f72db46c0 $ssl_session_id Igor Sysoev <igor@sysoev.ru> parents: 3140 diff changeset	197
2045 2b11822b12d6 $ssl_client_cert Igor Sysoev <igor@sysoev.ru> parents: 2044 diff changeset	198 { ngx_string("ssl_client_cert"), NULL, ngx_http_ssl_variable,
2b11822b12d6 $ssl_client_cert Igor Sysoev <igor@sysoev.ru> parents: 2044 diff changeset	199 (uintptr_t) ngx_ssl_get_certificate, NGX_HTTP_VAR_CHANGEABLE, 0 },
2b11822b12d6 $ssl_client_cert Igor Sysoev <igor@sysoev.ru> parents: 2044 diff changeset	200
2123 9697407e9ecb ) ssl_verify_client ask Igor Sysoev <igor@sysoev.ru>* parents: 2045 diff changeset	201 { ngx_string("ssl_client_raw_cert"), NULL, ngx_http_ssl_variable,
9697407e9ecb ) ssl_verify_client ask Igor Sysoev <igor@sysoev.ru>* parents: 2045 diff changeset	202 (uintptr_t) ngx_ssl_get_raw_certificate,
9697407e9ecb ) ssl_verify_client ask Igor Sysoev <igor@sysoev.ru>* parents: 2045 diff changeset	203 NGX_HTTP_VAR_CHANGEABLE, 0 },
9697407e9ecb ) ssl_verify_client ask Igor Sysoev <igor@sysoev.ru>* parents: 2045 diff changeset	204
671 cec32b3753ac nginx-0.3.57-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 669 diff changeset	205 { ngx_string("ssl_client_s_dn"), NULL, ngx_http_ssl_variable,
1565 4c43e25d11ea fix English grammar Igor Sysoev <igor@sysoev.ru> parents: 1310 diff changeset	206 (uintptr_t) ngx_ssl_get_subject_dn, NGX_HTTP_VAR_CHANGEABLE, 0 },
647 95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	207
671 cec32b3753ac nginx-0.3.57-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 669 diff changeset	208 { ngx_string("ssl_client_i_dn"), NULL, ngx_http_ssl_variable,
1565 4c43e25d11ea fix English grammar Igor Sysoev <igor@sysoev.ru> parents: 1310 diff changeset	209 (uintptr_t) ngx_ssl_get_issuer_dn, NGX_HTTP_VAR_CHANGEABLE, 0 },
671 cec32b3753ac nginx-0.3.57-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 669 diff changeset	210
cec32b3753ac nginx-0.3.57-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 669 diff changeset	211 { ngx_string("ssl_client_serial"), NULL, ngx_http_ssl_variable,
1565 4c43e25d11ea fix English grammar Igor Sysoev <igor@sysoev.ru> parents: 1310 diff changeset	212 (uintptr_t) ngx_ssl_get_serial_number, NGX_HTTP_VAR_CHANGEABLE, 0 },
647 95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	213
2994 f33c48457d0c ) $ssl_client_verify Igor Sysoev <igor@sysoev.ru>* parents: 2912 diff changeset	214 { ngx_string("ssl_client_verify"), NULL, ngx_http_ssl_variable,
f33c48457d0c ) $ssl_client_verify Igor Sysoev <igor@sysoev.ru>* parents: 2912 diff changeset	215 (uintptr_t) ngx_ssl_get_client_verify, NGX_HTTP_VAR_CHANGEABLE, 0 },
f33c48457d0c ) $ssl_client_verify Igor Sysoev <igor@sysoev.ru>* parents: 2912 diff changeset	216
637 e60fe4cf1d4e nginx-0.3.40-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 611 diff changeset	217 { ngx_null_string, NULL, NULL, 0, 0, 0 }
611 3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	218 };
3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	219
3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	220
974 8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 973 diff changeset	221 static ngx_str_t ngx_http_ssl_sess_id_ctx = ngx_string("HTTP");
973 e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	222
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	223
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	224 static ngx_int_t
671 cec32b3753ac nginx-0.3.57-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 669 diff changeset	225 ngx_http_ssl_static_variable(ngx_http_request_t *r,
611 3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	226 ngx_http_variable_value_t *v, uintptr_t data)
3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	227 {
671 cec32b3753ac nginx-0.3.57-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 669 diff changeset	228 ngx_ssl_variable_handler_pt handler = (ngx_ssl_variable_handler_pt) data;
611 3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	229
1310 33d6c994a0b2 Sun Studio on sparc uses different bit order Igor Sysoev <igor@sysoev.ru> parents: 1219 diff changeset	230 size_t len;
33d6c994a0b2 Sun Studio on sparc uses different bit order Igor Sysoev <igor@sysoev.ru> parents: 1219 diff changeset	231 ngx_str_t s;
611 3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	232
3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	233 if (r->connection->ssl) {
3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	234
1310 33d6c994a0b2 Sun Studio on sparc uses different bit order Igor Sysoev <igor@sysoev.ru> parents: 1219 diff changeset	235 (void) handler(r->connection, NULL, &s);
33d6c994a0b2 Sun Studio on sparc uses different bit order Igor Sysoev <igor@sysoev.ru> parents: 1219 diff changeset	236
33d6c994a0b2 Sun Studio on sparc uses different bit order Igor Sysoev <igor@sysoev.ru> parents: 1219 diff changeset	237 v->data = s.data;
611 3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	238
671 cec32b3753ac nginx-0.3.57-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 669 diff changeset	239 for (len = 0; v->data[len]; len++) { /* void */ }
611 3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	240
3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	241 v->len = len;
3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	242 v->valid = 1;
1565 4c43e25d11ea fix English grammar Igor Sysoev <igor@sysoev.ru> parents: 1310 diff changeset	243 v->no_cacheable = 0;
611 3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	244 v->not_found = 0;
3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	245
3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	246 return NGX_OK;
3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	247 }
3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	248
3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	249 v->not_found = 1;
3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	250
3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	251 return NGX_OK;
3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	252 }
3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	253
3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	254
3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	255 static ngx_int_t
671 cec32b3753ac nginx-0.3.57-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 669 diff changeset	256 ngx_http_ssl_variable(ngx_http_request_t r, ngx_http_variable_value_t v,
647 95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	257 uintptr_t data)
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	258 {
671 cec32b3753ac nginx-0.3.57-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 669 diff changeset	259 ngx_ssl_variable_handler_pt handler = (ngx_ssl_variable_handler_pt) data;
647 95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	260
1310 33d6c994a0b2 Sun Studio on sparc uses different bit order Igor Sysoev <igor@sysoev.ru> parents: 1219 diff changeset	261 ngx_str_t s;
33d6c994a0b2 Sun Studio on sparc uses different bit order Igor Sysoev <igor@sysoev.ru> parents: 1219 diff changeset	262
647 95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	263 if (r->connection->ssl) {
1310 33d6c994a0b2 Sun Studio on sparc uses different bit order Igor Sysoev <igor@sysoev.ru> parents: 1219 diff changeset	264
33d6c994a0b2 Sun Studio on sparc uses different bit order Igor Sysoev <igor@sysoev.ru> parents: 1219 diff changeset	265 if (handler(r->connection, r->pool, &s) != NGX_OK) {
647 95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	266 return NGX_ERROR;
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	267 }
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	268
1310 33d6c994a0b2 Sun Studio on sparc uses different bit order Igor Sysoev <igor@sysoev.ru> parents: 1219 diff changeset	269 v->len = s.len;
33d6c994a0b2 Sun Studio on sparc uses different bit order Igor Sysoev <igor@sysoev.ru> parents: 1219 diff changeset	270 v->data = s.data;
33d6c994a0b2 Sun Studio on sparc uses different bit order Igor Sysoev <igor@sysoev.ru> parents: 1219 diff changeset	271
647 95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	272 if (v->len) {
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	273 v->valid = 1;
1565 4c43e25d11ea fix English grammar Igor Sysoev <igor@sysoev.ru> parents: 1310 diff changeset	274 v->no_cacheable = 0;
647 95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	275 v->not_found = 0;
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	276
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	277 return NGX_OK;
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	278 }
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	279 }
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	280
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	281 v->not_found = 1;
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	282
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	283 return NGX_OK;
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	284 }
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	285
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	286
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	287 static ngx_int_t
611 3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	288 ngx_http_ssl_add_variables(ngx_conf_t *cf)
3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	289 {
3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	290 ngx_http_variable_t var, v;
3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	291
3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	292 for (v = ngx_http_ssl_vars; v->name.len; v++) {
3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	293 var = ngx_http_add_variable(cf, &v->name, v->flags);
3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	294 if (var == NULL) {
3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	295 return NGX_ERROR;
3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	296 }
3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	297
637 e60fe4cf1d4e nginx-0.3.40-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 611 diff changeset	298 var->get_handler = v->get_handler;
611 3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	299 var->data = v->data;
3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	300 }
3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	301
3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	302 return NGX_OK;
3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	303 }
3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	304
3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	305
501 d4ea69372b94 nginx-0.1.25-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 485 diff changeset	306 static void *
d4ea69372b94 nginx-0.1.25-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 485 diff changeset	307 ngx_http_ssl_create_srv_conf(ngx_conf_t *cf)
383 c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	308 {
971 948acd940145 style fix: scf > sscf Igor Sysoev <igor@sysoev.ru> parents: 970 diff changeset	309 ngx_http_ssl_srv_conf_t *sscf;
383 c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	310
971 948acd940145 style fix: scf > sscf Igor Sysoev <igor@sysoev.ru> parents: 970 diff changeset	311 sscf = ngx_pcalloc(cf->pool, sizeof(ngx_http_ssl_srv_conf_t));
948acd940145 style fix: scf > sscf Igor Sysoev <igor@sysoev.ru> parents: 970 diff changeset	312 if (sscf == NULL) {
2912 c7d57b539248 return NULL instead of NGX_CONF_ERROR on a create conf failure Igor Sysoev <igor@sysoev.ru> parents: 2716 diff changeset	313 return NULL;
383 c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	314 }
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	315
479 c52408583801 nginx-0.1.14-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 444 diff changeset	316 /*
c52408583801 nginx-0.1.14-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 444 diff changeset	317 * set by ngx_pcalloc():
c52408583801 nginx-0.1.14-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 444 diff changeset	318 *
971 948acd940145 style fix: scf > sscf Igor Sysoev <igor@sysoev.ru> parents: 970 diff changeset	319 * sscf->protocols = 0;
2044 f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	320 * sscf->certificate = { 0, NULL };
f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	321 * sscf->certificate_key = { 0, NULL };
f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	322 * sscf->dhparam = { 0, NULL };
3960 0832a6997227 ECDHE support Igor Sysoev <igor@sysoev.ru> parents: 3959 diff changeset	323 * sscf->ecdh_curve = { 0, NULL };
2044 f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	324 * sscf->client_certificate = { 0, NULL };
2995 cc07d164f0dc ssl_crl Igor Sysoev <igor@sysoev.ru> parents: 2994 diff changeset	325 * sscf->crl = { 0, NULL };
3516 dd1570b6f237 ngx_str_set() and ngx_str_null() Igor Sysoev <igor@sysoev.ru> parents: 3209 diff changeset	326 * sscf->ciphers = { 0, NULL };
973 e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	327 * sscf->shm_zone = NULL;
479 c52408583801 nginx-0.1.14-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 444 diff changeset	328 */
c52408583801 nginx-0.1.14-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 444 diff changeset	329
971 948acd940145 style fix: scf > sscf Igor Sysoev <igor@sysoev.ru> parents: 970 diff changeset	330 sscf->enable = NGX_CONF_UNSET;
2123 9697407e9ecb ) ssl_verify_client ask Igor Sysoev <igor@sysoev.ru>* parents: 2045 diff changeset	331 sscf->prefer_server_ciphers = NGX_CONF_UNSET;
2710 218ee852de73 fix building by MSVC8 Igor Sysoev <igor@sysoev.ru> parents: 2224 diff changeset	332 sscf->verify = NGX_CONF_UNSET_UINT;
218ee852de73 fix building by MSVC8 Igor Sysoev <igor@sysoev.ru> parents: 2224 diff changeset	333 sscf->verify_depth = NGX_CONF_UNSET_UINT;
973 e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	334 sscf->builtin_session_cache = NGX_CONF_UNSET;
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	335 sscf->session_timeout = NGX_CONF_UNSET;
383 c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	336
971 948acd940145 style fix: scf > sscf Igor Sysoev <igor@sysoev.ru> parents: 970 diff changeset	337 return sscf;
383 c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	338 }
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	339
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	340
501 d4ea69372b94 nginx-0.1.25-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 485 diff changeset	341 static char *
d4ea69372b94 nginx-0.1.25-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 485 diff changeset	342 ngx_http_ssl_merge_srv_conf(ngx_conf_t cf, void parent, void *child)
383 c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	343 {
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	344 ngx_http_ssl_srv_conf_t *prev = parent;
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	345 ngx_http_ssl_srv_conf_t *conf = child;
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	346
563 9c2f3ed7a247 nginx-0.3.3-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 547 diff changeset	347 ngx_pool_cleanup_t *cln;
9c2f3ed7a247 nginx-0.3.3-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 547 diff changeset	348
383 c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	349 ngx_conf_merge_value(conf->enable, prev->enable, 0);
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	350
573 58475592100c nginx-0.3.8-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 563 diff changeset	351 ngx_conf_merge_value(conf->session_timeout,
58475592100c nginx-0.3.8-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 563 diff changeset	352 prev->session_timeout, 300);
58475592100c nginx-0.3.8-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 563 diff changeset	353
547 818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	354 ngx_conf_merge_value(conf->prefer_server_ciphers,
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	355 prev->prefer_server_ciphers, 0);
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	356
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	357 ngx_conf_merge_bitmask_value(conf->protocols, prev->protocols,
3190 dd2ae3872634 disable SSLv2 and low ciphers by default Igor Sysoev <igor@sysoev.ru> parents: 3154 diff changeset	358 (NGX_CONF_BITMASK_SET\|NGX_SSL_SSLv3\|NGX_SSL_TLSv1));
547 818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	359
2123 9697407e9ecb ) ssl_verify_client ask Igor Sysoev <igor@sysoev.ru>* parents: 2045 diff changeset	360 ngx_conf_merge_uint_value(conf->verify, prev->verify, 0);
9697407e9ecb ) ssl_verify_client ask Igor Sysoev <igor@sysoev.ru>* parents: 2045 diff changeset	361 ngx_conf_merge_uint_value(conf->verify_depth, prev->verify_depth, 1);
647 95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	362
2224 109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	363 ngx_conf_merge_str_value(conf->certificate, prev->certificate, "");
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	364 ngx_conf_merge_str_value(conf->certificate_key, prev->certificate_key, "");
383 c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	365
2044 f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	366 ngx_conf_merge_str_value(conf->dhparam, prev->dhparam, "");
f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	367
647 95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	368 ngx_conf_merge_str_value(conf->client_certificate, prev->client_certificate,
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	369 "");
2995 cc07d164f0dc ssl_crl Igor Sysoev <igor@sysoev.ru> parents: 2994 diff changeset	370 ngx_conf_merge_str_value(conf->crl, prev->crl, "");
647 95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	371
3960 0832a6997227 ECDHE support Igor Sysoev <igor@sysoev.ru> parents: 3959 diff changeset	372 ngx_conf_merge_str_value(conf->ecdh_curve, prev->ecdh_curve,
0832a6997227 ECDHE support Igor Sysoev <igor@sysoev.ru> parents: 3959 diff changeset	373 NGX_DEFAULT_ECDH_CURVE);
0832a6997227 ECDHE support Igor Sysoev <igor@sysoev.ru> parents: 3959 diff changeset	374
2124 e0b424b98f24 fix typo Igor Sysoev <igor@sysoev.ru> parents: 2123 diff changeset	375 ngx_conf_merge_str_value(conf->ciphers, prev->ciphers, NGX_DEFAULT_CIPHERS);
479 c52408583801 nginx-0.1.14-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 444 diff changeset	376
c52408583801 nginx-0.1.14-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 444 diff changeset	377
547 818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	378 conf->ssl.log = cf->log;
386 fa72605e7089 nginx-0.0.7-2004-07-12-01:03:47 import Igor Sysoev <igor@sysoev.ru> parents: 385 diff changeset	379
2224 109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	380 if (conf->enable) {
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	381
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	382 if (conf->certificate.len == 0) {
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	383 ngx_log_error(NGX_LOG_EMERG, cf->log, 0,
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	384 "no \"ssl_certificate\" is defined for "
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	385 "the \"ssl\" directive in %s:%ui",
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	386 conf->file, conf->line);
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	387 return NGX_CONF_ERROR;
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	388 }
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	389
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	390 if (conf->certificate_key.len == 0) {
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	391 ngx_log_error(NGX_LOG_EMERG, cf->log, 0,
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	392 "no \"ssl_certificate_key\" is defined for "
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	393 "the \"ssl\" directive in %s:%ui",
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	394 conf->file, conf->line);
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	395 return NGX_CONF_ERROR;
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	396 }
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	397
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	398 } else {
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	399
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	400 if (conf->certificate.len == 0) {
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	401 return NGX_CONF_OK;
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	402 }
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	403
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	404 if (conf->certificate_key.len == 0) {
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	405 ngx_log_error(NGX_LOG_EMERG, cf->log, 0,
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	406 "no \"ssl_certificate_key\" is defined "
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	407 "for certificate \"%V\"", &conf->certificate);
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	408 return NGX_CONF_ERROR;
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	409 }
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	410 }
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	411
969 065b39794fff ngx_ssl_get_server_conf() Igor Sysoev <igor@sysoev.ru> parents: 671 diff changeset	412 if (ngx_ssl_create(&conf->ssl, conf->protocols, conf) != NGX_OK) {
386 fa72605e7089 nginx-0.0.7-2004-07-12-01:03:47 import Igor Sysoev <igor@sysoev.ru> parents: 385 diff changeset	413 return NGX_CONF_ERROR;
fa72605e7089 nginx-0.0.7-2004-07-12-01:03:47 import Igor Sysoev <igor@sysoev.ru> parents: 385 diff changeset	414 }
fa72605e7089 nginx-0.0.7-2004-07-12-01:03:47 import Igor Sysoev <igor@sysoev.ru> parents: 385 diff changeset	415
1219 86c5c9288acc SNI support Igor Sysoev <igor@sysoev.ru> parents: 974 diff changeset	416 #ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
86c5c9288acc SNI support Igor Sysoev <igor@sysoev.ru> parents: 974 diff changeset	417
86c5c9288acc SNI support Igor Sysoev <igor@sysoev.ru> parents: 974 diff changeset	418 if (SSL_CTX_set_tlsext_servername_callback(conf->ssl.ctx,
86c5c9288acc SNI support Igor Sysoev <igor@sysoev.ru> parents: 974 diff changeset	419 ngx_http_ssl_servername)
86c5c9288acc SNI support Igor Sysoev <igor@sysoev.ru> parents: 974 diff changeset	420 == 0)
86c5c9288acc SNI support Igor Sysoev <igor@sysoev.ru> parents: 974 diff changeset	421 {
3140 ba9a8ba4207e ) issue warning instead of failure: this is too common case Igor Sysoev <igor@sysoev.ru>* parents: 2996 diff changeset	422 ngx_log_error(NGX_LOG_WARN, cf->log, 0,
3209 b82c623a607e fix typo Igor Sysoev <igor@sysoev.ru> parents: 3196 diff changeset	423 "nginx was built with SNI support, however, now it is linked "
3140 ba9a8ba4207e ) issue warning instead of failure: this is too common case Igor Sysoev <igor@sysoev.ru>* parents: 2996 diff changeset	424 "dynamically to an OpenSSL library which has no tlsext support, "
ba9a8ba4207e ) issue warning instead of failure: this is too common case Igor Sysoev <igor@sysoev.ru>* parents: 2996 diff changeset	425 "therefore SNI is not available");
1219 86c5c9288acc SNI support Igor Sysoev <igor@sysoev.ru> parents: 974 diff changeset	426 }
86c5c9288acc SNI support Igor Sysoev <igor@sysoev.ru> parents: 974 diff changeset	427
86c5c9288acc SNI support Igor Sysoev <igor@sysoev.ru> parents: 974 diff changeset	428 #endif
86c5c9288acc SNI support Igor Sysoev <igor@sysoev.ru> parents: 974 diff changeset	429
563 9c2f3ed7a247 nginx-0.3.3-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 547 diff changeset	430 cln = ngx_pool_cleanup_add(cf->pool, 0);
9c2f3ed7a247 nginx-0.3.3-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 547 diff changeset	431 if (cln == NULL) {
509 9b8c906f6e63 nginx-0.1.29-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 507 diff changeset	432 return NGX_CONF_ERROR;
9b8c906f6e63 nginx-0.1.29-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 507 diff changeset	433 }
9b8c906f6e63 nginx-0.1.29-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 507 diff changeset	434
563 9c2f3ed7a247 nginx-0.3.3-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 547 diff changeset	435 cln->handler = ngx_ssl_cleanup_ctx;
9c2f3ed7a247 nginx-0.3.3-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 547 diff changeset	436 cln->data = &conf->ssl;
9c2f3ed7a247 nginx-0.3.3-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 547 diff changeset	437
9c2f3ed7a247 nginx-0.3.3-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 547 diff changeset	438 if (ngx_ssl_certificate(cf, &conf->ssl, &conf->certificate,
970 35f98a8e275f style fix Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	439 &conf->certificate_key)
35f98a8e275f style fix Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	440 != NGX_OK)
529 e5d7d0334fdb nginx-0.1.39-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 509 diff changeset	441 {
386 fa72605e7089 nginx-0.0.7-2004-07-12-01:03:47 import Igor Sysoev <igor@sysoev.ru> parents: 385 diff changeset	442 return NGX_CONF_ERROR;
fa72605e7089 nginx-0.0.7-2004-07-12-01:03:47 import Igor Sysoev <igor@sysoev.ru> parents: 385 diff changeset	443 }
fa72605e7089 nginx-0.0.7-2004-07-12-01:03:47 import Igor Sysoev <igor@sysoev.ru> parents: 385 diff changeset	444
547 818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	445 if (SSL_CTX_set_cipher_list(conf->ssl.ctx,
563 9c2f3ed7a247 nginx-0.3.3-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 547 diff changeset	446 (const char *) conf->ciphers.data)
9c2f3ed7a247 nginx-0.3.3-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 547 diff changeset	447 == 0)
529 e5d7d0334fdb nginx-0.1.39-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 509 diff changeset	448 {
395 f8f0f1834266 nginx-0.0.7-2004-07-16-21:11:43 import Igor Sysoev <igor@sysoev.ru> parents: 394 diff changeset	449 ngx_ssl_error(NGX_LOG_EMERG, cf->log, 0,
547 818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	450 "SSL_CTX_set_cipher_list(\"%V\") failed",
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	451 &conf->ciphers);
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	452 }
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	453
647 95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	454 if (conf->verify) {
2123 9697407e9ecb ) ssl_verify_client ask Igor Sysoev <igor@sysoev.ru>* parents: 2045 diff changeset	455
9697407e9ecb ) ssl_verify_client ask Igor Sysoev <igor@sysoev.ru>* parents: 2045 diff changeset	456 if (conf->client_certificate.len == 0) {
9697407e9ecb ) ssl_verify_client ask Igor Sysoev <igor@sysoev.ru>* parents: 2045 diff changeset	457 ngx_log_error(NGX_LOG_EMERG, cf->log, 0,
9697407e9ecb ) ssl_verify_client ask Igor Sysoev <igor@sysoev.ru>* parents: 2045 diff changeset	458 "no ssl_client_certificate for ssl_client_verify");
9697407e9ecb ) ssl_verify_client ask Igor Sysoev <igor@sysoev.ru>* parents: 2045 diff changeset	459 return NGX_CONF_ERROR;
9697407e9ecb ) ssl_verify_client ask Igor Sysoev <igor@sysoev.ru>* parents: 2045 diff changeset	460 }
9697407e9ecb ) ssl_verify_client ask Igor Sysoev <igor@sysoev.ru>* parents: 2045 diff changeset	461
671 cec32b3753ac nginx-0.3.57-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 669 diff changeset	462 if (ngx_ssl_client_certificate(cf, &conf->ssl,
970 35f98a8e275f style fix Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	463 &conf->client_certificate,
35f98a8e275f style fix Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	464 conf->verify_depth)
671 cec32b3753ac nginx-0.3.57-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 669 diff changeset	465 != NGX_OK)
cec32b3753ac nginx-0.3.57-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 669 diff changeset	466 {
cec32b3753ac nginx-0.3.57-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 669 diff changeset	467 return NGX_CONF_ERROR;
647 95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	468 }
2995 cc07d164f0dc ssl_crl Igor Sysoev <igor@sysoev.ru> parents: 2994 diff changeset	469
cc07d164f0dc ssl_crl Igor Sysoev <igor@sysoev.ru> parents: 2994 diff changeset	470 if (ngx_ssl_crl(cf, &conf->ssl, &conf->crl) != NGX_OK) {
cc07d164f0dc ssl_crl Igor Sysoev <igor@sysoev.ru> parents: 2994 diff changeset	471 return NGX_CONF_ERROR;
cc07d164f0dc ssl_crl Igor Sysoev <igor@sysoev.ru> parents: 2994 diff changeset	472 }
647 95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	473 }
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	474
547 818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	475 if (conf->prefer_server_ciphers) {
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	476 SSL_CTX_set_options(conf->ssl.ctx, SSL_OP_CIPHER_SERVER_PREFERENCE);
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	477 }
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	478
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	479 /* a temporary 512-bit RSA key is required for export versions of MSIE */
3959 b1f48fa31e6c MSIE export versions are rare now, so RSA 512 key is generated on demand Igor Sysoev <igor@sysoev.ru> parents: 3938 diff changeset	480 SSL_CTX_set_tmp_rsa_callback(conf->ssl.ctx, ngx_ssl_rsa512_key_callback);
386 fa72605e7089 nginx-0.0.7-2004-07-12-01:03:47 import Igor Sysoev <igor@sysoev.ru> parents: 385 diff changeset	481
2044 f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	482 if (ngx_ssl_dhparam(cf, &conf->ssl, &conf->dhparam) != NGX_OK) {
f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	483 return NGX_CONF_ERROR;
f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	484 }
f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	485
3960 0832a6997227 ECDHE support Igor Sysoev <igor@sysoev.ru> parents: 3959 diff changeset	486 if (ngx_ssl_ecdh_curve(cf, &conf->ssl, &conf->ecdh_curve) != NGX_OK) {
0832a6997227 ECDHE support Igor Sysoev <igor@sysoev.ru> parents: 3959 diff changeset	487 return NGX_CONF_ERROR;
0832a6997227 ECDHE support Igor Sysoev <igor@sysoev.ru> parents: 3959 diff changeset	488 }
0832a6997227 ECDHE support Igor Sysoev <igor@sysoev.ru> parents: 3959 diff changeset	489
973 e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	490 ngx_conf_merge_value(conf->builtin_session_cache,
2032 12b3ad3353f9 ssl_session_cache none Igor Sysoev <igor@sysoev.ru> parents: 1778 diff changeset	491 prev->builtin_session_cache, NGX_SSL_NONE_SCACHE);
973 e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	492
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	493 if (conf->shm_zone == NULL) {
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	494 conf->shm_zone = prev->shm_zone;
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	495 }
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	496
974 8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 973 diff changeset	497 if (ngx_ssl_session_cache(&conf->ssl, &ngx_http_ssl_sess_id_ctx,
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 973 diff changeset	498 conf->builtin_session_cache,
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 973 diff changeset	499 conf->shm_zone, conf->session_timeout)
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 973 diff changeset	500 != NGX_OK)
973 e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	501 {
974 8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 973 diff changeset	502 return NGX_CONF_ERROR;
973 e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	503 }
573 58475592100c nginx-0.3.8-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 563 diff changeset	504
383 c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	505 return NGX_CONF_OK;
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	506 }
563 9c2f3ed7a247 nginx-0.3.3-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 547 diff changeset	507
9c2f3ed7a247 nginx-0.3.3-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 547 diff changeset	508
973 e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	509 static char *
2224 109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	510 ngx_http_ssl_enable(ngx_conf_t cf, ngx_command_t cmd, void *conf)
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	511 {
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	512 ngx_http_ssl_srv_conf_t *sscf = conf;
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	513
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	514 char *rv;
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	515
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	516 rv = ngx_conf_set_flag_slot(cf, cmd, conf);
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	517
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	518 if (rv != NGX_CONF_OK) {
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	519 return rv;
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	520 }
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	521
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	522 sscf->file = cf->conf_file->file.name.data;
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	523 sscf->line = cf->conf_file->line;
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	524
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	525 return NGX_CONF_OK;
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	526 }
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	527
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	528
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	529 static char *
973 e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	530 ngx_http_ssl_session_cache(ngx_conf_t cf, ngx_command_t cmd, void *conf)
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	531 {
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	532 ngx_http_ssl_srv_conf_t *sscf = conf;
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	533
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	534 size_t len;
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	535 ngx_str_t *value, name, size;
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	536 ngx_int_t n;
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	537 ngx_uint_t i, j;
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	538
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	539 value = cf->args->elts;
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	540
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	541 for (i = 1; i < cf->args->nelts; i++) {
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	542
1778 14510c3cc6cb ssl_session_cache off Igor Sysoev <igor@sysoev.ru> parents: 1565 diff changeset	543 if (ngx_strcmp(value[i].data, "off") == 0) {
14510c3cc6cb ssl_session_cache off Igor Sysoev <igor@sysoev.ru> parents: 1565 diff changeset	544 sscf->builtin_session_cache = NGX_SSL_NO_SCACHE;
14510c3cc6cb ssl_session_cache off Igor Sysoev <igor@sysoev.ru> parents: 1565 diff changeset	545 continue;
14510c3cc6cb ssl_session_cache off Igor Sysoev <igor@sysoev.ru> parents: 1565 diff changeset	546 }
14510c3cc6cb ssl_session_cache off Igor Sysoev <igor@sysoev.ru> parents: 1565 diff changeset	547
2032 12b3ad3353f9 ssl_session_cache none Igor Sysoev <igor@sysoev.ru> parents: 1778 diff changeset	548 if (ngx_strcmp(value[i].data, "none") == 0) {
12b3ad3353f9 ssl_session_cache none Igor Sysoev <igor@sysoev.ru> parents: 1778 diff changeset	549 sscf->builtin_session_cache = NGX_SSL_NONE_SCACHE;
12b3ad3353f9 ssl_session_cache none Igor Sysoev <igor@sysoev.ru> parents: 1778 diff changeset	550 continue;
12b3ad3353f9 ssl_session_cache none Igor Sysoev <igor@sysoev.ru> parents: 1778 diff changeset	551 }
12b3ad3353f9 ssl_session_cache none Igor Sysoev <igor@sysoev.ru> parents: 1778 diff changeset	552
973 e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	553 if (ngx_strcmp(value[i].data, "builtin") == 0) {
974 8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 973 diff changeset	554 sscf->builtin_session_cache = NGX_SSL_DFLT_BUILTIN_SCACHE;
973 e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	555 continue;
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	556 }
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	557
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	558 if (value[i].len > sizeof("builtin:") - 1
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	559 && ngx_strncmp(value[i].data, "builtin:", sizeof("builtin:") - 1)
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	560 == 0)
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	561 {
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	562 n = ngx_atoi(value[i].data + sizeof("builtin:") - 1,
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	563 value[i].len - (sizeof("builtin:") - 1));
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	564
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	565 if (n == NGX_ERROR) {
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	566 goto invalid;
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	567 }
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	568
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	569 sscf->builtin_session_cache = n;
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	570
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	571 continue;
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	572 }
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	573
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	574 if (value[i].len > sizeof("shared:") - 1
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	575 && ngx_strncmp(value[i].data, "shared:", sizeof("shared:") - 1)
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	576 == 0)
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	577 {
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	578 len = 0;
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	579
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	580 for (j = sizeof("shared:") - 1; j < value[i].len; j++) {
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	581 if (value[i].data[j] == ':') {
2716 d5896f6608e8 move zone name from ngx_shm_zone_t to ngx_shm_t to use Win32 shared memory Igor Sysoev <igor@sysoev.ru> parents: 2710 diff changeset	582 value[i].data[j] = '\0';
973 e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	583 break;
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	584 }
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	585
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	586 len++;
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	587 }
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	588
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	589 if (len == 0) {
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	590 goto invalid;
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	591 }
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	592
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	593 name.len = len;
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	594 name.data = value[i].data + sizeof("shared:") - 1;
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	595
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	596 size.len = value[i].len - j - 1;
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	597 size.data = name.data + len + 1;
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	598
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	599 n = ngx_parse_size(&size);
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	600
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	601 if (n == NGX_ERROR) {
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	602 goto invalid;
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	603 }
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	604
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	605 if (n < (ngx_int_t) (8 * ngx_pagesize)) {
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	606 ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
974 8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 973 diff changeset	607 "session cache \"%V\" is too small",
973 e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	608 &value[i]);
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	609
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	610 return NGX_CONF_ERROR;
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	611 }
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	612
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	613 sscf->shm_zone = ngx_shared_memory_add(cf, &name, n,
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	614 &ngx_http_ssl_module);
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	615 if (sscf->shm_zone == NULL) {
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	616 return NGX_CONF_ERROR;
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	617 }
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	618
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	619 continue;
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	620 }
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	621
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	622 goto invalid;
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	623 }
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	624
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	625 if (sscf->shm_zone && sscf->builtin_session_cache == NGX_CONF_UNSET) {
974 8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 973 diff changeset	626 sscf->builtin_session_cache = NGX_SSL_NO_BUILTIN_SCACHE;
973 e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	627 }
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	628
3992 a1dd9dc754ab A new fix for the case when ssl_session_cache defined, but ssl is not Igor Sysoev <igor@sysoev.ru> parents: 3960 diff changeset	629 sscf->shm_zone->init = ngx_ssl_session_cache_init;
a1dd9dc754ab A new fix for the case when ssl_session_cache defined, but ssl is not Igor Sysoev <igor@sysoev.ru> parents: 3960 diff changeset	630
973 e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	631 return NGX_CONF_OK;
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	632
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	633 invalid:
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	634
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	635 ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	636 "invalid session cache \"%V\"", &value[i]);
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	637
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	638 return NGX_CONF_ERROR;
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	639 }

Mercurial > hg > nginx

annotate src/http/modules/ngx_http_ssl_module.c @ 3992:a1dd9dc754ab