nginx: src/event/ngx_event_openssl.c annotate

annotate src/event/ngx_event_openssl.c @ 4580:ae60a1085c82

Access module: fixed inheritance of allow/deny ipv6 rules. Previous (incorrect) behaviour was to inherit ipv6 rules separately from ipv4 ones. Now all rules are either inherited (if there are no rules defined at current level) or not (if there are any rules defined).

author	Maxim Dounin <mdounin@mdounin.ru>
date	Tue, 10 Apr 2012 13:25:53 +0000
parents	67653855682e
children	e813c113ef19

rev	line source
441 da8c5707af39 nginx-0.1.0-2004-09-28-12:34:51 import; set copyright and remove unused files Igor Sysoev <igor@sysoev.ru> parents: 399 diff changeset	1
da8c5707af39 nginx-0.1.0-2004-09-28-12:34:51 import; set copyright and remove unused files Igor Sysoev <igor@sysoev.ru> parents: 399 diff changeset	2 /*
444 42d11f017717 nginx-0.1.0-2004-09-29-20:00:49 import; remove years from copyright Igor Sysoev <igor@sysoev.ru> parents: 441 diff changeset	3 * Copyright (C) Igor Sysoev
4412 d620f497c50f Copyright updated. Maxim Konovalov <maxim@nginx.com> parents: 4400 diff changeset	4 * Copyright (C) Nginx, Inc.
441 da8c5707af39 nginx-0.1.0-2004-09-28-12:34:51 import; set copyright and remove unused files Igor Sysoev <igor@sysoev.ru> parents: 399 diff changeset	5 */
da8c5707af39 nginx-0.1.0-2004-09-28-12:34:51 import; set copyright and remove unused files Igor Sysoev <igor@sysoev.ru> parents: 399 diff changeset	6
394 e7a68e14ccd3 nginx-0.0.7-2004-07-16-10:33:35 import Igor Sysoev <igor@sysoev.ru> parents: 393 diff changeset	7
393 5659d773cfa8 nginx-0.0.7-2004-07-15-20:35:51 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	8 #include <ngx_config.h>
5659d773cfa8 nginx-0.0.7-2004-07-15-20:35:51 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	9 #include <ngx_core.h>
394 e7a68e14ccd3 nginx-0.0.7-2004-07-16-10:33:35 import Igor Sysoev <igor@sysoev.ru> parents: 393 diff changeset	10 #include <ngx_event.h>
393 5659d773cfa8 nginx-0.0.7-2004-07-15-20:35:51 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	11
541 b09ee85d0ac8 nginx-0.1.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 539 diff changeset	12
b09ee85d0ac8 nginx-0.1.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 539 diff changeset	13 typedef struct {
2504 9e9a985d956a load SSL engine before certificates, Igor Sysoev <igor@sysoev.ru> parents: 2388 diff changeset	14 ngx_uint_t engine; /* unsigned engine:1; */
541 b09ee85d0ac8 nginx-0.1.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 539 diff changeset	15 } ngx_openssl_conf_t;
479 c52408583801 nginx-0.1.14-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 473 diff changeset	16
393 5659d773cfa8 nginx-0.0.7-2004-07-15-20:35:51 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	17
671 cec32b3753ac nginx-0.3.57-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 647 diff changeset	18 static int ngx_http_ssl_verify_callback(int ok, X509_STORE_CTX *x509_store);
3300 5a08dfb8d763 disable SSL renegotiation (CVE-2009-3555) Igor Sysoev <igor@sysoev.ru> parents: 3283 diff changeset	19 static void ngx_ssl_info_callback(const ngx_ssl_conn_t *ssl_conn, int where,
5a08dfb8d763 disable SSL renegotiation (CVE-2009-3555) Igor Sysoev <igor@sysoev.ru> parents: 3283 diff changeset	20 int ret);
547 818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	21 static void ngx_ssl_handshake_handler(ngx_event_t *ev);
489 45a460f82aec nginx-0.1.19-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 479 diff changeset	22 static ngx_int_t ngx_ssl_handle_recv(ngx_connection_t *c, int n);
473 8e8f3af115b5 nginx-0.1.11-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 469 diff changeset	23 static void ngx_ssl_write_handler(ngx_event_t *wev);
8e8f3af115b5 nginx-0.1.11-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 469 diff changeset	24 static void ngx_ssl_read_handler(ngx_event_t *rev);
577 4d9ea73a627a nginx-0.3.10-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 571 diff changeset	25 static void ngx_ssl_shutdown_handler(ngx_event_t *ev);
547 818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	26 static void ngx_ssl_connection_error(ngx_connection_t *c, int sslerr,
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	27 ngx_err_t err, char *text);
1755 59e36c1c6296 cleaning stale global SSL error Igor Sysoev <igor@sysoev.ru> parents: 1754 diff changeset	28 static void ngx_ssl_clear_error(ngx_log_t *log);
974 8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	29
3992 a1dd9dc754ab A new fix for the case when ssl_session_cache defined, but ssl is not Igor Sysoev <igor@sysoev.ru> parents: 3962 diff changeset	30 ngx_int_t ngx_ssl_session_cache_init(ngx_shm_zone_t shm_zone, void data);
974 8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	31 static int ngx_ssl_new_session(ngx_ssl_conn_t *ssl_conn,
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	32 ngx_ssl_session_t *sess);
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	33 static ngx_ssl_session_t ngx_ssl_get_cached_session(ngx_ssl_conn_t ssl_conn,
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	34 u_char id, int len, int copy);
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	35 static void ngx_ssl_remove_session(SSL_CTX ssl, ngx_ssl_session_t sess);
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	36 static void ngx_ssl_expire_sessions(ngx_ssl_session_cache_t *cache,
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	37 ngx_slab_pool_t *shpool, ngx_uint_t n);
1027 ff07ccfaad50 fix duplicate rbtree keys case Igor Sysoev <igor@sysoev.ru> parents: 1025 diff changeset	38 static void ngx_ssl_session_rbtree_insert_value(ngx_rbtree_node_t *temp,
ff07ccfaad50 fix duplicate rbtree keys case Igor Sysoev <igor@sysoev.ru> parents: 1025 diff changeset	39 ngx_rbtree_node_t node, ngx_rbtree_node_t sentinel);
974 8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	40
541 b09ee85d0ac8 nginx-0.1.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 539 diff changeset	41 static void ngx_openssl_create_conf(ngx_cycle_t cycle);
2504 9e9a985d956a load SSL engine before certificates, Igor Sysoev <igor@sysoev.ru> parents: 2388 diff changeset	42 static char ngx_openssl_engine(ngx_conf_t cf, ngx_command_t cmd, void conf);
571 458b6c3fea65 nginx-0.3.7-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 563 diff changeset	43 static void ngx_openssl_exit(ngx_cycle_t *cycle);
541 b09ee85d0ac8 nginx-0.1.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 539 diff changeset	44
b09ee85d0ac8 nginx-0.1.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 539 diff changeset	45
b09ee85d0ac8 nginx-0.1.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 539 diff changeset	46 static ngx_command_t ngx_openssl_commands[] = {
b09ee85d0ac8 nginx-0.1.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 539 diff changeset	47
b09ee85d0ac8 nginx-0.1.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 539 diff changeset	48 { ngx_string("ssl_engine"),
b09ee85d0ac8 nginx-0.1.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 539 diff changeset	49 NGX_MAIN_CONF\|NGX_DIRECT_CONF\|NGX_CONF_TAKE1,
2504 9e9a985d956a load SSL engine before certificates, Igor Sysoev <igor@sysoev.ru> parents: 2388 diff changeset	50 ngx_openssl_engine,
541 b09ee85d0ac8 nginx-0.1.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 539 diff changeset	51 0,
2504 9e9a985d956a load SSL engine before certificates, Igor Sysoev <igor@sysoev.ru> parents: 2388 diff changeset	52 0,
541 b09ee85d0ac8 nginx-0.1.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 539 diff changeset	53 NULL },
b09ee85d0ac8 nginx-0.1.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 539 diff changeset	54
b09ee85d0ac8 nginx-0.1.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 539 diff changeset	55 ngx_null_command
b09ee85d0ac8 nginx-0.1.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 539 diff changeset	56 };
b09ee85d0ac8 nginx-0.1.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 539 diff changeset	57
b09ee85d0ac8 nginx-0.1.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 539 diff changeset	58
b09ee85d0ac8 nginx-0.1.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 539 diff changeset	59 static ngx_core_module_t ngx_openssl_module_ctx = {
b09ee85d0ac8 nginx-0.1.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 539 diff changeset	60 ngx_string("openssl"),
b09ee85d0ac8 nginx-0.1.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 539 diff changeset	61 ngx_openssl_create_conf,
2504 9e9a985d956a load SSL engine before certificates, Igor Sysoev <igor@sysoev.ru> parents: 2388 diff changeset	62 NULL
577 4d9ea73a627a nginx-0.3.10-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 571 diff changeset	63 };
541 b09ee85d0ac8 nginx-0.1.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 539 diff changeset	64
b09ee85d0ac8 nginx-0.1.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 539 diff changeset	65
b09ee85d0ac8 nginx-0.1.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 539 diff changeset	66 ngx_module_t ngx_openssl_module = {
b09ee85d0ac8 nginx-0.1.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 539 diff changeset	67 NGX_MODULE_V1,
b09ee85d0ac8 nginx-0.1.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 539 diff changeset	68 &ngx_openssl_module_ctx, /* module context */
b09ee85d0ac8 nginx-0.1.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 539 diff changeset	69 ngx_openssl_commands, /* module directives */
b09ee85d0ac8 nginx-0.1.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 539 diff changeset	70 NGX_CORE_MODULE, /* module type */
b09ee85d0ac8 nginx-0.1.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 539 diff changeset	71 NULL, /* init master */
b09ee85d0ac8 nginx-0.1.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 539 diff changeset	72 NULL, /* init module */
b09ee85d0ac8 nginx-0.1.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 539 diff changeset	73 NULL, /* init process */
b09ee85d0ac8 nginx-0.1.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 539 diff changeset	74 NULL, /* init thread */
b09ee85d0ac8 nginx-0.1.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 539 diff changeset	75 NULL, /* exit thread */
b09ee85d0ac8 nginx-0.1.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 539 diff changeset	76 NULL, /* exit process */
571 458b6c3fea65 nginx-0.3.7-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 563 diff changeset	77 ngx_openssl_exit, /* exit master */
541 b09ee85d0ac8 nginx-0.1.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 539 diff changeset	78 NGX_MODULE_V1_PADDING
547 818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	79 };
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	80
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	81
969 065b39794fff ngx_ssl_get_server_conf() Igor Sysoev <igor@sysoev.ru> parents: 968 diff changeset	82 int ngx_ssl_connection_index;
065b39794fff ngx_ssl_get_server_conf() Igor Sysoev <igor@sysoev.ru> parents: 968 diff changeset	83 int ngx_ssl_server_conf_index;
974 8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	84 int ngx_ssl_session_cache_index;
671 cec32b3753ac nginx-0.3.57-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 647 diff changeset	85
cec32b3753ac nginx-0.3.57-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 647 diff changeset	86
489 45a460f82aec nginx-0.1.19-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 479 diff changeset	87 ngx_int_t
45a460f82aec nginx-0.1.19-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 479 diff changeset	88 ngx_ssl_init(ngx_log_t *log)
393 5659d773cfa8 nginx-0.0.7-2004-07-15-20:35:51 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	89 {
968 1b60ecc8cdb7 OPENSSL_config() Igor Sysoev <igor@sysoev.ru> parents: 671 diff changeset	90 OPENSSL_config(NULL);
1b60ecc8cdb7 OPENSSL_config() Igor Sysoev <igor@sysoev.ru> parents: 671 diff changeset	91
393 5659d773cfa8 nginx-0.0.7-2004-07-15-20:35:51 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	92 SSL_library_init();
5659d773cfa8 nginx-0.0.7-2004-07-15-20:35:51 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	93 SSL_load_error_strings();
541 b09ee85d0ac8 nginx-0.1.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 539 diff changeset	94
3464 7f99ce2247f9 add OpenSSL_add_all_algorithms(), this fixes the error Igor Sysoev <igor@sysoev.ru> parents: 3457 diff changeset	95 OpenSSL_add_all_algorithms();
7f99ce2247f9 add OpenSSL_add_all_algorithms(), this fixes the error Igor Sysoev <igor@sysoev.ru> parents: 3457 diff changeset	96
969 065b39794fff ngx_ssl_get_server_conf() Igor Sysoev <igor@sysoev.ru> parents: 968 diff changeset	97 ngx_ssl_connection_index = SSL_get_ex_new_index(0, NULL, NULL, NULL, NULL);
671 cec32b3753ac nginx-0.3.57-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 647 diff changeset	98
969 065b39794fff ngx_ssl_get_server_conf() Igor Sysoev <igor@sysoev.ru> parents: 968 diff changeset	99 if (ngx_ssl_connection_index == -1) {
671 cec32b3753ac nginx-0.3.57-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 647 diff changeset	100 ngx_ssl_error(NGX_LOG_ALERT, log, 0, "SSL_get_ex_new_index() failed");
cec32b3753ac nginx-0.3.57-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 647 diff changeset	101 return NGX_ERROR;
cec32b3753ac nginx-0.3.57-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 647 diff changeset	102 }
cec32b3753ac nginx-0.3.57-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 647 diff changeset	103
969 065b39794fff ngx_ssl_get_server_conf() Igor Sysoev <igor@sysoev.ru> parents: 968 diff changeset	104 ngx_ssl_server_conf_index = SSL_CTX_get_ex_new_index(0, NULL, NULL, NULL,
065b39794fff ngx_ssl_get_server_conf() Igor Sysoev <igor@sysoev.ru> parents: 968 diff changeset	105 NULL);
065b39794fff ngx_ssl_get_server_conf() Igor Sysoev <igor@sysoev.ru> parents: 968 diff changeset	106 if (ngx_ssl_server_conf_index == -1) {
065b39794fff ngx_ssl_get_server_conf() Igor Sysoev <igor@sysoev.ru> parents: 968 diff changeset	107 ngx_ssl_error(NGX_LOG_ALERT, log, 0,
065b39794fff ngx_ssl_get_server_conf() Igor Sysoev <igor@sysoev.ru> parents: 968 diff changeset	108 "SSL_CTX_get_ex_new_index() failed");
065b39794fff ngx_ssl_get_server_conf() Igor Sysoev <igor@sysoev.ru> parents: 968 diff changeset	109 return NGX_ERROR;
065b39794fff ngx_ssl_get_server_conf() Igor Sysoev <igor@sysoev.ru> parents: 968 diff changeset	110 }
065b39794fff ngx_ssl_get_server_conf() Igor Sysoev <igor@sysoev.ru> parents: 968 diff changeset	111
974 8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	112 ngx_ssl_session_cache_index = SSL_CTX_get_ex_new_index(0, NULL, NULL, NULL,
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	113 NULL);
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	114 if (ngx_ssl_session_cache_index == -1) {
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	115 ngx_ssl_error(NGX_LOG_ALERT, log, 0,
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	116 "SSL_CTX_get_ex_new_index() failed");
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	117 return NGX_ERROR;
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	118 }
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	119
393 5659d773cfa8 nginx-0.0.7-2004-07-15-20:35:51 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	120 return NGX_OK;
5659d773cfa8 nginx-0.0.7-2004-07-15-20:35:51 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	121 }
5659d773cfa8 nginx-0.0.7-2004-07-15-20:35:51 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	122
5659d773cfa8 nginx-0.0.7-2004-07-15-20:35:51 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	123
489 45a460f82aec nginx-0.1.19-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 479 diff changeset	124 ngx_int_t
969 065b39794fff ngx_ssl_get_server_conf() Igor Sysoev <igor@sysoev.ru> parents: 968 diff changeset	125 ngx_ssl_create(ngx_ssl_t ssl, ngx_uint_t protocols, void data)
547 818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	126 {
577 4d9ea73a627a nginx-0.3.10-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 571 diff changeset	127 ssl->ctx = SSL_CTX_new(SSLv23_method());
547 818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	128
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	129 if (ssl->ctx == NULL) {
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	130 ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0, "SSL_CTX_new() failed");
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	131 return NGX_ERROR;
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	132 }
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	133
969 065b39794fff ngx_ssl_get_server_conf() Igor Sysoev <igor@sysoev.ru> parents: 968 diff changeset	134 if (SSL_CTX_set_ex_data(ssl->ctx, ngx_ssl_server_conf_index, data) == 0) {
065b39794fff ngx_ssl_get_server_conf() Igor Sysoev <igor@sysoev.ru> parents: 968 diff changeset	135 ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0,
065b39794fff ngx_ssl_get_server_conf() Igor Sysoev <igor@sysoev.ru> parents: 968 diff changeset	136 "SSL_CTX_set_ex_data() failed");
065b39794fff ngx_ssl_get_server_conf() Igor Sysoev <igor@sysoev.ru> parents: 968 diff changeset	137 return NGX_ERROR;
065b39794fff ngx_ssl_get_server_conf() Igor Sysoev <igor@sysoev.ru> parents: 968 diff changeset	138 }
065b39794fff ngx_ssl_get_server_conf() Igor Sysoev <igor@sysoev.ru> parents: 968 diff changeset	139
577 4d9ea73a627a nginx-0.3.10-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 571 diff changeset	140 /* client side options */
4d9ea73a627a nginx-0.3.10-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 571 diff changeset	141
4d9ea73a627a nginx-0.3.10-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 571 diff changeset	142 SSL_CTX_set_options(ssl->ctx, SSL_OP_MICROSOFT_SESS_ID_BUG);
4d9ea73a627a nginx-0.3.10-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 571 diff changeset	143 SSL_CTX_set_options(ssl->ctx, SSL_OP_NETSCAPE_CHALLENGE_BUG);
4d9ea73a627a nginx-0.3.10-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 571 diff changeset	144
4d9ea73a627a nginx-0.3.10-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 571 diff changeset	145 /* server side options */
563 9c2f3ed7a247 nginx-0.3.3-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 559 diff changeset	146
9c2f3ed7a247 nginx-0.3.3-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 559 diff changeset	147 SSL_CTX_set_options(ssl->ctx, SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG);
9c2f3ed7a247 nginx-0.3.3-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 559 diff changeset	148 SSL_CTX_set_options(ssl->ctx, SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER);
9c2f3ed7a247 nginx-0.3.3-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 559 diff changeset	149
9c2f3ed7a247 nginx-0.3.3-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 559 diff changeset	150 /* this option allow a potential SSL 2.0 rollback (CAN-2005-2969) */
9c2f3ed7a247 nginx-0.3.3-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 559 diff changeset	151 SSL_CTX_set_options(ssl->ctx, SSL_OP_MSIE_SSLV2_RSA_PADDING);
9c2f3ed7a247 nginx-0.3.3-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 559 diff changeset	152
9c2f3ed7a247 nginx-0.3.3-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 559 diff changeset	153 SSL_CTX_set_options(ssl->ctx, SSL_OP_SSLEAY_080_CLIENT_DH_BUG);
9c2f3ed7a247 nginx-0.3.3-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 559 diff changeset	154 SSL_CTX_set_options(ssl->ctx, SSL_OP_TLS_D5_BUG);
9c2f3ed7a247 nginx-0.3.3-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 559 diff changeset	155 SSL_CTX_set_options(ssl->ctx, SSL_OP_TLS_BLOCK_PADDING_BUG);
9c2f3ed7a247 nginx-0.3.3-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 559 diff changeset	156
9c2f3ed7a247 nginx-0.3.3-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 559 diff changeset	157 SSL_CTX_set_options(ssl->ctx, SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS);
9c2f3ed7a247 nginx-0.3.3-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 559 diff changeset	158
2044 f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	159 SSL_CTX_set_options(ssl->ctx, SSL_OP_SINGLE_DH_USE);
547 818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	160
4400 a0505851e70c Added support for TLSv1.1, TLSv1.2 in ssl_protocols directive. Maxim Dounin <mdounin@mdounin.ru> parents: 4236 diff changeset	161 if (!(protocols & NGX_SSL_SSLv2)) {
a0505851e70c Added support for TLSv1.1, TLSv1.2 in ssl_protocols directive. Maxim Dounin <mdounin@mdounin.ru> parents: 4236 diff changeset	162 SSL_CTX_set_options(ssl->ctx, SSL_OP_NO_SSLv2);
a0505851e70c Added support for TLSv1.1, TLSv1.2 in ssl_protocols directive. Maxim Dounin <mdounin@mdounin.ru> parents: 4236 diff changeset	163 }
a0505851e70c Added support for TLSv1.1, TLSv1.2 in ssl_protocols directive. Maxim Dounin <mdounin@mdounin.ru> parents: 4236 diff changeset	164 if (!(protocols & NGX_SSL_SSLv3)) {
a0505851e70c Added support for TLSv1.1, TLSv1.2 in ssl_protocols directive. Maxim Dounin <mdounin@mdounin.ru> parents: 4236 diff changeset	165 SSL_CTX_set_options(ssl->ctx, SSL_OP_NO_SSLv3);
a0505851e70c Added support for TLSv1.1, TLSv1.2 in ssl_protocols directive. Maxim Dounin <mdounin@mdounin.ru> parents: 4236 diff changeset	166 }
a0505851e70c Added support for TLSv1.1, TLSv1.2 in ssl_protocols directive. Maxim Dounin <mdounin@mdounin.ru> parents: 4236 diff changeset	167 if (!(protocols & NGX_SSL_TLSv1)) {
a0505851e70c Added support for TLSv1.1, TLSv1.2 in ssl_protocols directive. Maxim Dounin <mdounin@mdounin.ru> parents: 4236 diff changeset	168 SSL_CTX_set_options(ssl->ctx, SSL_OP_NO_TLSv1);
547 818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	169 }
4400 a0505851e70c Added support for TLSv1.1, TLSv1.2 in ssl_protocols directive. Maxim Dounin <mdounin@mdounin.ru> parents: 4236 diff changeset	170 #ifdef SSL_OP_NO_TLSv1_1
a0505851e70c Added support for TLSv1.1, TLSv1.2 in ssl_protocols directive. Maxim Dounin <mdounin@mdounin.ru> parents: 4236 diff changeset	171 if (!(protocols & NGX_SSL_TLSv1_1)) {
a0505851e70c Added support for TLSv1.1, TLSv1.2 in ssl_protocols directive. Maxim Dounin <mdounin@mdounin.ru> parents: 4236 diff changeset	172 SSL_CTX_set_options(ssl->ctx, SSL_OP_NO_TLSv1_1);
a0505851e70c Added support for TLSv1.1, TLSv1.2 in ssl_protocols directive. Maxim Dounin <mdounin@mdounin.ru> parents: 4236 diff changeset	173 }
a0505851e70c Added support for TLSv1.1, TLSv1.2 in ssl_protocols directive. Maxim Dounin <mdounin@mdounin.ru> parents: 4236 diff changeset	174 #endif
a0505851e70c Added support for TLSv1.1, TLSv1.2 in ssl_protocols directive. Maxim Dounin <mdounin@mdounin.ru> parents: 4236 diff changeset	175 #ifdef SSL_OP_NO_TLSv1_2
a0505851e70c Added support for TLSv1.1, TLSv1.2 in ssl_protocols directive. Maxim Dounin <mdounin@mdounin.ru> parents: 4236 diff changeset	176 if (!(protocols & NGX_SSL_TLSv1_2)) {
a0505851e70c Added support for TLSv1.1, TLSv1.2 in ssl_protocols directive. Maxim Dounin <mdounin@mdounin.ru> parents: 4236 diff changeset	177 SSL_CTX_set_options(ssl->ctx, SSL_OP_NO_TLSv1_2);
a0505851e70c Added support for TLSv1.1, TLSv1.2 in ssl_protocols directive. Maxim Dounin <mdounin@mdounin.ru> parents: 4236 diff changeset	178 }
a0505851e70c Added support for TLSv1.1, TLSv1.2 in ssl_protocols directive. Maxim Dounin <mdounin@mdounin.ru> parents: 4236 diff changeset	179 #endif
547 818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	180
4185 6af5959a2ace Disabling SSL compression. This saves about 300K per SSL connection. Igor Sysoev <igor@sysoev.ru> parents: 4064 diff changeset	181 #ifdef SSL_OP_NO_COMPRESSION
6af5959a2ace Disabling SSL compression. This saves about 300K per SSL connection. Igor Sysoev <igor@sysoev.ru> parents: 4064 diff changeset	182 SSL_CTX_set_options(ssl->ctx, SSL_OP_NO_COMPRESSION);
6af5959a2ace Disabling SSL compression. This saves about 300K per SSL connection. Igor Sysoev <igor@sysoev.ru> parents: 4064 diff changeset	183 #endif
6af5959a2ace Disabling SSL compression. This saves about 300K per SSL connection. Igor Sysoev <igor@sysoev.ru> parents: 4064 diff changeset	184
4186 cce2fd0acc0f Releasing memory of idle SSL connection. This saves about 34K per SSL Igor Sysoev <igor@sysoev.ru> parents: 4185 diff changeset	185 #ifdef SSL_MODE_RELEASE_BUFFERS
cce2fd0acc0f Releasing memory of idle SSL connection. This saves about 34K per SSL Igor Sysoev <igor@sysoev.ru> parents: 4185 diff changeset	186 SSL_CTX_set_mode(ssl->ctx, SSL_MODE_RELEASE_BUFFERS);
cce2fd0acc0f Releasing memory of idle SSL connection. This saves about 34K per SSL Igor Sysoev <igor@sysoev.ru> parents: 4185 diff changeset	187 #endif
cce2fd0acc0f Releasing memory of idle SSL connection. This saves about 34K per SSL Igor Sysoev <igor@sysoev.ru> parents: 4185 diff changeset	188
547 818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	189 SSL_CTX_set_read_ahead(ssl->ctx, 1);
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	190
3300 5a08dfb8d763 disable SSL renegotiation (CVE-2009-3555) Igor Sysoev <igor@sysoev.ru> parents: 3283 diff changeset	191 SSL_CTX_set_info_callback(ssl->ctx, ngx_ssl_info_callback);
5a08dfb8d763 disable SSL renegotiation (CVE-2009-3555) Igor Sysoev <igor@sysoev.ru> parents: 3283 diff changeset	192
547 818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	193 return NGX_OK;
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	194 }
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	195
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	196
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	197 ngx_int_t
563 9c2f3ed7a247 nginx-0.3.3-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 559 diff changeset	198 ngx_ssl_certificate(ngx_conf_t cf, ngx_ssl_t ssl, ngx_str_t *cert,
9c2f3ed7a247 nginx-0.3.3-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 559 diff changeset	199 ngx_str_t *key)
547 818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	200 {
2536 a6d6d762c554 small optimization: " == NGX_ERROR" > " != NGX_OK" Igor Sysoev <igor@sysoev.ru> parents: 2504 diff changeset	201 if (ngx_conf_full_name(cf->cycle, cert, 1) != NGX_OK) {
547 818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	202 return NGX_ERROR;
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	203 }
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	204
563 9c2f3ed7a247 nginx-0.3.3-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 559 diff changeset	205 if (SSL_CTX_use_certificate_chain_file(ssl->ctx, (char *) cert->data)
547 818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	206 == 0)
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	207 {
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	208 ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0,
563 9c2f3ed7a247 nginx-0.3.3-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 559 diff changeset	209 "SSL_CTX_use_certificate_chain_file(\"%s\") failed",
9c2f3ed7a247 nginx-0.3.3-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 559 diff changeset	210 cert->data);
9c2f3ed7a247 nginx-0.3.3-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 559 diff changeset	211 return NGX_ERROR;
9c2f3ed7a247 nginx-0.3.3-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 559 diff changeset	212 }
9c2f3ed7a247 nginx-0.3.3-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 559 diff changeset	213
2536 a6d6d762c554 small optimization: " == NGX_ERROR" > " != NGX_OK" Igor Sysoev <igor@sysoev.ru> parents: 2504 diff changeset	214 if (ngx_conf_full_name(cf->cycle, key, 1) != NGX_OK) {
563 9c2f3ed7a247 nginx-0.3.3-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 559 diff changeset	215 return NGX_ERROR;
9c2f3ed7a247 nginx-0.3.3-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 559 diff changeset	216 }
9c2f3ed7a247 nginx-0.3.3-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 559 diff changeset	217
9c2f3ed7a247 nginx-0.3.3-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 559 diff changeset	218 if (SSL_CTX_use_PrivateKey_file(ssl->ctx, (char *) key->data,
647 95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 611 diff changeset	219 SSL_FILETYPE_PEM)
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 611 diff changeset	220 == 0)
563 9c2f3ed7a247 nginx-0.3.3-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 559 diff changeset	221 {
9c2f3ed7a247 nginx-0.3.3-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 559 diff changeset	222 ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0,
9c2f3ed7a247 nginx-0.3.3-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 559 diff changeset	223 "SSL_CTX_use_PrivateKey_file(\"%s\") failed", key->data);
547 818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	224 return NGX_ERROR;
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	225 }
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	226
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	227 return NGX_OK;
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	228 }
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	229
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	230
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	231 ngx_int_t
671 cec32b3753ac nginx-0.3.57-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 647 diff changeset	232 ngx_ssl_client_certificate(ngx_conf_t cf, ngx_ssl_t ssl, ngx_str_t *cert,
cec32b3753ac nginx-0.3.57-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 647 diff changeset	233 ngx_int_t depth)
647 95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 611 diff changeset	234 {
671 cec32b3753ac nginx-0.3.57-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 647 diff changeset	235 STACK_OF(X509_NAME) *list;
cec32b3753ac nginx-0.3.57-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 647 diff changeset	236
cec32b3753ac nginx-0.3.57-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 647 diff changeset	237 SSL_CTX_set_verify(ssl->ctx, SSL_VERIFY_PEER, ngx_http_ssl_verify_callback);
cec32b3753ac nginx-0.3.57-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 647 diff changeset	238
cec32b3753ac nginx-0.3.57-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 647 diff changeset	239 SSL_CTX_set_verify_depth(ssl->ctx, depth);
cec32b3753ac nginx-0.3.57-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 647 diff changeset	240
cec32b3753ac nginx-0.3.57-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 647 diff changeset	241 if (cert->len == 0) {
cec32b3753ac nginx-0.3.57-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 647 diff changeset	242 return NGX_OK;
cec32b3753ac nginx-0.3.57-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 647 diff changeset	243 }
cec32b3753ac nginx-0.3.57-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 647 diff changeset	244
2536 a6d6d762c554 small optimization: " == NGX_ERROR" > " != NGX_OK" Igor Sysoev <igor@sysoev.ru> parents: 2504 diff changeset	245 if (ngx_conf_full_name(cf->cycle, cert, 1) != NGX_OK) {
647 95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 611 diff changeset	246 return NGX_ERROR;
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 611 diff changeset	247 }
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 611 diff changeset	248
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 611 diff changeset	249 if (SSL_CTX_load_verify_locations(ssl->ctx, (char *) cert->data, NULL)
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 611 diff changeset	250 == 0)
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 611 diff changeset	251 {
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 611 diff changeset	252 ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0,
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 611 diff changeset	253 "SSL_CTX_load_verify_locations(\"%s\") failed",
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 611 diff changeset	254 cert->data);
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 611 diff changeset	255 return NGX_ERROR;
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 611 diff changeset	256 }
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 611 diff changeset	257
671 cec32b3753ac nginx-0.3.57-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 647 diff changeset	258 list = SSL_load_client_CA_file((char *) cert->data);
cec32b3753ac nginx-0.3.57-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 647 diff changeset	259
cec32b3753ac nginx-0.3.57-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 647 diff changeset	260 if (list == NULL) {
cec32b3753ac nginx-0.3.57-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 647 diff changeset	261 ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0,
cec32b3753ac nginx-0.3.57-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 647 diff changeset	262 "SSL_load_client_CA_file(\"%s\") failed", cert->data);
cec32b3753ac nginx-0.3.57-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 647 diff changeset	263 return NGX_ERROR;
cec32b3753ac nginx-0.3.57-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 647 diff changeset	264 }
cec32b3753ac nginx-0.3.57-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 647 diff changeset	265
cec32b3753ac nginx-0.3.57-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 647 diff changeset	266 /*
cec32b3753ac nginx-0.3.57-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 647 diff changeset	267 * before 0.9.7h and 0.9.8 SSL_load_client_CA_file()
cec32b3753ac nginx-0.3.57-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 647 diff changeset	268 * always leaved an error in the error queue
cec32b3753ac nginx-0.3.57-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 647 diff changeset	269 */
cec32b3753ac nginx-0.3.57-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 647 diff changeset	270
cec32b3753ac nginx-0.3.57-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 647 diff changeset	271 ERR_clear_error();
cec32b3753ac nginx-0.3.57-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 647 diff changeset	272
cec32b3753ac nginx-0.3.57-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 647 diff changeset	273 SSL_CTX_set_client_CA_list(ssl->ctx, list);
cec32b3753ac nginx-0.3.57-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 647 diff changeset	274
647 95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 611 diff changeset	275 return NGX_OK;
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 611 diff changeset	276 }
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 611 diff changeset	277
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 611 diff changeset	278
2995 cc07d164f0dc ssl_crl Igor Sysoev <igor@sysoev.ru> parents: 2994 diff changeset	279 ngx_int_t
cc07d164f0dc ssl_crl Igor Sysoev <igor@sysoev.ru> parents: 2994 diff changeset	280 ngx_ssl_crl(ngx_conf_t cf, ngx_ssl_t ssl, ngx_str_t *crl)
cc07d164f0dc ssl_crl Igor Sysoev <igor@sysoev.ru> parents: 2994 diff changeset	281 {
cc07d164f0dc ssl_crl Igor Sysoev <igor@sysoev.ru> parents: 2994 diff changeset	282 X509_STORE *store;
cc07d164f0dc ssl_crl Igor Sysoev <igor@sysoev.ru> parents: 2994 diff changeset	283 X509_LOOKUP *lookup;
cc07d164f0dc ssl_crl Igor Sysoev <igor@sysoev.ru> parents: 2994 diff changeset	284
cc07d164f0dc ssl_crl Igor Sysoev <igor@sysoev.ru> parents: 2994 diff changeset	285 if (crl->len == 0) {
cc07d164f0dc ssl_crl Igor Sysoev <igor@sysoev.ru> parents: 2994 diff changeset	286 return NGX_OK;
cc07d164f0dc ssl_crl Igor Sysoev <igor@sysoev.ru> parents: 2994 diff changeset	287 }
cc07d164f0dc ssl_crl Igor Sysoev <igor@sysoev.ru> parents: 2994 diff changeset	288
cc07d164f0dc ssl_crl Igor Sysoev <igor@sysoev.ru> parents: 2994 diff changeset	289 if (ngx_conf_full_name(cf->cycle, crl, 1) != NGX_OK) {
cc07d164f0dc ssl_crl Igor Sysoev <igor@sysoev.ru> parents: 2994 diff changeset	290 return NGX_ERROR;
cc07d164f0dc ssl_crl Igor Sysoev <igor@sysoev.ru> parents: 2994 diff changeset	291 }
cc07d164f0dc ssl_crl Igor Sysoev <igor@sysoev.ru> parents: 2994 diff changeset	292
cc07d164f0dc ssl_crl Igor Sysoev <igor@sysoev.ru> parents: 2994 diff changeset	293 store = SSL_CTX_get_cert_store(ssl->ctx);
cc07d164f0dc ssl_crl Igor Sysoev <igor@sysoev.ru> parents: 2994 diff changeset	294
cc07d164f0dc ssl_crl Igor Sysoev <igor@sysoev.ru> parents: 2994 diff changeset	295 if (store == NULL) {
cc07d164f0dc ssl_crl Igor Sysoev <igor@sysoev.ru> parents: 2994 diff changeset	296 ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0,
cc07d164f0dc ssl_crl Igor Sysoev <igor@sysoev.ru> parents: 2994 diff changeset	297 "SSL_CTX_get_cert_store() failed");
cc07d164f0dc ssl_crl Igor Sysoev <igor@sysoev.ru> parents: 2994 diff changeset	298 return NGX_ERROR;
cc07d164f0dc ssl_crl Igor Sysoev <igor@sysoev.ru> parents: 2994 diff changeset	299 }
cc07d164f0dc ssl_crl Igor Sysoev <igor@sysoev.ru> parents: 2994 diff changeset	300
cc07d164f0dc ssl_crl Igor Sysoev <igor@sysoev.ru> parents: 2994 diff changeset	301 lookup = X509_STORE_add_lookup(store, X509_LOOKUP_file());
cc07d164f0dc ssl_crl Igor Sysoev <igor@sysoev.ru> parents: 2994 diff changeset	302
cc07d164f0dc ssl_crl Igor Sysoev <igor@sysoev.ru> parents: 2994 diff changeset	303 if (lookup == NULL) {
cc07d164f0dc ssl_crl Igor Sysoev <igor@sysoev.ru> parents: 2994 diff changeset	304 ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0,
cc07d164f0dc ssl_crl Igor Sysoev <igor@sysoev.ru> parents: 2994 diff changeset	305 "X509_STORE_add_lookup() failed");
cc07d164f0dc ssl_crl Igor Sysoev <igor@sysoev.ru> parents: 2994 diff changeset	306 return NGX_ERROR;
cc07d164f0dc ssl_crl Igor Sysoev <igor@sysoev.ru> parents: 2994 diff changeset	307 }
cc07d164f0dc ssl_crl Igor Sysoev <igor@sysoev.ru> parents: 2994 diff changeset	308
cc07d164f0dc ssl_crl Igor Sysoev <igor@sysoev.ru> parents: 2994 diff changeset	309 if (X509_LOOKUP_load_file(lookup, (char *) crl->data, X509_FILETYPE_PEM)
cc07d164f0dc ssl_crl Igor Sysoev <igor@sysoev.ru> parents: 2994 diff changeset	310 == 0)
cc07d164f0dc ssl_crl Igor Sysoev <igor@sysoev.ru> parents: 2994 diff changeset	311 {
cc07d164f0dc ssl_crl Igor Sysoev <igor@sysoev.ru> parents: 2994 diff changeset	312 ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0,
cc07d164f0dc ssl_crl Igor Sysoev <igor@sysoev.ru> parents: 2994 diff changeset	313 "X509_LOOKUP_load_file(\"%s\") failed", crl->data);
cc07d164f0dc ssl_crl Igor Sysoev <igor@sysoev.ru> parents: 2994 diff changeset	314 return NGX_ERROR;
cc07d164f0dc ssl_crl Igor Sysoev <igor@sysoev.ru> parents: 2994 diff changeset	315 }
cc07d164f0dc ssl_crl Igor Sysoev <igor@sysoev.ru> parents: 2994 diff changeset	316
cc07d164f0dc ssl_crl Igor Sysoev <igor@sysoev.ru> parents: 2994 diff changeset	317 X509_STORE_set_flags(store,
cc07d164f0dc ssl_crl Igor Sysoev <igor@sysoev.ru> parents: 2994 diff changeset	318 X509_V_FLAG_CRL_CHECK\|X509_V_FLAG_CRL_CHECK_ALL);
cc07d164f0dc ssl_crl Igor Sysoev <igor@sysoev.ru> parents: 2994 diff changeset	319
cc07d164f0dc ssl_crl Igor Sysoev <igor@sysoev.ru> parents: 2994 diff changeset	320 return NGX_OK;
cc07d164f0dc ssl_crl Igor Sysoev <igor@sysoev.ru> parents: 2994 diff changeset	321 }
cc07d164f0dc ssl_crl Igor Sysoev <igor@sysoev.ru> parents: 2994 diff changeset	322
cc07d164f0dc ssl_crl Igor Sysoev <igor@sysoev.ru> parents: 2994 diff changeset	323
671 cec32b3753ac nginx-0.3.57-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 647 diff changeset	324 static int
cec32b3753ac nginx-0.3.57-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 647 diff changeset	325 ngx_http_ssl_verify_callback(int ok, X509_STORE_CTX *x509_store)
cec32b3753ac nginx-0.3.57-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 647 diff changeset	326 {
1977 40c9cb8576bb get certificate info only for debug build Igor Sysoev <igor@sysoev.ru> parents: 1976 diff changeset	327 #if (NGX_DEBUG)
671 cec32b3753ac nginx-0.3.57-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 647 diff changeset	328 char subject, issuer;
cec32b3753ac nginx-0.3.57-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 647 diff changeset	329 int err, depth;
cec32b3753ac nginx-0.3.57-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 647 diff changeset	330 X509 *cert;
1976 c4d8867f0162 fix memory leak when ssl_verify_client is on Igor Sysoev <igor@sysoev.ru> parents: 1974 diff changeset	331 X509_NAME sname, iname;
671 cec32b3753ac nginx-0.3.57-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 647 diff changeset	332 ngx_connection_t *c;
cec32b3753ac nginx-0.3.57-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 647 diff changeset	333 ngx_ssl_conn_t *ssl_conn;
cec32b3753ac nginx-0.3.57-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 647 diff changeset	334
cec32b3753ac nginx-0.3.57-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 647 diff changeset	335 ssl_conn = X509_STORE_CTX_get_ex_data(x509_store,
cec32b3753ac nginx-0.3.57-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 647 diff changeset	336 SSL_get_ex_data_X509_STORE_CTX_idx());
cec32b3753ac nginx-0.3.57-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 647 diff changeset	337
cec32b3753ac nginx-0.3.57-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 647 diff changeset	338 c = ngx_ssl_get_connection(ssl_conn);
cec32b3753ac nginx-0.3.57-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 647 diff changeset	339
cec32b3753ac nginx-0.3.57-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 647 diff changeset	340 cert = X509_STORE_CTX_get_current_cert(x509_store);
cec32b3753ac nginx-0.3.57-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 647 diff changeset	341 err = X509_STORE_CTX_get_error(x509_store);
cec32b3753ac nginx-0.3.57-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 647 diff changeset	342 depth = X509_STORE_CTX_get_error_depth(x509_store);
cec32b3753ac nginx-0.3.57-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 647 diff changeset	343
1976 c4d8867f0162 fix memory leak when ssl_verify_client is on Igor Sysoev <igor@sysoev.ru> parents: 1974 diff changeset	344 sname = X509_get_subject_name(cert);
c4d8867f0162 fix memory leak when ssl_verify_client is on Igor Sysoev <igor@sysoev.ru> parents: 1974 diff changeset	345 subject = sname ? X509_NAME_oneline(sname, NULL, 0) : "(none)";
c4d8867f0162 fix memory leak when ssl_verify_client is on Igor Sysoev <igor@sysoev.ru> parents: 1974 diff changeset	346
c4d8867f0162 fix memory leak when ssl_verify_client is on Igor Sysoev <igor@sysoev.ru> parents: 1974 diff changeset	347 iname = X509_get_issuer_name(cert);
c4d8867f0162 fix memory leak when ssl_verify_client is on Igor Sysoev <igor@sysoev.ru> parents: 1974 diff changeset	348 issuer = iname ? X509_NAME_oneline(iname, NULL, 0) : "(none)";
671 cec32b3753ac nginx-0.3.57-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 647 diff changeset	349
974 8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	350 ngx_log_debug5(NGX_LOG_DEBUG_EVENT, c->log, 0,
671 cec32b3753ac nginx-0.3.57-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 647 diff changeset	351 "verify:%d, error:%d, depth:%d, "
cec32b3753ac nginx-0.3.57-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 647 diff changeset	352 "subject:\"%s\",issuer: \"%s\"",
cec32b3753ac nginx-0.3.57-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 647 diff changeset	353 ok, err, depth, subject, issuer);
cec32b3753ac nginx-0.3.57-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 647 diff changeset	354
1976 c4d8867f0162 fix memory leak when ssl_verify_client is on Igor Sysoev <igor@sysoev.ru> parents: 1974 diff changeset	355 if (sname) {
c4d8867f0162 fix memory leak when ssl_verify_client is on Igor Sysoev <igor@sysoev.ru> parents: 1974 diff changeset	356 OPENSSL_free(subject);
c4d8867f0162 fix memory leak when ssl_verify_client is on Igor Sysoev <igor@sysoev.ru> parents: 1974 diff changeset	357 }
c4d8867f0162 fix memory leak when ssl_verify_client is on Igor Sysoev <igor@sysoev.ru> parents: 1974 diff changeset	358
c4d8867f0162 fix memory leak when ssl_verify_client is on Igor Sysoev <igor@sysoev.ru> parents: 1974 diff changeset	359 if (iname) {
c4d8867f0162 fix memory leak when ssl_verify_client is on Igor Sysoev <igor@sysoev.ru> parents: 1974 diff changeset	360 OPENSSL_free(issuer);
c4d8867f0162 fix memory leak when ssl_verify_client is on Igor Sysoev <igor@sysoev.ru> parents: 1974 diff changeset	361 }
1977 40c9cb8576bb get certificate info only for debug build Igor Sysoev <igor@sysoev.ru> parents: 1976 diff changeset	362 #endif
1976 c4d8867f0162 fix memory leak when ssl_verify_client is on Igor Sysoev <igor@sysoev.ru> parents: 1974 diff changeset	363
671 cec32b3753ac nginx-0.3.57-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 647 diff changeset	364 return 1;
cec32b3753ac nginx-0.3.57-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 647 diff changeset	365 }
cec32b3753ac nginx-0.3.57-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 647 diff changeset	366
cec32b3753ac nginx-0.3.57-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 647 diff changeset	367
3300 5a08dfb8d763 disable SSL renegotiation (CVE-2009-3555) Igor Sysoev <igor@sysoev.ru> parents: 3283 diff changeset	368 static void
5a08dfb8d763 disable SSL renegotiation (CVE-2009-3555) Igor Sysoev <igor@sysoev.ru> parents: 3283 diff changeset	369 ngx_ssl_info_callback(const ngx_ssl_conn_t *ssl_conn, int where, int ret)
5a08dfb8d763 disable SSL renegotiation (CVE-2009-3555) Igor Sysoev <igor@sysoev.ru> parents: 3283 diff changeset	370 {
5a08dfb8d763 disable SSL renegotiation (CVE-2009-3555) Igor Sysoev <igor@sysoev.ru> parents: 3283 diff changeset	371 ngx_connection_t *c;
5a08dfb8d763 disable SSL renegotiation (CVE-2009-3555) Igor Sysoev <igor@sysoev.ru> parents: 3283 diff changeset	372
5a08dfb8d763 disable SSL renegotiation (CVE-2009-3555) Igor Sysoev <igor@sysoev.ru> parents: 3283 diff changeset	373 if (where & SSL_CB_HANDSHAKE_START) {
5a08dfb8d763 disable SSL renegotiation (CVE-2009-3555) Igor Sysoev <igor@sysoev.ru> parents: 3283 diff changeset	374 c = ngx_ssl_get_connection((ngx_ssl_conn_t *) ssl_conn);
5a08dfb8d763 disable SSL renegotiation (CVE-2009-3555) Igor Sysoev <igor@sysoev.ru> parents: 3283 diff changeset	375
5a08dfb8d763 disable SSL renegotiation (CVE-2009-3555) Igor Sysoev <igor@sysoev.ru> parents: 3283 diff changeset	376 if (c->ssl->handshaked) {
5a08dfb8d763 disable SSL renegotiation (CVE-2009-3555) Igor Sysoev <igor@sysoev.ru> parents: 3283 diff changeset	377 c->ssl->renegotiation = 1;
5a08dfb8d763 disable SSL renegotiation (CVE-2009-3555) Igor Sysoev <igor@sysoev.ru> parents: 3283 diff changeset	378 ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL renegotiation");
5a08dfb8d763 disable SSL renegotiation (CVE-2009-3555) Igor Sysoev <igor@sysoev.ru> parents: 3283 diff changeset	379 }
5a08dfb8d763 disable SSL renegotiation (CVE-2009-3555) Igor Sysoev <igor@sysoev.ru> parents: 3283 diff changeset	380 }
5a08dfb8d763 disable SSL renegotiation (CVE-2009-3555) Igor Sysoev <igor@sysoev.ru> parents: 3283 diff changeset	381 }
5a08dfb8d763 disable SSL renegotiation (CVE-2009-3555) Igor Sysoev <igor@sysoev.ru> parents: 3283 diff changeset	382
5a08dfb8d763 disable SSL renegotiation (CVE-2009-3555) Igor Sysoev <igor@sysoev.ru> parents: 3283 diff changeset	383
3959 b1f48fa31e6c MSIE export versions are rare now, so RSA 512 key is generated on demand Igor Sysoev <igor@sysoev.ru> parents: 3851 diff changeset	384 RSA *
b1f48fa31e6c MSIE export versions are rare now, so RSA 512 key is generated on demand Igor Sysoev <igor@sysoev.ru> parents: 3851 diff changeset	385 ngx_ssl_rsa512_key_callback(SSL *ssl, int is_export, int key_length)
547 818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	386 {
3959 b1f48fa31e6c MSIE export versions are rare now, so RSA 512 key is generated on demand Igor Sysoev <igor@sysoev.ru> parents: 3851 diff changeset	387 static RSA *key;
b1f48fa31e6c MSIE export versions are rare now, so RSA 512 key is generated on demand Igor Sysoev <igor@sysoev.ru> parents: 3851 diff changeset	388
b1f48fa31e6c MSIE export versions are rare now, so RSA 512 key is generated on demand Igor Sysoev <igor@sysoev.ru> parents: 3851 diff changeset	389 if (key_length == 512) {
b1f48fa31e6c MSIE export versions are rare now, so RSA 512 key is generated on demand Igor Sysoev <igor@sysoev.ru> parents: 3851 diff changeset	390 if (key == NULL) {
b1f48fa31e6c MSIE export versions are rare now, so RSA 512 key is generated on demand Igor Sysoev <igor@sysoev.ru> parents: 3851 diff changeset	391 key = RSA_generate_key(512, RSA_F4, NULL, NULL);
b1f48fa31e6c MSIE export versions are rare now, so RSA 512 key is generated on demand Igor Sysoev <igor@sysoev.ru> parents: 3851 diff changeset	392 }
559 c1f965ef9718 nginx-0.3.1-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 549 diff changeset	393 }
c1f965ef9718 nginx-0.3.1-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 549 diff changeset	394
3959 b1f48fa31e6c MSIE export versions are rare now, so RSA 512 key is generated on demand Igor Sysoev <igor@sysoev.ru> parents: 3851 diff changeset	395 return key;
547 818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	396 }
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	397
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	398
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	399 ngx_int_t
2044 f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	400 ngx_ssl_dhparam(ngx_conf_t cf, ngx_ssl_t ssl, ngx_str_t *file)
f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	401 {
f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	402 DH *dh;
f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	403 BIO *bio;
f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	404
f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	405 /*
f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	406 * -----BEGIN DH PARAMETERS-----
f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	407 * MIGHAoGBALu8LcrYRnSQfEP89YDpz9vZWKP1aLQtSwju1OsPs1BMbAMCducQgAxc
f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	408 * y7qokiYUxb7spWWl/fHSh6K8BJvmd4Bg6RqSp1fjBI9osHb302zI8pul34HcLKcl
f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	409 * 7OZicMyaUDXYzs7vnqAnSmOrHlj6/UmI0PZdFGdX2gcd8EXP4WubAgEC
f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	410 * -----END DH PARAMETERS-----
f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	411 */
f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	412
f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	413 static unsigned char dh1024_p[] = {
f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	414 0xBB, 0xBC, 0x2D, 0xCA, 0xD8, 0x46, 0x74, 0x90, 0x7C, 0x43, 0xFC, 0xF5,
f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	415 0x80, 0xE9, 0xCF, 0xDB, 0xD9, 0x58, 0xA3, 0xF5, 0x68, 0xB4, 0x2D, 0x4B,
f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	416 0x08, 0xEE, 0xD4, 0xEB, 0x0F, 0xB3, 0x50, 0x4C, 0x6C, 0x03, 0x02, 0x76,
f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	417 0xE7, 0x10, 0x80, 0x0C, 0x5C, 0xCB, 0xBA, 0xA8, 0x92, 0x26, 0x14, 0xC5,
f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	418 0xBE, 0xEC, 0xA5, 0x65, 0xA5, 0xFD, 0xF1, 0xD2, 0x87, 0xA2, 0xBC, 0x04,
f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	419 0x9B, 0xE6, 0x77, 0x80, 0x60, 0xE9, 0x1A, 0x92, 0xA7, 0x57, 0xE3, 0x04,
f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	420 0x8F, 0x68, 0xB0, 0x76, 0xF7, 0xD3, 0x6C, 0xC8, 0xF2, 0x9B, 0xA5, 0xDF,
f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	421 0x81, 0xDC, 0x2C, 0xA7, 0x25, 0xEC, 0xE6, 0x62, 0x70, 0xCC, 0x9A, 0x50,
f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	422 0x35, 0xD8, 0xCE, 0xCE, 0xEF, 0x9E, 0xA0, 0x27, 0x4A, 0x63, 0xAB, 0x1E,
f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	423 0x58, 0xFA, 0xFD, 0x49, 0x88, 0xD0, 0xF6, 0x5D, 0x14, 0x67, 0x57, 0xDA,
f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	424 0x07, 0x1D, 0xF0, 0x45, 0xCF, 0xE1, 0x6B, 0x9B
f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	425 };
f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	426
f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	427 static unsigned char dh1024_g[] = { 0x02 };
f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	428
f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	429
f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	430 if (file->len == 0) {
f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	431
f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	432 dh = DH_new();
f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	433 if (dh == NULL) {
f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	434 ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0, "DH_new() failed");
f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	435 return NGX_ERROR;
f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	436 }
f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	437
f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	438 dh->p = BN_bin2bn(dh1024_p, sizeof(dh1024_p), NULL);
f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	439 dh->g = BN_bin2bn(dh1024_g, sizeof(dh1024_g), NULL);
f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	440
f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	441 if (dh->p == NULL \|\| dh->g == NULL) {
f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	442 ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0, "BN_bin2bn() failed");
f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	443 DH_free(dh);
f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	444 return NGX_ERROR;
f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	445 }
f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	446
f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	447 SSL_CTX_set_tmp_dh(ssl->ctx, dh);
f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	448
f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	449 DH_free(dh);
f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	450
f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	451 return NGX_OK;
f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	452 }
f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	453
2536 a6d6d762c554 small optimization: " == NGX_ERROR" > " != NGX_OK" Igor Sysoev <igor@sysoev.ru> parents: 2504 diff changeset	454 if (ngx_conf_full_name(cf->cycle, file, 1) != NGX_OK) {
2044 f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	455 return NGX_ERROR;
f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	456 }
f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	457
f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	458 bio = BIO_new_file((char *) file->data, "r");
f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	459 if (bio == NULL) {
f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	460 ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0,
f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	461 "BIO_new_file(\"%s\") failed", file->data);
f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	462 return NGX_ERROR;
f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	463 }
f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	464
f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	465 dh = PEM_read_bio_DHparams(bio, NULL, NULL, NULL);
f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	466 if (dh == NULL) {
f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	467 ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0,
f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	468 "PEM_read_bio_DHparams(\"%s\") failed", file->data);
f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	469 BIO_free(bio);
f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	470 return NGX_ERROR;
f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	471 }
f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	472
f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	473 SSL_CTX_set_tmp_dh(ssl->ctx, dh);
f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	474
f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	475 DH_free(dh);
f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	476 BIO_free(bio);
f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	477
f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	478 return NGX_OK;
f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	479 }
f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	480
4522 14411ee4d89f Whitespace fixes. Maxim Dounin <mdounin@mdounin.ru> parents: 4499 diff changeset	481
3960 0832a6997227 ECDHE support Igor Sysoev <igor@sysoev.ru> parents: 3959 diff changeset	482 ngx_int_t
0832a6997227 ECDHE support Igor Sysoev <igor@sysoev.ru> parents: 3959 diff changeset	483 ngx_ssl_ecdh_curve(ngx_conf_t cf, ngx_ssl_t ssl, ngx_str_t *name)
0832a6997227 ECDHE support Igor Sysoev <igor@sysoev.ru> parents: 3959 diff changeset	484 {
0832a6997227 ECDHE support Igor Sysoev <igor@sysoev.ru> parents: 3959 diff changeset	485 #if OPENSSL_VERSION_NUMBER >= 0x0090800fL
0832a6997227 ECDHE support Igor Sysoev <igor@sysoev.ru> parents: 3959 diff changeset	486 #ifndef OPENSSL_NO_ECDH
0832a6997227 ECDHE support Igor Sysoev <igor@sysoev.ru> parents: 3959 diff changeset	487 int nid;
0832a6997227 ECDHE support Igor Sysoev <igor@sysoev.ru> parents: 3959 diff changeset	488 EC_KEY *ecdh;
0832a6997227 ECDHE support Igor Sysoev <igor@sysoev.ru> parents: 3959 diff changeset	489
0832a6997227 ECDHE support Igor Sysoev <igor@sysoev.ru> parents: 3959 diff changeset	490 /*
0832a6997227 ECDHE support Igor Sysoev <igor@sysoev.ru> parents: 3959 diff changeset	491 * Elliptic-Curve Diffie-Hellman parameters are either "named curves"
4572 67653855682e Fixed spelling in multiline C comments. Ruslan Ermilov <ru@nginx.com> parents: 4522 diff changeset	492 * from RFC 4492 section 5.1.1, or explicitly described curves over
3960 0832a6997227 ECDHE support Igor Sysoev <igor@sysoev.ru> parents: 3959 diff changeset	493 * binary fields. OpenSSL only supports the "named curves", which provide
0832a6997227 ECDHE support Igor Sysoev <igor@sysoev.ru> parents: 3959 diff changeset	494 * maximum interoperability.
0832a6997227 ECDHE support Igor Sysoev <igor@sysoev.ru> parents: 3959 diff changeset	495 */
0832a6997227 ECDHE support Igor Sysoev <igor@sysoev.ru> parents: 3959 diff changeset	496
0832a6997227 ECDHE support Igor Sysoev <igor@sysoev.ru> parents: 3959 diff changeset	497 nid = OBJ_sn2nid((const char *) name->data);
0832a6997227 ECDHE support Igor Sysoev <igor@sysoev.ru> parents: 3959 diff changeset	498 if (nid == 0) {
0832a6997227 ECDHE support Igor Sysoev <igor@sysoev.ru> parents: 3959 diff changeset	499 ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0,
0832a6997227 ECDHE support Igor Sysoev <igor@sysoev.ru> parents: 3959 diff changeset	500 "Unknown curve name \"%s\"", name->data);
0832a6997227 ECDHE support Igor Sysoev <igor@sysoev.ru> parents: 3959 diff changeset	501 return NGX_ERROR;
0832a6997227 ECDHE support Igor Sysoev <igor@sysoev.ru> parents: 3959 diff changeset	502 }
0832a6997227 ECDHE support Igor Sysoev <igor@sysoev.ru> parents: 3959 diff changeset	503
0832a6997227 ECDHE support Igor Sysoev <igor@sysoev.ru> parents: 3959 diff changeset	504 ecdh = EC_KEY_new_by_curve_name(nid);
0832a6997227 ECDHE support Igor Sysoev <igor@sysoev.ru> parents: 3959 diff changeset	505 if (ecdh == NULL) {
0832a6997227 ECDHE support Igor Sysoev <igor@sysoev.ru> parents: 3959 diff changeset	506 ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0,
0832a6997227 ECDHE support Igor Sysoev <igor@sysoev.ru> parents: 3959 diff changeset	507 "Unable to create curve \"%s\"", name->data);
0832a6997227 ECDHE support Igor Sysoev <igor@sysoev.ru> parents: 3959 diff changeset	508 return NGX_ERROR;
0832a6997227 ECDHE support Igor Sysoev <igor@sysoev.ru> parents: 3959 diff changeset	509 }
0832a6997227 ECDHE support Igor Sysoev <igor@sysoev.ru> parents: 3959 diff changeset	510
0832a6997227 ECDHE support Igor Sysoev <igor@sysoev.ru> parents: 3959 diff changeset	511 SSL_CTX_set_tmp_ecdh(ssl->ctx, ecdh);
0832a6997227 ECDHE support Igor Sysoev <igor@sysoev.ru> parents: 3959 diff changeset	512
0832a6997227 ECDHE support Igor Sysoev <igor@sysoev.ru> parents: 3959 diff changeset	513 SSL_CTX_set_options(ssl->ctx, SSL_OP_SINGLE_ECDH_USE);
0832a6997227 ECDHE support Igor Sysoev <igor@sysoev.ru> parents: 3959 diff changeset	514
0832a6997227 ECDHE support Igor Sysoev <igor@sysoev.ru> parents: 3959 diff changeset	515 EC_KEY_free(ecdh);
0832a6997227 ECDHE support Igor Sysoev <igor@sysoev.ru> parents: 3959 diff changeset	516 #endif
0832a6997227 ECDHE support Igor Sysoev <igor@sysoev.ru> parents: 3959 diff changeset	517 #endif
0832a6997227 ECDHE support Igor Sysoev <igor@sysoev.ru> parents: 3959 diff changeset	518
0832a6997227 ECDHE support Igor Sysoev <igor@sysoev.ru> parents: 3959 diff changeset	519 return NGX_OK;
0832a6997227 ECDHE support Igor Sysoev <igor@sysoev.ru> parents: 3959 diff changeset	520 }
2044 f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	521
4522 14411ee4d89f Whitespace fixes. Maxim Dounin <mdounin@mdounin.ru> parents: 4499 diff changeset	522
2044 f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	523 ngx_int_t
547 818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	524 ngx_ssl_create_connection(ngx_ssl_t ssl, ngx_connection_t c, ngx_uint_t flags)
577 4d9ea73a627a nginx-0.3.10-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 571 diff changeset	525 {
547 818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	526 ngx_ssl_connection_t *sc;
393 5659d773cfa8 nginx-0.0.7-2004-07-15-20:35:51 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	527
547 818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	528 sc = ngx_pcalloc(c->pool, sizeof(ngx_ssl_connection_t));
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	529 if (sc == NULL) {
393 5659d773cfa8 nginx-0.0.7-2004-07-15-20:35:51 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	530 return NGX_ERROR;
5659d773cfa8 nginx-0.0.7-2004-07-15-20:35:51 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	531 }
5659d773cfa8 nginx-0.0.7-2004-07-15-20:35:51 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	532
1779 06014cfdb5b1 create ssl buffer on demand and free it before keep-alive Igor Sysoev <igor@sysoev.ru> parents: 1778 diff changeset	533 sc->buffer = ((flags & NGX_SSL_BUFFER) != 0);
397 de797f3b4c27 nginx-0.0.7-2004-07-23-09:37:29 import Igor Sysoev <igor@sysoev.ru> parents: 396 diff changeset	534
547 818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	535 sc->connection = SSL_new(ssl->ctx);
395 f8f0f1834266 nginx-0.0.7-2004-07-16-21:11:43 import Igor Sysoev <igor@sysoev.ru> parents: 394 diff changeset	536
547 818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	537 if (sc->connection == NULL) {
395 f8f0f1834266 nginx-0.0.7-2004-07-16-21:11:43 import Igor Sysoev <igor@sysoev.ru> parents: 394 diff changeset	538 ngx_ssl_error(NGX_LOG_ALERT, c->log, 0, "SSL_new() failed");
393 5659d773cfa8 nginx-0.0.7-2004-07-15-20:35:51 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	539 return NGX_ERROR;
5659d773cfa8 nginx-0.0.7-2004-07-15-20:35:51 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	540 }
5659d773cfa8 nginx-0.0.7-2004-07-15-20:35:51 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	541
547 818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	542 if (SSL_set_fd(sc->connection, c->fd) == 0) {
395 f8f0f1834266 nginx-0.0.7-2004-07-16-21:11:43 import Igor Sysoev <igor@sysoev.ru> parents: 394 diff changeset	543 ngx_ssl_error(NGX_LOG_ALERT, c->log, 0, "SSL_set_fd() failed");
f8f0f1834266 nginx-0.0.7-2004-07-16-21:11:43 import Igor Sysoev <igor@sysoev.ru> parents: 394 diff changeset	544 return NGX_ERROR;
f8f0f1834266 nginx-0.0.7-2004-07-16-21:11:43 import Igor Sysoev <igor@sysoev.ru> parents: 394 diff changeset	545 }
f8f0f1834266 nginx-0.0.7-2004-07-16-21:11:43 import Igor Sysoev <igor@sysoev.ru> parents: 394 diff changeset	546
577 4d9ea73a627a nginx-0.3.10-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 571 diff changeset	547 if (flags & NGX_SSL_CLIENT) {
4d9ea73a627a nginx-0.3.10-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 571 diff changeset	548 SSL_set_connect_state(sc->connection);
4d9ea73a627a nginx-0.3.10-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 571 diff changeset	549
4d9ea73a627a nginx-0.3.10-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 571 diff changeset	550 } else {
4d9ea73a627a nginx-0.3.10-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 571 diff changeset	551 SSL_set_accept_state(sc->connection);
4d9ea73a627a nginx-0.3.10-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 571 diff changeset	552 }
393 5659d773cfa8 nginx-0.0.7-2004-07-15-20:35:51 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	553
969 065b39794fff ngx_ssl_get_server_conf() Igor Sysoev <igor@sysoev.ru> parents: 968 diff changeset	554 if (SSL_set_ex_data(sc->connection, ngx_ssl_connection_index, c) == 0) {
671 cec32b3753ac nginx-0.3.57-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 647 diff changeset	555 ngx_ssl_error(NGX_LOG_ALERT, c->log, 0, "SSL_set_ex_data() failed");
cec32b3753ac nginx-0.3.57-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 647 diff changeset	556 return NGX_ERROR;
cec32b3753ac nginx-0.3.57-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 647 diff changeset	557 }
cec32b3753ac nginx-0.3.57-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 647 diff changeset	558
547 818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	559 c->ssl = sc;
393 5659d773cfa8 nginx-0.0.7-2004-07-15-20:35:51 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	560
5659d773cfa8 nginx-0.0.7-2004-07-15-20:35:51 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	561 return NGX_OK;
5659d773cfa8 nginx-0.0.7-2004-07-15-20:35:51 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	562 }
5659d773cfa8 nginx-0.0.7-2004-07-15-20:35:51 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	563
5659d773cfa8 nginx-0.0.7-2004-07-15-20:35:51 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	564
547 818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	565 ngx_int_t
577 4d9ea73a627a nginx-0.3.10-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 571 diff changeset	566 ngx_ssl_set_session(ngx_connection_t c, ngx_ssl_session_t session)
4d9ea73a627a nginx-0.3.10-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 571 diff changeset	567 {
4d9ea73a627a nginx-0.3.10-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 571 diff changeset	568 if (session) {
4d9ea73a627a nginx-0.3.10-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 571 diff changeset	569 if (SSL_set_session(c->ssl->connection, session) == 0) {
4d9ea73a627a nginx-0.3.10-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 571 diff changeset	570 ngx_ssl_error(NGX_LOG_ALERT, c->log, 0, "SSL_set_session() failed");
4d9ea73a627a nginx-0.3.10-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 571 diff changeset	571 return NGX_ERROR;
4d9ea73a627a nginx-0.3.10-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 571 diff changeset	572 }
4d9ea73a627a nginx-0.3.10-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 571 diff changeset	573 }
4d9ea73a627a nginx-0.3.10-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 571 diff changeset	574
4d9ea73a627a nginx-0.3.10-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 571 diff changeset	575 return NGX_OK;
4d9ea73a627a nginx-0.3.10-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 571 diff changeset	576 }
4d9ea73a627a nginx-0.3.10-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 571 diff changeset	577
4d9ea73a627a nginx-0.3.10-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 571 diff changeset	578
4d9ea73a627a nginx-0.3.10-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 571 diff changeset	579 ngx_int_t
547 818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	580 ngx_ssl_handshake(ngx_connection_t *c)
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	581 {
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	582 int n, sslerr;
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	583 ngx_err_t err;
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	584
1755 59e36c1c6296 cleaning stale global SSL error Igor Sysoev <igor@sysoev.ru> parents: 1754 diff changeset	585 ngx_ssl_clear_error(c->log);
59e36c1c6296 cleaning stale global SSL error Igor Sysoev <igor@sysoev.ru> parents: 1754 diff changeset	586
547 818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	587 n = SSL_do_handshake(c->ssl->connection);
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	588
577 4d9ea73a627a nginx-0.3.10-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 571 diff changeset	589 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL_do_handshake: %d", n);
547 818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	590
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	591 if (n == 1) {
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	592
2388 722b5aff05ae use "!= NGX_OK" instead of "== NGX_ERROR" Igor Sysoev <igor@sysoev.ru> parents: 2315 diff changeset	593 if (ngx_handle_read_event(c->read, 0) != NGX_OK) {
547 818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	594 return NGX_ERROR;
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	595 }
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	596
2388 722b5aff05ae use "!= NGX_OK" instead of "== NGX_ERROR" Igor Sysoev <igor@sysoev.ru> parents: 2315 diff changeset	597 if (ngx_handle_write_event(c->write, 0) != NGX_OK) {
547 818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	598 return NGX_ERROR;
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	599 }
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	600
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	601 #if (NGX_DEBUG)
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	602 {
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	603 char buf[129], s, d;
3851 033015e01eec fix building on Fedora 14 Igor Sysoev <igor@sysoev.ru> parents: 3815 diff changeset	604 #if OPENSSL_VERSION_NUMBER >= 0x10000000L
3488 92378c49456d MSVC8 compatibility with OpenSSL 1.0.0 Igor Sysoev <igor@sysoev.ru> parents: 3464 diff changeset	605 const
92378c49456d MSVC8 compatibility with OpenSSL 1.0.0 Igor Sysoev <igor@sysoev.ru> parents: 3464 diff changeset	606 #endif
547 818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	607 SSL_CIPHER *cipher;
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	608
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	609 cipher = SSL_get_current_cipher(c->ssl->connection);
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	610
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	611 if (cipher) {
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	612 SSL_CIPHER_description(cipher, &buf[1], 128);
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	613
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	614 for (s = &buf[1], d = buf; *s; s++) {
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	615 if (s == ' ' && d == ' ') {
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	616 continue;
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	617 }
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	618
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	619 if (s == LF \|\| s == CR) {
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	620 continue;
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	621 }
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	622
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	623 ++d = s;
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	624 }
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	625
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	626 if (*d != ' ') {
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	627 d++;
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	628 }
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	629
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	630 *d = '\0';
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	631
583 4e296b7d25bf nginx-0.3.13-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 577 diff changeset	632 ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0,
547 818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	633 "SSL: %s, cipher: \"%s\"",
577 4d9ea73a627a nginx-0.3.10-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 571 diff changeset	634 SSL_get_version(c->ssl->connection), &buf[1]);
547 818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	635
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	636 if (SSL_session_reused(c->ssl->connection)) {
583 4e296b7d25bf nginx-0.3.13-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 577 diff changeset	637 ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0,
547 818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	638 "SSL reused session");
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	639 }
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	640
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	641 } else {
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	642 ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0,
577 4d9ea73a627a nginx-0.3.10-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 571 diff changeset	643 "SSL no shared ciphers");
547 818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	644 }
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	645 }
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	646 #endif
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	647
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	648 c->ssl->handshaked = 1;
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	649
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	650 c->recv = ngx_ssl_recv;
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	651 c->send = ngx_ssl_write;
577 4d9ea73a627a nginx-0.3.10-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 571 diff changeset	652 c->recv_chain = ngx_ssl_recv_chain;
4d9ea73a627a nginx-0.3.10-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 571 diff changeset	653 c->send_chain = ngx_ssl_send_chain;
547 818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	654
3300 5a08dfb8d763 disable SSL renegotiation (CVE-2009-3555) Igor Sysoev <igor@sysoev.ru> parents: 3283 diff changeset	655 /* initial handshake done, disable renegotiation (CVE-2009-3555) */
5a08dfb8d763 disable SSL renegotiation (CVE-2009-3555) Igor Sysoev <igor@sysoev.ru> parents: 3283 diff changeset	656 if (c->ssl->connection->s3) {
5a08dfb8d763 disable SSL renegotiation (CVE-2009-3555) Igor Sysoev <igor@sysoev.ru> parents: 3283 diff changeset	657 c->ssl->connection->s3->flags \|= SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS;
5a08dfb8d763 disable SSL renegotiation (CVE-2009-3555) Igor Sysoev <igor@sysoev.ru> parents: 3283 diff changeset	658 }
5a08dfb8d763 disable SSL renegotiation (CVE-2009-3555) Igor Sysoev <igor@sysoev.ru> parents: 3283 diff changeset	659
547 818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	660 return NGX_OK;
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	661 }
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	662
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	663 sslerr = SSL_get_error(c->ssl->connection, n);
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	664
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	665 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL_get_error: %d", sslerr);
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	666
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	667 if (sslerr == SSL_ERROR_WANT_READ) {
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	668 c->read->ready = 0;
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	669 c->read->handler = ngx_ssl_handshake_handler;
591 8c0cdd81580e nginx-0.3.17-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 589 diff changeset	670 c->write->handler = ngx_ssl_handshake_handler;
547 818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	671
2388 722b5aff05ae use "!= NGX_OK" instead of "== NGX_ERROR" Igor Sysoev <igor@sysoev.ru> parents: 2315 diff changeset	672 if (ngx_handle_read_event(c->read, 0) != NGX_OK) {
547 818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	673 return NGX_ERROR;
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	674 }
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	675
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	676 return NGX_AGAIN;
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	677 }
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	678
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	679 if (sslerr == SSL_ERROR_WANT_WRITE) {
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	680 c->write->ready = 0;
591 8c0cdd81580e nginx-0.3.17-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 589 diff changeset	681 c->read->handler = ngx_ssl_handshake_handler;
547 818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	682 c->write->handler = ngx_ssl_handshake_handler;
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	683
2388 722b5aff05ae use "!= NGX_OK" instead of "== NGX_ERROR" Igor Sysoev <igor@sysoev.ru> parents: 2315 diff changeset	684 if (ngx_handle_write_event(c->write, 0) != NGX_OK) {
547 818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	685 return NGX_ERROR;
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	686 }
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	687
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	688 return NGX_AGAIN;
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	689 }
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	690
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	691 err = (sslerr == SSL_ERROR_SYSCALL) ? ngx_errno : 0;
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	692
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	693 c->ssl->no_wait_shutdown = 1;
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	694 c->ssl->no_send_shutdown = 1;
591 8c0cdd81580e nginx-0.3.17-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 589 diff changeset	695 c->read->eof = 1;
547 818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	696
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	697 if (sslerr == SSL_ERROR_ZERO_RETURN \|\| ERR_peek_error() == 0) {
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	698 ngx_log_error(NGX_LOG_INFO, c->log, err,
577 4d9ea73a627a nginx-0.3.10-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 571 diff changeset	699 "peer closed connection in SSL handshake");
547 818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	700
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	701 return NGX_ERROR;
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	702 }
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	703
591 8c0cdd81580e nginx-0.3.17-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 589 diff changeset	704 c->read->error = 1;
8c0cdd81580e nginx-0.3.17-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 589 diff changeset	705
547 818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	706 ngx_ssl_connection_error(c, sslerr, err, "SSL_do_handshake() failed");
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	707
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	708 return NGX_ERROR;
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	709 }
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	710
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	711
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	712 static void
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	713 ngx_ssl_handshake_handler(ngx_event_t *ev)
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	714 {
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	715 ngx_connection_t *c;
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	716
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	717 c = ev->data;
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	718
549 e16a8d574da5 nginx-0.2.3-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 547 diff changeset	719 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0,
577 4d9ea73a627a nginx-0.3.10-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 571 diff changeset	720 "SSL handshake handler: %d", ev->write);
547 818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	721
591 8c0cdd81580e nginx-0.3.17-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 589 diff changeset	722 if (ev->timedout) {
8c0cdd81580e nginx-0.3.17-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 589 diff changeset	723 c->ssl->handler(c);
8c0cdd81580e nginx-0.3.17-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 589 diff changeset	724 return;
8c0cdd81580e nginx-0.3.17-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 589 diff changeset	725 }
8c0cdd81580e nginx-0.3.17-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 589 diff changeset	726
547 818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	727 if (ngx_ssl_handshake(c) == NGX_AGAIN) {
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	728 return;
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	729 }
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	730
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	731 c->ssl->handler(c);
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	732 }
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	733
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	734
489 45a460f82aec nginx-0.1.19-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 479 diff changeset	735 ssize_t
577 4d9ea73a627a nginx-0.3.10-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 571 diff changeset	736 ngx_ssl_recv_chain(ngx_connection_t c, ngx_chain_t cl)
4d9ea73a627a nginx-0.3.10-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 571 diff changeset	737 {
1154 427de53e45c2 ngx_ssl_recv_chain() must not update buf->last, Igor Sysoev <igor@sysoev.ru> parents: 1043 diff changeset	738 u_char *last;
577 4d9ea73a627a nginx-0.3.10-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 571 diff changeset	739 ssize_t n, bytes;
4d9ea73a627a nginx-0.3.10-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 571 diff changeset	740 ngx_buf_t *b;
4d9ea73a627a nginx-0.3.10-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 571 diff changeset	741
4d9ea73a627a nginx-0.3.10-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 571 diff changeset	742 bytes = 0;
4d9ea73a627a nginx-0.3.10-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 571 diff changeset	743
1154 427de53e45c2 ngx_ssl_recv_chain() must not update buf->last, Igor Sysoev <igor@sysoev.ru> parents: 1043 diff changeset	744 b = cl->buf;
427de53e45c2 ngx_ssl_recv_chain() must not update buf->last, Igor Sysoev <igor@sysoev.ru> parents: 1043 diff changeset	745 last = b->last;
427de53e45c2 ngx_ssl_recv_chain() must not update buf->last, Igor Sysoev <igor@sysoev.ru> parents: 1043 diff changeset	746
427de53e45c2 ngx_ssl_recv_chain() must not update buf->last, Igor Sysoev <igor@sysoev.ru> parents: 1043 diff changeset	747 for ( ;; ) {
427de53e45c2 ngx_ssl_recv_chain() must not update buf->last, Igor Sysoev <igor@sysoev.ru> parents: 1043 diff changeset	748
427de53e45c2 ngx_ssl_recv_chain() must not update buf->last, Igor Sysoev <igor@sysoev.ru> parents: 1043 diff changeset	749 n = ngx_ssl_recv(c, last, b->end - last);
577 4d9ea73a627a nginx-0.3.10-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 571 diff changeset	750
4d9ea73a627a nginx-0.3.10-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 571 diff changeset	751 if (n > 0) {
1154 427de53e45c2 ngx_ssl_recv_chain() must not update buf->last, Igor Sysoev <igor@sysoev.ru> parents: 1043 diff changeset	752 last += n;
577 4d9ea73a627a nginx-0.3.10-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 571 diff changeset	753 bytes += n;
4d9ea73a627a nginx-0.3.10-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 571 diff changeset	754
1154 427de53e45c2 ngx_ssl_recv_chain() must not update buf->last, Igor Sysoev <igor@sysoev.ru> parents: 1043 diff changeset	755 if (last == b->end) {
577 4d9ea73a627a nginx-0.3.10-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 571 diff changeset	756 cl = cl->next;
1154 427de53e45c2 ngx_ssl_recv_chain() must not update buf->last, Igor Sysoev <igor@sysoev.ru> parents: 1043 diff changeset	757
427de53e45c2 ngx_ssl_recv_chain() must not update buf->last, Igor Sysoev <igor@sysoev.ru> parents: 1043 diff changeset	758 if (cl == NULL) {
427de53e45c2 ngx_ssl_recv_chain() must not update buf->last, Igor Sysoev <igor@sysoev.ru> parents: 1043 diff changeset	759 return bytes;
427de53e45c2 ngx_ssl_recv_chain() must not update buf->last, Igor Sysoev <igor@sysoev.ru> parents: 1043 diff changeset	760 }
427de53e45c2 ngx_ssl_recv_chain() must not update buf->last, Igor Sysoev <igor@sysoev.ru> parents: 1043 diff changeset	761
427de53e45c2 ngx_ssl_recv_chain() must not update buf->last, Igor Sysoev <igor@sysoev.ru> parents: 1043 diff changeset	762 b = cl->buf;
427de53e45c2 ngx_ssl_recv_chain() must not update buf->last, Igor Sysoev <igor@sysoev.ru> parents: 1043 diff changeset	763 last = b->last;
577 4d9ea73a627a nginx-0.3.10-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 571 diff changeset	764 }
4d9ea73a627a nginx-0.3.10-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 571 diff changeset	765
4d9ea73a627a nginx-0.3.10-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 571 diff changeset	766 continue;
4d9ea73a627a nginx-0.3.10-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 571 diff changeset	767 }
4d9ea73a627a nginx-0.3.10-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 571 diff changeset	768
4d9ea73a627a nginx-0.3.10-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 571 diff changeset	769 if (bytes) {
2052 b4085596a7e6 fix "proxy_pass https://..." broken in r1427 Igor Sysoev <igor@sysoev.ru> parents: 2049 diff changeset	770
b4085596a7e6 fix "proxy_pass https://..." broken in r1427 Igor Sysoev <igor@sysoev.ru> parents: 2049 diff changeset	771 if (n == 0 \|\| n == NGX_ERROR) {
b4085596a7e6 fix "proxy_pass https://..." broken in r1427 Igor Sysoev <igor@sysoev.ru> parents: 2049 diff changeset	772 c->read->ready = 1;
b4085596a7e6 fix "proxy_pass https://..." broken in r1427 Igor Sysoev <igor@sysoev.ru> parents: 2049 diff changeset	773 }
b4085596a7e6 fix "proxy_pass https://..." broken in r1427 Igor Sysoev <igor@sysoev.ru> parents: 2049 diff changeset	774
577 4d9ea73a627a nginx-0.3.10-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 571 diff changeset	775 return bytes;
4d9ea73a627a nginx-0.3.10-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 571 diff changeset	776 }
4d9ea73a627a nginx-0.3.10-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 571 diff changeset	777
4d9ea73a627a nginx-0.3.10-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 571 diff changeset	778 return n;
4d9ea73a627a nginx-0.3.10-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 571 diff changeset	779 }
4d9ea73a627a nginx-0.3.10-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 571 diff changeset	780 }
4d9ea73a627a nginx-0.3.10-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 571 diff changeset	781
4d9ea73a627a nginx-0.3.10-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 571 diff changeset	782
4d9ea73a627a nginx-0.3.10-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 571 diff changeset	783 ssize_t
489 45a460f82aec nginx-0.1.19-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 479 diff changeset	784 ngx_ssl_recv(ngx_connection_t c, u_char buf, size_t size)
393 5659d773cfa8 nginx-0.0.7-2004-07-15-20:35:51 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	785 {
489 45a460f82aec nginx-0.1.19-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 479 diff changeset	786 int n, bytes;
45a460f82aec nginx-0.1.19-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 479 diff changeset	787
45a460f82aec nginx-0.1.19-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 479 diff changeset	788 if (c->ssl->last == NGX_ERROR) {
1426 adbafd129d06 do not set read->eof, ready, and error prematurely Igor Sysoev <igor@sysoev.ru> parents: 1421 diff changeset	789 c->read->error = 1;
489 45a460f82aec nginx-0.1.19-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 479 diff changeset	790 return NGX_ERROR;
45a460f82aec nginx-0.1.19-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 479 diff changeset	791 }
45a460f82aec nginx-0.1.19-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 479 diff changeset	792
577 4d9ea73a627a nginx-0.3.10-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 571 diff changeset	793 if (c->ssl->last == NGX_DONE) {
1426 adbafd129d06 do not set read->eof, ready, and error prematurely Igor Sysoev <igor@sysoev.ru> parents: 1421 diff changeset	794 c->read->ready = 0;
adbafd129d06 do not set read->eof, ready, and error prematurely Igor Sysoev <igor@sysoev.ru> parents: 1421 diff changeset	795 c->read->eof = 1;
577 4d9ea73a627a nginx-0.3.10-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 571 diff changeset	796 return 0;
4d9ea73a627a nginx-0.3.10-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 571 diff changeset	797 }
4d9ea73a627a nginx-0.3.10-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 571 diff changeset	798
489 45a460f82aec nginx-0.1.19-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 479 diff changeset	799 bytes = 0;
393 5659d773cfa8 nginx-0.0.7-2004-07-15-20:35:51 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	800
1755 59e36c1c6296 cleaning stale global SSL error Igor Sysoev <igor@sysoev.ru> parents: 1754 diff changeset	801 ngx_ssl_clear_error(c->log);
59e36c1c6296 cleaning stale global SSL error Igor Sysoev <igor@sysoev.ru> parents: 1754 diff changeset	802
489 45a460f82aec nginx-0.1.19-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 479 diff changeset	803 /*
45a460f82aec nginx-0.1.19-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 479 diff changeset	804 * SSL_read() may return data in parts, so try to read
45a460f82aec nginx-0.1.19-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 479 diff changeset	805 * until SSL_read() would return no data
45a460f82aec nginx-0.1.19-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 479 diff changeset	806 */
45a460f82aec nginx-0.1.19-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 479 diff changeset	807
45a460f82aec nginx-0.1.19-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 479 diff changeset	808 for ( ;; ) {
393 5659d773cfa8 nginx-0.0.7-2004-07-15-20:35:51 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	809
543 511a89da35ad nginx-0.2.0-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 541 diff changeset	810 n = SSL_read(c->ssl->connection, buf, size);
489 45a460f82aec nginx-0.1.19-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 479 diff changeset	811
577 4d9ea73a627a nginx-0.3.10-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 571 diff changeset	812 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL_read: %d", n);
393 5659d773cfa8 nginx-0.0.7-2004-07-15-20:35:51 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	813
489 45a460f82aec nginx-0.1.19-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 479 diff changeset	814 if (n > 0) {
45a460f82aec nginx-0.1.19-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 479 diff changeset	815 bytes += n;
45a460f82aec nginx-0.1.19-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 479 diff changeset	816 }
45a460f82aec nginx-0.1.19-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 479 diff changeset	817
45a460f82aec nginx-0.1.19-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 479 diff changeset	818 c->ssl->last = ngx_ssl_handle_recv(c, n);
45a460f82aec nginx-0.1.19-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 479 diff changeset	819
1426 adbafd129d06 do not set read->eof, ready, and error prematurely Igor Sysoev <igor@sysoev.ru> parents: 1421 diff changeset	820 if (c->ssl->last == NGX_OK) {
adbafd129d06 do not set read->eof, ready, and error prematurely Igor Sysoev <igor@sysoev.ru> parents: 1421 diff changeset	821
adbafd129d06 do not set read->eof, ready, and error prematurely Igor Sysoev <igor@sysoev.ru> parents: 1421 diff changeset	822 size -= n;
adbafd129d06 do not set read->eof, ready, and error prematurely Igor Sysoev <igor@sysoev.ru> parents: 1421 diff changeset	823
adbafd129d06 do not set read->eof, ready, and error prematurely Igor Sysoev <igor@sysoev.ru> parents: 1421 diff changeset	824 if (size == 0) {
489 45a460f82aec nginx-0.1.19-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 479 diff changeset	825 return bytes;
577 4d9ea73a627a nginx-0.3.10-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 571 diff changeset	826 }
489 45a460f82aec nginx-0.1.19-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 479 diff changeset	827
1426 adbafd129d06 do not set read->eof, ready, and error prematurely Igor Sysoev <igor@sysoev.ru> parents: 1421 diff changeset	828 buf += n;
adbafd129d06 do not set read->eof, ready, and error prematurely Igor Sysoev <igor@sysoev.ru> parents: 1421 diff changeset	829
adbafd129d06 do not set read->eof, ready, and error prematurely Igor Sysoev <igor@sysoev.ru> parents: 1421 diff changeset	830 continue;
adbafd129d06 do not set read->eof, ready, and error prematurely Igor Sysoev <igor@sysoev.ru> parents: 1421 diff changeset	831 }
adbafd129d06 do not set read->eof, ready, and error prematurely Igor Sysoev <igor@sysoev.ru> parents: 1421 diff changeset	832
adbafd129d06 do not set read->eof, ready, and error prematurely Igor Sysoev <igor@sysoev.ru> parents: 1421 diff changeset	833 if (bytes) {
adbafd129d06 do not set read->eof, ready, and error prematurely Igor Sysoev <igor@sysoev.ru> parents: 1421 diff changeset	834 return bytes;
adbafd129d06 do not set read->eof, ready, and error prematurely Igor Sysoev <igor@sysoev.ru> parents: 1421 diff changeset	835 }
adbafd129d06 do not set read->eof, ready, and error prematurely Igor Sysoev <igor@sysoev.ru> parents: 1421 diff changeset	836
adbafd129d06 do not set read->eof, ready, and error prematurely Igor Sysoev <igor@sysoev.ru> parents: 1421 diff changeset	837 switch (c->ssl->last) {
adbafd129d06 do not set read->eof, ready, and error prematurely Igor Sysoev <igor@sysoev.ru> parents: 1421 diff changeset	838
adbafd129d06 do not set read->eof, ready, and error prematurely Igor Sysoev <igor@sysoev.ru> parents: 1421 diff changeset	839 case NGX_DONE:
adbafd129d06 do not set read->eof, ready, and error prematurely Igor Sysoev <igor@sysoev.ru> parents: 1421 diff changeset	840 c->read->ready = 0;
adbafd129d06 do not set read->eof, ready, and error prematurely Igor Sysoev <igor@sysoev.ru> parents: 1421 diff changeset	841 c->read->eof = 1;
adbafd129d06 do not set read->eof, ready, and error prematurely Igor Sysoev <igor@sysoev.ru> parents: 1421 diff changeset	842 return 0;
adbafd129d06 do not set read->eof, ready, and error prematurely Igor Sysoev <igor@sysoev.ru> parents: 1421 diff changeset	843
adbafd129d06 do not set read->eof, ready, and error prematurely Igor Sysoev <igor@sysoev.ru> parents: 1421 diff changeset	844 case NGX_ERROR:
adbafd129d06 do not set read->eof, ready, and error prematurely Igor Sysoev <igor@sysoev.ru> parents: 1421 diff changeset	845 c->read->error = 1;
adbafd129d06 do not set read->eof, ready, and error prematurely Igor Sysoev <igor@sysoev.ru> parents: 1421 diff changeset	846
4499 778ef9c3fd2d Fixed spelling in single-line comments. Ruslan Ermilov <ru@nginx.com> parents: 4497 diff changeset	847 /* fall through */
1426 adbafd129d06 do not set read->eof, ready, and error prematurely Igor Sysoev <igor@sysoev.ru> parents: 1421 diff changeset	848
adbafd129d06 do not set read->eof, ready, and error prematurely Igor Sysoev <igor@sysoev.ru> parents: 1421 diff changeset	849 case NGX_AGAIN:
577 4d9ea73a627a nginx-0.3.10-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 571 diff changeset	850 return c->ssl->last;
479 c52408583801 nginx-0.1.14-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 473 diff changeset	851 }
489 45a460f82aec nginx-0.1.19-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 479 diff changeset	852 }
45a460f82aec nginx-0.1.19-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 479 diff changeset	853 }
45a460f82aec nginx-0.1.19-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 479 diff changeset	854
45a460f82aec nginx-0.1.19-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 479 diff changeset	855
45a460f82aec nginx-0.1.19-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 479 diff changeset	856 static ngx_int_t
45a460f82aec nginx-0.1.19-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 479 diff changeset	857 ngx_ssl_handle_recv(ngx_connection_t *c, int n)
45a460f82aec nginx-0.1.19-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 479 diff changeset	858 {
547 818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	859 int sslerr;
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	860 ngx_err_t err;
489 45a460f82aec nginx-0.1.19-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 479 diff changeset	861
3300 5a08dfb8d763 disable SSL renegotiation (CVE-2009-3555) Igor Sysoev <igor@sysoev.ru> parents: 3283 diff changeset	862 if (c->ssl->renegotiation) {
5a08dfb8d763 disable SSL renegotiation (CVE-2009-3555) Igor Sysoev <igor@sysoev.ru> parents: 3283 diff changeset	863 /*
5a08dfb8d763 disable SSL renegotiation (CVE-2009-3555) Igor Sysoev <igor@sysoev.ru> parents: 3283 diff changeset	864 * disable renegotiation (CVE-2009-3555):
5a08dfb8d763 disable SSL renegotiation (CVE-2009-3555) Igor Sysoev <igor@sysoev.ru> parents: 3283 diff changeset	865 * OpenSSL (at least up to 0.9.8l) does not handle disabled
5a08dfb8d763 disable SSL renegotiation (CVE-2009-3555) Igor Sysoev <igor@sysoev.ru> parents: 3283 diff changeset	866 * renegotiation gracefully, so drop connection here
5a08dfb8d763 disable SSL renegotiation (CVE-2009-3555) Igor Sysoev <igor@sysoev.ru> parents: 3283 diff changeset	867 */
5a08dfb8d763 disable SSL renegotiation (CVE-2009-3555) Igor Sysoev <igor@sysoev.ru> parents: 3283 diff changeset	868
5a08dfb8d763 disable SSL renegotiation (CVE-2009-3555) Igor Sysoev <igor@sysoev.ru> parents: 3283 diff changeset	869 ngx_log_error(NGX_LOG_NOTICE, c->log, 0, "SSL renegotiation disabled");
5a08dfb8d763 disable SSL renegotiation (CVE-2009-3555) Igor Sysoev <igor@sysoev.ru> parents: 3283 diff changeset	870
4236 2ada2a26b24c Silently ignoring a stale global SSL error left after disabled renegotiation. Igor Sysoev <igor@sysoev.ru> parents: 4228 diff changeset	871 while (ERR_peek_error()) {
2ada2a26b24c Silently ignoring a stale global SSL error left after disabled renegotiation. Igor Sysoev <igor@sysoev.ru> parents: 4228 diff changeset	872 ngx_ssl_error(NGX_LOG_DEBUG, c->log, 0,
2ada2a26b24c Silently ignoring a stale global SSL error left after disabled renegotiation. Igor Sysoev <igor@sysoev.ru> parents: 4228 diff changeset	873 "ignoring stale global SSL error");
2ada2a26b24c Silently ignoring a stale global SSL error left after disabled renegotiation. Igor Sysoev <igor@sysoev.ru> parents: 4228 diff changeset	874 }
2ada2a26b24c Silently ignoring a stale global SSL error left after disabled renegotiation. Igor Sysoev <igor@sysoev.ru> parents: 4228 diff changeset	875
2ada2a26b24c Silently ignoring a stale global SSL error left after disabled renegotiation. Igor Sysoev <igor@sysoev.ru> parents: 4228 diff changeset	876 ERR_clear_error();
2ada2a26b24c Silently ignoring a stale global SSL error left after disabled renegotiation. Igor Sysoev <igor@sysoev.ru> parents: 4228 diff changeset	877
3300 5a08dfb8d763 disable SSL renegotiation (CVE-2009-3555) Igor Sysoev <igor@sysoev.ru> parents: 3283 diff changeset	878 c->ssl->no_wait_shutdown = 1;
5a08dfb8d763 disable SSL renegotiation (CVE-2009-3555) Igor Sysoev <igor@sysoev.ru> parents: 3283 diff changeset	879 c->ssl->no_send_shutdown = 1;
5a08dfb8d763 disable SSL renegotiation (CVE-2009-3555) Igor Sysoev <igor@sysoev.ru> parents: 3283 diff changeset	880
5a08dfb8d763 disable SSL renegotiation (CVE-2009-3555) Igor Sysoev <igor@sysoev.ru> parents: 3283 diff changeset	881 return NGX_ERROR;
5a08dfb8d763 disable SSL renegotiation (CVE-2009-3555) Igor Sysoev <igor@sysoev.ru> parents: 3283 diff changeset	882 }
5a08dfb8d763 disable SSL renegotiation (CVE-2009-3555) Igor Sysoev <igor@sysoev.ru> parents: 3283 diff changeset	883
489 45a460f82aec nginx-0.1.19-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 479 diff changeset	884 if (n > 0) {
479 c52408583801 nginx-0.1.14-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 473 diff changeset	885
473 8e8f3af115b5 nginx-0.1.11-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 469 diff changeset	886 if (c->ssl->saved_write_handler) {
8e8f3af115b5 nginx-0.1.11-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 469 diff changeset	887
509 9b8c906f6e63 nginx-0.1.29-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 501 diff changeset	888 c->write->handler = c->ssl->saved_write_handler;
473 8e8f3af115b5 nginx-0.1.11-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 469 diff changeset	889 c->ssl->saved_write_handler = NULL;
8e8f3af115b5 nginx-0.1.11-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 469 diff changeset	890 c->write->ready = 1;
8e8f3af115b5 nginx-0.1.11-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 469 diff changeset	891
2388 722b5aff05ae use "!= NGX_OK" instead of "== NGX_ERROR" Igor Sysoev <igor@sysoev.ru> parents: 2315 diff changeset	892 if (ngx_handle_write_event(c->write, 0) != NGX_OK) {
473 8e8f3af115b5 nginx-0.1.11-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 469 diff changeset	893 return NGX_ERROR;
8e8f3af115b5 nginx-0.1.11-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 469 diff changeset	894 }
8e8f3af115b5 nginx-0.1.11-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 469 diff changeset	895
563 9c2f3ed7a247 nginx-0.3.3-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 559 diff changeset	896 ngx_post_event(c->write, &ngx_posted_events);
473 8e8f3af115b5 nginx-0.1.11-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 469 diff changeset	897 }
8e8f3af115b5 nginx-0.1.11-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 469 diff changeset	898
489 45a460f82aec nginx-0.1.19-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 479 diff changeset	899 return NGX_OK;
393 5659d773cfa8 nginx-0.0.7-2004-07-15-20:35:51 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	900 }
5659d773cfa8 nginx-0.0.7-2004-07-15-20:35:51 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	901
543 511a89da35ad nginx-0.2.0-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 541 diff changeset	902 sslerr = SSL_get_error(c->ssl->connection, n);
395 f8f0f1834266 nginx-0.0.7-2004-07-16-21:11:43 import Igor Sysoev <igor@sysoev.ru> parents: 394 diff changeset	903
396 6f3b20c1ac50 nginx-0.0.7-2004-07-18-23:11:20 import Igor Sysoev <igor@sysoev.ru> parents: 395 diff changeset	904 err = (sslerr == SSL_ERROR_SYSCALL) ? ngx_errno : 0;
393 5659d773cfa8 nginx-0.0.7-2004-07-15-20:35:51 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	905
396 6f3b20c1ac50 nginx-0.0.7-2004-07-18-23:11:20 import Igor Sysoev <igor@sysoev.ru> parents: 395 diff changeset	906 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL_get_error: %d", sslerr);
393 5659d773cfa8 nginx-0.0.7-2004-07-15-20:35:51 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	907
395 f8f0f1834266 nginx-0.0.7-2004-07-16-21:11:43 import Igor Sysoev <igor@sysoev.ru> parents: 394 diff changeset	908 if (sslerr == SSL_ERROR_WANT_READ) {
455 295d97d70c69 nginx-0.1.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 452 diff changeset	909 c->read->ready = 0;
393 5659d773cfa8 nginx-0.0.7-2004-07-15-20:35:51 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	910 return NGX_AGAIN;
5659d773cfa8 nginx-0.0.7-2004-07-15-20:35:51 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	911 }
394 e7a68e14ccd3 nginx-0.0.7-2004-07-16-10:33:35 import Igor Sysoev <igor@sysoev.ru> parents: 393 diff changeset	912
445 f26432a1935a nginx-0.1.0-2004-09-30-10:38:49 import Igor Sysoev <igor@sysoev.ru> parents: 444 diff changeset	913 if (sslerr == SSL_ERROR_WANT_WRITE) {
539 371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 513 diff changeset	914
547 818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	915 ngx_log_error(NGX_LOG_INFO, c->log, 0,
577 4d9ea73a627a nginx-0.3.10-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 571 diff changeset	916 "peer started SSL renegotiation");
473 8e8f3af115b5 nginx-0.1.11-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 469 diff changeset	917
8e8f3af115b5 nginx-0.1.11-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 469 diff changeset	918 c->write->ready = 0;
8e8f3af115b5 nginx-0.1.11-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 469 diff changeset	919
2388 722b5aff05ae use "!= NGX_OK" instead of "== NGX_ERROR" Igor Sysoev <igor@sysoev.ru> parents: 2315 diff changeset	920 if (ngx_handle_write_event(c->write, 0) != NGX_OK) {
473 8e8f3af115b5 nginx-0.1.11-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 469 diff changeset	921 return NGX_ERROR;
8e8f3af115b5 nginx-0.1.11-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 469 diff changeset	922 }
8e8f3af115b5 nginx-0.1.11-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 469 diff changeset	923
8e8f3af115b5 nginx-0.1.11-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 469 diff changeset	924 /*
8e8f3af115b5 nginx-0.1.11-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 469 diff changeset	925 * we do not set the timer because there is already the read event timer
8e8f3af115b5 nginx-0.1.11-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 469 diff changeset	926 */
8e8f3af115b5 nginx-0.1.11-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 469 diff changeset	927
8e8f3af115b5 nginx-0.1.11-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 469 diff changeset	928 if (c->ssl->saved_write_handler == NULL) {
509 9b8c906f6e63 nginx-0.1.29-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 501 diff changeset	929 c->ssl->saved_write_handler = c->write->handler;
9b8c906f6e63 nginx-0.1.29-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 501 diff changeset	930 c->write->handler = ngx_ssl_write_handler;
473 8e8f3af115b5 nginx-0.1.11-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 469 diff changeset	931 }
8e8f3af115b5 nginx-0.1.11-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 469 diff changeset	932
393 5659d773cfa8 nginx-0.0.7-2004-07-15-20:35:51 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	933 return NGX_AGAIN;
5659d773cfa8 nginx-0.0.7-2004-07-15-20:35:51 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	934 }
5659d773cfa8 nginx-0.0.7-2004-07-15-20:35:51 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	935
547 818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	936 c->ssl->no_wait_shutdown = 1;
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	937 c->ssl->no_send_shutdown = 1;
396 6f3b20c1ac50 nginx-0.0.7-2004-07-18-23:11:20 import Igor Sysoev <igor@sysoev.ru> parents: 395 diff changeset	938
395 f8f0f1834266 nginx-0.0.7-2004-07-16-21:11:43 import Igor Sysoev <igor@sysoev.ru> parents: 394 diff changeset	939 if (sslerr == SSL_ERROR_ZERO_RETURN \|\| ERR_peek_error() == 0) {
577 4d9ea73a627a nginx-0.3.10-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 571 diff changeset	940 ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0,
4d9ea73a627a nginx-0.3.10-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 571 diff changeset	941 "peer shutdown SSL cleanly");
4d9ea73a627a nginx-0.3.10-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 571 diff changeset	942 return NGX_DONE;
393 5659d773cfa8 nginx-0.0.7-2004-07-15-20:35:51 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	943 }
5659d773cfa8 nginx-0.0.7-2004-07-15-20:35:51 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	944
547 818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	945 ngx_ssl_connection_error(c, sslerr, err, "SSL_read() failed");
393 5659d773cfa8 nginx-0.0.7-2004-07-15-20:35:51 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	946
5659d773cfa8 nginx-0.0.7-2004-07-15-20:35:51 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	947 return NGX_ERROR;
5659d773cfa8 nginx-0.0.7-2004-07-15-20:35:51 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	948 }
5659d773cfa8 nginx-0.0.7-2004-07-15-20:35:51 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	949
5659d773cfa8 nginx-0.0.7-2004-07-15-20:35:51 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	950
489 45a460f82aec nginx-0.1.19-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 479 diff changeset	951 static void
45a460f82aec nginx-0.1.19-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 479 diff changeset	952 ngx_ssl_write_handler(ngx_event_t *wev)
473 8e8f3af115b5 nginx-0.1.11-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 469 diff changeset	953 {
8e8f3af115b5 nginx-0.1.11-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 469 diff changeset	954 ngx_connection_t *c;
8e8f3af115b5 nginx-0.1.11-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 469 diff changeset	955
8e8f3af115b5 nginx-0.1.11-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 469 diff changeset	956 c = wev->data;
547 818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	957
509 9b8c906f6e63 nginx-0.1.29-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 501 diff changeset	958 c->read->handler(c->read);
473 8e8f3af115b5 nginx-0.1.11-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 469 diff changeset	959 }
8e8f3af115b5 nginx-0.1.11-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 469 diff changeset	960
8e8f3af115b5 nginx-0.1.11-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 469 diff changeset	961
398 201b5f68b59f nginx-0.0.7-2004-07-23-21:05:37 import Igor Sysoev <igor@sysoev.ru> parents: 397 diff changeset	962 /*
201b5f68b59f nginx-0.0.7-2004-07-23-21:05:37 import Igor Sysoev <igor@sysoev.ru> parents: 397 diff changeset	963 * OpenSSL has no SSL_writev() so we copy several bufs into our 16K buffer
473 8e8f3af115b5 nginx-0.1.11-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 469 diff changeset	964 * before the SSL_write() call to decrease a SSL overhead.
398 201b5f68b59f nginx-0.0.7-2004-07-23-21:05:37 import Igor Sysoev <igor@sysoev.ru> parents: 397 diff changeset	965 *
201b5f68b59f nginx-0.0.7-2004-07-23-21:05:37 import Igor Sysoev <igor@sysoev.ru> parents: 397 diff changeset	966 * Besides for protocols such as HTTP it is possible to always buffer
201b5f68b59f nginx-0.0.7-2004-07-23-21:05:37 import Igor Sysoev <igor@sysoev.ru> parents: 397 diff changeset	967 * the output to decrease a SSL overhead some more.
201b5f68b59f nginx-0.0.7-2004-07-23-21:05:37 import Igor Sysoev <igor@sysoev.ru> parents: 397 diff changeset	968 */
201b5f68b59f nginx-0.0.7-2004-07-23-21:05:37 import Igor Sysoev <igor@sysoev.ru> parents: 397 diff changeset	969
489 45a460f82aec nginx-0.1.19-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 479 diff changeset	970 ngx_chain_t *
45a460f82aec nginx-0.1.19-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 479 diff changeset	971 ngx_ssl_send_chain(ngx_connection_t c, ngx_chain_t in, off_t limit)
394 e7a68e14ccd3 nginx-0.0.7-2004-07-16-10:33:35 import Igor Sysoev <igor@sysoev.ru> parents: 393 diff changeset	972 {
397 de797f3b4c27 nginx-0.0.7-2004-07-23-09:37:29 import Igor Sysoev <igor@sysoev.ru> parents: 396 diff changeset	973 int n;
399 4e21d1291a14 nginx-0.0.7-2004-07-25-22:34:14 import Igor Sysoev <igor@sysoev.ru> parents: 398 diff changeset	974 ngx_uint_t flush;
397 de797f3b4c27 nginx-0.0.7-2004-07-23-09:37:29 import Igor Sysoev <igor@sysoev.ru> parents: 396 diff changeset	975 ssize_t send, size;
de797f3b4c27 nginx-0.0.7-2004-07-23-09:37:29 import Igor Sysoev <igor@sysoev.ru> parents: 396 diff changeset	976 ngx_buf_t *buf;
394 e7a68e14ccd3 nginx-0.0.7-2004-07-16-10:33:35 import Igor Sysoev <igor@sysoev.ru> parents: 393 diff changeset	977
2280 6453161bf53e always use buffer, if connection is buffered, Igor Sysoev <igor@sysoev.ru> parents: 2165 diff changeset	978 if (!c->ssl->buffer) {
395 f8f0f1834266 nginx-0.0.7-2004-07-16-21:11:43 import Igor Sysoev <igor@sysoev.ru> parents: 394 diff changeset	979
577 4d9ea73a627a nginx-0.3.10-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 571 diff changeset	980 while (in) {
4d9ea73a627a nginx-0.3.10-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 571 diff changeset	981 if (ngx_buf_special(in->buf)) {
4d9ea73a627a nginx-0.3.10-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 571 diff changeset	982 in = in->next;
4d9ea73a627a nginx-0.3.10-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 571 diff changeset	983 continue;
4d9ea73a627a nginx-0.3.10-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 571 diff changeset	984 }
397 de797f3b4c27 nginx-0.0.7-2004-07-23-09:37:29 import Igor Sysoev <igor@sysoev.ru> parents: 396 diff changeset	985
577 4d9ea73a627a nginx-0.3.10-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 571 diff changeset	986 n = ngx_ssl_write(c, in->buf->pos, in->buf->last - in->buf->pos);
4d9ea73a627a nginx-0.3.10-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 571 diff changeset	987
4d9ea73a627a nginx-0.3.10-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 571 diff changeset	988 if (n == NGX_ERROR) {
4d9ea73a627a nginx-0.3.10-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 571 diff changeset	989 return NGX_CHAIN_ERROR;
4d9ea73a627a nginx-0.3.10-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 571 diff changeset	990 }
398 201b5f68b59f nginx-0.0.7-2004-07-23-21:05:37 import Igor Sysoev <igor@sysoev.ru> parents: 397 diff changeset	991
577 4d9ea73a627a nginx-0.3.10-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 571 diff changeset	992 if (n == NGX_AGAIN) {
597 9262f520ce21 nginx-0.3.20-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 591 diff changeset	993 c->buffered \|= NGX_SSL_BUFFERED;
577 4d9ea73a627a nginx-0.3.10-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 571 diff changeset	994 return in;
4d9ea73a627a nginx-0.3.10-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 571 diff changeset	995 }
4d9ea73a627a nginx-0.3.10-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 571 diff changeset	996
4d9ea73a627a nginx-0.3.10-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 571 diff changeset	997 in->buf->pos += n;
4d9ea73a627a nginx-0.3.10-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 571 diff changeset	998
4d9ea73a627a nginx-0.3.10-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 571 diff changeset	999 if (in->buf->pos == in->buf->last) {
4d9ea73a627a nginx-0.3.10-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 571 diff changeset	1000 in = in->next;
4d9ea73a627a nginx-0.3.10-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 571 diff changeset	1001 }
397 de797f3b4c27 nginx-0.0.7-2004-07-23-09:37:29 import Igor Sysoev <igor@sysoev.ru> parents: 396 diff changeset	1002 }
395 f8f0f1834266 nginx-0.0.7-2004-07-16-21:11:43 import Igor Sysoev <igor@sysoev.ru> parents: 394 diff changeset	1003
397 de797f3b4c27 nginx-0.0.7-2004-07-23-09:37:29 import Igor Sysoev <igor@sysoev.ru> parents: 396 diff changeset	1004 return in;
de797f3b4c27 nginx-0.0.7-2004-07-23-09:37:29 import Igor Sysoev <igor@sysoev.ru> parents: 396 diff changeset	1005 }
395 f8f0f1834266 nginx-0.0.7-2004-07-16-21:11:43 import Igor Sysoev <igor@sysoev.ru> parents: 394 diff changeset	1006
473 8e8f3af115b5 nginx-0.1.11-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 469 diff changeset	1007
3962 df2ae4bc7415 fix SSL connection issues on platforms with 32-bit off_t Igor Sysoev <igor@sysoev.ru> parents: 3961 diff changeset	1008 /* the maximum limit size is the maximum int32_t value - the page size */
df2ae4bc7415 fix SSL connection issues on platforms with 32-bit off_t Igor Sysoev <igor@sysoev.ru> parents: 3961 diff changeset	1009
df2ae4bc7415 fix SSL connection issues on platforms with 32-bit off_t Igor Sysoev <igor@sysoev.ru> parents: 3961 diff changeset	1010 if (limit == 0 \|\| limit > (off_t) (NGX_MAX_INT32_VALUE - ngx_pagesize)) {
df2ae4bc7415 fix SSL connection issues on platforms with 32-bit off_t Igor Sysoev <igor@sysoev.ru> parents: 3961 diff changeset	1011 limit = NGX_MAX_INT32_VALUE - ngx_pagesize;
473 8e8f3af115b5 nginx-0.1.11-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 469 diff changeset	1012 }
8e8f3af115b5 nginx-0.1.11-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 469 diff changeset	1013
577 4d9ea73a627a nginx-0.3.10-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 571 diff changeset	1014 buf = c->ssl->buf;
1779 06014cfdb5b1 create ssl buffer on demand and free it before keep-alive Igor Sysoev <igor@sysoev.ru> parents: 1778 diff changeset	1015
06014cfdb5b1 create ssl buffer on demand and free it before keep-alive Igor Sysoev <igor@sysoev.ru> parents: 1778 diff changeset	1016 if (buf == NULL) {
06014cfdb5b1 create ssl buffer on demand and free it before keep-alive Igor Sysoev <igor@sysoev.ru> parents: 1778 diff changeset	1017 buf = ngx_create_temp_buf(c->pool, NGX_SSL_BUFSIZE);
06014cfdb5b1 create ssl buffer on demand and free it before keep-alive Igor Sysoev <igor@sysoev.ru> parents: 1778 diff changeset	1018 if (buf == NULL) {
06014cfdb5b1 create ssl buffer on demand and free it before keep-alive Igor Sysoev <igor@sysoev.ru> parents: 1778 diff changeset	1019 return NGX_CHAIN_ERROR;
06014cfdb5b1 create ssl buffer on demand and free it before keep-alive Igor Sysoev <igor@sysoev.ru> parents: 1778 diff changeset	1020 }
06014cfdb5b1 create ssl buffer on demand and free it before keep-alive Igor Sysoev <igor@sysoev.ru> parents: 1778 diff changeset	1021
06014cfdb5b1 create ssl buffer on demand and free it before keep-alive Igor Sysoev <igor@sysoev.ru> parents: 1778 diff changeset	1022 c->ssl->buf = buf;
06014cfdb5b1 create ssl buffer on demand and free it before keep-alive Igor Sysoev <igor@sysoev.ru> parents: 1778 diff changeset	1023 }
06014cfdb5b1 create ssl buffer on demand and free it before keep-alive Igor Sysoev <igor@sysoev.ru> parents: 1778 diff changeset	1024
06014cfdb5b1 create ssl buffer on demand and free it before keep-alive Igor Sysoev <igor@sysoev.ru> parents: 1778 diff changeset	1025 if (buf->start == NULL) {
06014cfdb5b1 create ssl buffer on demand and free it before keep-alive Igor Sysoev <igor@sysoev.ru> parents: 1778 diff changeset	1026 buf->start = ngx_palloc(c->pool, NGX_SSL_BUFSIZE);
06014cfdb5b1 create ssl buffer on demand and free it before keep-alive Igor Sysoev <igor@sysoev.ru> parents: 1778 diff changeset	1027 if (buf->start == NULL) {
06014cfdb5b1 create ssl buffer on demand and free it before keep-alive Igor Sysoev <igor@sysoev.ru> parents: 1778 diff changeset	1028 return NGX_CHAIN_ERROR;
06014cfdb5b1 create ssl buffer on demand and free it before keep-alive Igor Sysoev <igor@sysoev.ru> parents: 1778 diff changeset	1029 }
06014cfdb5b1 create ssl buffer on demand and free it before keep-alive Igor Sysoev <igor@sysoev.ru> parents: 1778 diff changeset	1030
06014cfdb5b1 create ssl buffer on demand and free it before keep-alive Igor Sysoev <igor@sysoev.ru> parents: 1778 diff changeset	1031 buf->pos = buf->start;
06014cfdb5b1 create ssl buffer on demand and free it before keep-alive Igor Sysoev <igor@sysoev.ru> parents: 1778 diff changeset	1032 buf->last = buf->start;
06014cfdb5b1 create ssl buffer on demand and free it before keep-alive Igor Sysoev <igor@sysoev.ru> parents: 1778 diff changeset	1033 buf->end = buf->start + NGX_SSL_BUFSIZE;
06014cfdb5b1 create ssl buffer on demand and free it before keep-alive Igor Sysoev <igor@sysoev.ru> parents: 1778 diff changeset	1034 }
06014cfdb5b1 create ssl buffer on demand and free it before keep-alive Igor Sysoev <igor@sysoev.ru> parents: 1778 diff changeset	1035
397 de797f3b4c27 nginx-0.0.7-2004-07-23-09:37:29 import Igor Sysoev <igor@sysoev.ru> parents: 396 diff changeset	1036 send = 0;
de797f3b4c27 nginx-0.0.7-2004-07-23-09:37:29 import Igor Sysoev <igor@sysoev.ru> parents: 396 diff changeset	1037 flush = (in == NULL) ? 1 : 0;
395 f8f0f1834266 nginx-0.0.7-2004-07-16-21:11:43 import Igor Sysoev <igor@sysoev.ru> parents: 394 diff changeset	1038
397 de797f3b4c27 nginx-0.0.7-2004-07-23-09:37:29 import Igor Sysoev <igor@sysoev.ru> parents: 396 diff changeset	1039 for ( ;; ) {
395 f8f0f1834266 nginx-0.0.7-2004-07-16-21:11:43 import Igor Sysoev <igor@sysoev.ru> parents: 394 diff changeset	1040
3283 52b1624b93c2 fix segfault in SSL if limit_rate is used Igor Sysoev <igor@sysoev.ru> parents: 3159 diff changeset	1041 while (in && buf->last < buf->end && send < limit) {
583 4e296b7d25bf nginx-0.3.13-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 577 diff changeset	1042 if (in->buf->last_buf \|\| in->buf->flush) {
397 de797f3b4c27 nginx-0.0.7-2004-07-23-09:37:29 import Igor Sysoev <igor@sysoev.ru> parents: 396 diff changeset	1043 flush = 1;
395 f8f0f1834266 nginx-0.0.7-2004-07-16-21:11:43 import Igor Sysoev <igor@sysoev.ru> parents: 394 diff changeset	1044 }
f8f0f1834266 nginx-0.0.7-2004-07-16-21:11:43 import Igor Sysoev <igor@sysoev.ru> parents: 394 diff changeset	1045
397 de797f3b4c27 nginx-0.0.7-2004-07-23-09:37:29 import Igor Sysoev <igor@sysoev.ru> parents: 396 diff changeset	1046 if (ngx_buf_special(in->buf)) {
398 201b5f68b59f nginx-0.0.7-2004-07-23-21:05:37 import Igor Sysoev <igor@sysoev.ru> parents: 397 diff changeset	1047 in = in->next;
397 de797f3b4c27 nginx-0.0.7-2004-07-23-09:37:29 import Igor Sysoev <igor@sysoev.ru> parents: 396 diff changeset	1048 continue;
de797f3b4c27 nginx-0.0.7-2004-07-23-09:37:29 import Igor Sysoev <igor@sysoev.ru> parents: 396 diff changeset	1049 }
de797f3b4c27 nginx-0.0.7-2004-07-23-09:37:29 import Igor Sysoev <igor@sysoev.ru> parents: 396 diff changeset	1050
de797f3b4c27 nginx-0.0.7-2004-07-23-09:37:29 import Igor Sysoev <igor@sysoev.ru> parents: 396 diff changeset	1051 size = in->buf->last - in->buf->pos;
de797f3b4c27 nginx-0.0.7-2004-07-23-09:37:29 import Igor Sysoev <igor@sysoev.ru> parents: 396 diff changeset	1052
de797f3b4c27 nginx-0.0.7-2004-07-23-09:37:29 import Igor Sysoev <igor@sysoev.ru> parents: 396 diff changeset	1053 if (size > buf->end - buf->last) {
de797f3b4c27 nginx-0.0.7-2004-07-23-09:37:29 import Igor Sysoev <igor@sysoev.ru> parents: 396 diff changeset	1054 size = buf->end - buf->last;
de797f3b4c27 nginx-0.0.7-2004-07-23-09:37:29 import Igor Sysoev <igor@sysoev.ru> parents: 396 diff changeset	1055 }
de797f3b4c27 nginx-0.0.7-2004-07-23-09:37:29 import Igor Sysoev <igor@sysoev.ru> parents: 396 diff changeset	1056
395 f8f0f1834266 nginx-0.0.7-2004-07-16-21:11:43 import Igor Sysoev <igor@sysoev.ru> parents: 394 diff changeset	1057 if (send + size > limit) {
577 4d9ea73a627a nginx-0.3.10-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 571 diff changeset	1058 size = (ssize_t) (limit - send);
397 de797f3b4c27 nginx-0.0.7-2004-07-23-09:37:29 import Igor Sysoev <igor@sysoev.ru> parents: 396 diff changeset	1059 flush = 1;
395 f8f0f1834266 nginx-0.0.7-2004-07-16-21:11:43 import Igor Sysoev <igor@sysoev.ru> parents: 394 diff changeset	1060 }
f8f0f1834266 nginx-0.0.7-2004-07-16-21:11:43 import Igor Sysoev <igor@sysoev.ru> parents: 394 diff changeset	1061
f8f0f1834266 nginx-0.0.7-2004-07-16-21:11:43 import Igor Sysoev <igor@sysoev.ru> parents: 394 diff changeset	1062 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0,
397 de797f3b4c27 nginx-0.0.7-2004-07-23-09:37:29 import Igor Sysoev <igor@sysoev.ru> parents: 396 diff changeset	1063 "SSL buf copy: %d", size);
395 f8f0f1834266 nginx-0.0.7-2004-07-16-21:11:43 import Igor Sysoev <igor@sysoev.ru> parents: 394 diff changeset	1064
397 de797f3b4c27 nginx-0.0.7-2004-07-23-09:37:29 import Igor Sysoev <igor@sysoev.ru> parents: 396 diff changeset	1065 ngx_memcpy(buf->last, in->buf->pos, size);
395 f8f0f1834266 nginx-0.0.7-2004-07-16-21:11:43 import Igor Sysoev <igor@sysoev.ru> parents: 394 diff changeset	1066
397 de797f3b4c27 nginx-0.0.7-2004-07-23-09:37:29 import Igor Sysoev <igor@sysoev.ru> parents: 396 diff changeset	1067 buf->last += size;
de797f3b4c27 nginx-0.0.7-2004-07-23-09:37:29 import Igor Sysoev <igor@sysoev.ru> parents: 396 diff changeset	1068 in->buf->pos += size;
3283 52b1624b93c2 fix segfault in SSL if limit_rate is used Igor Sysoev <igor@sysoev.ru> parents: 3159 diff changeset	1069 send += size;
577 4d9ea73a627a nginx-0.3.10-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 571 diff changeset	1070
397 de797f3b4c27 nginx-0.0.7-2004-07-23-09:37:29 import Igor Sysoev <igor@sysoev.ru> parents: 396 diff changeset	1071 if (in->buf->pos == in->buf->last) {
de797f3b4c27 nginx-0.0.7-2004-07-23-09:37:29 import Igor Sysoev <igor@sysoev.ru> parents: 396 diff changeset	1072 in = in->next;
395 f8f0f1834266 nginx-0.0.7-2004-07-16-21:11:43 import Igor Sysoev <igor@sysoev.ru> parents: 394 diff changeset	1073 }
f8f0f1834266 nginx-0.0.7-2004-07-16-21:11:43 import Igor Sysoev <igor@sysoev.ru> parents: 394 diff changeset	1074 }
f8f0f1834266 nginx-0.0.7-2004-07-16-21:11:43 import Igor Sysoev <igor@sysoev.ru> parents: 394 diff changeset	1075
397 de797f3b4c27 nginx-0.0.7-2004-07-23-09:37:29 import Igor Sysoev <igor@sysoev.ru> parents: 396 diff changeset	1076 size = buf->last - buf->pos;
de797f3b4c27 nginx-0.0.7-2004-07-23-09:37:29 import Igor Sysoev <igor@sysoev.ru> parents: 396 diff changeset	1077
398 201b5f68b59f nginx-0.0.7-2004-07-23-21:05:37 import Igor Sysoev <igor@sysoev.ru> parents: 397 diff changeset	1078 if (!flush && buf->last < buf->end && c->ssl->buffer) {
201b5f68b59f nginx-0.0.7-2004-07-23-21:05:37 import Igor Sysoev <igor@sysoev.ru> parents: 397 diff changeset	1079 break;
201b5f68b59f nginx-0.0.7-2004-07-23-21:05:37 import Igor Sysoev <igor@sysoev.ru> parents: 397 diff changeset	1080 }
397 de797f3b4c27 nginx-0.0.7-2004-07-23-09:37:29 import Igor Sysoev <igor@sysoev.ru> parents: 396 diff changeset	1081
398 201b5f68b59f nginx-0.0.7-2004-07-23-21:05:37 import Igor Sysoev <igor@sysoev.ru> parents: 397 diff changeset	1082 n = ngx_ssl_write(c, buf->pos, size);
201b5f68b59f nginx-0.0.7-2004-07-23-21:05:37 import Igor Sysoev <igor@sysoev.ru> parents: 397 diff changeset	1083
201b5f68b59f nginx-0.0.7-2004-07-23-21:05:37 import Igor Sysoev <igor@sysoev.ru> parents: 397 diff changeset	1084 if (n == NGX_ERROR) {
201b5f68b59f nginx-0.0.7-2004-07-23-21:05:37 import Igor Sysoev <igor@sysoev.ru> parents: 397 diff changeset	1085 return NGX_CHAIN_ERROR;
397 de797f3b4c27 nginx-0.0.7-2004-07-23-09:37:29 import Igor Sysoev <igor@sysoev.ru> parents: 396 diff changeset	1086 }
de797f3b4c27 nginx-0.0.7-2004-07-23-09:37:29 import Igor Sysoev <igor@sysoev.ru> parents: 396 diff changeset	1087
511 c12967aadd87 nginx-0.1.30-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 509 diff changeset	1088 if (n == NGX_AGAIN) {
597 9262f520ce21 nginx-0.3.20-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 591 diff changeset	1089 c->buffered \|= NGX_SSL_BUFFERED;
511 c12967aadd87 nginx-0.1.30-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 509 diff changeset	1090 return in;
397 de797f3b4c27 nginx-0.0.7-2004-07-23-09:37:29 import Igor Sysoev <igor@sysoev.ru> parents: 396 diff changeset	1091 }
de797f3b4c27 nginx-0.0.7-2004-07-23-09:37:29 import Igor Sysoev <igor@sysoev.ru> parents: 396 diff changeset	1092
de797f3b4c27 nginx-0.0.7-2004-07-23-09:37:29 import Igor Sysoev <igor@sysoev.ru> parents: 396 diff changeset	1093 buf->pos += n;
de797f3b4c27 nginx-0.0.7-2004-07-23-09:37:29 import Igor Sysoev <igor@sysoev.ru> parents: 396 diff changeset	1094 c->sent += n;
de797f3b4c27 nginx-0.0.7-2004-07-23-09:37:29 import Igor Sysoev <igor@sysoev.ru> parents: 396 diff changeset	1095
de797f3b4c27 nginx-0.0.7-2004-07-23-09:37:29 import Igor Sysoev <igor@sysoev.ru> parents: 396 diff changeset	1096 if (n < size) {
de797f3b4c27 nginx-0.0.7-2004-07-23-09:37:29 import Igor Sysoev <igor@sysoev.ru> parents: 396 diff changeset	1097 break;
395 f8f0f1834266 nginx-0.0.7-2004-07-16-21:11:43 import Igor Sysoev <igor@sysoev.ru> parents: 394 diff changeset	1098 }
f8f0f1834266 nginx-0.0.7-2004-07-16-21:11:43 import Igor Sysoev <igor@sysoev.ru> parents: 394 diff changeset	1099
f8f0f1834266 nginx-0.0.7-2004-07-16-21:11:43 import Igor Sysoev <igor@sysoev.ru> parents: 394 diff changeset	1100 if (buf->pos == buf->last) {
397 de797f3b4c27 nginx-0.0.7-2004-07-23-09:37:29 import Igor Sysoev <igor@sysoev.ru> parents: 396 diff changeset	1101 buf->pos = buf->start;
de797f3b4c27 nginx-0.0.7-2004-07-23-09:37:29 import Igor Sysoev <igor@sysoev.ru> parents: 396 diff changeset	1102 buf->last = buf->start;
de797f3b4c27 nginx-0.0.7-2004-07-23-09:37:29 import Igor Sysoev <igor@sysoev.ru> parents: 396 diff changeset	1103 }
395 f8f0f1834266 nginx-0.0.7-2004-07-16-21:11:43 import Igor Sysoev <igor@sysoev.ru> parents: 394 diff changeset	1104
397 de797f3b4c27 nginx-0.0.7-2004-07-23-09:37:29 import Igor Sysoev <igor@sysoev.ru> parents: 396 diff changeset	1105 if (in == NULL \|\| send == limit) {
de797f3b4c27 nginx-0.0.7-2004-07-23-09:37:29 import Igor Sysoev <igor@sysoev.ru> parents: 396 diff changeset	1106 break;
395 f8f0f1834266 nginx-0.0.7-2004-07-16-21:11:43 import Igor Sysoev <igor@sysoev.ru> parents: 394 diff changeset	1107 }
f8f0f1834266 nginx-0.0.7-2004-07-16-21:11:43 import Igor Sysoev <igor@sysoev.ru> parents: 394 diff changeset	1108 }
f8f0f1834266 nginx-0.0.7-2004-07-16-21:11:43 import Igor Sysoev <igor@sysoev.ru> parents: 394 diff changeset	1109
597 9262f520ce21 nginx-0.3.20-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 591 diff changeset	1110 if (buf->pos < buf->last) {
9262f520ce21 nginx-0.3.20-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 591 diff changeset	1111 c->buffered \|= NGX_SSL_BUFFERED;
9262f520ce21 nginx-0.3.20-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 591 diff changeset	1112
9262f520ce21 nginx-0.3.20-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 591 diff changeset	1113 } else {
9262f520ce21 nginx-0.3.20-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 591 diff changeset	1114 c->buffered &= ~NGX_SSL_BUFFERED;
9262f520ce21 nginx-0.3.20-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 591 diff changeset	1115 }
397 de797f3b4c27 nginx-0.0.7-2004-07-23-09:37:29 import Igor Sysoev <igor@sysoev.ru> parents: 396 diff changeset	1116
399 4e21d1291a14 nginx-0.0.7-2004-07-25-22:34:14 import Igor Sysoev <igor@sysoev.ru> parents: 398 diff changeset	1117 return in;
397 de797f3b4c27 nginx-0.0.7-2004-07-23-09:37:29 import Igor Sysoev <igor@sysoev.ru> parents: 396 diff changeset	1118 }
de797f3b4c27 nginx-0.0.7-2004-07-23-09:37:29 import Igor Sysoev <igor@sysoev.ru> parents: 396 diff changeset	1119
de797f3b4c27 nginx-0.0.7-2004-07-23-09:37:29 import Igor Sysoev <igor@sysoev.ru> parents: 396 diff changeset	1120
539 371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 513 diff changeset	1121 ssize_t
489 45a460f82aec nginx-0.1.19-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 479 diff changeset	1122 ngx_ssl_write(ngx_connection_t c, u_char data, size_t size)
397 de797f3b4c27 nginx-0.0.7-2004-07-23-09:37:29 import Igor Sysoev <igor@sysoev.ru> parents: 396 diff changeset	1123 {
547 818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	1124 int n, sslerr;
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	1125 ngx_err_t err;
397 de797f3b4c27 nginx-0.0.7-2004-07-23-09:37:29 import Igor Sysoev <igor@sysoev.ru> parents: 396 diff changeset	1126
1755 59e36c1c6296 cleaning stale global SSL error Igor Sysoev <igor@sysoev.ru> parents: 1754 diff changeset	1127 ngx_ssl_clear_error(c->log);
59e36c1c6296 cleaning stale global SSL error Igor Sysoev <igor@sysoev.ru> parents: 1754 diff changeset	1128
397 de797f3b4c27 nginx-0.0.7-2004-07-23-09:37:29 import Igor Sysoev <igor@sysoev.ru> parents: 396 diff changeset	1129 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL to write: %d", size);
de797f3b4c27 nginx-0.0.7-2004-07-23-09:37:29 import Igor Sysoev <igor@sysoev.ru> parents: 396 diff changeset	1130
543 511a89da35ad nginx-0.2.0-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 541 diff changeset	1131 n = SSL_write(c->ssl->connection, data, size);
397 de797f3b4c27 nginx-0.0.7-2004-07-23-09:37:29 import Igor Sysoev <igor@sysoev.ru> parents: 396 diff changeset	1132
de797f3b4c27 nginx-0.0.7-2004-07-23-09:37:29 import Igor Sysoev <igor@sysoev.ru> parents: 396 diff changeset	1133 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL_write: %d", n);
de797f3b4c27 nginx-0.0.7-2004-07-23-09:37:29 import Igor Sysoev <igor@sysoev.ru> parents: 396 diff changeset	1134
de797f3b4c27 nginx-0.0.7-2004-07-23-09:37:29 import Igor Sysoev <igor@sysoev.ru> parents: 396 diff changeset	1135 if (n > 0) {
539 371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 513 diff changeset	1136
473 8e8f3af115b5 nginx-0.1.11-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 469 diff changeset	1137 if (c->ssl->saved_read_handler) {
8e8f3af115b5 nginx-0.1.11-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 469 diff changeset	1138
509 9b8c906f6e63 nginx-0.1.29-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 501 diff changeset	1139 c->read->handler = c->ssl->saved_read_handler;
473 8e8f3af115b5 nginx-0.1.11-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 469 diff changeset	1140 c->ssl->saved_read_handler = NULL;
8e8f3af115b5 nginx-0.1.11-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 469 diff changeset	1141 c->read->ready = 1;
8e8f3af115b5 nginx-0.1.11-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 469 diff changeset	1142
2388 722b5aff05ae use "!= NGX_OK" instead of "== NGX_ERROR" Igor Sysoev <igor@sysoev.ru> parents: 2315 diff changeset	1143 if (ngx_handle_read_event(c->read, 0) != NGX_OK) {
473 8e8f3af115b5 nginx-0.1.11-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 469 diff changeset	1144 return NGX_ERROR;
8e8f3af115b5 nginx-0.1.11-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 469 diff changeset	1145 }
8e8f3af115b5 nginx-0.1.11-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 469 diff changeset	1146
563 9c2f3ed7a247 nginx-0.3.3-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 559 diff changeset	1147 ngx_post_event(c->read, &ngx_posted_events);
473 8e8f3af115b5 nginx-0.1.11-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 469 diff changeset	1148 }
8e8f3af115b5 nginx-0.1.11-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 469 diff changeset	1149
397 de797f3b4c27 nginx-0.0.7-2004-07-23-09:37:29 import Igor Sysoev <igor@sysoev.ru> parents: 396 diff changeset	1150 return n;
de797f3b4c27 nginx-0.0.7-2004-07-23-09:37:29 import Igor Sysoev <igor@sysoev.ru> parents: 396 diff changeset	1151 }
de797f3b4c27 nginx-0.0.7-2004-07-23-09:37:29 import Igor Sysoev <igor@sysoev.ru> parents: 396 diff changeset	1152
543 511a89da35ad nginx-0.2.0-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 541 diff changeset	1153 sslerr = SSL_get_error(c->ssl->connection, n);
397 de797f3b4c27 nginx-0.0.7-2004-07-23-09:37:29 import Igor Sysoev <igor@sysoev.ru> parents: 396 diff changeset	1154
de797f3b4c27 nginx-0.0.7-2004-07-23-09:37:29 import Igor Sysoev <igor@sysoev.ru> parents: 396 diff changeset	1155 err = (sslerr == SSL_ERROR_SYSCALL) ? ngx_errno : 0;
de797f3b4c27 nginx-0.0.7-2004-07-23-09:37:29 import Igor Sysoev <igor@sysoev.ru> parents: 396 diff changeset	1156
de797f3b4c27 nginx-0.0.7-2004-07-23-09:37:29 import Igor Sysoev <igor@sysoev.ru> parents: 396 diff changeset	1157 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL_get_error: %d", sslerr);
de797f3b4c27 nginx-0.0.7-2004-07-23-09:37:29 import Igor Sysoev <igor@sysoev.ru> parents: 396 diff changeset	1158
de797f3b4c27 nginx-0.0.7-2004-07-23-09:37:29 import Igor Sysoev <igor@sysoev.ru> parents: 396 diff changeset	1159 if (sslerr == SSL_ERROR_WANT_WRITE) {
de797f3b4c27 nginx-0.0.7-2004-07-23-09:37:29 import Igor Sysoev <igor@sysoev.ru> parents: 396 diff changeset	1160 c->write->ready = 0;
de797f3b4c27 nginx-0.0.7-2004-07-23-09:37:29 import Igor Sysoev <igor@sysoev.ru> parents: 396 diff changeset	1161 return NGX_AGAIN;
de797f3b4c27 nginx-0.0.7-2004-07-23-09:37:29 import Igor Sysoev <igor@sysoev.ru> parents: 396 diff changeset	1162 }
de797f3b4c27 nginx-0.0.7-2004-07-23-09:37:29 import Igor Sysoev <igor@sysoev.ru> parents: 396 diff changeset	1163
445 f26432a1935a nginx-0.1.0-2004-09-30-10:38:49 import Igor Sysoev <igor@sysoev.ru> parents: 444 diff changeset	1164 if (sslerr == SSL_ERROR_WANT_READ) {
452 23fb87bddda1 nginx-0.1.1-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 445 diff changeset	1165
547 818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	1166 ngx_log_error(NGX_LOG_INFO, c->log, 0,
577 4d9ea73a627a nginx-0.3.10-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 571 diff changeset	1167 "peer started SSL renegotiation");
473 8e8f3af115b5 nginx-0.1.11-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 469 diff changeset	1168
8e8f3af115b5 nginx-0.1.11-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 469 diff changeset	1169 c->read->ready = 0;
8e8f3af115b5 nginx-0.1.11-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 469 diff changeset	1170
2388 722b5aff05ae use "!= NGX_OK" instead of "== NGX_ERROR" Igor Sysoev <igor@sysoev.ru> parents: 2315 diff changeset	1171 if (ngx_handle_read_event(c->read, 0) != NGX_OK) {
473 8e8f3af115b5 nginx-0.1.11-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 469 diff changeset	1172 return NGX_ERROR;
8e8f3af115b5 nginx-0.1.11-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 469 diff changeset	1173 }
8e8f3af115b5 nginx-0.1.11-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 469 diff changeset	1174
8e8f3af115b5 nginx-0.1.11-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 469 diff changeset	1175 /*
8e8f3af115b5 nginx-0.1.11-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 469 diff changeset	1176 * we do not set the timer because there is already
8e8f3af115b5 nginx-0.1.11-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 469 diff changeset	1177 * the write event timer
8e8f3af115b5 nginx-0.1.11-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 469 diff changeset	1178 */
8e8f3af115b5 nginx-0.1.11-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 469 diff changeset	1179
8e8f3af115b5 nginx-0.1.11-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 469 diff changeset	1180 if (c->ssl->saved_read_handler == NULL) {
509 9b8c906f6e63 nginx-0.1.29-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 501 diff changeset	1181 c->ssl->saved_read_handler = c->read->handler;
9b8c906f6e63 nginx-0.1.29-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 501 diff changeset	1182 c->read->handler = ngx_ssl_read_handler;
473 8e8f3af115b5 nginx-0.1.11-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 469 diff changeset	1183 }
8e8f3af115b5 nginx-0.1.11-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 469 diff changeset	1184
397 de797f3b4c27 nginx-0.0.7-2004-07-23-09:37:29 import Igor Sysoev <igor@sysoev.ru> parents: 396 diff changeset	1185 return NGX_AGAIN;
de797f3b4c27 nginx-0.0.7-2004-07-23-09:37:29 import Igor Sysoev <igor@sysoev.ru> parents: 396 diff changeset	1186 }
395 f8f0f1834266 nginx-0.0.7-2004-07-16-21:11:43 import Igor Sysoev <igor@sysoev.ru> parents: 394 diff changeset	1187
547 818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	1188 c->ssl->no_wait_shutdown = 1;
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	1189 c->ssl->no_send_shutdown = 1;
591 8c0cdd81580e nginx-0.3.17-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 589 diff changeset	1190 c->write->error = 1;
543 511a89da35ad nginx-0.2.0-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 541 diff changeset	1191
547 818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	1192 ngx_ssl_connection_error(c, sslerr, err, "SSL_write() failed");
394 e7a68e14ccd3 nginx-0.0.7-2004-07-16-10:33:35 import Igor Sysoev <igor@sysoev.ru> parents: 393 diff changeset	1193
397 de797f3b4c27 nginx-0.0.7-2004-07-23-09:37:29 import Igor Sysoev <igor@sysoev.ru> parents: 396 diff changeset	1194 return NGX_ERROR;
394 e7a68e14ccd3 nginx-0.0.7-2004-07-16-10:33:35 import Igor Sysoev <igor@sysoev.ru> parents: 393 diff changeset	1195 }
e7a68e14ccd3 nginx-0.0.7-2004-07-16-10:33:35 import Igor Sysoev <igor@sysoev.ru> parents: 393 diff changeset	1196
e7a68e14ccd3 nginx-0.0.7-2004-07-16-10:33:35 import Igor Sysoev <igor@sysoev.ru> parents: 393 diff changeset	1197
489 45a460f82aec nginx-0.1.19-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 479 diff changeset	1198 static void
45a460f82aec nginx-0.1.19-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 479 diff changeset	1199 ngx_ssl_read_handler(ngx_event_t *rev)
473 8e8f3af115b5 nginx-0.1.11-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 469 diff changeset	1200 {
8e8f3af115b5 nginx-0.1.11-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 469 diff changeset	1201 ngx_connection_t *c;
8e8f3af115b5 nginx-0.1.11-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 469 diff changeset	1202
8e8f3af115b5 nginx-0.1.11-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 469 diff changeset	1203 c = rev->data;
547 818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	1204
509 9b8c906f6e63 nginx-0.1.29-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 501 diff changeset	1205 c->write->handler(c->write);
473 8e8f3af115b5 nginx-0.1.11-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 469 diff changeset	1206 }
8e8f3af115b5 nginx-0.1.11-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 469 diff changeset	1207
8e8f3af115b5 nginx-0.1.11-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 469 diff changeset	1208
1779 06014cfdb5b1 create ssl buffer on demand and free it before keep-alive Igor Sysoev <igor@sysoev.ru> parents: 1778 diff changeset	1209 void
06014cfdb5b1 create ssl buffer on demand and free it before keep-alive Igor Sysoev <igor@sysoev.ru> parents: 1778 diff changeset	1210 ngx_ssl_free_buffer(ngx_connection_t *c)
06014cfdb5b1 create ssl buffer on demand and free it before keep-alive Igor Sysoev <igor@sysoev.ru> parents: 1778 diff changeset	1211 {
1795 3a0132e2be2c fix segfault introduced in r1780 Igor Sysoev <igor@sysoev.ru> parents: 1779 diff changeset	1212 if (c->ssl->buf && c->ssl->buf->start) {
3a0132e2be2c fix segfault introduced in r1780 Igor Sysoev <igor@sysoev.ru> parents: 1779 diff changeset	1213 if (ngx_pfree(c->pool, c->ssl->buf->start) == NGX_OK) {
3a0132e2be2c fix segfault introduced in r1780 Igor Sysoev <igor@sysoev.ru> parents: 1779 diff changeset	1214 c->ssl->buf->start = NULL;
3a0132e2be2c fix segfault introduced in r1780 Igor Sysoev <igor@sysoev.ru> parents: 1779 diff changeset	1215 }
1779 06014cfdb5b1 create ssl buffer on demand and free it before keep-alive Igor Sysoev <igor@sysoev.ru> parents: 1778 diff changeset	1216 }
06014cfdb5b1 create ssl buffer on demand and free it before keep-alive Igor Sysoev <igor@sysoev.ru> parents: 1778 diff changeset	1217 }
06014cfdb5b1 create ssl buffer on demand and free it before keep-alive Igor Sysoev <igor@sysoev.ru> parents: 1778 diff changeset	1218
06014cfdb5b1 create ssl buffer on demand and free it before keep-alive Igor Sysoev <igor@sysoev.ru> parents: 1778 diff changeset	1219
489 45a460f82aec nginx-0.1.19-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 479 diff changeset	1220 ngx_int_t
45a460f82aec nginx-0.1.19-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 479 diff changeset	1221 ngx_ssl_shutdown(ngx_connection_t *c)
394 e7a68e14ccd3 nginx-0.0.7-2004-07-16-10:33:35 import Igor Sysoev <igor@sysoev.ru> parents: 393 diff changeset	1222 {
1754 427d442e1ad8 SSL_shutdown() never returns -1, on error it returns 0. Igor Sysoev <igor@sysoev.ru> parents: 1743 diff changeset	1223 int n, sslerr, mode;
427d442e1ad8 SSL_shutdown() never returns -1, on error it returns 0. Igor Sysoev <igor@sysoev.ru> parents: 1743 diff changeset	1224 ngx_err_t err;
394 e7a68e14ccd3 nginx-0.0.7-2004-07-16-10:33:35 import Igor Sysoev <igor@sysoev.ru> parents: 393 diff changeset	1225
577 4d9ea73a627a nginx-0.3.10-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 571 diff changeset	1226 if (c->timedout) {
547 818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	1227 mode = SSL_RECEIVED_SHUTDOWN\|SSL_SENT_SHUTDOWN;
4064 5b776ad53c3c Proper SSL shutdown handling. Maxim Dounin <mdounin@mdounin.ru> parents: 3992 diff changeset	1228 SSL_set_quiet_shutdown(c->ssl->connection, 1);
396 6f3b20c1ac50 nginx-0.0.7-2004-07-18-23:11:20 import Igor Sysoev <igor@sysoev.ru> parents: 395 diff changeset	1229
547 818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	1230 } else {
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	1231 mode = SSL_get_shutdown(c->ssl->connection);
473 8e8f3af115b5 nginx-0.1.11-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 469 diff changeset	1232
547 818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	1233 if (c->ssl->no_wait_shutdown) {
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	1234 mode \|= SSL_RECEIVED_SHUTDOWN;
396 6f3b20c1ac50 nginx-0.0.7-2004-07-18-23:11:20 import Igor Sysoev <igor@sysoev.ru> parents: 395 diff changeset	1235 }
6f3b20c1ac50 nginx-0.0.7-2004-07-18-23:11:20 import Igor Sysoev <igor@sysoev.ru> parents: 395 diff changeset	1236
547 818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	1237 if (c->ssl->no_send_shutdown) {
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	1238 mode \|= SSL_SENT_SHUTDOWN;
396 6f3b20c1ac50 nginx-0.0.7-2004-07-18-23:11:20 import Igor Sysoev <igor@sysoev.ru> parents: 395 diff changeset	1239 }
4064 5b776ad53c3c Proper SSL shutdown handling. Maxim Dounin <mdounin@mdounin.ru> parents: 3992 diff changeset	1240
5b776ad53c3c Proper SSL shutdown handling. Maxim Dounin <mdounin@mdounin.ru> parents: 3992 diff changeset	1241 if (c->ssl->no_wait_shutdown && c->ssl->no_send_shutdown) {
5b776ad53c3c Proper SSL shutdown handling. Maxim Dounin <mdounin@mdounin.ru> parents: 3992 diff changeset	1242 SSL_set_quiet_shutdown(c->ssl->connection, 1);
5b776ad53c3c Proper SSL shutdown handling. Maxim Dounin <mdounin@mdounin.ru> parents: 3992 diff changeset	1243 }
394 e7a68e14ccd3 nginx-0.0.7-2004-07-16-10:33:35 import Igor Sysoev <igor@sysoev.ru> parents: 393 diff changeset	1244 }
e7a68e14ccd3 nginx-0.0.7-2004-07-16-10:33:35 import Igor Sysoev <igor@sysoev.ru> parents: 393 diff changeset	1245
547 818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	1246 SSL_set_shutdown(c->ssl->connection, mode);
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	1247
1755 59e36c1c6296 cleaning stale global SSL error Igor Sysoev <igor@sysoev.ru> parents: 1754 diff changeset	1248 ngx_ssl_clear_error(c->log);
59e36c1c6296 cleaning stale global SSL error Igor Sysoev <igor@sysoev.ru> parents: 1754 diff changeset	1249
1754 427d442e1ad8 SSL_shutdown() never returns -1, on error it returns 0. Igor Sysoev <igor@sysoev.ru> parents: 1743 diff changeset	1250 n = SSL_shutdown(c->ssl->connection);
427d442e1ad8 SSL_shutdown() never returns -1, on error it returns 0. Igor Sysoev <igor@sysoev.ru> parents: 1743 diff changeset	1251
427d442e1ad8 SSL_shutdown() never returns -1, on error it returns 0. Igor Sysoev <igor@sysoev.ru> parents: 1743 diff changeset	1252 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL_shutdown: %d", n);
427d442e1ad8 SSL_shutdown() never returns -1, on error it returns 0. Igor Sysoev <igor@sysoev.ru> parents: 1743 diff changeset	1253
461 a88a3e4e158f nginx-0.1.5-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 455 diff changeset	1254 sslerr = 0;
394 e7a68e14ccd3 nginx-0.0.7-2004-07-16-10:33:35 import Igor Sysoev <igor@sysoev.ru> parents: 393 diff changeset	1255
1860 a1f00736852e grammar fix Igor Sysoev <igor@sysoev.ru> parents: 1795 diff changeset	1256 /* SSL_shutdown() never returns -1, on error it returns 0 */
543 511a89da35ad nginx-0.2.0-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 541 diff changeset	1257
1865 4bcbb0fe5c8d fix bogus crit log message "SSL_shutdown() failed" introduced in r1755 Igor Sysoev <igor@sysoev.ru> parents: 1861 diff changeset	1258 if (n != 1 && ERR_peek_error()) {
543 511a89da35ad nginx-0.2.0-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 541 diff changeset	1259 sslerr = SSL_get_error(c->ssl->connection, n);
394 e7a68e14ccd3 nginx-0.0.7-2004-07-16-10:33:35 import Igor Sysoev <igor@sysoev.ru> parents: 393 diff changeset	1260
396 6f3b20c1ac50 nginx-0.0.7-2004-07-18-23:11:20 import Igor Sysoev <igor@sysoev.ru> parents: 395 diff changeset	1261 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0,
6f3b20c1ac50 nginx-0.0.7-2004-07-18-23:11:20 import Igor Sysoev <igor@sysoev.ru> parents: 395 diff changeset	1262 "SSL_get_error: %d", sslerr);
394 e7a68e14ccd3 nginx-0.0.7-2004-07-16-10:33:35 import Igor Sysoev <igor@sysoev.ru> parents: 393 diff changeset	1263 }
e7a68e14ccd3 nginx-0.0.7-2004-07-16-10:33:35 import Igor Sysoev <igor@sysoev.ru> parents: 393 diff changeset	1264
1865 4bcbb0fe5c8d fix bogus crit log message "SSL_shutdown() failed" introduced in r1755 Igor Sysoev <igor@sysoev.ru> parents: 1861 diff changeset	1265 if (n == 1 \|\| sslerr == 0 \|\| sslerr == SSL_ERROR_ZERO_RETURN) {
1754 427d442e1ad8 SSL_shutdown() never returns -1, on error it returns 0. Igor Sysoev <igor@sysoev.ru> parents: 1743 diff changeset	1266 SSL_free(c->ssl->connection);
427d442e1ad8 SSL_shutdown() never returns -1, on error it returns 0. Igor Sysoev <igor@sysoev.ru> parents: 1743 diff changeset	1267 c->ssl = NULL;
427d442e1ad8 SSL_shutdown() never returns -1, on error it returns 0. Igor Sysoev <igor@sysoev.ru> parents: 1743 diff changeset	1268
427d442e1ad8 SSL_shutdown() never returns -1, on error it returns 0. Igor Sysoev <igor@sysoev.ru> parents: 1743 diff changeset	1269 return NGX_OK;
427d442e1ad8 SSL_shutdown() never returns -1, on error it returns 0. Igor Sysoev <igor@sysoev.ru> parents: 1743 diff changeset	1270 }
427d442e1ad8 SSL_shutdown() never returns -1, on error it returns 0. Igor Sysoev <igor@sysoev.ru> parents: 1743 diff changeset	1271
427d442e1ad8 SSL_shutdown() never returns -1, on error it returns 0. Igor Sysoev <igor@sysoev.ru> parents: 1743 diff changeset	1272 if (sslerr == SSL_ERROR_WANT_READ \|\| sslerr == SSL_ERROR_WANT_WRITE) {
577 4d9ea73a627a nginx-0.3.10-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 571 diff changeset	1273 c->read->handler = ngx_ssl_shutdown_handler;
589 d4e858a5751a nginx-0.3.16-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 583 diff changeset	1274 c->write->handler = ngx_ssl_shutdown_handler;
577 4d9ea73a627a nginx-0.3.10-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 571 diff changeset	1275
2388 722b5aff05ae use "!= NGX_OK" instead of "== NGX_ERROR" Igor Sysoev <igor@sysoev.ru> parents: 2315 diff changeset	1276 if (ngx_handle_read_event(c->read, 0) != NGX_OK) {
394 e7a68e14ccd3 nginx-0.0.7-2004-07-16-10:33:35 import Igor Sysoev <igor@sysoev.ru> parents: 393 diff changeset	1277 return NGX_ERROR;
e7a68e14ccd3 nginx-0.0.7-2004-07-16-10:33:35 import Igor Sysoev <igor@sysoev.ru> parents: 393 diff changeset	1278 }
e7a68e14ccd3 nginx-0.0.7-2004-07-16-10:33:35 import Igor Sysoev <igor@sysoev.ru> parents: 393 diff changeset	1279
2388 722b5aff05ae use "!= NGX_OK" instead of "== NGX_ERROR" Igor Sysoev <igor@sysoev.ru> parents: 2315 diff changeset	1280 if (ngx_handle_write_event(c->write, 0) != NGX_OK) {
394 e7a68e14ccd3 nginx-0.0.7-2004-07-16-10:33:35 import Igor Sysoev <igor@sysoev.ru> parents: 393 diff changeset	1281 return NGX_ERROR;
e7a68e14ccd3 nginx-0.0.7-2004-07-16-10:33:35 import Igor Sysoev <igor@sysoev.ru> parents: 393 diff changeset	1282 }
e7a68e14ccd3 nginx-0.0.7-2004-07-16-10:33:35 import Igor Sysoev <igor@sysoev.ru> parents: 393 diff changeset	1283
1754 427d442e1ad8 SSL_shutdown() never returns -1, on error it returns 0. Igor Sysoev <igor@sysoev.ru> parents: 1743 diff changeset	1284 if (sslerr == SSL_ERROR_WANT_READ) {
589 d4e858a5751a nginx-0.3.16-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 583 diff changeset	1285 ngx_add_timer(c->read, 30000);
d4e858a5751a nginx-0.3.16-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 583 diff changeset	1286 }
d4e858a5751a nginx-0.3.16-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 583 diff changeset	1287
394 e7a68e14ccd3 nginx-0.0.7-2004-07-16-10:33:35 import Igor Sysoev <igor@sysoev.ru> parents: 393 diff changeset	1288 return NGX_AGAIN;
e7a68e14ccd3 nginx-0.0.7-2004-07-16-10:33:35 import Igor Sysoev <igor@sysoev.ru> parents: 393 diff changeset	1289 }
e7a68e14ccd3 nginx-0.0.7-2004-07-16-10:33:35 import Igor Sysoev <igor@sysoev.ru> parents: 393 diff changeset	1290
591 8c0cdd81580e nginx-0.3.17-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 589 diff changeset	1291 err = (sslerr == SSL_ERROR_SYSCALL) ? ngx_errno : 0;
8c0cdd81580e nginx-0.3.17-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 589 diff changeset	1292
8c0cdd81580e nginx-0.3.17-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 589 diff changeset	1293 ngx_ssl_connection_error(c, sslerr, err, "SSL_shutdown() failed");
394 e7a68e14ccd3 nginx-0.0.7-2004-07-16-10:33:35 import Igor Sysoev <igor@sysoev.ru> parents: 393 diff changeset	1294
543 511a89da35ad nginx-0.2.0-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 541 diff changeset	1295 SSL_free(c->ssl->connection);
511a89da35ad nginx-0.2.0-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 541 diff changeset	1296 c->ssl = NULL;
511a89da35ad nginx-0.2.0-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 541 diff changeset	1297
394 e7a68e14ccd3 nginx-0.0.7-2004-07-16-10:33:35 import Igor Sysoev <igor@sysoev.ru> parents: 393 diff changeset	1298 return NGX_ERROR;
e7a68e14ccd3 nginx-0.0.7-2004-07-16-10:33:35 import Igor Sysoev <igor@sysoev.ru> parents: 393 diff changeset	1299 }
e7a68e14ccd3 nginx-0.0.7-2004-07-16-10:33:35 import Igor Sysoev <igor@sysoev.ru> parents: 393 diff changeset	1300
e7a68e14ccd3 nginx-0.0.7-2004-07-16-10:33:35 import Igor Sysoev <igor@sysoev.ru> parents: 393 diff changeset	1301
547 818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	1302 static void
577 4d9ea73a627a nginx-0.3.10-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 571 diff changeset	1303 ngx_ssl_shutdown_handler(ngx_event_t *ev)
4d9ea73a627a nginx-0.3.10-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 571 diff changeset	1304 {
4d9ea73a627a nginx-0.3.10-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 571 diff changeset	1305 ngx_connection_t *c;
4d9ea73a627a nginx-0.3.10-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 571 diff changeset	1306 ngx_connection_handler_pt handler;
4d9ea73a627a nginx-0.3.10-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 571 diff changeset	1307
4d9ea73a627a nginx-0.3.10-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 571 diff changeset	1308 c = ev->data;
4d9ea73a627a nginx-0.3.10-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 571 diff changeset	1309 handler = c->ssl->handler;
4d9ea73a627a nginx-0.3.10-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 571 diff changeset	1310
4d9ea73a627a nginx-0.3.10-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 571 diff changeset	1311 if (ev->timedout) {
4d9ea73a627a nginx-0.3.10-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 571 diff changeset	1312 c->timedout = 1;
4d9ea73a627a nginx-0.3.10-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 571 diff changeset	1313 }
4d9ea73a627a nginx-0.3.10-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 571 diff changeset	1314
974 8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1315 ngx_log_debug0(NGX_LOG_DEBUG_EVENT, ev->log, 0, "SSL shutdown handler");
577 4d9ea73a627a nginx-0.3.10-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 571 diff changeset	1316
4d9ea73a627a nginx-0.3.10-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 571 diff changeset	1317 if (ngx_ssl_shutdown(c) == NGX_AGAIN) {
4d9ea73a627a nginx-0.3.10-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 571 diff changeset	1318 return;
4d9ea73a627a nginx-0.3.10-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 571 diff changeset	1319 }
4d9ea73a627a nginx-0.3.10-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 571 diff changeset	1320
4d9ea73a627a nginx-0.3.10-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 571 diff changeset	1321 handler(c);
4d9ea73a627a nginx-0.3.10-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 571 diff changeset	1322 }
4d9ea73a627a nginx-0.3.10-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 571 diff changeset	1323
4d9ea73a627a nginx-0.3.10-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 571 diff changeset	1324
4d9ea73a627a nginx-0.3.10-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 571 diff changeset	1325 static void
547 818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	1326 ngx_ssl_connection_error(ngx_connection_t *c, int sslerr, ngx_err_t err,
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	1327 char *text)
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	1328 {
1876 5d663752fd96 low SSL handshake errors level Igor Sysoev <igor@sysoev.ru> parents: 1873 diff changeset	1329 int n;
547 818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	1330 ngx_uint_t level;
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	1331
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	1332 level = NGX_LOG_CRIT;
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	1333
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	1334 if (sslerr == SSL_ERROR_SYSCALL) {
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	1335
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	1336 if (err == NGX_ECONNRESET
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	1337 \|\| err == NGX_EPIPE
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	1338 \|\| err == NGX_ENOTCONN
589 d4e858a5751a nginx-0.3.16-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 583 diff changeset	1339 \|\| err == NGX_ETIMEDOUT
547 818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	1340 \|\| err == NGX_ECONNREFUSED
1869 192443881e51 add NGX_ENETDOWN, NGX_ENETUNREACH, and NGX_EHOSTDOWN Igor Sysoev <igor@sysoev.ru> parents: 1868 diff changeset	1341 \|\| err == NGX_ENETDOWN
192443881e51 add NGX_ENETDOWN, NGX_ENETUNREACH, and NGX_EHOSTDOWN Igor Sysoev <igor@sysoev.ru> parents: 1868 diff changeset	1342 \|\| err == NGX_ENETUNREACH
192443881e51 add NGX_ENETDOWN, NGX_ENETUNREACH, and NGX_EHOSTDOWN Igor Sysoev <igor@sysoev.ru> parents: 1868 diff changeset	1343 \|\| err == NGX_EHOSTDOWN
547 818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	1344 \|\| err == NGX_EHOSTUNREACH)
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	1345 {
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	1346 switch (c->log_error) {
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	1347
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	1348 case NGX_ERROR_IGNORE_ECONNRESET:
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	1349 case NGX_ERROR_INFO:
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	1350 level = NGX_LOG_INFO;
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	1351 break;
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	1352
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	1353 case NGX_ERROR_ERR:
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	1354 level = NGX_LOG_ERR;
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	1355 break;
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	1356
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	1357 default:
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	1358 break;
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	1359 }
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	1360 }
1876 5d663752fd96 low SSL handshake errors level Igor Sysoev <igor@sysoev.ru> parents: 1873 diff changeset	1361
5d663752fd96 low SSL handshake errors level Igor Sysoev <igor@sysoev.ru> parents: 1873 diff changeset	1362 } else if (sslerr == SSL_ERROR_SSL) {
5d663752fd96 low SSL handshake errors level Igor Sysoev <igor@sysoev.ru> parents: 1873 diff changeset	1363
5d663752fd96 low SSL handshake errors level Igor Sysoev <igor@sysoev.ru> parents: 1873 diff changeset	1364 n = ERR_GET_REASON(ERR_peek_error());
5d663752fd96 low SSL handshake errors level Igor Sysoev <igor@sysoev.ru> parents: 1873 diff changeset	1365
5d663752fd96 low SSL handshake errors level Igor Sysoev <igor@sysoev.ru> parents: 1873 diff changeset	1366 /* handshake failures */
4228 5fef0313f2ff Decrease of log level of some SSL handshake errors. Igor Sysoev <igor@sysoev.ru> parents: 4186 diff changeset	1367 if (n == SSL_R_BAD_CHANGE_CIPHER_SPEC /* 103 */
5fef0313f2ff Decrease of log level of some SSL handshake errors. Igor Sysoev <igor@sysoev.ru> parents: 4186 diff changeset	1368 \|\| n == SSL_R_BLOCK_CIPHER_PAD_IS_WRONG /* 129 */
3718 bfd84b583868 decrease SSL handshake error level to info Igor Sysoev <igor@sysoev.ru> parents: 3516 diff changeset	1369 \|\| n == SSL_R_DIGEST_CHECK_FAILED /* 149 */
4228 5fef0313f2ff Decrease of log level of some SSL handshake errors. Igor Sysoev <igor@sysoev.ru> parents: 4186 diff changeset	1370 \|\| n == SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST /* 151 */
5fef0313f2ff Decrease of log level of some SSL handshake errors. Igor Sysoev <igor@sysoev.ru> parents: 4186 diff changeset	1371 \|\| n == SSL_R_EXCESSIVE_MESSAGE_SIZE /* 152 */
3455 028f0892e0cd decrease SSL handshake error level to info Igor Sysoev <igor@sysoev.ru> parents: 3357 diff changeset	1372 \|\| n == SSL_R_LENGTH_MISMATCH /* 159 */
2315 31fafd8e7436 low some SSL handshake errors level Igor Sysoev <igor@sysoev.ru> parents: 2280 diff changeset	1373 \|\| n == SSL_R_NO_CIPHERS_PASSED /* 182 */
3455 028f0892e0cd decrease SSL handshake error level to info Igor Sysoev <igor@sysoev.ru> parents: 3357 diff changeset	1374 \|\| n == SSL_R_NO_CIPHERS_SPECIFIED /* 183 */
4228 5fef0313f2ff Decrease of log level of some SSL handshake errors. Igor Sysoev <igor@sysoev.ru> parents: 4186 diff changeset	1375 \|\| n == SSL_R_NO_COMPRESSION_SPECIFIED /* 187 */
2315 31fafd8e7436 low some SSL handshake errors level Igor Sysoev <igor@sysoev.ru> parents: 2280 diff changeset	1376 \|\| n == SSL_R_NO_SHARED_CIPHER /* 193 */
3455 028f0892e0cd decrease SSL handshake error level to info Igor Sysoev <igor@sysoev.ru> parents: 3357 diff changeset	1377 \|\| n == SSL_R_RECORD_LENGTH_MISMATCH /* 213 */
4228 5fef0313f2ff Decrease of log level of some SSL handshake errors. Igor Sysoev <igor@sysoev.ru> parents: 4186 diff changeset	1378 #ifdef SSL_R_PARSE_TLSEXT
5fef0313f2ff Decrease of log level of some SSL handshake errors. Igor Sysoev <igor@sysoev.ru> parents: 4186 diff changeset	1379 \|\| n == SSL_R_PARSE_TLSEXT /* 227 */
5fef0313f2ff Decrease of log level of some SSL handshake errors. Igor Sysoev <igor@sysoev.ru> parents: 4186 diff changeset	1380 #endif
2315 31fafd8e7436 low some SSL handshake errors level Igor Sysoev <igor@sysoev.ru> parents: 2280 diff changeset	1381 \|\| n == SSL_R_UNEXPECTED_MESSAGE /* 244 */
31fafd8e7436 low some SSL handshake errors level Igor Sysoev <igor@sysoev.ru> parents: 2280 diff changeset	1382 \|\| n == SSL_R_UNEXPECTED_RECORD /* 245 */
3455 028f0892e0cd decrease SSL handshake error level to info Igor Sysoev <igor@sysoev.ru> parents: 3357 diff changeset	1383 \|\| n == SSL_R_UNKNOWN_ALERT_TYPE /* 246 */
3357 fc735aa50b8b decrease SSL handshake error level to info Igor Sysoev <igor@sysoev.ru> parents: 3300 diff changeset	1384 \|\| n == SSL_R_UNKNOWN_PROTOCOL /* 252 */
2315 31fafd8e7436 low some SSL handshake errors level Igor Sysoev <igor@sysoev.ru> parents: 2280 diff changeset	1385 \|\| n == SSL_R_WRONG_VERSION_NUMBER /* 267 */
31fafd8e7436 low some SSL handshake errors level Igor Sysoev <igor@sysoev.ru> parents: 2280 diff changeset	1386 \|\| n == SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC /* 281 */
4228 5fef0313f2ff Decrease of log level of some SSL handshake errors. Igor Sysoev <igor@sysoev.ru> parents: 4186 diff changeset	1387 #ifdef SSL_R_RENEGOTIATE_EXT_TOO_LONG
5fef0313f2ff Decrease of log level of some SSL handshake errors. Igor Sysoev <igor@sysoev.ru> parents: 4186 diff changeset	1388 \|\| n == SSL_R_RENEGOTIATE_EXT_TOO_LONG /* 335 */
5fef0313f2ff Decrease of log level of some SSL handshake errors. Igor Sysoev <igor@sysoev.ru> parents: 4186 diff changeset	1389 \|\| n == SSL_R_RENEGOTIATION_ENCODING_ERR /* 336 */
5fef0313f2ff Decrease of log level of some SSL handshake errors. Igor Sysoev <igor@sysoev.ru> parents: 4186 diff changeset	1390 \|\| n == SSL_R_RENEGOTIATION_MISMATCH /* 337 */
5fef0313f2ff Decrease of log level of some SSL handshake errors. Igor Sysoev <igor@sysoev.ru> parents: 4186 diff changeset	1391 #endif
5fef0313f2ff Decrease of log level of some SSL handshake errors. Igor Sysoev <igor@sysoev.ru> parents: 4186 diff changeset	1392 #ifdef SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED
5fef0313f2ff Decrease of log level of some SSL handshake errors. Igor Sysoev <igor@sysoev.ru> parents: 4186 diff changeset	1393 \|\| n == SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED /* 338 */
5fef0313f2ff Decrease of log level of some SSL handshake errors. Igor Sysoev <igor@sysoev.ru> parents: 4186 diff changeset	1394 #endif
5fef0313f2ff Decrease of log level of some SSL handshake errors. Igor Sysoev <igor@sysoev.ru> parents: 4186 diff changeset	1395 #ifdef SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING
5fef0313f2ff Decrease of log level of some SSL handshake errors. Igor Sysoev <igor@sysoev.ru> parents: 4186 diff changeset	1396 \|\| n == SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING /* 345 */
5fef0313f2ff Decrease of log level of some SSL handshake errors. Igor Sysoev <igor@sysoev.ru> parents: 4186 diff changeset	1397 #endif
1877 a55876dff8f5 low SSL handshake close notify alert error level Igor Sysoev <igor@sysoev.ru> parents: 1876 diff changeset	1398 \|\| n == 1000 /* SSL_R_SSLV3_ALERT_CLOSE_NOTIFY */
2315 31fafd8e7436 low some SSL handshake errors level Igor Sysoev <igor@sysoev.ru> parents: 2280 diff changeset	1399 \|\| n == SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE /* 1010 */
31fafd8e7436 low some SSL handshake errors level Igor Sysoev <igor@sysoev.ru> parents: 2280 diff changeset	1400 \|\| n == SSL_R_SSLV3_ALERT_BAD_RECORD_MAC /* 1020 */
31fafd8e7436 low some SSL handshake errors level Igor Sysoev <igor@sysoev.ru> parents: 2280 diff changeset	1401 \|\| n == SSL_R_TLSV1_ALERT_DECRYPTION_FAILED /* 1021 */
31fafd8e7436 low some SSL handshake errors level Igor Sysoev <igor@sysoev.ru> parents: 2280 diff changeset	1402 \|\| n == SSL_R_TLSV1_ALERT_RECORD_OVERFLOW /* 1022 */
31fafd8e7436 low some SSL handshake errors level Igor Sysoev <igor@sysoev.ru> parents: 2280 diff changeset	1403 \|\| n == SSL_R_SSLV3_ALERT_DECOMPRESSION_FAILURE /* 1030 */
31fafd8e7436 low some SSL handshake errors level Igor Sysoev <igor@sysoev.ru> parents: 2280 diff changeset	1404 \|\| n == SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE /* 1040 */
31fafd8e7436 low some SSL handshake errors level Igor Sysoev <igor@sysoev.ru> parents: 2280 diff changeset	1405 \|\| n == SSL_R_SSLV3_ALERT_NO_CERTIFICATE /* 1041 */
31fafd8e7436 low some SSL handshake errors level Igor Sysoev <igor@sysoev.ru> parents: 2280 diff changeset	1406 \|\| n == SSL_R_SSLV3_ALERT_BAD_CERTIFICATE /* 1042 */
31fafd8e7436 low some SSL handshake errors level Igor Sysoev <igor@sysoev.ru> parents: 2280 diff changeset	1407 \|\| n == SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE /* 1043 */
31fafd8e7436 low some SSL handshake errors level Igor Sysoev <igor@sysoev.ru> parents: 2280 diff changeset	1408 \|\| n == SSL_R_SSLV3_ALERT_CERTIFICATE_REVOKED /* 1044 */
31fafd8e7436 low some SSL handshake errors level Igor Sysoev <igor@sysoev.ru> parents: 2280 diff changeset	1409 \|\| n == SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED /* 1045 */
31fafd8e7436 low some SSL handshake errors level Igor Sysoev <igor@sysoev.ru> parents: 2280 diff changeset	1410 \|\| n == SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN /* 1046 */
31fafd8e7436 low some SSL handshake errors level Igor Sysoev <igor@sysoev.ru> parents: 2280 diff changeset	1411 \|\| n == SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER /* 1047 */
31fafd8e7436 low some SSL handshake errors level Igor Sysoev <igor@sysoev.ru> parents: 2280 diff changeset	1412 \|\| n == SSL_R_TLSV1_ALERT_UNKNOWN_CA /* 1048 */
31fafd8e7436 low some SSL handshake errors level Igor Sysoev <igor@sysoev.ru> parents: 2280 diff changeset	1413 \|\| n == SSL_R_TLSV1_ALERT_ACCESS_DENIED /* 1049 */
31fafd8e7436 low some SSL handshake errors level Igor Sysoev <igor@sysoev.ru> parents: 2280 diff changeset	1414 \|\| n == SSL_R_TLSV1_ALERT_DECODE_ERROR /* 1050 */
31fafd8e7436 low some SSL handshake errors level Igor Sysoev <igor@sysoev.ru> parents: 2280 diff changeset	1415 \|\| n == SSL_R_TLSV1_ALERT_DECRYPT_ERROR /* 1051 */
31fafd8e7436 low some SSL handshake errors level Igor Sysoev <igor@sysoev.ru> parents: 2280 diff changeset	1416 \|\| n == SSL_R_TLSV1_ALERT_EXPORT_RESTRICTION /* 1060 */
31fafd8e7436 low some SSL handshake errors level Igor Sysoev <igor@sysoev.ru> parents: 2280 diff changeset	1417 \|\| n == SSL_R_TLSV1_ALERT_PROTOCOL_VERSION /* 1070 */
31fafd8e7436 low some SSL handshake errors level Igor Sysoev <igor@sysoev.ru> parents: 2280 diff changeset	1418 \|\| n == SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY /* 1071 */
31fafd8e7436 low some SSL handshake errors level Igor Sysoev <igor@sysoev.ru> parents: 2280 diff changeset	1419 \|\| n == SSL_R_TLSV1_ALERT_INTERNAL_ERROR /* 1080 */
31fafd8e7436 low some SSL handshake errors level Igor Sysoev <igor@sysoev.ru> parents: 2280 diff changeset	1420 \|\| n == SSL_R_TLSV1_ALERT_USER_CANCELLED /* 1090 */
31fafd8e7436 low some SSL handshake errors level Igor Sysoev <igor@sysoev.ru> parents: 2280 diff changeset	1421 \|\| n == SSL_R_TLSV1_ALERT_NO_RENEGOTIATION) /* 1100 */
1876 5d663752fd96 low SSL handshake errors level Igor Sysoev <igor@sysoev.ru> parents: 1873 diff changeset	1422 {
5d663752fd96 low SSL handshake errors level Igor Sysoev <igor@sysoev.ru> parents: 1873 diff changeset	1423 switch (c->log_error) {
5d663752fd96 low SSL handshake errors level Igor Sysoev <igor@sysoev.ru> parents: 1873 diff changeset	1424
5d663752fd96 low SSL handshake errors level Igor Sysoev <igor@sysoev.ru> parents: 1873 diff changeset	1425 case NGX_ERROR_IGNORE_ECONNRESET:
5d663752fd96 low SSL handshake errors level Igor Sysoev <igor@sysoev.ru> parents: 1873 diff changeset	1426 case NGX_ERROR_INFO:
5d663752fd96 low SSL handshake errors level Igor Sysoev <igor@sysoev.ru> parents: 1873 diff changeset	1427 level = NGX_LOG_INFO;
5d663752fd96 low SSL handshake errors level Igor Sysoev <igor@sysoev.ru> parents: 1873 diff changeset	1428 break;
5d663752fd96 low SSL handshake errors level Igor Sysoev <igor@sysoev.ru> parents: 1873 diff changeset	1429
5d663752fd96 low SSL handshake errors level Igor Sysoev <igor@sysoev.ru> parents: 1873 diff changeset	1430 case NGX_ERROR_ERR:
5d663752fd96 low SSL handshake errors level Igor Sysoev <igor@sysoev.ru> parents: 1873 diff changeset	1431 level = NGX_LOG_ERR;
5d663752fd96 low SSL handshake errors level Igor Sysoev <igor@sysoev.ru> parents: 1873 diff changeset	1432 break;
5d663752fd96 low SSL handshake errors level Igor Sysoev <igor@sysoev.ru> parents: 1873 diff changeset	1433
5d663752fd96 low SSL handshake errors level Igor Sysoev <igor@sysoev.ru> parents: 1873 diff changeset	1434 default:
5d663752fd96 low SSL handshake errors level Igor Sysoev <igor@sysoev.ru> parents: 1873 diff changeset	1435 break;
5d663752fd96 low SSL handshake errors level Igor Sysoev <igor@sysoev.ru> parents: 1873 diff changeset	1436 }
5d663752fd96 low SSL handshake errors level Igor Sysoev <igor@sysoev.ru> parents: 1873 diff changeset	1437 }
547 818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	1438 }
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	1439
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	1440 ngx_ssl_error(level, c->log, err, text);
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	1441 }
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	1442
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	1443
1755 59e36c1c6296 cleaning stale global SSL error Igor Sysoev <igor@sysoev.ru> parents: 1754 diff changeset	1444 static void
59e36c1c6296 cleaning stale global SSL error Igor Sysoev <igor@sysoev.ru> parents: 1754 diff changeset	1445 ngx_ssl_clear_error(ngx_log_t *log)
59e36c1c6296 cleaning stale global SSL error Igor Sysoev <igor@sysoev.ru> parents: 1754 diff changeset	1446 {
1868 c2cd0720f292 pull all errors Igor Sysoev <igor@sysoev.ru> parents: 1865 diff changeset	1447 while (ERR_peek_error()) {
1755 59e36c1c6296 cleaning stale global SSL error Igor Sysoev <igor@sysoev.ru> parents: 1754 diff changeset	1448 ngx_ssl_error(NGX_LOG_ALERT, log, 0, "ignoring stale global SSL error");
59e36c1c6296 cleaning stale global SSL error Igor Sysoev <igor@sysoev.ru> parents: 1754 diff changeset	1449 }
1868 c2cd0720f292 pull all errors Igor Sysoev <igor@sysoev.ru> parents: 1865 diff changeset	1450
c2cd0720f292 pull all errors Igor Sysoev <igor@sysoev.ru> parents: 1865 diff changeset	1451 ERR_clear_error();
1755 59e36c1c6296 cleaning stale global SSL error Igor Sysoev <igor@sysoev.ru> parents: 1754 diff changeset	1452 }
59e36c1c6296 cleaning stale global SSL error Igor Sysoev <igor@sysoev.ru> parents: 1754 diff changeset	1453
59e36c1c6296 cleaning stale global SSL error Igor Sysoev <igor@sysoev.ru> parents: 1754 diff changeset	1454
583 4e296b7d25bf nginx-0.3.13-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 577 diff changeset	1455 void ngx_cdecl
489 45a460f82aec nginx-0.1.19-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 479 diff changeset	1456 ngx_ssl_error(ngx_uint_t level, ngx_log_t log, ngx_err_t err, char fmt, ...)
577 4d9ea73a627a nginx-0.3.10-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 571 diff changeset	1457 {
1861 f00b30557c81 pull all errors Igor Sysoev <igor@sysoev.ru> parents: 1860 diff changeset	1458 u_long n;
f00b30557c81 pull all errors Igor Sysoev <igor@sysoev.ru> parents: 1860 diff changeset	1459 va_list args;
f00b30557c81 pull all errors Igor Sysoev <igor@sysoev.ru> parents: 1860 diff changeset	1460 u_char p, last;
f00b30557c81 pull all errors Igor Sysoev <igor@sysoev.ru> parents: 1860 diff changeset	1461 u_char errstr[NGX_MAX_CONF_ERRSTR];
461 a88a3e4e158f nginx-0.1.5-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 455 diff changeset	1462
a88a3e4e158f nginx-0.1.5-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 455 diff changeset	1463 last = errstr + NGX_MAX_CONF_ERRSTR;
393 5659d773cfa8 nginx-0.0.7-2004-07-15-20:35:51 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	1464
5659d773cfa8 nginx-0.0.7-2004-07-15-20:35:51 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	1465 va_start(args, fmt);
2764 d4a717592877 use ngx_vslprintf(), ngx_slprintf() Igor Sysoev <igor@sysoev.ru> parents: 2720 diff changeset	1466 p = ngx_vslprintf(errstr, last - 1, fmt, args);
393 5659d773cfa8 nginx-0.0.7-2004-07-15-20:35:51 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	1467 va_end(args);
5659d773cfa8 nginx-0.0.7-2004-07-15-20:35:51 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	1468
547 818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	1469 p = ngx_cpystrn(p, (u_char *) " (SSL:", last - p);
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	1470
1861 f00b30557c81 pull all errors Igor Sysoev <igor@sysoev.ru> parents: 1860 diff changeset	1471 for ( ;; ) {
583 4e296b7d25bf nginx-0.3.13-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 577 diff changeset	1472
4e296b7d25bf nginx-0.3.13-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 577 diff changeset	1473 n = ERR_get_error();
4e296b7d25bf nginx-0.3.13-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 577 diff changeset	1474
4e296b7d25bf nginx-0.3.13-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 577 diff changeset	1475 if (n == 0) {
4e296b7d25bf nginx-0.3.13-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 577 diff changeset	1476 break;
4e296b7d25bf nginx-0.3.13-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 577 diff changeset	1477 }
547 818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	1478
1861 f00b30557c81 pull all errors Igor Sysoev <igor@sysoev.ru> parents: 1860 diff changeset	1479 if (p >= last) {
f00b30557c81 pull all errors Igor Sysoev <igor@sysoev.ru> parents: 1860 diff changeset	1480 continue;
f00b30557c81 pull all errors Igor Sysoev <igor@sysoev.ru> parents: 1860 diff changeset	1481 }
f00b30557c81 pull all errors Igor Sysoev <igor@sysoev.ru> parents: 1860 diff changeset	1482
547 818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	1483 *p++ = ' ';
393 5659d773cfa8 nginx-0.0.7-2004-07-15-20:35:51 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	1484
547 818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	1485 ERR_error_string_n(n, (char *) p, last - p);
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	1486
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	1487 while (p < last && *p) {
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	1488 p++;
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	1489 }
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	1490 }
393 5659d773cfa8 nginx-0.0.7-2004-07-15-20:35:51 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	1491
395 f8f0f1834266 nginx-0.0.7-2004-07-16-21:11:43 import Igor Sysoev <igor@sysoev.ru> parents: 394 diff changeset	1492 ngx_log_error(level, log, err, "%s)", errstr);
393 5659d773cfa8 nginx-0.0.7-2004-07-15-20:35:51 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	1493 }
509 9b8c906f6e63 nginx-0.1.29-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 501 diff changeset	1494
9b8c906f6e63 nginx-0.1.29-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 501 diff changeset	1495
974 8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1496 ngx_int_t
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1497 ngx_ssl_session_cache(ngx_ssl_t ssl, ngx_str_t sess_ctx,
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1498 ssize_t builtin_session_cache, ngx_shm_zone_t *shm_zone, time_t timeout)
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1499 {
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1500 long cache_mode;
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1501
1778 14510c3cc6cb ssl_session_cache off Igor Sysoev <igor@sysoev.ru> parents: 1760 diff changeset	1502 if (builtin_session_cache == NGX_SSL_NO_SCACHE) {
14510c3cc6cb ssl_session_cache off Igor Sysoev <igor@sysoev.ru> parents: 1760 diff changeset	1503 SSL_CTX_set_session_cache_mode(ssl->ctx, SSL_SESS_CACHE_OFF);
14510c3cc6cb ssl_session_cache off Igor Sysoev <igor@sysoev.ru> parents: 1760 diff changeset	1504 return NGX_OK;
14510c3cc6cb ssl_session_cache off Igor Sysoev <igor@sysoev.ru> parents: 1760 diff changeset	1505 }
14510c3cc6cb ssl_session_cache off Igor Sysoev <igor@sysoev.ru> parents: 1760 diff changeset	1506
3457 17706823a57e Set SSL session context for "ssl_session_cache none". Igor Sysoev <igor@sysoev.ru> parents: 3455 diff changeset	1507 SSL_CTX_set_session_id_context(ssl->ctx, sess_ctx->data, sess_ctx->len);
17706823a57e Set SSL session context for "ssl_session_cache none". Igor Sysoev <igor@sysoev.ru> parents: 3455 diff changeset	1508
2032 12b3ad3353f9 ssl_session_cache none Igor Sysoev <igor@sysoev.ru> parents: 1977 diff changeset	1509 if (builtin_session_cache == NGX_SSL_NONE_SCACHE) {
12b3ad3353f9 ssl_session_cache none Igor Sysoev <igor@sysoev.ru> parents: 1977 diff changeset	1510
12b3ad3353f9 ssl_session_cache none Igor Sysoev <igor@sysoev.ru> parents: 1977 diff changeset	1511 /*
12b3ad3353f9 ssl_session_cache none Igor Sysoev <igor@sysoev.ru> parents: 1977 diff changeset	1512 * If the server explicitly says that it does not support
12b3ad3353f9 ssl_session_cache none Igor Sysoev <igor@sysoev.ru> parents: 1977 diff changeset	1513 * session reuse (see SSL_SESS_CACHE_OFF above), then
12b3ad3353f9 ssl_session_cache none Igor Sysoev <igor@sysoev.ru> parents: 1977 diff changeset	1514 * Outlook Express fails to upload a sent email to
12b3ad3353f9 ssl_session_cache none Igor Sysoev <igor@sysoev.ru> parents: 1977 diff changeset	1515 * the Sent Items folder on the IMAP server via a separate IMAP
12b3ad3353f9 ssl_session_cache none Igor Sysoev <igor@sysoev.ru> parents: 1977 diff changeset	1516 * connection in the background. Therefore we have a special
12b3ad3353f9 ssl_session_cache none Igor Sysoev <igor@sysoev.ru> parents: 1977 diff changeset	1517 * mode (SSL_SESS_CACHE_SERVER\|SSL_SESS_CACHE_NO_INTERNAL_STORE)
12b3ad3353f9 ssl_session_cache none Igor Sysoev <igor@sysoev.ru> parents: 1977 diff changeset	1518 * where the server pretends that it supports session reuse,
12b3ad3353f9 ssl_session_cache none Igor Sysoev <igor@sysoev.ru> parents: 1977 diff changeset	1519 * but it does not actually store any session.
12b3ad3353f9 ssl_session_cache none Igor Sysoev <igor@sysoev.ru> parents: 1977 diff changeset	1520 */
12b3ad3353f9 ssl_session_cache none Igor Sysoev <igor@sysoev.ru> parents: 1977 diff changeset	1521
12b3ad3353f9 ssl_session_cache none Igor Sysoev <igor@sysoev.ru> parents: 1977 diff changeset	1522 SSL_CTX_set_session_cache_mode(ssl->ctx,
12b3ad3353f9 ssl_session_cache none Igor Sysoev <igor@sysoev.ru> parents: 1977 diff changeset	1523 SSL_SESS_CACHE_SERVER
12b3ad3353f9 ssl_session_cache none Igor Sysoev <igor@sysoev.ru> parents: 1977 diff changeset	1524 \|SSL_SESS_CACHE_NO_AUTO_CLEAR
12b3ad3353f9 ssl_session_cache none Igor Sysoev <igor@sysoev.ru> parents: 1977 diff changeset	1525 \|SSL_SESS_CACHE_NO_INTERNAL_STORE);
12b3ad3353f9 ssl_session_cache none Igor Sysoev <igor@sysoev.ru> parents: 1977 diff changeset	1526
12b3ad3353f9 ssl_session_cache none Igor Sysoev <igor@sysoev.ru> parents: 1977 diff changeset	1527 SSL_CTX_sess_set_cache_size(ssl->ctx, 1);
12b3ad3353f9 ssl_session_cache none Igor Sysoev <igor@sysoev.ru> parents: 1977 diff changeset	1528
12b3ad3353f9 ssl_session_cache none Igor Sysoev <igor@sysoev.ru> parents: 1977 diff changeset	1529 return NGX_OK;
12b3ad3353f9 ssl_session_cache none Igor Sysoev <igor@sysoev.ru> parents: 1977 diff changeset	1530 }
12b3ad3353f9 ssl_session_cache none Igor Sysoev <igor@sysoev.ru> parents: 1977 diff changeset	1531
974 8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1532 cache_mode = SSL_SESS_CACHE_SERVER;
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1533
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1534 if (shm_zone && builtin_session_cache == NGX_SSL_NO_BUILTIN_SCACHE) {
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1535 cache_mode \|= SSL_SESS_CACHE_NO_INTERNAL;
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1536 }
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1537
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1538 SSL_CTX_set_session_cache_mode(ssl->ctx, cache_mode);
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1539
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1540 if (builtin_session_cache != NGX_SSL_NO_BUILTIN_SCACHE) {
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1541
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1542 if (builtin_session_cache != NGX_SSL_DFLT_BUILTIN_SCACHE) {
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1543 SSL_CTX_sess_set_cache_size(ssl->ctx, builtin_session_cache);
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1544 }
1015 32ebb6b13ff3 ssl_session_timeout was set only if builtin cache was used Igor Sysoev <igor@sysoev.ru> parents: 1014 diff changeset	1545 }
974 8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1546
2710 218ee852de73 fix building by MSVC8 Igor Sysoev <igor@sysoev.ru> parents: 2611 diff changeset	1547 SSL_CTX_set_timeout(ssl->ctx, (long) timeout);
974 8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1548
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1549 if (shm_zone) {
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1550 SSL_CTX_sess_set_new_cb(ssl->ctx, ngx_ssl_new_session);
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1551 SSL_CTX_sess_set_get_cb(ssl->ctx, ngx_ssl_get_cached_session);
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1552 SSL_CTX_sess_set_remove_cb(ssl->ctx, ngx_ssl_remove_session);
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1553
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1554 if (SSL_CTX_set_ex_data(ssl->ctx, ngx_ssl_session_cache_index, shm_zone)
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1555 == 0)
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1556 {
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1557 ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0,
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1558 "SSL_CTX_set_ex_data() failed");
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1559 return NGX_ERROR;
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1560 }
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1561 }
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1562
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1563 return NGX_OK;
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1564 }
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1565
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1566
3992 a1dd9dc754ab A new fix for the case when ssl_session_cache defined, but ssl is not Igor Sysoev <igor@sysoev.ru> parents: 3962 diff changeset	1567 ngx_int_t
993 1b9a4d92173f pass the inherited shm_zone data Igor Sysoev <igor@sysoev.ru> parents: 989 diff changeset	1568 ngx_ssl_session_cache_init(ngx_shm_zone_t shm_zone, void data)
974 8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1569 {
2611 2bce3f6416c6 improve ngx_slab_alloc() error logging Igor Sysoev <igor@sysoev.ru> parents: 2536 diff changeset	1570 size_t len;
974 8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1571 ngx_slab_pool_t *shpool;
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1572 ngx_ssl_session_cache_t *cache;
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1573
993 1b9a4d92173f pass the inherited shm_zone data Igor Sysoev <igor@sysoev.ru> parents: 989 diff changeset	1574 if (data) {
1b9a4d92173f pass the inherited shm_zone data Igor Sysoev <igor@sysoev.ru> parents: 989 diff changeset	1575 shm_zone->data = data;
1b9a4d92173f pass the inherited shm_zone data Igor Sysoev <igor@sysoev.ru> parents: 989 diff changeset	1576 return NGX_OK;
1b9a4d92173f pass the inherited shm_zone data Igor Sysoev <igor@sysoev.ru> parents: 989 diff changeset	1577 }
1b9a4d92173f pass the inherited shm_zone data Igor Sysoev <igor@sysoev.ru> parents: 989 diff changeset	1578
2720 b3b8c66bd520 support attaching to an existent Win32 shared memory Igor Sysoev <igor@sysoev.ru> parents: 2716 diff changeset	1579 if (shm_zone->shm.exists) {
b3b8c66bd520 support attaching to an existent Win32 shared memory Igor Sysoev <igor@sysoev.ru> parents: 2716 diff changeset	1580 shm_zone->data = data;
b3b8c66bd520 support attaching to an existent Win32 shared memory Igor Sysoev <igor@sysoev.ru> parents: 2716 diff changeset	1581 return NGX_OK;
b3b8c66bd520 support attaching to an existent Win32 shared memory Igor Sysoev <igor@sysoev.ru> parents: 2716 diff changeset	1582 }
b3b8c66bd520 support attaching to an existent Win32 shared memory Igor Sysoev <igor@sysoev.ru> parents: 2716 diff changeset	1583
974 8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1584 shpool = (ngx_slab_pool_t *) shm_zone->shm.addr;
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1585
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1586 cache = ngx_slab_alloc(shpool, sizeof(ngx_ssl_session_cache_t));
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1587 if (cache == NULL) {
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1588 return NGX_ERROR;
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1589 }
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1590
2720 b3b8c66bd520 support attaching to an existent Win32 shared memory Igor Sysoev <igor@sysoev.ru> parents: 2716 diff changeset	1591 shpool->data = cache;
b3b8c66bd520 support attaching to an existent Win32 shared memory Igor Sysoev <igor@sysoev.ru> parents: 2716 diff changeset	1592 shm_zone->data = cache;
b3b8c66bd520 support attaching to an existent Win32 shared memory Igor Sysoev <igor@sysoev.ru> parents: 2716 diff changeset	1593
1759 89234cfbf810 embed session_rbtree and sentinel inside ngx_ssl_session_cache_t Igor Sysoev <igor@sysoev.ru> parents: 1758 diff changeset	1594 ngx_rbtree_init(&cache->session_rbtree, &cache->sentinel,
89234cfbf810 embed session_rbtree and sentinel inside ngx_ssl_session_cache_t Igor Sysoev <igor@sysoev.ru> parents: 1758 diff changeset	1595 ngx_ssl_session_rbtree_insert_value);
89234cfbf810 embed session_rbtree and sentinel inside ngx_ssl_session_cache_t Igor Sysoev <igor@sysoev.ru> parents: 1758 diff changeset	1596
1760 49429f5b2d94 use ngx_queue.h Igor Sysoev <igor@sysoev.ru> parents: 1759 diff changeset	1597 ngx_queue_init(&cache->expire_queue);
974 8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1598
2716 d5896f6608e8 move zone name from ngx_shm_zone_t to ngx_shm_t to use Win32 shared memory Igor Sysoev <igor@sysoev.ru> parents: 2710 diff changeset	1599 len = sizeof(" in SSL session shared cache \"\"") + shm_zone->shm.name.len;
2611 2bce3f6416c6 improve ngx_slab_alloc() error logging Igor Sysoev <igor@sysoev.ru> parents: 2536 diff changeset	1600
2bce3f6416c6 improve ngx_slab_alloc() error logging Igor Sysoev <igor@sysoev.ru> parents: 2536 diff changeset	1601 shpool->log_ctx = ngx_slab_alloc(shpool, len);
2bce3f6416c6 improve ngx_slab_alloc() error logging Igor Sysoev <igor@sysoev.ru> parents: 2536 diff changeset	1602 if (shpool->log_ctx == NULL) {
2bce3f6416c6 improve ngx_slab_alloc() error logging Igor Sysoev <igor@sysoev.ru> parents: 2536 diff changeset	1603 return NGX_ERROR;
2bce3f6416c6 improve ngx_slab_alloc() error logging Igor Sysoev <igor@sysoev.ru> parents: 2536 diff changeset	1604 }
2bce3f6416c6 improve ngx_slab_alloc() error logging Igor Sysoev <igor@sysoev.ru> parents: 2536 diff changeset	1605
2bce3f6416c6 improve ngx_slab_alloc() error logging Igor Sysoev <igor@sysoev.ru> parents: 2536 diff changeset	1606 ngx_sprintf(shpool->log_ctx, " in SSL session shared cache \"%V\"%Z",
2716 d5896f6608e8 move zone name from ngx_shm_zone_t to ngx_shm_t to use Win32 shared memory Igor Sysoev <igor@sysoev.ru> parents: 2710 diff changeset	1607 &shm_zone->shm.name);
2611 2bce3f6416c6 improve ngx_slab_alloc() error logging Igor Sysoev <igor@sysoev.ru> parents: 2536 diff changeset	1608
974 8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1609 return NGX_OK;
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1610 }
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1611
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1612
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1613 /*
1014 5ffd76a9ccf3 optimize the SSL session cache allocations Igor Sysoev <igor@sysoev.ru> parents: 1013 diff changeset	1614 * The length of the session id is 16 bytes for SSLv2 sessions and
5ffd76a9ccf3 optimize the SSL session cache allocations Igor Sysoev <igor@sysoev.ru> parents: 1013 diff changeset	1615 * between 1 and 32 bytes for SSLv3/TLSv1, typically 32 bytes.
5ffd76a9ccf3 optimize the SSL session cache allocations Igor Sysoev <igor@sysoev.ru> parents: 1013 diff changeset	1616 * It seems that the typical length of the external ASN1 representation
5ffd76a9ccf3 optimize the SSL session cache allocations Igor Sysoev <igor@sysoev.ru> parents: 1013 diff changeset	1617 * of a session is 118 or 119 bytes for SSLv3/TSLv1.
1017 ee25c79bea34 optimize the SSL session cache allocations on 64-bit platforms Igor Sysoev <igor@sysoev.ru> parents: 1015 diff changeset	1618 *
ee25c79bea34 optimize the SSL session cache allocations on 64-bit platforms Igor Sysoev <igor@sysoev.ru> parents: 1015 diff changeset	1619 * Thus on 32-bit platforms we allocate separately an rbtree node,
ee25c79bea34 optimize the SSL session cache allocations on 64-bit platforms Igor Sysoev <igor@sysoev.ru> parents: 1015 diff changeset	1620 * a session id, and an ASN1 representation, they take accordingly
ee25c79bea34 optimize the SSL session cache allocations on 64-bit platforms Igor Sysoev <igor@sysoev.ru> parents: 1015 diff changeset	1621 * 64, 32, and 128 bytes.
ee25c79bea34 optimize the SSL session cache allocations on 64-bit platforms Igor Sysoev <igor@sysoev.ru> parents: 1015 diff changeset	1622 *
ee25c79bea34 optimize the SSL session cache allocations on 64-bit platforms Igor Sysoev <igor@sysoev.ru> parents: 1015 diff changeset	1623 * On 64-bit platforms we allocate separately an rbtree node + session_id,
ee25c79bea34 optimize the SSL session cache allocations on 64-bit platforms Igor Sysoev <igor@sysoev.ru> parents: 1015 diff changeset	1624 * and an ASN1 representation, they take accordingly 128 and 128 bytes.
1014 5ffd76a9ccf3 optimize the SSL session cache allocations Igor Sysoev <igor@sysoev.ru> parents: 1013 diff changeset	1625 *
974 8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1626 * OpenSSL's i2d_SSL_SESSION() and d2i_SSL_SESSION are slow,
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1627 * so they are outside the code locked by shared pool mutex
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1628 */
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1629
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1630 static int
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1631 ngx_ssl_new_session(ngx_ssl_conn_t ssl_conn, ngx_ssl_session_t sess)
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1632 {
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1633 int len;
1014 5ffd76a9ccf3 optimize the SSL session cache allocations Igor Sysoev <igor@sysoev.ru> parents: 1013 diff changeset	1634 u_char p, id, *cached_sess;
974 8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1635 uint32_t hash;
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1636 SSL_CTX *ssl_ctx;
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1637 ngx_shm_zone_t *shm_zone;
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1638 ngx_connection_t *c;
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1639 ngx_slab_pool_t *shpool;
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1640 ngx_ssl_sess_id_t *sess_id;
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1641 ngx_ssl_session_cache_t *cache;
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1642 u_char buf[NGX_SSL_MAX_SESSION_SIZE];
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1643
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1644 len = i2d_SSL_SESSION(sess, NULL);
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1645
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1646 /* do not cache too big session */
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1647
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1648 if (len > (int) NGX_SSL_MAX_SESSION_SIZE) {
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1649 return 0;
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1650 }
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1651
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1652 p = buf;
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1653 i2d_SSL_SESSION(sess, &p);
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1654
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1655 c = ngx_ssl_get_connection(ssl_conn);
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1656
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1657 ssl_ctx = SSL_get_SSL_CTX(ssl_conn);
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1658 shm_zone = SSL_CTX_get_ex_data(ssl_ctx, ngx_ssl_session_cache_index);
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1659
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1660 cache = shm_zone->data;
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1661 shpool = (ngx_slab_pool_t *) shm_zone->shm.addr;
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1662
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1663 ngx_shmtx_lock(&shpool->mutex);
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1664
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1665 /* drop one or two expired sessions */
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1666 ngx_ssl_expire_sessions(cache, shpool, 1);
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1667
1014 5ffd76a9ccf3 optimize the SSL session cache allocations Igor Sysoev <igor@sysoev.ru> parents: 1013 diff changeset	1668 cached_sess = ngx_slab_alloc_locked(shpool, len);
974 8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1669
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1670 if (cached_sess == NULL) {
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1671
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1672 /* drop the oldest non-expired session and try once more */
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1673
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1674 ngx_ssl_expire_sessions(cache, shpool, 0);
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1675
1014 5ffd76a9ccf3 optimize the SSL session cache allocations Igor Sysoev <igor@sysoev.ru> parents: 1013 diff changeset	1676 cached_sess = ngx_slab_alloc_locked(shpool, len);
974 8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1677
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1678 if (cached_sess == NULL) {
1017 ee25c79bea34 optimize the SSL session cache allocations on 64-bit platforms Igor Sysoev <igor@sysoev.ru> parents: 1015 diff changeset	1679 sess_id = NULL;
974 8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1680 goto failed;
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1681 }
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1682 }
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1683
1017 ee25c79bea34 optimize the SSL session cache allocations on 64-bit platforms Igor Sysoev <igor@sysoev.ru> parents: 1015 diff changeset	1684 sess_id = ngx_slab_alloc_locked(shpool, sizeof(ngx_ssl_sess_id_t));
ee25c79bea34 optimize the SSL session cache allocations on 64-bit platforms Igor Sysoev <igor@sysoev.ru> parents: 1015 diff changeset	1685 if (sess_id == NULL) {
ee25c79bea34 optimize the SSL session cache allocations on 64-bit platforms Igor Sysoev <igor@sysoev.ru> parents: 1015 diff changeset	1686 goto failed;
ee25c79bea34 optimize the SSL session cache allocations on 64-bit platforms Igor Sysoev <igor@sysoev.ru> parents: 1015 diff changeset	1687 }
ee25c79bea34 optimize the SSL session cache allocations on 64-bit platforms Igor Sysoev <igor@sysoev.ru> parents: 1015 diff changeset	1688
ee25c79bea34 optimize the SSL session cache allocations on 64-bit platforms Igor Sysoev <igor@sysoev.ru> parents: 1015 diff changeset	1689 #if (NGX_PTR_SIZE == 8)
ee25c79bea34 optimize the SSL session cache allocations on 64-bit platforms Igor Sysoev <igor@sysoev.ru> parents: 1015 diff changeset	1690
ee25c79bea34 optimize the SSL session cache allocations on 64-bit platforms Igor Sysoev <igor@sysoev.ru> parents: 1015 diff changeset	1691 id = sess_id->sess_id;
ee25c79bea34 optimize the SSL session cache allocations on 64-bit platforms Igor Sysoev <igor@sysoev.ru> parents: 1015 diff changeset	1692
ee25c79bea34 optimize the SSL session cache allocations on 64-bit platforms Igor Sysoev <igor@sysoev.ru> parents: 1015 diff changeset	1693 #else
ee25c79bea34 optimize the SSL session cache allocations on 64-bit platforms Igor Sysoev <igor@sysoev.ru> parents: 1015 diff changeset	1694
974 8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1695 id = ngx_slab_alloc_locked(shpool, sess->session_id_length);
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1696 if (id == NULL) {
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1697 goto failed;
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1698 }
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1699
1017 ee25c79bea34 optimize the SSL session cache allocations on 64-bit platforms Igor Sysoev <igor@sysoev.ru> parents: 1015 diff changeset	1700 #endif
974 8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1701
1014 5ffd76a9ccf3 optimize the SSL session cache allocations Igor Sysoev <igor@sysoev.ru> parents: 1013 diff changeset	1702 ngx_memcpy(cached_sess, buf, len);
974 8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1703
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1704 ngx_memcpy(id, sess->session_id, sess->session_id_length);
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1705
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1706 hash = ngx_crc32_short(sess->session_id, sess->session_id_length);
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1707
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1708 ngx_log_debug3(NGX_LOG_DEBUG_EVENT, c->log, 0,
3155 e720c4a68ee0 fix debug log message Igor Sysoev <igor@sysoev.ru> parents: 3154 diff changeset	1709 "ssl new session: %08XD:%d:%d",
974 8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1710 hash, sess->session_id_length, len);
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1711
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1712 sess_id->node.key = hash;
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1713 sess_id->node.data = (u_char) sess->session_id_length;
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1714 sess_id->id = id;
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1715 sess_id->len = len;
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1716 sess_id->session = cached_sess;
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1717
1757 7ab8bd535eed use ngx_time() instead of ngx_timeofday() Igor Sysoev <igor@sysoev.ru> parents: 1756 diff changeset	1718 sess_id->expire = ngx_time() + SSL_CTX_get_timeout(ssl_ctx);
974 8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1719
1760 49429f5b2d94 use ngx_queue.h Igor Sysoev <igor@sysoev.ru> parents: 1759 diff changeset	1720 ngx_queue_insert_head(&cache->expire_queue, &sess_id->queue);
974 8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1721
1759 89234cfbf810 embed session_rbtree and sentinel inside ngx_ssl_session_cache_t Igor Sysoev <igor@sysoev.ru> parents: 1758 diff changeset	1722 ngx_rbtree_insert(&cache->session_rbtree, &sess_id->node);
974 8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1723
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1724 ngx_shmtx_unlock(&shpool->mutex);
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1725
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1726 return 0;
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1727
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1728 failed:
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1729
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1730 if (cached_sess) {
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1731 ngx_slab_free_locked(shpool, cached_sess);
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1732 }
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1733
1017 ee25c79bea34 optimize the SSL session cache allocations on 64-bit platforms Igor Sysoev <igor@sysoev.ru> parents: 1015 diff changeset	1734 if (sess_id) {
ee25c79bea34 optimize the SSL session cache allocations on 64-bit platforms Igor Sysoev <igor@sysoev.ru> parents: 1015 diff changeset	1735 ngx_slab_free_locked(shpool, sess_id);
974 8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1736 }
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1737
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1738 ngx_shmtx_unlock(&shpool->mutex);
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1739
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1740 ngx_log_error(NGX_LOG_ALERT, c->log, 0,
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1741 "could not add new SSL session to the session cache");
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1742
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1743 return 0;
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1744 }
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1745
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1746
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1747 static ngx_ssl_session_t *
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1748 ngx_ssl_get_cached_session(ngx_ssl_conn_t ssl_conn, u_char id, int len,
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1749 int *copy)
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1750 {
989 5595e47d4f17 d2i_SSL_SESSION() was changed in 0.9.7f Igor Sysoev <igor@sysoev.ru> parents: 974 diff changeset	1751 #if OPENSSL_VERSION_NUMBER >= 0x0090707fL
974 8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1752 const
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1753 #endif
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1754 u_char *p;
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1755 uint32_t hash;
1027 ff07ccfaad50 fix duplicate rbtree keys case Igor Sysoev <igor@sysoev.ru> parents: 1025 diff changeset	1756 ngx_int_t rc;
974 8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1757 ngx_shm_zone_t *shm_zone;
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1758 ngx_slab_pool_t *shpool;
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1759 ngx_rbtree_node_t node, sentinel;
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1760 ngx_ssl_session_t *sess;
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1761 ngx_ssl_sess_id_t *sess_id;
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1762 ngx_ssl_session_cache_t *cache;
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1763 u_char buf[NGX_SSL_MAX_SESSION_SIZE];
3961 4048aa055411 fix build by gcc46 with -Wunused-value option Igor Sysoev <igor@sysoev.ru> parents: 3960 diff changeset	1764 #if (NGX_DEBUG)
4048aa055411 fix build by gcc46 with -Wunused-value option Igor Sysoev <igor@sysoev.ru> parents: 3960 diff changeset	1765 ngx_connection_t *c;
4048aa055411 fix build by gcc46 with -Wunused-value option Igor Sysoev <igor@sysoev.ru> parents: 3960 diff changeset	1766 #endif
974 8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1767
1027 ff07ccfaad50 fix duplicate rbtree keys case Igor Sysoev <igor@sysoev.ru> parents: 1025 diff changeset	1768 hash = ngx_crc32_short(id, (size_t) len);
974 8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1769 *copy = 0;
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1770
3961 4048aa055411 fix build by gcc46 with -Wunused-value option Igor Sysoev <igor@sysoev.ru> parents: 3960 diff changeset	1771 #if (NGX_DEBUG)
4048aa055411 fix build by gcc46 with -Wunused-value option Igor Sysoev <igor@sysoev.ru> parents: 3960 diff changeset	1772 c = ngx_ssl_get_connection(ssl_conn);
4048aa055411 fix build by gcc46 with -Wunused-value option Igor Sysoev <igor@sysoev.ru> parents: 3960 diff changeset	1773
974 8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1774 ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0,
3155 e720c4a68ee0 fix debug log message Igor Sysoev <igor@sysoev.ru> parents: 3154 diff changeset	1775 "ssl get session: %08XD:%d", hash, len);
3961 4048aa055411 fix build by gcc46 with -Wunused-value option Igor Sysoev <igor@sysoev.ru> parents: 3960 diff changeset	1776 #endif
974 8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1777
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1778 shm_zone = SSL_CTX_get_ex_data(SSL_get_SSL_CTX(ssl_conn),
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1779 ngx_ssl_session_cache_index);
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1780
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1781 cache = shm_zone->data;
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1782
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1783 sess = NULL;
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1784
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1785 shpool = (ngx_slab_pool_t *) shm_zone->shm.addr;
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1786
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1787 ngx_shmtx_lock(&shpool->mutex);
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1788
1759 89234cfbf810 embed session_rbtree and sentinel inside ngx_ssl_session_cache_t Igor Sysoev <igor@sysoev.ru> parents: 1758 diff changeset	1789 node = cache->session_rbtree.root;
89234cfbf810 embed session_rbtree and sentinel inside ngx_ssl_session_cache_t Igor Sysoev <igor@sysoev.ru> parents: 1758 diff changeset	1790 sentinel = cache->session_rbtree.sentinel;
974 8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1791
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1792 while (node != sentinel) {
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1793
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1794 if (hash < node->key) {
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1795 node = node->left;
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1796 continue;
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1797 }
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1798
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1799 if (hash > node->key) {
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1800 node = node->right;
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1801 continue;
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1802 }
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1803
1013 7dd987e09701 stop rbtree search early if equal hash was found Igor Sysoev <igor@sysoev.ru> parents: 993 diff changeset	1804 /* hash == node->key */
7dd987e09701 stop rbtree search early if equal hash was found Igor Sysoev <igor@sysoev.ru> parents: 993 diff changeset	1805
4497 95ab6658654a Fix of rbtree lookup on hash collisions. Maxim Dounin <mdounin@mdounin.ru> parents: 4414 diff changeset	1806 sess_id = (ngx_ssl_sess_id_t *) node;
95ab6658654a Fix of rbtree lookup on hash collisions. Maxim Dounin <mdounin@mdounin.ru> parents: 4414 diff changeset	1807
95ab6658654a Fix of rbtree lookup on hash collisions. Maxim Dounin <mdounin@mdounin.ru> parents: 4414 diff changeset	1808 rc = ngx_memn2cmp(id, sess_id->id, (size_t) len, (size_t) node->data);
95ab6658654a Fix of rbtree lookup on hash collisions. Maxim Dounin <mdounin@mdounin.ru> parents: 4414 diff changeset	1809
95ab6658654a Fix of rbtree lookup on hash collisions. Maxim Dounin <mdounin@mdounin.ru> parents: 4414 diff changeset	1810 if (rc == 0) {
95ab6658654a Fix of rbtree lookup on hash collisions. Maxim Dounin <mdounin@mdounin.ru> parents: 4414 diff changeset	1811
95ab6658654a Fix of rbtree lookup on hash collisions. Maxim Dounin <mdounin@mdounin.ru> parents: 4414 diff changeset	1812 if (sess_id->expire > ngx_time()) {
95ab6658654a Fix of rbtree lookup on hash collisions. Maxim Dounin <mdounin@mdounin.ru> parents: 4414 diff changeset	1813 ngx_memcpy(buf, sess_id->session, sess_id->len);
95ab6658654a Fix of rbtree lookup on hash collisions. Maxim Dounin <mdounin@mdounin.ru> parents: 4414 diff changeset	1814
95ab6658654a Fix of rbtree lookup on hash collisions. Maxim Dounin <mdounin@mdounin.ru> parents: 4414 diff changeset	1815 ngx_shmtx_unlock(&shpool->mutex);
95ab6658654a Fix of rbtree lookup on hash collisions. Maxim Dounin <mdounin@mdounin.ru> parents: 4414 diff changeset	1816
95ab6658654a Fix of rbtree lookup on hash collisions. Maxim Dounin <mdounin@mdounin.ru> parents: 4414 diff changeset	1817 p = buf;
95ab6658654a Fix of rbtree lookup on hash collisions. Maxim Dounin <mdounin@mdounin.ru> parents: 4414 diff changeset	1818 sess = d2i_SSL_SESSION(NULL, &p, sess_id->len);
95ab6658654a Fix of rbtree lookup on hash collisions. Maxim Dounin <mdounin@mdounin.ru> parents: 4414 diff changeset	1819
95ab6658654a Fix of rbtree lookup on hash collisions. Maxim Dounin <mdounin@mdounin.ru> parents: 4414 diff changeset	1820 return sess;
95ab6658654a Fix of rbtree lookup on hash collisions. Maxim Dounin <mdounin@mdounin.ru> parents: 4414 diff changeset	1821 }
95ab6658654a Fix of rbtree lookup on hash collisions. Maxim Dounin <mdounin@mdounin.ru> parents: 4414 diff changeset	1822
95ab6658654a Fix of rbtree lookup on hash collisions. Maxim Dounin <mdounin@mdounin.ru> parents: 4414 diff changeset	1823 ngx_queue_remove(&sess_id->queue);
95ab6658654a Fix of rbtree lookup on hash collisions. Maxim Dounin <mdounin@mdounin.ru> parents: 4414 diff changeset	1824
95ab6658654a Fix of rbtree lookup on hash collisions. Maxim Dounin <mdounin@mdounin.ru> parents: 4414 diff changeset	1825 ngx_rbtree_delete(&cache->session_rbtree, node);
95ab6658654a Fix of rbtree lookup on hash collisions. Maxim Dounin <mdounin@mdounin.ru> parents: 4414 diff changeset	1826
95ab6658654a Fix of rbtree lookup on hash collisions. Maxim Dounin <mdounin@mdounin.ru> parents: 4414 diff changeset	1827 ngx_slab_free_locked(shpool, sess_id->session);
1017 ee25c79bea34 optimize the SSL session cache allocations on 64-bit platforms Igor Sysoev <igor@sysoev.ru> parents: 1015 diff changeset	1828 #if (NGX_PTR_SIZE == 4)
4497 95ab6658654a Fix of rbtree lookup on hash collisions. Maxim Dounin <mdounin@mdounin.ru> parents: 4414 diff changeset	1829 ngx_slab_free_locked(shpool, sess_id->id);
1017 ee25c79bea34 optimize the SSL session cache allocations on 64-bit platforms Igor Sysoev <igor@sysoev.ru> parents: 1015 diff changeset	1830 #endif
4497 95ab6658654a Fix of rbtree lookup on hash collisions. Maxim Dounin <mdounin@mdounin.ru> parents: 4414 diff changeset	1831 ngx_slab_free_locked(shpool, sess_id);
95ab6658654a Fix of rbtree lookup on hash collisions. Maxim Dounin <mdounin@mdounin.ru> parents: 4414 diff changeset	1832
95ab6658654a Fix of rbtree lookup on hash collisions. Maxim Dounin <mdounin@mdounin.ru> parents: 4414 diff changeset	1833 sess = NULL;
95ab6658654a Fix of rbtree lookup on hash collisions. Maxim Dounin <mdounin@mdounin.ru> parents: 4414 diff changeset	1834
95ab6658654a Fix of rbtree lookup on hash collisions. Maxim Dounin <mdounin@mdounin.ru> parents: 4414 diff changeset	1835 goto done;
95ab6658654a Fix of rbtree lookup on hash collisions. Maxim Dounin <mdounin@mdounin.ru> parents: 4414 diff changeset	1836 }
95ab6658654a Fix of rbtree lookup on hash collisions. Maxim Dounin <mdounin@mdounin.ru> parents: 4414 diff changeset	1837
95ab6658654a Fix of rbtree lookup on hash collisions. Maxim Dounin <mdounin@mdounin.ru> parents: 4414 diff changeset	1838 node = (rc < 0) ? node->left : node->right;
1013 7dd987e09701 stop rbtree search early if equal hash was found Igor Sysoev <igor@sysoev.ru> parents: 993 diff changeset	1839 }
974 8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1840
1013 7dd987e09701 stop rbtree search early if equal hash was found Igor Sysoev <igor@sysoev.ru> parents: 993 diff changeset	1841 done:
974 8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1842
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1843 ngx_shmtx_unlock(&shpool->mutex);
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1844
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1845 return sess;
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1846 }
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1847
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1848
1924 291689a7e5dc invalidate SSL session if there is no valid client certificate Igor Sysoev <igor@sysoev.ru> parents: 1877 diff changeset	1849 void
291689a7e5dc invalidate SSL session if there is no valid client certificate Igor Sysoev <igor@sysoev.ru> parents: 1877 diff changeset	1850 ngx_ssl_remove_cached_session(SSL_CTX ssl, ngx_ssl_session_t sess)
291689a7e5dc invalidate SSL session if there is no valid client certificate Igor Sysoev <igor@sysoev.ru> parents: 1877 diff changeset	1851 {
291689a7e5dc invalidate SSL session if there is no valid client certificate Igor Sysoev <igor@sysoev.ru> parents: 1877 diff changeset	1852 SSL_CTX_remove_session(ssl, sess);
291689a7e5dc invalidate SSL session if there is no valid client certificate Igor Sysoev <igor@sysoev.ru> parents: 1877 diff changeset	1853
291689a7e5dc invalidate SSL session if there is no valid client certificate Igor Sysoev <igor@sysoev.ru> parents: 1877 diff changeset	1854 ngx_ssl_remove_session(ssl, sess);
291689a7e5dc invalidate SSL session if there is no valid client certificate Igor Sysoev <igor@sysoev.ru> parents: 1877 diff changeset	1855 }
291689a7e5dc invalidate SSL session if there is no valid client certificate Igor Sysoev <igor@sysoev.ru> parents: 1877 diff changeset	1856
291689a7e5dc invalidate SSL session if there is no valid client certificate Igor Sysoev <igor@sysoev.ru> parents: 1877 diff changeset	1857
974 8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1858 static void
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1859 ngx_ssl_remove_session(SSL_CTX ssl, ngx_ssl_session_t sess)
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1860 {
1027 ff07ccfaad50 fix duplicate rbtree keys case Igor Sysoev <igor@sysoev.ru> parents: 1025 diff changeset	1861 size_t len;
ff07ccfaad50 fix duplicate rbtree keys case Igor Sysoev <igor@sysoev.ru> parents: 1025 diff changeset	1862 u_char *id;
974 8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1863 uint32_t hash;
1027 ff07ccfaad50 fix duplicate rbtree keys case Igor Sysoev <igor@sysoev.ru> parents: 1025 diff changeset	1864 ngx_int_t rc;
974 8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1865 ngx_shm_zone_t *shm_zone;
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1866 ngx_slab_pool_t *shpool;
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1867 ngx_rbtree_node_t node, sentinel;
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1868 ngx_ssl_sess_id_t *sess_id;
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1869 ngx_ssl_session_cache_t *cache;
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1870
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1871 shm_zone = SSL_CTX_get_ex_data(ssl, ngx_ssl_session_cache_index);
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1872
1924 291689a7e5dc invalidate SSL session if there is no valid client certificate Igor Sysoev <igor@sysoev.ru> parents: 1877 diff changeset	1873 if (shm_zone == NULL) {
291689a7e5dc invalidate SSL session if there is no valid client certificate Igor Sysoev <igor@sysoev.ru> parents: 1877 diff changeset	1874 return;
291689a7e5dc invalidate SSL session if there is no valid client certificate Igor Sysoev <igor@sysoev.ru> parents: 1877 diff changeset	1875 }
291689a7e5dc invalidate SSL session if there is no valid client certificate Igor Sysoev <igor@sysoev.ru> parents: 1877 diff changeset	1876
974 8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1877 cache = shm_zone->data;
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1878
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1879 id = sess->session_id;
1027 ff07ccfaad50 fix duplicate rbtree keys case Igor Sysoev <igor@sysoev.ru> parents: 1025 diff changeset	1880 len = (size_t) sess->session_id_length;
ff07ccfaad50 fix duplicate rbtree keys case Igor Sysoev <igor@sysoev.ru> parents: 1025 diff changeset	1881
ff07ccfaad50 fix duplicate rbtree keys case Igor Sysoev <igor@sysoev.ru> parents: 1025 diff changeset	1882 hash = ngx_crc32_short(id, len);
974 8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1883
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1884 ngx_log_debug2(NGX_LOG_DEBUG_EVENT, ngx_cycle->log, 0,
3155 e720c4a68ee0 fix debug log message Igor Sysoev <igor@sysoev.ru> parents: 3154 diff changeset	1885 "ssl remove session: %08XD:%uz", hash, len);
974 8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1886
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1887 shpool = (ngx_slab_pool_t *) shm_zone->shm.addr;
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1888
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1889 ngx_shmtx_lock(&shpool->mutex);
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1890
1759 89234cfbf810 embed session_rbtree and sentinel inside ngx_ssl_session_cache_t Igor Sysoev <igor@sysoev.ru> parents: 1758 diff changeset	1891 node = cache->session_rbtree.root;
89234cfbf810 embed session_rbtree and sentinel inside ngx_ssl_session_cache_t Igor Sysoev <igor@sysoev.ru> parents: 1758 diff changeset	1892 sentinel = cache->session_rbtree.sentinel;
974 8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1893
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1894 while (node != sentinel) {
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1895
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1896 if (hash < node->key) {
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1897 node = node->left;
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1898 continue;
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1899 }
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1900
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1901 if (hash > node->key) {
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1902 node = node->right;
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1903 continue;
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1904 }
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1905
1013 7dd987e09701 stop rbtree search early if equal hash was found Igor Sysoev <igor@sysoev.ru> parents: 993 diff changeset	1906 /* hash == node->key */
974 8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1907
4497 95ab6658654a Fix of rbtree lookup on hash collisions. Maxim Dounin <mdounin@mdounin.ru> parents: 4414 diff changeset	1908 sess_id = (ngx_ssl_sess_id_t *) node;
95ab6658654a Fix of rbtree lookup on hash collisions. Maxim Dounin <mdounin@mdounin.ru> parents: 4414 diff changeset	1909
95ab6658654a Fix of rbtree lookup on hash collisions. Maxim Dounin <mdounin@mdounin.ru> parents: 4414 diff changeset	1910 rc = ngx_memn2cmp(id, sess_id->id, len, (size_t) node->data);
95ab6658654a Fix of rbtree lookup on hash collisions. Maxim Dounin <mdounin@mdounin.ru> parents: 4414 diff changeset	1911
95ab6658654a Fix of rbtree lookup on hash collisions. Maxim Dounin <mdounin@mdounin.ru> parents: 4414 diff changeset	1912 if (rc == 0) {
95ab6658654a Fix of rbtree lookup on hash collisions. Maxim Dounin <mdounin@mdounin.ru> parents: 4414 diff changeset	1913
95ab6658654a Fix of rbtree lookup on hash collisions. Maxim Dounin <mdounin@mdounin.ru> parents: 4414 diff changeset	1914 ngx_queue_remove(&sess_id->queue);
95ab6658654a Fix of rbtree lookup on hash collisions. Maxim Dounin <mdounin@mdounin.ru> parents: 4414 diff changeset	1915
95ab6658654a Fix of rbtree lookup on hash collisions. Maxim Dounin <mdounin@mdounin.ru> parents: 4414 diff changeset	1916 ngx_rbtree_delete(&cache->session_rbtree, node);
95ab6658654a Fix of rbtree lookup on hash collisions. Maxim Dounin <mdounin@mdounin.ru> parents: 4414 diff changeset	1917
95ab6658654a Fix of rbtree lookup on hash collisions. Maxim Dounin <mdounin@mdounin.ru> parents: 4414 diff changeset	1918 ngx_slab_free_locked(shpool, sess_id->session);
1017 ee25c79bea34 optimize the SSL session cache allocations on 64-bit platforms Igor Sysoev <igor@sysoev.ru> parents: 1015 diff changeset	1919 #if (NGX_PTR_SIZE == 4)
4497 95ab6658654a Fix of rbtree lookup on hash collisions. Maxim Dounin <mdounin@mdounin.ru> parents: 4414 diff changeset	1920 ngx_slab_free_locked(shpool, sess_id->id);
1017 ee25c79bea34 optimize the SSL session cache allocations on 64-bit platforms Igor Sysoev <igor@sysoev.ru> parents: 1015 diff changeset	1921 #endif
4497 95ab6658654a Fix of rbtree lookup on hash collisions. Maxim Dounin <mdounin@mdounin.ru> parents: 4414 diff changeset	1922 ngx_slab_free_locked(shpool, sess_id);
95ab6658654a Fix of rbtree lookup on hash collisions. Maxim Dounin <mdounin@mdounin.ru> parents: 4414 diff changeset	1923
95ab6658654a Fix of rbtree lookup on hash collisions. Maxim Dounin <mdounin@mdounin.ru> parents: 4414 diff changeset	1924 goto done;
95ab6658654a Fix of rbtree lookup on hash collisions. Maxim Dounin <mdounin@mdounin.ru> parents: 4414 diff changeset	1925 }
95ab6658654a Fix of rbtree lookup on hash collisions. Maxim Dounin <mdounin@mdounin.ru> parents: 4414 diff changeset	1926
95ab6658654a Fix of rbtree lookup on hash collisions. Maxim Dounin <mdounin@mdounin.ru> parents: 4414 diff changeset	1927 node = (rc < 0) ? node->left : node->right;
974 8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1928 }
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1929
1013 7dd987e09701 stop rbtree search early if equal hash was found Igor Sysoev <igor@sysoev.ru> parents: 993 diff changeset	1930 done:
7dd987e09701 stop rbtree search early if equal hash was found Igor Sysoev <igor@sysoev.ru> parents: 993 diff changeset	1931
974 8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1932 ngx_shmtx_unlock(&shpool->mutex);
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1933 }
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1934
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1935
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1936 static void
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1937 ngx_ssl_expire_sessions(ngx_ssl_session_cache_t *cache,
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1938 ngx_slab_pool_t *shpool, ngx_uint_t n)
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1939 {
1757 7ab8bd535eed use ngx_time() instead of ngx_timeofday() Igor Sysoev <igor@sysoev.ru> parents: 1756 diff changeset	1940 time_t now;
1760 49429f5b2d94 use ngx_queue.h Igor Sysoev <igor@sysoev.ru> parents: 1759 diff changeset	1941 ngx_queue_t *q;
1014 5ffd76a9ccf3 optimize the SSL session cache allocations Igor Sysoev <igor@sysoev.ru> parents: 1013 diff changeset	1942 ngx_ssl_sess_id_t *sess_id;
974 8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1943
1757 7ab8bd535eed use ngx_time() instead of ngx_timeofday() Igor Sysoev <igor@sysoev.ru> parents: 1756 diff changeset	1944 now = ngx_time();
974 8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1945
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1946 while (n < 3) {
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1947
1760 49429f5b2d94 use ngx_queue.h Igor Sysoev <igor@sysoev.ru> parents: 1759 diff changeset	1948 if (ngx_queue_empty(&cache->expire_queue)) {
974 8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1949 return;
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1950 }
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1951
1760 49429f5b2d94 use ngx_queue.h Igor Sysoev <igor@sysoev.ru> parents: 1759 diff changeset	1952 q = ngx_queue_last(&cache->expire_queue);
49429f5b2d94 use ngx_queue.h Igor Sysoev <igor@sysoev.ru> parents: 1759 diff changeset	1953
49429f5b2d94 use ngx_queue.h Igor Sysoev <igor@sysoev.ru> parents: 1759 diff changeset	1954 sess_id = ngx_queue_data(q, ngx_ssl_sess_id_t, queue);
49429f5b2d94 use ngx_queue.h Igor Sysoev <igor@sysoev.ru> parents: 1759 diff changeset	1955
1757 7ab8bd535eed use ngx_time() instead of ngx_timeofday() Igor Sysoev <igor@sysoev.ru> parents: 1756 diff changeset	1956 if (n++ != 0 && sess_id->expire > now) {
1439 36548ad85be1 style fix Igor Sysoev <igor@sysoev.ru> parents: 1426 diff changeset	1957 return;
974 8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1958 }
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1959
1760 49429f5b2d94 use ngx_queue.h Igor Sysoev <igor@sysoev.ru> parents: 1759 diff changeset	1960 ngx_queue_remove(q);
974 8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1961
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1962 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, ngx_cycle->log, 0,
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1963 "expire session: %08Xi", sess_id->node.key);
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1964
1760 49429f5b2d94 use ngx_queue.h Igor Sysoev <igor@sysoev.ru> parents: 1759 diff changeset	1965 ngx_rbtree_delete(&cache->session_rbtree, &sess_id->node);
49429f5b2d94 use ngx_queue.h Igor Sysoev <igor@sysoev.ru> parents: 1759 diff changeset	1966
1014 5ffd76a9ccf3 optimize the SSL session cache allocations Igor Sysoev <igor@sysoev.ru> parents: 1013 diff changeset	1967 ngx_slab_free_locked(shpool, sess_id->session);
1017 ee25c79bea34 optimize the SSL session cache allocations on 64-bit platforms Igor Sysoev <igor@sysoev.ru> parents: 1015 diff changeset	1968 #if (NGX_PTR_SIZE == 4)
974 8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1969 ngx_slab_free_locked(shpool, sess_id->id);
1017 ee25c79bea34 optimize the SSL session cache allocations on 64-bit platforms Igor Sysoev <igor@sysoev.ru> parents: 1015 diff changeset	1970 #endif
974 8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1971 ngx_slab_free_locked(shpool, sess_id);
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1972 }
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1973 }
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1974
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	1975
1027 ff07ccfaad50 fix duplicate rbtree keys case Igor Sysoev <igor@sysoev.ru> parents: 1025 diff changeset	1976 static void
ff07ccfaad50 fix duplicate rbtree keys case Igor Sysoev <igor@sysoev.ru> parents: 1025 diff changeset	1977 ngx_ssl_session_rbtree_insert_value(ngx_rbtree_node_t *temp,
ff07ccfaad50 fix duplicate rbtree keys case Igor Sysoev <igor@sysoev.ru> parents: 1025 diff changeset	1978 ngx_rbtree_node_t node, ngx_rbtree_node_t sentinel)
ff07ccfaad50 fix duplicate rbtree keys case Igor Sysoev <igor@sysoev.ru> parents: 1025 diff changeset	1979 {
1743 4fc402c3ec73 optimize rbtree initialization and insert Igor Sysoev <igor@sysoev.ru> parents: 1439 diff changeset	1980 ngx_rbtree_node_t **p;
4fc402c3ec73 optimize rbtree initialization and insert Igor Sysoev <igor@sysoev.ru> parents: 1439 diff changeset	1981 ngx_ssl_sess_id_t sess_id, sess_id_temp;
1027 ff07ccfaad50 fix duplicate rbtree keys case Igor Sysoev <igor@sysoev.ru> parents: 1025 diff changeset	1982
ff07ccfaad50 fix duplicate rbtree keys case Igor Sysoev <igor@sysoev.ru> parents: 1025 diff changeset	1983 for ( ;; ) {
ff07ccfaad50 fix duplicate rbtree keys case Igor Sysoev <igor@sysoev.ru> parents: 1025 diff changeset	1984
ff07ccfaad50 fix duplicate rbtree keys case Igor Sysoev <igor@sysoev.ru> parents: 1025 diff changeset	1985 if (node->key < temp->key) {
ff07ccfaad50 fix duplicate rbtree keys case Igor Sysoev <igor@sysoev.ru> parents: 1025 diff changeset	1986
1743 4fc402c3ec73 optimize rbtree initialization and insert Igor Sysoev <igor@sysoev.ru> parents: 1439 diff changeset	1987 p = &temp->left;
1027 ff07ccfaad50 fix duplicate rbtree keys case Igor Sysoev <igor@sysoev.ru> parents: 1025 diff changeset	1988
ff07ccfaad50 fix duplicate rbtree keys case Igor Sysoev <igor@sysoev.ru> parents: 1025 diff changeset	1989 } else if (node->key > temp->key) {
ff07ccfaad50 fix duplicate rbtree keys case Igor Sysoev <igor@sysoev.ru> parents: 1025 diff changeset	1990
1743 4fc402c3ec73 optimize rbtree initialization and insert Igor Sysoev <igor@sysoev.ru> parents: 1439 diff changeset	1991 p = &temp->right;
1027 ff07ccfaad50 fix duplicate rbtree keys case Igor Sysoev <igor@sysoev.ru> parents: 1025 diff changeset	1992
ff07ccfaad50 fix duplicate rbtree keys case Igor Sysoev <igor@sysoev.ru> parents: 1025 diff changeset	1993 } else { /* node->key == temp->key */
ff07ccfaad50 fix duplicate rbtree keys case Igor Sysoev <igor@sysoev.ru> parents: 1025 diff changeset	1994
ff07ccfaad50 fix duplicate rbtree keys case Igor Sysoev <igor@sysoev.ru> parents: 1025 diff changeset	1995 sess_id = (ngx_ssl_sess_id_t *) node;
ff07ccfaad50 fix duplicate rbtree keys case Igor Sysoev <igor@sysoev.ru> parents: 1025 diff changeset	1996 sess_id_temp = (ngx_ssl_sess_id_t *) temp;
ff07ccfaad50 fix duplicate rbtree keys case Igor Sysoev <igor@sysoev.ru> parents: 1025 diff changeset	1997
1743 4fc402c3ec73 optimize rbtree initialization and insert Igor Sysoev <igor@sysoev.ru> parents: 1439 diff changeset	1998 p = (ngx_memn2cmp(sess_id->id, sess_id_temp->id,
4fc402c3ec73 optimize rbtree initialization and insert Igor Sysoev <igor@sysoev.ru> parents: 1439 diff changeset	1999 (size_t) node->data, (size_t) temp->data)
4fc402c3ec73 optimize rbtree initialization and insert Igor Sysoev <igor@sysoev.ru> parents: 1439 diff changeset	2000 < 0) ? &temp->left : &temp->right;
1027 ff07ccfaad50 fix duplicate rbtree keys case Igor Sysoev <igor@sysoev.ru> parents: 1025 diff changeset	2001 }
1743 4fc402c3ec73 optimize rbtree initialization and insert Igor Sysoev <igor@sysoev.ru> parents: 1439 diff changeset	2002
4fc402c3ec73 optimize rbtree initialization and insert Igor Sysoev <igor@sysoev.ru> parents: 1439 diff changeset	2003 if (*p == sentinel) {
4fc402c3ec73 optimize rbtree initialization and insert Igor Sysoev <igor@sysoev.ru> parents: 1439 diff changeset	2004 break;
4fc402c3ec73 optimize rbtree initialization and insert Igor Sysoev <igor@sysoev.ru> parents: 1439 diff changeset	2005 }
4fc402c3ec73 optimize rbtree initialization and insert Igor Sysoev <igor@sysoev.ru> parents: 1439 diff changeset	2006
4fc402c3ec73 optimize rbtree initialization and insert Igor Sysoev <igor@sysoev.ru> parents: 1439 diff changeset	2007 temp = *p;
1027 ff07ccfaad50 fix duplicate rbtree keys case Igor Sysoev <igor@sysoev.ru> parents: 1025 diff changeset	2008 }
ff07ccfaad50 fix duplicate rbtree keys case Igor Sysoev <igor@sysoev.ru> parents: 1025 diff changeset	2009
1743 4fc402c3ec73 optimize rbtree initialization and insert Igor Sysoev <igor@sysoev.ru> parents: 1439 diff changeset	2010 *p = node;
1027 ff07ccfaad50 fix duplicate rbtree keys case Igor Sysoev <igor@sysoev.ru> parents: 1025 diff changeset	2011 node->parent = temp;
ff07ccfaad50 fix duplicate rbtree keys case Igor Sysoev <igor@sysoev.ru> parents: 1025 diff changeset	2012 node->left = sentinel;
ff07ccfaad50 fix duplicate rbtree keys case Igor Sysoev <igor@sysoev.ru> parents: 1025 diff changeset	2013 node->right = sentinel;
ff07ccfaad50 fix duplicate rbtree keys case Igor Sysoev <igor@sysoev.ru> parents: 1025 diff changeset	2014 ngx_rbt_red(node);
1043 7073b87fa8e9 style fix: remove trailing spaces Igor Sysoev <igor@sysoev.ru> parents: 1029 diff changeset	2015 }
1027 ff07ccfaad50 fix duplicate rbtree keys case Igor Sysoev <igor@sysoev.ru> parents: 1025 diff changeset	2016
ff07ccfaad50 fix duplicate rbtree keys case Igor Sysoev <igor@sysoev.ru> parents: 1025 diff changeset	2017
509 9b8c906f6e63 nginx-0.1.29-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 501 diff changeset	2018 void
9b8c906f6e63 nginx-0.1.29-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 501 diff changeset	2019 ngx_ssl_cleanup_ctx(void *data)
9b8c906f6e63 nginx-0.1.29-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 501 diff changeset	2020 {
589 d4e858a5751a nginx-0.3.16-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 583 diff changeset	2021 ngx_ssl_t *ssl = data;
509 9b8c906f6e63 nginx-0.1.29-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 501 diff changeset	2022
589 d4e858a5751a nginx-0.3.16-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 583 diff changeset	2023 SSL_CTX_free(ssl->ctx);
509 9b8c906f6e63 nginx-0.1.29-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 501 diff changeset	2024 }
541 b09ee85d0ac8 nginx-0.1.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 539 diff changeset	2025
b09ee85d0ac8 nginx-0.1.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 539 diff changeset	2026
671 cec32b3753ac nginx-0.3.57-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 647 diff changeset	2027 ngx_int_t
cec32b3753ac nginx-0.3.57-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 647 diff changeset	2028 ngx_ssl_get_protocol(ngx_connection_t c, ngx_pool_t pool, ngx_str_t *s)
611 3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 597 diff changeset	2029 {
671 cec32b3753ac nginx-0.3.57-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 647 diff changeset	2030 s->data = (u_char *) SSL_get_version(c->ssl->connection);
cec32b3753ac nginx-0.3.57-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 647 diff changeset	2031 return NGX_OK;
611 3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 597 diff changeset	2032 }
3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 597 diff changeset	2033
3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 597 diff changeset	2034
671 cec32b3753ac nginx-0.3.57-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 647 diff changeset	2035 ngx_int_t
cec32b3753ac nginx-0.3.57-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 647 diff changeset	2036 ngx_ssl_get_cipher_name(ngx_connection_t c, ngx_pool_t pool, ngx_str_t *s)
611 3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 597 diff changeset	2037 {
671 cec32b3753ac nginx-0.3.57-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 647 diff changeset	2038 s->data = (u_char *) SSL_get_cipher_name(c->ssl->connection);
cec32b3753ac nginx-0.3.57-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 647 diff changeset	2039 return NGX_OK;
611 3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 597 diff changeset	2040 }
3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 597 diff changeset	2041
3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 597 diff changeset	2042
647 95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 611 diff changeset	2043 ngx_int_t
3154 823f72db46c0 $ssl_session_id Igor Sysoev <igor@sysoev.ru> parents: 3002 diff changeset	2044 ngx_ssl_get_session_id(ngx_connection_t c, ngx_pool_t pool, ngx_str_t *s)
823f72db46c0 $ssl_session_id Igor Sysoev <igor@sysoev.ru> parents: 3002 diff changeset	2045 {
823f72db46c0 $ssl_session_id Igor Sysoev <igor@sysoev.ru> parents: 3002 diff changeset	2046 int len;
823f72db46c0 $ssl_session_id Igor Sysoev <igor@sysoev.ru> parents: 3002 diff changeset	2047 u_char p, buf;
823f72db46c0 $ssl_session_id Igor Sysoev <igor@sysoev.ru> parents: 3002 diff changeset	2048 SSL_SESSION *sess;
823f72db46c0 $ssl_session_id Igor Sysoev <igor@sysoev.ru> parents: 3002 diff changeset	2049
823f72db46c0 $ssl_session_id Igor Sysoev <igor@sysoev.ru> parents: 3002 diff changeset	2050 sess = SSL_get0_session(c->ssl->connection);
823f72db46c0 $ssl_session_id Igor Sysoev <igor@sysoev.ru> parents: 3002 diff changeset	2051
823f72db46c0 $ssl_session_id Igor Sysoev <igor@sysoev.ru> parents: 3002 diff changeset	2052 len = i2d_SSL_SESSION(sess, NULL);
823f72db46c0 $ssl_session_id Igor Sysoev <igor@sysoev.ru> parents: 3002 diff changeset	2053
823f72db46c0 $ssl_session_id Igor Sysoev <igor@sysoev.ru> parents: 3002 diff changeset	2054 buf = ngx_alloc(len, c->log);
823f72db46c0 $ssl_session_id Igor Sysoev <igor@sysoev.ru> parents: 3002 diff changeset	2055 if (buf == NULL) {
823f72db46c0 $ssl_session_id Igor Sysoev <igor@sysoev.ru> parents: 3002 diff changeset	2056 return NGX_ERROR;
823f72db46c0 $ssl_session_id Igor Sysoev <igor@sysoev.ru> parents: 3002 diff changeset	2057 }
823f72db46c0 $ssl_session_id Igor Sysoev <igor@sysoev.ru> parents: 3002 diff changeset	2058
823f72db46c0 $ssl_session_id Igor Sysoev <igor@sysoev.ru> parents: 3002 diff changeset	2059 s->len = 2 * len;
823f72db46c0 $ssl_session_id Igor Sysoev <igor@sysoev.ru> parents: 3002 diff changeset	2060 s->data = ngx_pnalloc(pool, 2 * len);
823f72db46c0 $ssl_session_id Igor Sysoev <igor@sysoev.ru> parents: 3002 diff changeset	2061 if (s->data == NULL) {
3159 d4cc5a450ee9 fix r3155 Igor Sysoev <igor@sysoev.ru> parents: 3155 diff changeset	2062 ngx_free(buf);
3154 823f72db46c0 $ssl_session_id Igor Sysoev <igor@sysoev.ru> parents: 3002 diff changeset	2063 return NGX_ERROR;
823f72db46c0 $ssl_session_id Igor Sysoev <igor@sysoev.ru> parents: 3002 diff changeset	2064 }
823f72db46c0 $ssl_session_id Igor Sysoev <igor@sysoev.ru> parents: 3002 diff changeset	2065
823f72db46c0 $ssl_session_id Igor Sysoev <igor@sysoev.ru> parents: 3002 diff changeset	2066 p = buf;
823f72db46c0 $ssl_session_id Igor Sysoev <igor@sysoev.ru> parents: 3002 diff changeset	2067 i2d_SSL_SESSION(sess, &p);
823f72db46c0 $ssl_session_id Igor Sysoev <igor@sysoev.ru> parents: 3002 diff changeset	2068
823f72db46c0 $ssl_session_id Igor Sysoev <igor@sysoev.ru> parents: 3002 diff changeset	2069 ngx_hex_dump(s->data, buf, len);
823f72db46c0 $ssl_session_id Igor Sysoev <igor@sysoev.ru> parents: 3002 diff changeset	2070
823f72db46c0 $ssl_session_id Igor Sysoev <igor@sysoev.ru> parents: 3002 diff changeset	2071 ngx_free(buf);
823f72db46c0 $ssl_session_id Igor Sysoev <igor@sysoev.ru> parents: 3002 diff changeset	2072
823f72db46c0 $ssl_session_id Igor Sysoev <igor@sysoev.ru> parents: 3002 diff changeset	2073 return NGX_OK;
823f72db46c0 $ssl_session_id Igor Sysoev <igor@sysoev.ru> parents: 3002 diff changeset	2074 }
823f72db46c0 $ssl_session_id Igor Sysoev <igor@sysoev.ru> parents: 3002 diff changeset	2075
823f72db46c0 $ssl_session_id Igor Sysoev <igor@sysoev.ru> parents: 3002 diff changeset	2076
823f72db46c0 $ssl_session_id Igor Sysoev <igor@sysoev.ru> parents: 3002 diff changeset	2077 ngx_int_t
2123 9697407e9ecb ) ssl_verify_client ask Igor Sysoev <igor@sysoev.ru>* parents: 2052 diff changeset	2078 ngx_ssl_get_raw_certificate(ngx_connection_t c, ngx_pool_t pool, ngx_str_t *s)
2045 2b11822b12d6 $ssl_client_cert Igor Sysoev <igor@sysoev.ru> parents: 2044 diff changeset	2079 {
2b11822b12d6 $ssl_client_cert Igor Sysoev <igor@sysoev.ru> parents: 2044 diff changeset	2080 size_t len;
2b11822b12d6 $ssl_client_cert Igor Sysoev <igor@sysoev.ru> parents: 2044 diff changeset	2081 BIO *bio;
2b11822b12d6 $ssl_client_cert Igor Sysoev <igor@sysoev.ru> parents: 2044 diff changeset	2082 X509 *cert;
2b11822b12d6 $ssl_client_cert Igor Sysoev <igor@sysoev.ru> parents: 2044 diff changeset	2083
2b11822b12d6 $ssl_client_cert Igor Sysoev <igor@sysoev.ru> parents: 2044 diff changeset	2084 s->len = 0;
2b11822b12d6 $ssl_client_cert Igor Sysoev <igor@sysoev.ru> parents: 2044 diff changeset	2085
2b11822b12d6 $ssl_client_cert Igor Sysoev <igor@sysoev.ru> parents: 2044 diff changeset	2086 cert = SSL_get_peer_certificate(c->ssl->connection);
2b11822b12d6 $ssl_client_cert Igor Sysoev <igor@sysoev.ru> parents: 2044 diff changeset	2087 if (cert == NULL) {
2b11822b12d6 $ssl_client_cert Igor Sysoev <igor@sysoev.ru> parents: 2044 diff changeset	2088 return NGX_OK;
2b11822b12d6 $ssl_client_cert Igor Sysoev <igor@sysoev.ru> parents: 2044 diff changeset	2089 }
2b11822b12d6 $ssl_client_cert Igor Sysoev <igor@sysoev.ru> parents: 2044 diff changeset	2090
2b11822b12d6 $ssl_client_cert Igor Sysoev <igor@sysoev.ru> parents: 2044 diff changeset	2091 bio = BIO_new(BIO_s_mem());
2b11822b12d6 $ssl_client_cert Igor Sysoev <igor@sysoev.ru> parents: 2044 diff changeset	2092 if (bio == NULL) {
2b11822b12d6 $ssl_client_cert Igor Sysoev <igor@sysoev.ru> parents: 2044 diff changeset	2093 ngx_ssl_error(NGX_LOG_ALERT, c->log, 0, "BIO_new() failed");
2b11822b12d6 $ssl_client_cert Igor Sysoev <igor@sysoev.ru> parents: 2044 diff changeset	2094 X509_free(cert);
2b11822b12d6 $ssl_client_cert Igor Sysoev <igor@sysoev.ru> parents: 2044 diff changeset	2095 return NGX_ERROR;
2b11822b12d6 $ssl_client_cert Igor Sysoev <igor@sysoev.ru> parents: 2044 diff changeset	2096 }
2b11822b12d6 $ssl_client_cert Igor Sysoev <igor@sysoev.ru> parents: 2044 diff changeset	2097
2b11822b12d6 $ssl_client_cert Igor Sysoev <igor@sysoev.ru> parents: 2044 diff changeset	2098 if (PEM_write_bio_X509(bio, cert) == 0) {
2b11822b12d6 $ssl_client_cert Igor Sysoev <igor@sysoev.ru> parents: 2044 diff changeset	2099 ngx_ssl_error(NGX_LOG_ALERT, c->log, 0, "PEM_write_bio_X509() failed");
2b11822b12d6 $ssl_client_cert Igor Sysoev <igor@sysoev.ru> parents: 2044 diff changeset	2100 goto failed;
2b11822b12d6 $ssl_client_cert Igor Sysoev <igor@sysoev.ru> parents: 2044 diff changeset	2101 }
2b11822b12d6 $ssl_client_cert Igor Sysoev <igor@sysoev.ru> parents: 2044 diff changeset	2102
2b11822b12d6 $ssl_client_cert Igor Sysoev <igor@sysoev.ru> parents: 2044 diff changeset	2103 len = BIO_pending(bio);
2b11822b12d6 $ssl_client_cert Igor Sysoev <igor@sysoev.ru> parents: 2044 diff changeset	2104 s->len = len;
2b11822b12d6 $ssl_client_cert Igor Sysoev <igor@sysoev.ru> parents: 2044 diff changeset	2105
2049 2a92804f4109 ) back out r2040 Igor Sysoev <igor@sysoev.ru>* parents: 2045 diff changeset	2106 s->data = ngx_pnalloc(pool, len);
2045 2b11822b12d6 $ssl_client_cert Igor Sysoev <igor@sysoev.ru> parents: 2044 diff changeset	2107 if (s->data == NULL) {
2b11822b12d6 $ssl_client_cert Igor Sysoev <igor@sysoev.ru> parents: 2044 diff changeset	2108 goto failed;
2b11822b12d6 $ssl_client_cert Igor Sysoev <igor@sysoev.ru> parents: 2044 diff changeset	2109 }
2b11822b12d6 $ssl_client_cert Igor Sysoev <igor@sysoev.ru> parents: 2044 diff changeset	2110
2b11822b12d6 $ssl_client_cert Igor Sysoev <igor@sysoev.ru> parents: 2044 diff changeset	2111 BIO_read(bio, s->data, len);
2b11822b12d6 $ssl_client_cert Igor Sysoev <igor@sysoev.ru> parents: 2044 diff changeset	2112
2b11822b12d6 $ssl_client_cert Igor Sysoev <igor@sysoev.ru> parents: 2044 diff changeset	2113 BIO_free(bio);
2b11822b12d6 $ssl_client_cert Igor Sysoev <igor@sysoev.ru> parents: 2044 diff changeset	2114 X509_free(cert);
2b11822b12d6 $ssl_client_cert Igor Sysoev <igor@sysoev.ru> parents: 2044 diff changeset	2115
2b11822b12d6 $ssl_client_cert Igor Sysoev <igor@sysoev.ru> parents: 2044 diff changeset	2116 return NGX_OK;
2b11822b12d6 $ssl_client_cert Igor Sysoev <igor@sysoev.ru> parents: 2044 diff changeset	2117
2b11822b12d6 $ssl_client_cert Igor Sysoev <igor@sysoev.ru> parents: 2044 diff changeset	2118 failed:
2b11822b12d6 $ssl_client_cert Igor Sysoev <igor@sysoev.ru> parents: 2044 diff changeset	2119
2b11822b12d6 $ssl_client_cert Igor Sysoev <igor@sysoev.ru> parents: 2044 diff changeset	2120 BIO_free(bio);
2b11822b12d6 $ssl_client_cert Igor Sysoev <igor@sysoev.ru> parents: 2044 diff changeset	2121 X509_free(cert);
2b11822b12d6 $ssl_client_cert Igor Sysoev <igor@sysoev.ru> parents: 2044 diff changeset	2122
2b11822b12d6 $ssl_client_cert Igor Sysoev <igor@sysoev.ru> parents: 2044 diff changeset	2123 return NGX_ERROR;
2b11822b12d6 $ssl_client_cert Igor Sysoev <igor@sysoev.ru> parents: 2044 diff changeset	2124 }
2b11822b12d6 $ssl_client_cert Igor Sysoev <igor@sysoev.ru> parents: 2044 diff changeset	2125
2b11822b12d6 $ssl_client_cert Igor Sysoev <igor@sysoev.ru> parents: 2044 diff changeset	2126
2b11822b12d6 $ssl_client_cert Igor Sysoev <igor@sysoev.ru> parents: 2044 diff changeset	2127 ngx_int_t
2123 9697407e9ecb ) ssl_verify_client ask Igor Sysoev <igor@sysoev.ru>* parents: 2052 diff changeset	2128 ngx_ssl_get_certificate(ngx_connection_t c, ngx_pool_t pool, ngx_str_t *s)
9697407e9ecb ) ssl_verify_client ask Igor Sysoev <igor@sysoev.ru>* parents: 2052 diff changeset	2129 {
9697407e9ecb ) ssl_verify_client ask Igor Sysoev <igor@sysoev.ru>* parents: 2052 diff changeset	2130 u_char *p;
9697407e9ecb ) ssl_verify_client ask Igor Sysoev <igor@sysoev.ru>* parents: 2052 diff changeset	2131 size_t len;
9697407e9ecb ) ssl_verify_client ask Igor Sysoev <igor@sysoev.ru>* parents: 2052 diff changeset	2132 ngx_uint_t i;
9697407e9ecb ) ssl_verify_client ask Igor Sysoev <igor@sysoev.ru>* parents: 2052 diff changeset	2133 ngx_str_t cert;
9697407e9ecb ) ssl_verify_client ask Igor Sysoev <igor@sysoev.ru>* parents: 2052 diff changeset	2134
9697407e9ecb ) ssl_verify_client ask Igor Sysoev <igor@sysoev.ru>* parents: 2052 diff changeset	2135 if (ngx_ssl_get_raw_certificate(c, pool, &cert) != NGX_OK) {
9697407e9ecb ) ssl_verify_client ask Igor Sysoev <igor@sysoev.ru>* parents: 2052 diff changeset	2136 return NGX_ERROR;
9697407e9ecb ) ssl_verify_client ask Igor Sysoev <igor@sysoev.ru>* parents: 2052 diff changeset	2137 }
9697407e9ecb ) ssl_verify_client ask Igor Sysoev <igor@sysoev.ru>* parents: 2052 diff changeset	2138
9697407e9ecb ) ssl_verify_client ask Igor Sysoev <igor@sysoev.ru>* parents: 2052 diff changeset	2139 if (cert.len == 0) {
9697407e9ecb ) ssl_verify_client ask Igor Sysoev <igor@sysoev.ru>* parents: 2052 diff changeset	2140 s->len = 0;
9697407e9ecb ) ssl_verify_client ask Igor Sysoev <igor@sysoev.ru>* parents: 2052 diff changeset	2141 return NGX_OK;
9697407e9ecb ) ssl_verify_client ask Igor Sysoev <igor@sysoev.ru>* parents: 2052 diff changeset	2142 }
9697407e9ecb ) ssl_verify_client ask Igor Sysoev <igor@sysoev.ru>* parents: 2052 diff changeset	2143
9697407e9ecb ) ssl_verify_client ask Igor Sysoev <igor@sysoev.ru>* parents: 2052 diff changeset	2144 len = cert.len - 1;
9697407e9ecb ) ssl_verify_client ask Igor Sysoev <igor@sysoev.ru>* parents: 2052 diff changeset	2145
9697407e9ecb ) ssl_verify_client ask Igor Sysoev <igor@sysoev.ru>* parents: 2052 diff changeset	2146 for (i = 0; i < cert.len - 1; i++) {
9697407e9ecb ) ssl_verify_client ask Igor Sysoev <igor@sysoev.ru>* parents: 2052 diff changeset	2147 if (cert.data[i] == LF) {
9697407e9ecb ) ssl_verify_client ask Igor Sysoev <igor@sysoev.ru>* parents: 2052 diff changeset	2148 len++;
9697407e9ecb ) ssl_verify_client ask Igor Sysoev <igor@sysoev.ru>* parents: 2052 diff changeset	2149 }
9697407e9ecb ) ssl_verify_client ask Igor Sysoev <igor@sysoev.ru>* parents: 2052 diff changeset	2150 }
9697407e9ecb ) ssl_verify_client ask Igor Sysoev <igor@sysoev.ru>* parents: 2052 diff changeset	2151
9697407e9ecb ) ssl_verify_client ask Igor Sysoev <igor@sysoev.ru>* parents: 2052 diff changeset	2152 s->len = len;
9697407e9ecb ) ssl_verify_client ask Igor Sysoev <igor@sysoev.ru>* parents: 2052 diff changeset	2153 s->data = ngx_pnalloc(pool, len);
9697407e9ecb ) ssl_verify_client ask Igor Sysoev <igor@sysoev.ru>* parents: 2052 diff changeset	2154 if (s->data == NULL) {
9697407e9ecb ) ssl_verify_client ask Igor Sysoev <igor@sysoev.ru>* parents: 2052 diff changeset	2155 return NGX_ERROR;
9697407e9ecb ) ssl_verify_client ask Igor Sysoev <igor@sysoev.ru>* parents: 2052 diff changeset	2156 }
9697407e9ecb ) ssl_verify_client ask Igor Sysoev <igor@sysoev.ru>* parents: 2052 diff changeset	2157
9697407e9ecb ) ssl_verify_client ask Igor Sysoev <igor@sysoev.ru>* parents: 2052 diff changeset	2158 p = s->data;
9697407e9ecb ) ssl_verify_client ask Igor Sysoev <igor@sysoev.ru>* parents: 2052 diff changeset	2159
3002 bf0c7e58e016 fix memory corruption in $ssl_client_cert Igor Sysoev <igor@sysoev.ru> parents: 2997 diff changeset	2160 for (i = 0; i < cert.len - 1; i++) {
2123 9697407e9ecb ) ssl_verify_client ask Igor Sysoev <igor@sysoev.ru>* parents: 2052 diff changeset	2161 *p++ = cert.data[i];
9697407e9ecb ) ssl_verify_client ask Igor Sysoev <igor@sysoev.ru>* parents: 2052 diff changeset	2162 if (cert.data[i] == LF) {
9697407e9ecb ) ssl_verify_client ask Igor Sysoev <igor@sysoev.ru>* parents: 2052 diff changeset	2163 *p++ = '\t';
9697407e9ecb ) ssl_verify_client ask Igor Sysoev <igor@sysoev.ru>* parents: 2052 diff changeset	2164 }
9697407e9ecb ) ssl_verify_client ask Igor Sysoev <igor@sysoev.ru>* parents: 2052 diff changeset	2165 }
9697407e9ecb ) ssl_verify_client ask Igor Sysoev <igor@sysoev.ru>* parents: 2052 diff changeset	2166
9697407e9ecb ) ssl_verify_client ask Igor Sysoev <igor@sysoev.ru>* parents: 2052 diff changeset	2167 return NGX_OK;
9697407e9ecb ) ssl_verify_client ask Igor Sysoev <igor@sysoev.ru>* parents: 2052 diff changeset	2168 }
9697407e9ecb ) ssl_verify_client ask Igor Sysoev <igor@sysoev.ru>* parents: 2052 diff changeset	2169
9697407e9ecb ) ssl_verify_client ask Igor Sysoev <igor@sysoev.ru>* parents: 2052 diff changeset	2170
9697407e9ecb ) ssl_verify_client ask Igor Sysoev <igor@sysoev.ru>* parents: 2052 diff changeset	2171 ngx_int_t
647 95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 611 diff changeset	2172 ngx_ssl_get_subject_dn(ngx_connection_t c, ngx_pool_t pool, ngx_str_t *s)
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 611 diff changeset	2173 {
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 611 diff changeset	2174 char *p;
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 611 diff changeset	2175 size_t len;
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 611 diff changeset	2176 X509 *cert;
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 611 diff changeset	2177 X509_NAME *name;
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 611 diff changeset	2178
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 611 diff changeset	2179 s->len = 0;
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 611 diff changeset	2180
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 611 diff changeset	2181 cert = SSL_get_peer_certificate(c->ssl->connection);
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 611 diff changeset	2182 if (cert == NULL) {
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 611 diff changeset	2183 return NGX_OK;
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 611 diff changeset	2184 }
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 611 diff changeset	2185
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 611 diff changeset	2186 name = X509_get_subject_name(cert);
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 611 diff changeset	2187 if (name == NULL) {
1974 f32cc6df6bd6 fix memory leak when ssl_verify_client is on Igor Sysoev <igor@sysoev.ru> parents: 1948 diff changeset	2188 X509_free(cert);
647 95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 611 diff changeset	2189 return NGX_ERROR;
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 611 diff changeset	2190 }
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 611 diff changeset	2191
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 611 diff changeset	2192 p = X509_NAME_oneline(name, NULL, 0);
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 611 diff changeset	2193
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 611 diff changeset	2194 for (len = 0; p[len]; len++) { /* void */ }
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 611 diff changeset	2195
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 611 diff changeset	2196 s->len = len;
2049 2a92804f4109 ) back out r2040 Igor Sysoev <igor@sysoev.ru>* parents: 2045 diff changeset	2197 s->data = ngx_pnalloc(pool, len);
647 95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 611 diff changeset	2198 if (s->data == NULL) {
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 611 diff changeset	2199 OPENSSL_free(p);
1974 f32cc6df6bd6 fix memory leak when ssl_verify_client is on Igor Sysoev <igor@sysoev.ru> parents: 1948 diff changeset	2200 X509_free(cert);
647 95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 611 diff changeset	2201 return NGX_ERROR;
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 611 diff changeset	2202 }
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 611 diff changeset	2203
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 611 diff changeset	2204 ngx_memcpy(s->data, p, len);
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 611 diff changeset	2205
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 611 diff changeset	2206 OPENSSL_free(p);
1974 f32cc6df6bd6 fix memory leak when ssl_verify_client is on Igor Sysoev <igor@sysoev.ru> parents: 1948 diff changeset	2207 X509_free(cert);
647 95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 611 diff changeset	2208
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 611 diff changeset	2209 return NGX_OK;
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 611 diff changeset	2210 }
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 611 diff changeset	2211
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 611 diff changeset	2212
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 611 diff changeset	2213 ngx_int_t
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 611 diff changeset	2214 ngx_ssl_get_issuer_dn(ngx_connection_t c, ngx_pool_t pool, ngx_str_t *s)
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 611 diff changeset	2215 {
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 611 diff changeset	2216 char *p;
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 611 diff changeset	2217 size_t len;
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 611 diff changeset	2218 X509 *cert;
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 611 diff changeset	2219 X509_NAME *name;
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 611 diff changeset	2220
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 611 diff changeset	2221 s->len = 0;
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 611 diff changeset	2222
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 611 diff changeset	2223 cert = SSL_get_peer_certificate(c->ssl->connection);
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 611 diff changeset	2224 if (cert == NULL) {
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 611 diff changeset	2225 return NGX_OK;
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 611 diff changeset	2226 }
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 611 diff changeset	2227
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 611 diff changeset	2228 name = X509_get_issuer_name(cert);
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 611 diff changeset	2229 if (name == NULL) {
1974 f32cc6df6bd6 fix memory leak when ssl_verify_client is on Igor Sysoev <igor@sysoev.ru> parents: 1948 diff changeset	2230 X509_free(cert);
647 95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 611 diff changeset	2231 return NGX_ERROR;
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 611 diff changeset	2232 }
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 611 diff changeset	2233
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 611 diff changeset	2234 p = X509_NAME_oneline(name, NULL, 0);
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 611 diff changeset	2235
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 611 diff changeset	2236 for (len = 0; p[len]; len++) { /* void */ }
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 611 diff changeset	2237
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 611 diff changeset	2238 s->len = len;
2049 2a92804f4109 ) back out r2040 Igor Sysoev <igor@sysoev.ru>* parents: 2045 diff changeset	2239 s->data = ngx_pnalloc(pool, len);
647 95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 611 diff changeset	2240 if (s->data == NULL) {
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 611 diff changeset	2241 OPENSSL_free(p);
1974 f32cc6df6bd6 fix memory leak when ssl_verify_client is on Igor Sysoev <igor@sysoev.ru> parents: 1948 diff changeset	2242 X509_free(cert);
647 95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 611 diff changeset	2243 return NGX_ERROR;
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 611 diff changeset	2244 }
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 611 diff changeset	2245
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 611 diff changeset	2246 ngx_memcpy(s->data, p, len);
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 611 diff changeset	2247
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 611 diff changeset	2248 OPENSSL_free(p);
1974 f32cc6df6bd6 fix memory leak when ssl_verify_client is on Igor Sysoev <igor@sysoev.ru> parents: 1948 diff changeset	2249 X509_free(cert);
647 95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 611 diff changeset	2250
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 611 diff changeset	2251 return NGX_OK;
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 611 diff changeset	2252 }
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 611 diff changeset	2253
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 611 diff changeset	2254
671 cec32b3753ac nginx-0.3.57-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 647 diff changeset	2255 ngx_int_t
cec32b3753ac nginx-0.3.57-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 647 diff changeset	2256 ngx_ssl_get_serial_number(ngx_connection_t c, ngx_pool_t pool, ngx_str_t *s)
cec32b3753ac nginx-0.3.57-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 647 diff changeset	2257 {
cec32b3753ac nginx-0.3.57-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 647 diff changeset	2258 size_t len;
cec32b3753ac nginx-0.3.57-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 647 diff changeset	2259 X509 *cert;
cec32b3753ac nginx-0.3.57-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 647 diff changeset	2260 BIO *bio;
cec32b3753ac nginx-0.3.57-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 647 diff changeset	2261
cec32b3753ac nginx-0.3.57-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 647 diff changeset	2262 s->len = 0;
cec32b3753ac nginx-0.3.57-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 647 diff changeset	2263
cec32b3753ac nginx-0.3.57-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 647 diff changeset	2264 cert = SSL_get_peer_certificate(c->ssl->connection);
cec32b3753ac nginx-0.3.57-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 647 diff changeset	2265 if (cert == NULL) {
cec32b3753ac nginx-0.3.57-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 647 diff changeset	2266 return NGX_OK;
cec32b3753ac nginx-0.3.57-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 647 diff changeset	2267 }
cec32b3753ac nginx-0.3.57-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 647 diff changeset	2268
cec32b3753ac nginx-0.3.57-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 647 diff changeset	2269 bio = BIO_new(BIO_s_mem());
cec32b3753ac nginx-0.3.57-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 647 diff changeset	2270 if (bio == NULL) {
1974 f32cc6df6bd6 fix memory leak when ssl_verify_client is on Igor Sysoev <igor@sysoev.ru> parents: 1948 diff changeset	2271 X509_free(cert);
671 cec32b3753ac nginx-0.3.57-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 647 diff changeset	2272 return NGX_ERROR;
cec32b3753ac nginx-0.3.57-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 647 diff changeset	2273 }
cec32b3753ac nginx-0.3.57-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 647 diff changeset	2274
cec32b3753ac nginx-0.3.57-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 647 diff changeset	2275 i2a_ASN1_INTEGER(bio, X509_get_serialNumber(cert));
cec32b3753ac nginx-0.3.57-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 647 diff changeset	2276 len = BIO_pending(bio);
cec32b3753ac nginx-0.3.57-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 647 diff changeset	2277
cec32b3753ac nginx-0.3.57-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 647 diff changeset	2278 s->len = len;
2049 2a92804f4109 ) back out r2040 Igor Sysoev <igor@sysoev.ru>* parents: 2045 diff changeset	2279 s->data = ngx_pnalloc(pool, len);
671 cec32b3753ac nginx-0.3.57-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 647 diff changeset	2280 if (s->data == NULL) {
cec32b3753ac nginx-0.3.57-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 647 diff changeset	2281 BIO_free(bio);
1974 f32cc6df6bd6 fix memory leak when ssl_verify_client is on Igor Sysoev <igor@sysoev.ru> parents: 1948 diff changeset	2282 X509_free(cert);
671 cec32b3753ac nginx-0.3.57-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 647 diff changeset	2283 return NGX_ERROR;
cec32b3753ac nginx-0.3.57-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 647 diff changeset	2284 }
cec32b3753ac nginx-0.3.57-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 647 diff changeset	2285
cec32b3753ac nginx-0.3.57-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 647 diff changeset	2286 BIO_read(bio, s->data, len);
cec32b3753ac nginx-0.3.57-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 647 diff changeset	2287 BIO_free(bio);
1974 f32cc6df6bd6 fix memory leak when ssl_verify_client is on Igor Sysoev <igor@sysoev.ru> parents: 1948 diff changeset	2288 X509_free(cert);
671 cec32b3753ac nginx-0.3.57-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 647 diff changeset	2289
cec32b3753ac nginx-0.3.57-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 647 diff changeset	2290 return NGX_OK;
cec32b3753ac nginx-0.3.57-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 647 diff changeset	2291 }
cec32b3753ac nginx-0.3.57-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 647 diff changeset	2292
cec32b3753ac nginx-0.3.57-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 647 diff changeset	2293
2994 f33c48457d0c ) $ssl_client_verify Igor Sysoev <igor@sysoev.ru>* parents: 2912 diff changeset	2294 ngx_int_t
f33c48457d0c ) $ssl_client_verify Igor Sysoev <igor@sysoev.ru>* parents: 2912 diff changeset	2295 ngx_ssl_get_client_verify(ngx_connection_t c, ngx_pool_t pool, ngx_str_t *s)
f33c48457d0c ) $ssl_client_verify Igor Sysoev <igor@sysoev.ru>* parents: 2912 diff changeset	2296 {
f33c48457d0c ) $ssl_client_verify Igor Sysoev <igor@sysoev.ru>* parents: 2912 diff changeset	2297 X509 *cert;
f33c48457d0c ) $ssl_client_verify Igor Sysoev <igor@sysoev.ru>* parents: 2912 diff changeset	2298
f33c48457d0c ) $ssl_client_verify Igor Sysoev <igor@sysoev.ru>* parents: 2912 diff changeset	2299 if (SSL_get_verify_result(c->ssl->connection) != X509_V_OK) {
3516 dd1570b6f237 ngx_str_set() and ngx_str_null() Igor Sysoev <igor@sysoev.ru> parents: 3488 diff changeset	2300 ngx_str_set(s, "FAILED");
2994 f33c48457d0c ) $ssl_client_verify Igor Sysoev <igor@sysoev.ru>* parents: 2912 diff changeset	2301 return NGX_OK;
f33c48457d0c ) $ssl_client_verify Igor Sysoev <igor@sysoev.ru>* parents: 2912 diff changeset	2302 }
f33c48457d0c ) $ssl_client_verify Igor Sysoev <igor@sysoev.ru>* parents: 2912 diff changeset	2303
f33c48457d0c ) $ssl_client_verify Igor Sysoev <igor@sysoev.ru>* parents: 2912 diff changeset	2304 cert = SSL_get_peer_certificate(c->ssl->connection);
f33c48457d0c ) $ssl_client_verify Igor Sysoev <igor@sysoev.ru>* parents: 2912 diff changeset	2305
f33c48457d0c ) $ssl_client_verify Igor Sysoev <igor@sysoev.ru>* parents: 2912 diff changeset	2306 if (cert) {
3516 dd1570b6f237 ngx_str_set() and ngx_str_null() Igor Sysoev <igor@sysoev.ru> parents: 3488 diff changeset	2307 ngx_str_set(s, "SUCCESS");
2994 f33c48457d0c ) $ssl_client_verify Igor Sysoev <igor@sysoev.ru>* parents: 2912 diff changeset	2308
f33c48457d0c ) $ssl_client_verify Igor Sysoev <igor@sysoev.ru>* parents: 2912 diff changeset	2309 } else {
3516 dd1570b6f237 ngx_str_set() and ngx_str_null() Igor Sysoev <igor@sysoev.ru> parents: 3488 diff changeset	2310 ngx_str_set(s, "NONE");
2994 f33c48457d0c ) $ssl_client_verify Igor Sysoev <igor@sysoev.ru>* parents: 2912 diff changeset	2311 }
f33c48457d0c ) $ssl_client_verify Igor Sysoev <igor@sysoev.ru>* parents: 2912 diff changeset	2312
f33c48457d0c ) $ssl_client_verify Igor Sysoev <igor@sysoev.ru>* parents: 2912 diff changeset	2313 X509_free(cert);
f33c48457d0c ) $ssl_client_verify Igor Sysoev <igor@sysoev.ru>* parents: 2912 diff changeset	2314
f33c48457d0c ) $ssl_client_verify Igor Sysoev <igor@sysoev.ru>* parents: 2912 diff changeset	2315 return NGX_OK;
f33c48457d0c ) $ssl_client_verify Igor Sysoev <igor@sysoev.ru>* parents: 2912 diff changeset	2316 }
f33c48457d0c ) $ssl_client_verify Igor Sysoev <igor@sysoev.ru>* parents: 2912 diff changeset	2317
f33c48457d0c ) $ssl_client_verify Igor Sysoev <igor@sysoev.ru>* parents: 2912 diff changeset	2318
541 b09ee85d0ac8 nginx-0.1.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 539 diff changeset	2319 static void *
b09ee85d0ac8 nginx-0.1.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 539 diff changeset	2320 ngx_openssl_create_conf(ngx_cycle_t *cycle)
b09ee85d0ac8 nginx-0.1.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 539 diff changeset	2321 {
b09ee85d0ac8 nginx-0.1.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 539 diff changeset	2322 ngx_openssl_conf_t *oscf;
577 4d9ea73a627a nginx-0.3.10-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 571 diff changeset	2323
541 b09ee85d0ac8 nginx-0.1.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 539 diff changeset	2324 oscf = ngx_pcalloc(cycle->pool, sizeof(ngx_openssl_conf_t));
b09ee85d0ac8 nginx-0.1.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 539 diff changeset	2325 if (oscf == NULL) {
2912 c7d57b539248 return NULL instead of NGX_CONF_ERROR on a create conf failure Igor Sysoev <igor@sysoev.ru> parents: 2764 diff changeset	2326 return NULL;
541 b09ee85d0ac8 nginx-0.1.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 539 diff changeset	2327 }
577 4d9ea73a627a nginx-0.3.10-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 571 diff changeset	2328
541 b09ee85d0ac8 nginx-0.1.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 539 diff changeset	2329 /*
b09ee85d0ac8 nginx-0.1.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 539 diff changeset	2330 * set by ngx_pcalloc():
577 4d9ea73a627a nginx-0.3.10-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 571 diff changeset	2331 *
2504 9e9a985d956a load SSL engine before certificates, Igor Sysoev <igor@sysoev.ru> parents: 2388 diff changeset	2332 * oscf->engine = 0;
577 4d9ea73a627a nginx-0.3.10-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 571 diff changeset	2333 */
541 b09ee85d0ac8 nginx-0.1.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 539 diff changeset	2334
b09ee85d0ac8 nginx-0.1.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 539 diff changeset	2335 return oscf;
b09ee85d0ac8 nginx-0.1.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 539 diff changeset	2336 }
b09ee85d0ac8 nginx-0.1.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 539 diff changeset	2337
b09ee85d0ac8 nginx-0.1.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 539 diff changeset	2338
b09ee85d0ac8 nginx-0.1.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 539 diff changeset	2339 static char *
2504 9e9a985d956a load SSL engine before certificates, Igor Sysoev <igor@sysoev.ru> parents: 2388 diff changeset	2340 ngx_openssl_engine(ngx_conf_t cf, ngx_command_t cmd, void *conf)
541 b09ee85d0ac8 nginx-0.1.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 539 diff changeset	2341 {
b09ee85d0ac8 nginx-0.1.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 539 diff changeset	2342 ngx_openssl_conf_t *oscf = conf;
571 458b6c3fea65 nginx-0.3.7-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 563 diff changeset	2343
2504 9e9a985d956a load SSL engine before certificates, Igor Sysoev <igor@sysoev.ru> parents: 2388 diff changeset	2344 ENGINE *engine;
9e9a985d956a load SSL engine before certificates, Igor Sysoev <igor@sysoev.ru> parents: 2388 diff changeset	2345 ngx_str_t *value;
9e9a985d956a load SSL engine before certificates, Igor Sysoev <igor@sysoev.ru> parents: 2388 diff changeset	2346
9e9a985d956a load SSL engine before certificates, Igor Sysoev <igor@sysoev.ru> parents: 2388 diff changeset	2347 if (oscf->engine) {
9e9a985d956a load SSL engine before certificates, Igor Sysoev <igor@sysoev.ru> parents: 2388 diff changeset	2348 return "is duplicate";
541 b09ee85d0ac8 nginx-0.1.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 539 diff changeset	2349 }
577 4d9ea73a627a nginx-0.3.10-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 571 diff changeset	2350
2504 9e9a985d956a load SSL engine before certificates, Igor Sysoev <igor@sysoev.ru> parents: 2388 diff changeset	2351 oscf->engine = 1;
9e9a985d956a load SSL engine before certificates, Igor Sysoev <igor@sysoev.ru> parents: 2388 diff changeset	2352
9e9a985d956a load SSL engine before certificates, Igor Sysoev <igor@sysoev.ru> parents: 2388 diff changeset	2353 value = cf->args->elts;
9e9a985d956a load SSL engine before certificates, Igor Sysoev <igor@sysoev.ru> parents: 2388 diff changeset	2354
9e9a985d956a load SSL engine before certificates, Igor Sysoev <igor@sysoev.ru> parents: 2388 diff changeset	2355 engine = ENGINE_by_id((const char *) value[1].data);
541 b09ee85d0ac8 nginx-0.1.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 539 diff changeset	2356
b09ee85d0ac8 nginx-0.1.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 539 diff changeset	2357 if (engine == NULL) {
2504 9e9a985d956a load SSL engine before certificates, Igor Sysoev <igor@sysoev.ru> parents: 2388 diff changeset	2358 ngx_ssl_error(NGX_LOG_WARN, cf->log, 0,
9e9a985d956a load SSL engine before certificates, Igor Sysoev <igor@sysoev.ru> parents: 2388 diff changeset	2359 "ENGINE_by_id(\"%V\") failed", &value[1]);
541 b09ee85d0ac8 nginx-0.1.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 539 diff changeset	2360 return NGX_CONF_ERROR;
b09ee85d0ac8 nginx-0.1.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 539 diff changeset	2361 }
b09ee85d0ac8 nginx-0.1.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 539 diff changeset	2362
b09ee85d0ac8 nginx-0.1.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 539 diff changeset	2363 if (ENGINE_set_default(engine, ENGINE_METHOD_ALL) == 0) {
2504 9e9a985d956a load SSL engine before certificates, Igor Sysoev <igor@sysoev.ru> parents: 2388 diff changeset	2364 ngx_ssl_error(NGX_LOG_WARN, cf->log, 0,
541 b09ee85d0ac8 nginx-0.1.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 539 diff changeset	2365 "ENGINE_set_default(\"%V\", ENGINE_METHOD_ALL) failed",
2504 9e9a985d956a load SSL engine before certificates, Igor Sysoev <igor@sysoev.ru> parents: 2388 diff changeset	2366 &value[1]);
9e9a985d956a load SSL engine before certificates, Igor Sysoev <igor@sysoev.ru> parents: 2388 diff changeset	2367
9e9a985d956a load SSL engine before certificates, Igor Sysoev <igor@sysoev.ru> parents: 2388 diff changeset	2368 ENGINE_free(engine);
9e9a985d956a load SSL engine before certificates, Igor Sysoev <igor@sysoev.ru> parents: 2388 diff changeset	2369
541 b09ee85d0ac8 nginx-0.1.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 539 diff changeset	2370 return NGX_CONF_ERROR;
b09ee85d0ac8 nginx-0.1.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 539 diff changeset	2371 }
b09ee85d0ac8 nginx-0.1.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 539 diff changeset	2372
b09ee85d0ac8 nginx-0.1.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 539 diff changeset	2373 ENGINE_free(engine);
b09ee85d0ac8 nginx-0.1.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 539 diff changeset	2374
b09ee85d0ac8 nginx-0.1.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 539 diff changeset	2375 return NGX_CONF_OK;
2504 9e9a985d956a load SSL engine before certificates, Igor Sysoev <igor@sysoev.ru> parents: 2388 diff changeset	2376 }
571 458b6c3fea65 nginx-0.3.7-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 563 diff changeset	2377
458b6c3fea65 nginx-0.3.7-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 563 diff changeset	2378
458b6c3fea65 nginx-0.3.7-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 563 diff changeset	2379 static void
458b6c3fea65 nginx-0.3.7-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 563 diff changeset	2380 ngx_openssl_exit(ngx_cycle_t *cycle)
458b6c3fea65 nginx-0.3.7-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 563 diff changeset	2381 {
3464 7f99ce2247f9 add OpenSSL_add_all_algorithms(), this fixes the error Igor Sysoev <igor@sysoev.ru> parents: 3457 diff changeset	2382 EVP_cleanup();
571 458b6c3fea65 nginx-0.3.7-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 563 diff changeset	2383 ENGINE_cleanup();
458b6c3fea65 nginx-0.3.7-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 563 diff changeset	2384 }

Mercurial > hg > nginx

annotate src/event/ngx_event_openssl.c @ 4580:ae60a1085c82