nginx: src/http/modules/ngx_http_ssl

annotate src/http/modules/ngx_http_ssl_module.h @ 7654:b56f725dd4bb

OCSP: certificate status cache. When enabled, certificate status is stored in cache and is used to validate the certificate in future requests. New directive ssl_ocsp_cache is added to configure the cache.

author	Roman Arutyunyan <arut@nginx.com>
date	Fri, 22 May 2020 17:25:27 +0300
parents	8409f9df6219
children	3bff3f397c05 7995cd199b52

rev	line source
441 da8c5707af39 nginx-0.1.0-2004-09-28-12:34:51 import; set copyright and remove unused files Igor Sysoev <igor@sysoev.ru> parents: 395 diff changeset	1
da8c5707af39 nginx-0.1.0-2004-09-28-12:34:51 import; set copyright and remove unused files Igor Sysoev <igor@sysoev.ru> parents: 395 diff changeset	2 /*
444 42d11f017717 nginx-0.1.0-2004-09-29-20:00:49 import; remove years from copyright Igor Sysoev <igor@sysoev.ru> parents: 441 diff changeset	3 * Copyright (C) Igor Sysoev
4412 d620f497c50f Copyright updated. Maxim Konovalov <maxim@nginx.com> parents: 3960 diff changeset	4 * Copyright (C) Nginx, Inc.
441 da8c5707af39 nginx-0.1.0-2004-09-28-12:34:51 import; set copyright and remove unused files Igor Sysoev <igor@sysoev.ru> parents: 395 diff changeset	5 */
da8c5707af39 nginx-0.1.0-2004-09-28-12:34:51 import; set copyright and remove unused files Igor Sysoev <igor@sysoev.ru> parents: 395 diff changeset	6
da8c5707af39 nginx-0.1.0-2004-09-28-12:34:51 import; set copyright and remove unused files Igor Sysoev <igor@sysoev.ru> parents: 395 diff changeset	7
395 f8f0f1834266 nginx-0.0.7-2004-07-16-21:11:43 import Igor Sysoev <igor@sysoev.ru> parents: 393 diff changeset	8 #ifndef _NGX_HTTP_SSL_H_INCLUDED_
f8f0f1834266 nginx-0.0.7-2004-07-16-21:11:43 import Igor Sysoev <igor@sysoev.ru> parents: 393 diff changeset	9 #define _NGX_HTTP_SSL_H_INCLUDED_
383 c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	10
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	11
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	12 #include <ngx_config.h>
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	13 #include <ngx_core.h>
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	14 #include <ngx_http.h>
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	15
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	16
973 e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 647 diff changeset	17 typedef struct {
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 647 diff changeset	18 ngx_flag_t enable;
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 647 diff changeset	19
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 647 diff changeset	20 ngx_ssl_t ssl;
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 647 diff changeset	21
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 647 diff changeset	22 ngx_flag_t prefer_server_ciphers;
7333 ba971deb4b44 SSL: support for TLSv1.3 early data with BoringSSL. Maxim Dounin <mdounin@mdounin.ru> parents: 6550 diff changeset	23 ngx_flag_t early_data;
573 58475592100c nginx-0.3.8-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 547 diff changeset	24
973 e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 647 diff changeset	25 ngx_uint_t protocols;
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 647 diff changeset	26
2123 9697407e9ecb ) ssl_verify_client ask Igor Sysoev <igor@sysoev.ru>* parents: 2044 diff changeset	27 ngx_uint_t verify;
9697407e9ecb ) ssl_verify_client ask Igor Sysoev <igor@sysoev.ru>* parents: 2044 diff changeset	28 ngx_uint_t verify_depth;
973 e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 647 diff changeset	29
5487 a297b7ad6f94 SSL: ssl_buffer_size directive. Maxim Dounin <mdounin@mdounin.ru> parents: 5425 diff changeset	30 size_t buffer_size;
a297b7ad6f94 SSL: ssl_buffer_size directive. Maxim Dounin <mdounin@mdounin.ru> parents: 5425 diff changeset	31
973 e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 647 diff changeset	32 ssize_t builtin_session_cache;
393 5659d773cfa8 nginx-0.0.7-2004-07-15-20:35:51 import Igor Sysoev <igor@sysoev.ru> parents: 392 diff changeset	33
973 e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 647 diff changeset	34 time_t session_timeout;
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 647 diff changeset	35
6550 51e1f047d15d SSL: support for multiple certificates (ticket #814). Maxim Dounin <mdounin@mdounin.ru> parents: 5744 diff changeset	36 ngx_array_t *certificates;
51e1f047d15d SSL: support for multiple certificates (ticket #814). Maxim Dounin <mdounin@mdounin.ru> parents: 5744 diff changeset	37 ngx_array_t *certificate_keys;
51e1f047d15d SSL: support for multiple certificates (ticket #814). Maxim Dounin <mdounin@mdounin.ru> parents: 5744 diff changeset	38
7462 be2af41d3620 SSL: variables support in ssl_certificate and ssl_certificate_key. Maxim Dounin <mdounin@mdounin.ru> parents: 7333 diff changeset	39 ngx_array_t *certificate_values;
be2af41d3620 SSL: variables support in ssl_certificate and ssl_certificate_key. Maxim Dounin <mdounin@mdounin.ru> parents: 7333 diff changeset	40 ngx_array_t *certificate_key_values;
be2af41d3620 SSL: variables support in ssl_certificate and ssl_certificate_key. Maxim Dounin <mdounin@mdounin.ru> parents: 7333 diff changeset	41
2044 f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 974 diff changeset	42 ngx_str_t dhparam;
3960 0832a6997227 ECDHE support Igor Sysoev <igor@sysoev.ru> parents: 2995 diff changeset	43 ngx_str_t ecdh_curve;
973 e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 647 diff changeset	44 ngx_str_t client_certificate;
4872 7c3cca603438 OCSP stapling: ssl_trusted_certificate directive. Maxim Dounin <mdounin@mdounin.ru> parents: 4412 diff changeset	45 ngx_str_t trusted_certificate;
2995 cc07d164f0dc ssl_crl Igor Sysoev <igor@sysoev.ru> parents: 2224 diff changeset	46 ngx_str_t crl;
973 e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 647 diff changeset	47
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 647 diff changeset	48 ngx_str_t ciphers;
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 647 diff changeset	49
5744 42114bf12da0 SSL: the "ssl_password_file" directive. Valentin Bartenev <vbart@nginx.com> parents: 5503 diff changeset	50 ngx_array_t *passwords;
42114bf12da0 SSL: the "ssl_password_file" directive. Valentin Bartenev <vbart@nginx.com> parents: 5503 diff changeset	51
973 e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 647 diff changeset	52 ngx_shm_zone_t *shm_zone;
2224 109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2123 diff changeset	53
5503 d049b0ea00a3 SSL: ssl_session_tickets directive. Dirkjan Bussink <d.bussink@gmail.com> parents: 5487 diff changeset	54 ngx_flag_t session_tickets;
5425 1356a3b96924 SSL: added ability to set keys used for Session Tickets (RFC5077). Piotr Sikora <piotr@cloudflare.com> parents: 4879 diff changeset	55 ngx_array_t *session_ticket_keys;
1356a3b96924 SSL: added ability to set keys used for Session Tickets (RFC5077). Piotr Sikora <piotr@cloudflare.com> parents: 4879 diff changeset	56
7653 8409f9df6219 SSL: client certificate validation with OCSP (ticket #1534). Roman Arutyunyan <arut@nginx.com> parents: 7462 diff changeset	57 ngx_uint_t ocsp;
8409f9df6219 SSL: client certificate validation with OCSP (ticket #1534). Roman Arutyunyan <arut@nginx.com> parents: 7462 diff changeset	58 ngx_str_t ocsp_responder;
7654 b56f725dd4bb OCSP: certificate status cache. Roman Arutyunyan <arut@nginx.com> parents: 7653 diff changeset	59 ngx_shm_zone_t *ocsp_cache_zone;
7653 8409f9df6219 SSL: client certificate validation with OCSP (ticket #1534). Roman Arutyunyan <arut@nginx.com> parents: 7462 diff changeset	60
4873 dd74fd35ceb5 OCSP stapling: ssl_stapling_file support. Maxim Dounin <mdounin@mdounin.ru> parents: 4872 diff changeset	61 ngx_flag_t stapling;
4879 4a804fd04e6c OCSP stapling: ssl_stapling_verify directive. Maxim Dounin <mdounin@mdounin.ru> parents: 4875 diff changeset	62 ngx_flag_t stapling_verify;
4873 dd74fd35ceb5 OCSP stapling: ssl_stapling_file support. Maxim Dounin <mdounin@mdounin.ru> parents: 4872 diff changeset	63 ngx_str_t stapling_file;
4875 386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4873 diff changeset	64 ngx_str_t stapling_responder;
4873 dd74fd35ceb5 OCSP stapling: ssl_stapling_file support. Maxim Dounin <mdounin@mdounin.ru> parents: 4872 diff changeset	65
2224 109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2123 diff changeset	66 u_char *file;
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2123 diff changeset	67 ngx_uint_t line;
393 5659d773cfa8 nginx-0.0.7-2004-07-15-20:35:51 import Igor Sysoev <igor@sysoev.ru> parents: 392 diff changeset	68 } ngx_http_ssl_srv_conf_t;
386 fa72605e7089 nginx-0.0.7-2004-07-12-01:03:47 import Igor Sysoev <igor@sysoev.ru> parents: 384 diff changeset	69
fa72605e7089 nginx-0.0.7-2004-07-12-01:03:47 import Igor Sysoev <igor@sysoev.ru> parents: 384 diff changeset	70
395 f8f0f1834266 nginx-0.0.7-2004-07-16-21:11:43 import Igor Sysoev <igor@sysoev.ru> parents: 393 diff changeset	71 extern ngx_module_t ngx_http_ssl_module;
393 5659d773cfa8 nginx-0.0.7-2004-07-15-20:35:51 import Igor Sysoev <igor@sysoev.ru> parents: 392 diff changeset	72
5659d773cfa8 nginx-0.0.7-2004-07-15-20:35:51 import Igor Sysoev <igor@sysoev.ru> parents: 392 diff changeset	73
395 f8f0f1834266 nginx-0.0.7-2004-07-16-21:11:43 import Igor Sysoev <igor@sysoev.ru> parents: 393 diff changeset	74 #endif /* _NGX_HTTP_SSL_H_INCLUDED_ */

Mercurial > hg > nginx

annotate src/http/modules/ngx_http_ssl_module.h @ 7654:b56f725dd4bb