Mercurial > hg > nginx

annotate src/http/modules/ngx_http_ssl_module.c @ 7213:c69c13f10502

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Geo: fixed memory allocation error handling (closes #1482). If during configuration parsing of the geo directive the memory allocation has failed, pool used to parse configuration inside the block, and sometimes the temporary pool were not destroyed.
author Ruslan Ermilov <ru@nginx.com>
date Wed, 21 Feb 2018 15:50:42 +0300
parents 82f0b8dcca27
children 7f955d3b9a0d
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
441
da8c5707af39 nginx-0.1.0-2004-09-28-12:34:51 import; set copyright and remove unused files
Igor Sysoev <igor@sysoev.ru>
parents: 396
diff changeset
1
da8c5707af39 nginx-0.1.0-2004-09-28-12:34:51 import; set copyright and remove unused files
Igor Sysoev <igor@sysoev.ru>
parents: 396
diff changeset
2 /*
444
42d11f017717 nginx-0.1.0-2004-09-29-20:00:49 import; remove years from copyright
Igor Sysoev <igor@sysoev.ru>
parents: 441
diff changeset
3 * Copyright (C) Igor Sysoev
4412
d620f497c50f Copyright updated.
Maxim Konovalov <maxim@nginx.com>
parents: 4400
diff changeset
4 * Copyright (C) Nginx, Inc.
441
da8c5707af39 nginx-0.1.0-2004-09-28-12:34:51 import; set copyright and remove unused files
Igor Sysoev <igor@sysoev.ru>
parents: 396
diff changeset
5 */
da8c5707af39 nginx-0.1.0-2004-09-28-12:34:51 import; set copyright and remove unused files
Igor Sysoev <igor@sysoev.ru>
parents: 396
diff changeset
6
383
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
7
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
8 #include <ngx_config.h>
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
9 #include <ngx_core.h>
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
10 #include <ngx_http.h>
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
11
573
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 563
diff changeset
12
671
cec32b3753ac nginx-0.3.57-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 669
diff changeset
13 typedef ngx_int_t (*ngx_ssl_variable_handler_pt)(ngx_connection_t *c,
cec32b3753ac nginx-0.3.57-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 669
diff changeset
14 ngx_pool_t *pool, ngx_str_t *s);
611
3f8a2132b93d nginx-0.3.27-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 599
diff changeset
15
3f8a2132b93d nginx-0.3.27-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 599
diff changeset
16
3960
0832a6997227 ECDHE support
Igor Sysoev <igor@sysoev.ru>
parents: 3959
diff changeset
17 #define NGX_DEFAULT_CIPHERS "HIGH:!aNULL:!MD5"
6553
2014ed60f17f SSL: support for multiple curves (ticket #885).
Maxim Dounin <mdounin@mdounin.ru>
parents: 6550
diff changeset
18 #define NGX_DEFAULT_ECDH_CURVE "auto"
383
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
19
5545
01e2a5bcdd8f SSL: support ALPN (IETF's successor to NPN).
Piotr Sikora <piotr@cloudflare.com>
parents: 5504
diff changeset
20 #define NGX_HTTP_NPN_ADVERTISE "\x08http/1.1"
01e2a5bcdd8f SSL: support ALPN (IETF's successor to NPN).
Piotr Sikora <piotr@cloudflare.com>
parents: 5504
diff changeset
21
01e2a5bcdd8f SSL: support ALPN (IETF's successor to NPN).
Piotr Sikora <piotr@cloudflare.com>
parents: 5504
diff changeset
22
01e2a5bcdd8f SSL: support ALPN (IETF's successor to NPN).
Piotr Sikora <piotr@cloudflare.com>
parents: 5504
diff changeset
23 #ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
01e2a5bcdd8f SSL: support ALPN (IETF's successor to NPN).
Piotr Sikora <piotr@cloudflare.com>
parents: 5504
diff changeset
24 static int ngx_http_ssl_alpn_select(ngx_ssl_conn_t *ssl_conn,
01e2a5bcdd8f SSL: support ALPN (IETF's successor to NPN).
Piotr Sikora <piotr@cloudflare.com>
parents: 5504
diff changeset
25 const unsigned char **out, unsigned char *outlen,
01e2a5bcdd8f SSL: support ALPN (IETF's successor to NPN).
Piotr Sikora <piotr@cloudflare.com>
parents: 5504
diff changeset
26 const unsigned char *in, unsigned int inlen, void *arg);
01e2a5bcdd8f SSL: support ALPN (IETF's successor to NPN).
Piotr Sikora <piotr@cloudflare.com>
parents: 5504
diff changeset
27 #endif
383
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
28
5106
afee87b8190a SSL: Next Protocol Negotiation extension support.
Valentin Bartenev <vbart@nginx.com>
parents: 5077
diff changeset
29 #ifdef TLSEXT_TYPE_next_proto_neg
afee87b8190a SSL: Next Protocol Negotiation extension support.
Valentin Bartenev <vbart@nginx.com>
parents: 5077
diff changeset
30 static int ngx_http_ssl_npn_advertised(ngx_ssl_conn_t *ssl_conn,
afee87b8190a SSL: Next Protocol Negotiation extension support.
Valentin Bartenev <vbart@nginx.com>
parents: 5077
diff changeset
31 const unsigned char **out, unsigned int *outlen, void *arg);
afee87b8190a SSL: Next Protocol Negotiation extension support.
Valentin Bartenev <vbart@nginx.com>
parents: 5077
diff changeset
32 #endif
afee87b8190a SSL: Next Protocol Negotiation extension support.
Valentin Bartenev <vbart@nginx.com>
parents: 5077
diff changeset
33
671
cec32b3753ac nginx-0.3.57-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 669
diff changeset
34 static ngx_int_t ngx_http_ssl_static_variable(ngx_http_request_t *r,
611
3f8a2132b93d nginx-0.3.27-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 599
diff changeset
35 ngx_http_variable_value_t *v, uintptr_t data);
671
cec32b3753ac nginx-0.3.57-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 669
diff changeset
36 static ngx_int_t ngx_http_ssl_variable(ngx_http_request_t *r,
647
95d7da23ea53 nginx-0.3.45-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 637
diff changeset
37 ngx_http_variable_value_t *v, uintptr_t data);
611
3f8a2132b93d nginx-0.3.27-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 599
diff changeset
38
3f8a2132b93d nginx-0.3.27-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 599
diff changeset
39 static ngx_int_t ngx_http_ssl_add_variables(ngx_conf_t *cf);
383
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
40 static void *ngx_http_ssl_create_srv_conf(ngx_conf_t *cf);
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
41 static char *ngx_http_ssl_merge_srv_conf(ngx_conf_t *cf,
501
d4ea69372b94 nginx-0.1.25-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 485
diff changeset
42 void *parent, void *child);
383
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
43
2224
109849282793 *) listen ssl
Igor Sysoev <igor@sysoev.ru>
parents: 2124
diff changeset
44 static char *ngx_http_ssl_enable(ngx_conf_t *cf, ngx_command_t *cmd,
109849282793 *) listen ssl
Igor Sysoev <igor@sysoev.ru>
parents: 2124
diff changeset
45 void *conf);
5744
42114bf12da0 SSL: the "ssl_password_file" directive.
Valentin Bartenev <vbart@nginx.com>
parents: 5700
diff changeset
46 static char *ngx_http_ssl_password_file(ngx_conf_t *cf, ngx_command_t *cmd,
42114bf12da0 SSL: the "ssl_password_file" directive.
Valentin Bartenev <vbart@nginx.com>
parents: 5700
diff changeset
47 void *conf);
973
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
48 static char *ngx_http_ssl_session_cache(ngx_conf_t *cf, ngx_command_t *cmd,
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
49 void *conf);
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
50
4875
386a06a22c40 OCSP stapling: loading OCSP responses.
Maxim Dounin <mdounin@mdounin.ru>
parents: 4873
diff changeset
51 static ngx_int_t ngx_http_ssl_init(ngx_conf_t *cf);
386a06a22c40 OCSP stapling: loading OCSP responses.
Maxim Dounin <mdounin@mdounin.ru>
parents: 4873
diff changeset
52
383
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
53
547
818fbd4750b9 nginx-0.2.2-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 543
diff changeset
54 static ngx_conf_bitmask_t ngx_http_ssl_protocols[] = {
818fbd4750b9 nginx-0.2.2-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 543
diff changeset
55 { ngx_string("SSLv2"), NGX_SSL_SSLv2 },
818fbd4750b9 nginx-0.2.2-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 543
diff changeset
56 { ngx_string("SSLv3"), NGX_SSL_SSLv3 },
818fbd4750b9 nginx-0.2.2-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 543
diff changeset
57 { ngx_string("TLSv1"), NGX_SSL_TLSv1 },
4400
a0505851e70c Added support for TLSv1.1, TLSv1.2 in ssl_protocols directive.
Maxim Dounin <mdounin@mdounin.ru>
parents: 4273
diff changeset
58 { ngx_string("TLSv1.1"), NGX_SSL_TLSv1_1 },
a0505851e70c Added support for TLSv1.1, TLSv1.2 in ssl_protocols directive.
Maxim Dounin <mdounin@mdounin.ru>
parents: 4273
diff changeset
59 { ngx_string("TLSv1.2"), NGX_SSL_TLSv1_2 },
6981
08dc60979133 SSL: added support for TLSv1.3 in ssl_protocols directive.
Sergey Kandaurov <pluknet@nginx.com>
parents: 6817
diff changeset
60 { ngx_string("TLSv1.3"), NGX_SSL_TLSv1_3 },
547
818fbd4750b9 nginx-0.2.2-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 543
diff changeset
61 { ngx_null_string, 0 }
818fbd4750b9 nginx-0.2.2-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 543
diff changeset
62 };
818fbd4750b9 nginx-0.2.2-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 543
diff changeset
63
818fbd4750b9 nginx-0.2.2-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 543
diff changeset
64
2123
9697407e9ecb *) ssl_verify_client ask
Igor Sysoev <igor@sysoev.ru>
parents: 2045
diff changeset
65 static ngx_conf_enum_t ngx_http_ssl_verify[] = {
9697407e9ecb *) ssl_verify_client ask
Igor Sysoev <igor@sysoev.ru>
parents: 2045
diff changeset
66 { ngx_string("off"), 0 },
9697407e9ecb *) ssl_verify_client ask
Igor Sysoev <igor@sysoev.ru>
parents: 2045
diff changeset
67 { ngx_string("on"), 1 },
2994
f33c48457d0c *) $ssl_client_verify
Igor Sysoev <igor@sysoev.ru>
parents: 2912
diff changeset
68 { ngx_string("optional"), 2 },
4884
e406c997470a SSL: the "ssl_verify_client" directive parameter "optional_no_ca".
Maxim Dounin <mdounin@mdounin.ru>
parents: 4879
diff changeset
69 { ngx_string("optional_no_ca"), 3 },
2123
9697407e9ecb *) ssl_verify_client ask
Igor Sysoev <igor@sysoev.ru>
parents: 2045
diff changeset
70 { ngx_null_string, 0 }
9697407e9ecb *) ssl_verify_client ask
Igor Sysoev <igor@sysoev.ru>
parents: 2045
diff changeset
71 };
9697407e9ecb *) ssl_verify_client ask
Igor Sysoev <igor@sysoev.ru>
parents: 2045
diff changeset
72
9697407e9ecb *) ssl_verify_client ask
Igor Sysoev <igor@sysoev.ru>
parents: 2045
diff changeset
73
395
f8f0f1834266 nginx-0.0.7-2004-07-16-21:11:43 import
Igor Sysoev <igor@sysoev.ru>
parents: 394
diff changeset
74 static ngx_command_t ngx_http_ssl_commands[] = {
383
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
75
393
5659d773cfa8 nginx-0.0.7-2004-07-15-20:35:51 import
Igor Sysoev <igor@sysoev.ru>
parents: 392
diff changeset
76 { ngx_string("ssl"),
599
869b6444d234 nginx-0.3.21-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 573
diff changeset
77 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_FLAG,
2224
109849282793 *) listen ssl
Igor Sysoev <igor@sysoev.ru>
parents: 2124
diff changeset
78 ngx_http_ssl_enable,
383
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
79 NGX_HTTP_SRV_CONF_OFFSET,
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
80 offsetof(ngx_http_ssl_srv_conf_t, enable),
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
81 NULL },
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
82
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
83 { ngx_string("ssl_certificate"),
599
869b6444d234 nginx-0.3.21-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 573
diff changeset
84 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_TAKE1,
6550
51e1f047d15d SSL: support for multiple certificates (ticket #814).
Maxim Dounin <mdounin@mdounin.ru>
parents: 6489
diff changeset
85 ngx_conf_set_str_array_slot,
383
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
86 NGX_HTTP_SRV_CONF_OFFSET,
6550
51e1f047d15d SSL: support for multiple certificates (ticket #814).
Maxim Dounin <mdounin@mdounin.ru>
parents: 6489
diff changeset
87 offsetof(ngx_http_ssl_srv_conf_t, certificates),
383
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
88 NULL },
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
89
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
90 { ngx_string("ssl_certificate_key"),
599
869b6444d234 nginx-0.3.21-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 573
diff changeset
91 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_TAKE1,
6550
51e1f047d15d SSL: support for multiple certificates (ticket #814).
Maxim Dounin <mdounin@mdounin.ru>
parents: 6489
diff changeset
92 ngx_conf_set_str_array_slot,
383
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
93 NGX_HTTP_SRV_CONF_OFFSET,
6550
51e1f047d15d SSL: support for multiple certificates (ticket #814).
Maxim Dounin <mdounin@mdounin.ru>
parents: 6489
diff changeset
94 offsetof(ngx_http_ssl_srv_conf_t, certificate_keys),
383
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
95 NULL },
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
96
5744
42114bf12da0 SSL: the "ssl_password_file" directive.
Valentin Bartenev <vbart@nginx.com>
parents: 5700
diff changeset
97 { ngx_string("ssl_password_file"),
42114bf12da0 SSL: the "ssl_password_file" directive.
Valentin Bartenev <vbart@nginx.com>
parents: 5700
diff changeset
98 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_TAKE1,
42114bf12da0 SSL: the "ssl_password_file" directive.
Valentin Bartenev <vbart@nginx.com>
parents: 5700
diff changeset
99 ngx_http_ssl_password_file,
42114bf12da0 SSL: the "ssl_password_file" directive.
Valentin Bartenev <vbart@nginx.com>
parents: 5700
diff changeset
100 NGX_HTTP_SRV_CONF_OFFSET,
42114bf12da0 SSL: the "ssl_password_file" directive.
Valentin Bartenev <vbart@nginx.com>
parents: 5700
diff changeset
101 0,
42114bf12da0 SSL: the "ssl_password_file" directive.
Valentin Bartenev <vbart@nginx.com>
parents: 5700
diff changeset
102 NULL },
42114bf12da0 SSL: the "ssl_password_file" directive.
Valentin Bartenev <vbart@nginx.com>
parents: 5700
diff changeset
103
2044
f45cec1cd270 DH parameters, ssl_dhparam
Igor Sysoev <igor@sysoev.ru>
parents: 2032
diff changeset
104 { ngx_string("ssl_dhparam"),
f45cec1cd270 DH parameters, ssl_dhparam
Igor Sysoev <igor@sysoev.ru>
parents: 2032
diff changeset
105 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_TAKE1,
f45cec1cd270 DH parameters, ssl_dhparam
Igor Sysoev <igor@sysoev.ru>
parents: 2032
diff changeset
106 ngx_conf_set_str_slot,
f45cec1cd270 DH parameters, ssl_dhparam
Igor Sysoev <igor@sysoev.ru>
parents: 2032
diff changeset
107 NGX_HTTP_SRV_CONF_OFFSET,
f45cec1cd270 DH parameters, ssl_dhparam
Igor Sysoev <igor@sysoev.ru>
parents: 2032
diff changeset
108 offsetof(ngx_http_ssl_srv_conf_t, dhparam),
f45cec1cd270 DH parameters, ssl_dhparam
Igor Sysoev <igor@sysoev.ru>
parents: 2032
diff changeset
109 NULL },
f45cec1cd270 DH parameters, ssl_dhparam
Igor Sysoev <igor@sysoev.ru>
parents: 2032
diff changeset
110
3960
0832a6997227 ECDHE support
Igor Sysoev <igor@sysoev.ru>
parents: 3959
diff changeset
111 { ngx_string("ssl_ecdh_curve"),
0832a6997227 ECDHE support
Igor Sysoev <igor@sysoev.ru>
parents: 3959
diff changeset
112 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_TAKE1,
0832a6997227 ECDHE support
Igor Sysoev <igor@sysoev.ru>
parents: 3959
diff changeset
113 ngx_conf_set_str_slot,
0832a6997227 ECDHE support
Igor Sysoev <igor@sysoev.ru>
parents: 3959
diff changeset
114 NGX_HTTP_SRV_CONF_OFFSET,
0832a6997227 ECDHE support
Igor Sysoev <igor@sysoev.ru>
parents: 3959
diff changeset
115 offsetof(ngx_http_ssl_srv_conf_t, ecdh_curve),
0832a6997227 ECDHE support
Igor Sysoev <igor@sysoev.ru>
parents: 3959
diff changeset
116 NULL },
0832a6997227 ECDHE support
Igor Sysoev <igor@sysoev.ru>
parents: 3959
diff changeset
117
547
818fbd4750b9 nginx-0.2.2-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 543
diff changeset
118 { ngx_string("ssl_protocols"),
563
9c2f3ed7a247 nginx-0.3.3-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 547
diff changeset
119 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_1MORE,
547
818fbd4750b9 nginx-0.2.2-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 543
diff changeset
120 ngx_conf_set_bitmask_slot,
818fbd4750b9 nginx-0.2.2-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 543
diff changeset
121 NGX_HTTP_SRV_CONF_OFFSET,
818fbd4750b9 nginx-0.2.2-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 543
diff changeset
122 offsetof(ngx_http_ssl_srv_conf_t, protocols),
818fbd4750b9 nginx-0.2.2-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 543
diff changeset
123 &ngx_http_ssl_protocols },
818fbd4750b9 nginx-0.2.2-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 543
diff changeset
124
479
c52408583801 nginx-0.1.14-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 444
diff changeset
125 { ngx_string("ssl_ciphers"),
563
9c2f3ed7a247 nginx-0.3.3-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 547
diff changeset
126 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_TAKE1,
479
c52408583801 nginx-0.1.14-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 444
diff changeset
127 ngx_conf_set_str_slot,
c52408583801 nginx-0.1.14-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 444
diff changeset
128 NGX_HTTP_SRV_CONF_OFFSET,
c52408583801 nginx-0.1.14-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 444
diff changeset
129 offsetof(ngx_http_ssl_srv_conf_t, ciphers),
c52408583801 nginx-0.1.14-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 444
diff changeset
130 NULL },
c52408583801 nginx-0.1.14-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 444
diff changeset
131
5487
a297b7ad6f94 SSL: ssl_buffer_size directive.
Maxim Dounin <mdounin@mdounin.ru>
parents: 5425
diff changeset
132 { ngx_string("ssl_buffer_size"),
a297b7ad6f94 SSL: ssl_buffer_size directive.
Maxim Dounin <mdounin@mdounin.ru>
parents: 5425
diff changeset
133 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_TAKE1,
a297b7ad6f94 SSL: ssl_buffer_size directive.
Maxim Dounin <mdounin@mdounin.ru>
parents: 5425
diff changeset
134 ngx_conf_set_size_slot,
a297b7ad6f94 SSL: ssl_buffer_size directive.
Maxim Dounin <mdounin@mdounin.ru>
parents: 5425
diff changeset
135 NGX_HTTP_SRV_CONF_OFFSET,
a297b7ad6f94 SSL: ssl_buffer_size directive.
Maxim Dounin <mdounin@mdounin.ru>
parents: 5425
diff changeset
136 offsetof(ngx_http_ssl_srv_conf_t, buffer_size),
a297b7ad6f94 SSL: ssl_buffer_size directive.
Maxim Dounin <mdounin@mdounin.ru>
parents: 5425
diff changeset
137 NULL },
a297b7ad6f94 SSL: ssl_buffer_size directive.
Maxim Dounin <mdounin@mdounin.ru>
parents: 5425
diff changeset
138
647
95d7da23ea53 nginx-0.3.45-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 637
diff changeset
139 { ngx_string("ssl_verify_client"),
4273
e444e8f6538b Fixed NGX_CONF_TAKE1/NGX_CONF_FLAG misuse.
Sergey Budnevitch <sb@waeme.net>
parents: 4234
diff changeset
140 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_TAKE1,
2123
9697407e9ecb *) ssl_verify_client ask
Igor Sysoev <igor@sysoev.ru>
parents: 2045
diff changeset
141 ngx_conf_set_enum_slot,
647
95d7da23ea53 nginx-0.3.45-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 637
diff changeset
142 NGX_HTTP_SRV_CONF_OFFSET,
95d7da23ea53 nginx-0.3.45-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 637
diff changeset
143 offsetof(ngx_http_ssl_srv_conf_t, verify),
2123
9697407e9ecb *) ssl_verify_client ask
Igor Sysoev <igor@sysoev.ru>
parents: 2045
diff changeset
144 &ngx_http_ssl_verify },
647
95d7da23ea53 nginx-0.3.45-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 637
diff changeset
145
95d7da23ea53 nginx-0.3.45-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 637
diff changeset
146 { ngx_string("ssl_verify_depth"),
5504
8ed467553f6b SSL: fixed ssl_verify_depth to take only one argument.
Maxim Dounin <mdounin@mdounin.ru>
parents: 5503
diff changeset
147 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_TAKE1,
647
95d7da23ea53 nginx-0.3.45-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 637
diff changeset
148 ngx_conf_set_num_slot,
95d7da23ea53 nginx-0.3.45-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 637
diff changeset
149 NGX_HTTP_SRV_CONF_OFFSET,
95d7da23ea53 nginx-0.3.45-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 637
diff changeset
150 offsetof(ngx_http_ssl_srv_conf_t, verify_depth),
95d7da23ea53 nginx-0.3.45-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 637
diff changeset
151 NULL },
95d7da23ea53 nginx-0.3.45-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 637
diff changeset
152
95d7da23ea53 nginx-0.3.45-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 637
diff changeset
153 { ngx_string("ssl_client_certificate"),
95d7da23ea53 nginx-0.3.45-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 637
diff changeset
154 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_TAKE1,
95d7da23ea53 nginx-0.3.45-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 637
diff changeset
155 ngx_conf_set_str_slot,
95d7da23ea53 nginx-0.3.45-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 637
diff changeset
156 NGX_HTTP_SRV_CONF_OFFSET,
95d7da23ea53 nginx-0.3.45-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 637
diff changeset
157 offsetof(ngx_http_ssl_srv_conf_t, client_certificate),
95d7da23ea53 nginx-0.3.45-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 637
diff changeset
158 NULL },
95d7da23ea53 nginx-0.3.45-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 637
diff changeset
159
4872
7c3cca603438 OCSP stapling: ssl_trusted_certificate directive.
Maxim Dounin <mdounin@mdounin.ru>
parents: 4412
diff changeset
160 { ngx_string("ssl_trusted_certificate"),
7c3cca603438 OCSP stapling: ssl_trusted_certificate directive.
Maxim Dounin <mdounin@mdounin.ru>
parents: 4412
diff changeset
161 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_TAKE1,
7c3cca603438 OCSP stapling: ssl_trusted_certificate directive.
Maxim Dounin <mdounin@mdounin.ru>
parents: 4412
diff changeset
162 ngx_conf_set_str_slot,
7c3cca603438 OCSP stapling: ssl_trusted_certificate directive.
Maxim Dounin <mdounin@mdounin.ru>
parents: 4412
diff changeset
163 NGX_HTTP_SRV_CONF_OFFSET,
7c3cca603438 OCSP stapling: ssl_trusted_certificate directive.
Maxim Dounin <mdounin@mdounin.ru>
parents: 4412
diff changeset
164 offsetof(ngx_http_ssl_srv_conf_t, trusted_certificate),
7c3cca603438 OCSP stapling: ssl_trusted_certificate directive.
Maxim Dounin <mdounin@mdounin.ru>
parents: 4412
diff changeset
165 NULL },
7c3cca603438 OCSP stapling: ssl_trusted_certificate directive.
Maxim Dounin <mdounin@mdounin.ru>
parents: 4412
diff changeset
166
547
818fbd4750b9 nginx-0.2.2-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 543
diff changeset
167 { ngx_string("ssl_prefer_server_ciphers"),
818fbd4750b9 nginx-0.2.2-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 543
diff changeset
168 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_FLAG,
818fbd4750b9 nginx-0.2.2-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 543
diff changeset
169 ngx_conf_set_flag_slot,
818fbd4750b9 nginx-0.2.2-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 543
diff changeset
170 NGX_HTTP_SRV_CONF_OFFSET,
818fbd4750b9 nginx-0.2.2-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 543
diff changeset
171 offsetof(ngx_http_ssl_srv_conf_t, prefer_server_ciphers),
818fbd4750b9 nginx-0.2.2-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 543
diff changeset
172 NULL },
818fbd4750b9 nginx-0.2.2-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 543
diff changeset
173
973
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
174 { ngx_string("ssl_session_cache"),
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
175 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_TAKE12,
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
176 ngx_http_ssl_session_cache,
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
177 NGX_HTTP_SRV_CONF_OFFSET,
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
178 0,
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
179 NULL },
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
180
5503
d049b0ea00a3 SSL: ssl_session_tickets directive.
Dirkjan Bussink <d.bussink@gmail.com>
parents: 5487
diff changeset
181 { ngx_string("ssl_session_tickets"),
d049b0ea00a3 SSL: ssl_session_tickets directive.
Dirkjan Bussink <d.bussink@gmail.com>
parents: 5487
diff changeset
182 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_FLAG,
d049b0ea00a3 SSL: ssl_session_tickets directive.
Dirkjan Bussink <d.bussink@gmail.com>
parents: 5487
diff changeset
183 ngx_conf_set_flag_slot,
d049b0ea00a3 SSL: ssl_session_tickets directive.
Dirkjan Bussink <d.bussink@gmail.com>
parents: 5487
diff changeset
184 NGX_HTTP_SRV_CONF_OFFSET,
d049b0ea00a3 SSL: ssl_session_tickets directive.
Dirkjan Bussink <d.bussink@gmail.com>
parents: 5487
diff changeset
185 offsetof(ngx_http_ssl_srv_conf_t, session_tickets),
d049b0ea00a3 SSL: ssl_session_tickets directive.
Dirkjan Bussink <d.bussink@gmail.com>
parents: 5487
diff changeset
186 NULL },
d049b0ea00a3 SSL: ssl_session_tickets directive.
Dirkjan Bussink <d.bussink@gmail.com>
parents: 5487
diff changeset
187
5425
1356a3b96924 SSL: added ability to set keys used for Session Tickets (RFC5077).
Piotr Sikora <piotr@cloudflare.com>
parents: 5387
diff changeset
188 { ngx_string("ssl_session_ticket_key"),
1356a3b96924 SSL: added ability to set keys used for Session Tickets (RFC5077).
Piotr Sikora <piotr@cloudflare.com>
parents: 5387
diff changeset
189 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_TAKE1,
1356a3b96924 SSL: added ability to set keys used for Session Tickets (RFC5077).
Piotr Sikora <piotr@cloudflare.com>
parents: 5387
diff changeset
190 ngx_conf_set_str_array_slot,
1356a3b96924 SSL: added ability to set keys used for Session Tickets (RFC5077).
Piotr Sikora <piotr@cloudflare.com>
parents: 5387
diff changeset
191 NGX_HTTP_SRV_CONF_OFFSET,
1356a3b96924 SSL: added ability to set keys used for Session Tickets (RFC5077).
Piotr Sikora <piotr@cloudflare.com>
parents: 5387
diff changeset
192 offsetof(ngx_http_ssl_srv_conf_t, session_ticket_keys),
1356a3b96924 SSL: added ability to set keys used for Session Tickets (RFC5077).
Piotr Sikora <piotr@cloudflare.com>
parents: 5387
diff changeset
193 NULL },
1356a3b96924 SSL: added ability to set keys used for Session Tickets (RFC5077).
Piotr Sikora <piotr@cloudflare.com>
parents: 5387
diff changeset
194
573
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 563
diff changeset
195 { ngx_string("ssl_session_timeout"),
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 563
diff changeset
196 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_TAKE1,
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 563
diff changeset
197 ngx_conf_set_sec_slot,
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 563
diff changeset
198 NGX_HTTP_SRV_CONF_OFFSET,
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 563
diff changeset
199 offsetof(ngx_http_ssl_srv_conf_t, session_timeout),
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 563
diff changeset
200 NULL },
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 563
diff changeset
201
2995
cc07d164f0dc ssl_crl
Igor Sysoev <igor@sysoev.ru>
parents: 2994
diff changeset
202 { ngx_string("ssl_crl"),
cc07d164f0dc ssl_crl
Igor Sysoev <igor@sysoev.ru>
parents: 2994
diff changeset
203 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_TAKE1,
cc07d164f0dc ssl_crl
Igor Sysoev <igor@sysoev.ru>
parents: 2994
diff changeset
204 ngx_conf_set_str_slot,
cc07d164f0dc ssl_crl
Igor Sysoev <igor@sysoev.ru>
parents: 2994
diff changeset
205 NGX_HTTP_SRV_CONF_OFFSET,
cc07d164f0dc ssl_crl
Igor Sysoev <igor@sysoev.ru>
parents: 2994
diff changeset
206 offsetof(ngx_http_ssl_srv_conf_t, crl),
cc07d164f0dc ssl_crl
Igor Sysoev <igor@sysoev.ru>
parents: 2994
diff changeset
207 NULL },
cc07d164f0dc ssl_crl
Igor Sysoev <igor@sysoev.ru>
parents: 2994
diff changeset
208
4873
dd74fd35ceb5 OCSP stapling: ssl_stapling_file support.
Maxim Dounin <mdounin@mdounin.ru>
parents: 4872
diff changeset
209 { ngx_string("ssl_stapling"),
dd74fd35ceb5 OCSP stapling: ssl_stapling_file support.
Maxim Dounin <mdounin@mdounin.ru>
parents: 4872
diff changeset
210 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_FLAG,
dd74fd35ceb5 OCSP stapling: ssl_stapling_file support.
Maxim Dounin <mdounin@mdounin.ru>
parents: 4872
diff changeset
211 ngx_conf_set_flag_slot,
dd74fd35ceb5 OCSP stapling: ssl_stapling_file support.
Maxim Dounin <mdounin@mdounin.ru>
parents: 4872
diff changeset
212 NGX_HTTP_SRV_CONF_OFFSET,
dd74fd35ceb5 OCSP stapling: ssl_stapling_file support.
Maxim Dounin <mdounin@mdounin.ru>
parents: 4872
diff changeset
213 offsetof(ngx_http_ssl_srv_conf_t, stapling),
dd74fd35ceb5 OCSP stapling: ssl_stapling_file support.
Maxim Dounin <mdounin@mdounin.ru>
parents: 4872
diff changeset
214 NULL },
dd74fd35ceb5 OCSP stapling: ssl_stapling_file support.
Maxim Dounin <mdounin@mdounin.ru>
parents: 4872
diff changeset
215
dd74fd35ceb5 OCSP stapling: ssl_stapling_file support.
Maxim Dounin <mdounin@mdounin.ru>
parents: 4872
diff changeset
216 { ngx_string("ssl_stapling_file"),
dd74fd35ceb5 OCSP stapling: ssl_stapling_file support.
Maxim Dounin <mdounin@mdounin.ru>
parents: 4872
diff changeset
217 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_TAKE1,
dd74fd35ceb5 OCSP stapling: ssl_stapling_file support.
Maxim Dounin <mdounin@mdounin.ru>
parents: 4872
diff changeset
218 ngx_conf_set_str_slot,
dd74fd35ceb5 OCSP stapling: ssl_stapling_file support.
Maxim Dounin <mdounin@mdounin.ru>
parents: 4872
diff changeset
219 NGX_HTTP_SRV_CONF_OFFSET,
dd74fd35ceb5 OCSP stapling: ssl_stapling_file support.
Maxim Dounin <mdounin@mdounin.ru>
parents: 4872
diff changeset
220 offsetof(ngx_http_ssl_srv_conf_t, stapling_file),
dd74fd35ceb5 OCSP stapling: ssl_stapling_file support.
Maxim Dounin <mdounin@mdounin.ru>
parents: 4872
diff changeset
221 NULL },
dd74fd35ceb5 OCSP stapling: ssl_stapling_file support.
Maxim Dounin <mdounin@mdounin.ru>
parents: 4872
diff changeset
222
4875
386a06a22c40 OCSP stapling: loading OCSP responses.
Maxim Dounin <mdounin@mdounin.ru>
parents: 4873
diff changeset
223 { ngx_string("ssl_stapling_responder"),
386a06a22c40 OCSP stapling: loading OCSP responses.
Maxim Dounin <mdounin@mdounin.ru>
parents: 4873
diff changeset
224 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_TAKE1,
386a06a22c40 OCSP stapling: loading OCSP responses.
Maxim Dounin <mdounin@mdounin.ru>
parents: 4873
diff changeset
225 ngx_conf_set_str_slot,
386a06a22c40 OCSP stapling: loading OCSP responses.
Maxim Dounin <mdounin@mdounin.ru>
parents: 4873
diff changeset
226 NGX_HTTP_SRV_CONF_OFFSET,
386a06a22c40 OCSP stapling: loading OCSP responses.
Maxim Dounin <mdounin@mdounin.ru>
parents: 4873
diff changeset
227 offsetof(ngx_http_ssl_srv_conf_t, stapling_responder),
386a06a22c40 OCSP stapling: loading OCSP responses.
Maxim Dounin <mdounin@mdounin.ru>
parents: 4873
diff changeset
228 NULL },
386a06a22c40 OCSP stapling: loading OCSP responses.
Maxim Dounin <mdounin@mdounin.ru>
parents: 4873
diff changeset
229
4879
4a804fd04e6c OCSP stapling: ssl_stapling_verify directive.
Maxim Dounin <mdounin@mdounin.ru>
parents: 4875
diff changeset
230 { ngx_string("ssl_stapling_verify"),
4a804fd04e6c OCSP stapling: ssl_stapling_verify directive.
Maxim Dounin <mdounin@mdounin.ru>
parents: 4875
diff changeset
231 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_FLAG,
4a804fd04e6c OCSP stapling: ssl_stapling_verify directive.
Maxim Dounin <mdounin@mdounin.ru>
parents: 4875
diff changeset
232 ngx_conf_set_flag_slot,
4a804fd04e6c OCSP stapling: ssl_stapling_verify directive.
Maxim Dounin <mdounin@mdounin.ru>
parents: 4875
diff changeset
233 NGX_HTTP_SRV_CONF_OFFSET,
4a804fd04e6c OCSP stapling: ssl_stapling_verify directive.
Maxim Dounin <mdounin@mdounin.ru>
parents: 4875
diff changeset
234 offsetof(ngx_http_ssl_srv_conf_t, stapling_verify),
4a804fd04e6c OCSP stapling: ssl_stapling_verify directive.
Maxim Dounin <mdounin@mdounin.ru>
parents: 4875
diff changeset
235 NULL },
4a804fd04e6c OCSP stapling: ssl_stapling_verify directive.
Maxim Dounin <mdounin@mdounin.ru>
parents: 4875
diff changeset
236
383
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
237 ngx_null_command
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
238 };
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
239
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
240
395
f8f0f1834266 nginx-0.0.7-2004-07-16-21:11:43 import
Igor Sysoev <igor@sysoev.ru>
parents: 394
diff changeset
241 static ngx_http_module_t ngx_http_ssl_module_ctx = {
611
3f8a2132b93d nginx-0.3.27-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 599
diff changeset
242 ngx_http_ssl_add_variables, /* preconfiguration */
4875
386a06a22c40 OCSP stapling: loading OCSP responses.
Maxim Dounin <mdounin@mdounin.ru>
parents: 4873
diff changeset
243 ngx_http_ssl_init, /* postconfiguration */
383
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
244
541
b09ee85d0ac8 nginx-0.1.45-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 529
diff changeset
245 NULL, /* create main configuration */
b09ee85d0ac8 nginx-0.1.45-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 529
diff changeset
246 NULL, /* init main configuration */
383
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
247
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
248 ngx_http_ssl_create_srv_conf, /* create server configuration */
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
249 ngx_http_ssl_merge_srv_conf, /* merge server configuration */
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
250
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
251 NULL, /* create location configuration */
485
4ebe09b07e30 nginx-0.1.17-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 479
diff changeset
252 NULL /* merge location configuration */
383
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
253 };
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
254
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
255
395
f8f0f1834266 nginx-0.0.7-2004-07-16-21:11:43 import
Igor Sysoev <igor@sysoev.ru>
parents: 394
diff changeset
256 ngx_module_t ngx_http_ssl_module = {
509
9b8c906f6e63 nginx-0.1.29-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 507
diff changeset
257 NGX_MODULE_V1,
395
f8f0f1834266 nginx-0.0.7-2004-07-16-21:11:43 import
Igor Sysoev <igor@sysoev.ru>
parents: 394
diff changeset
258 &ngx_http_ssl_module_ctx, /* module context */
f8f0f1834266 nginx-0.0.7-2004-07-16-21:11:43 import
Igor Sysoev <igor@sysoev.ru>
parents: 394
diff changeset
259 ngx_http_ssl_commands, /* module directives */
383
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
260 NGX_HTTP_MODULE, /* module type */
541
b09ee85d0ac8 nginx-0.1.45-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 529
diff changeset
261 NULL, /* init master */
393
5659d773cfa8 nginx-0.0.7-2004-07-15-20:35:51 import
Igor Sysoev <igor@sysoev.ru>
parents: 392
diff changeset
262 NULL, /* init module */
541
b09ee85d0ac8 nginx-0.1.45-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 529
diff changeset
263 NULL, /* init process */
b09ee85d0ac8 nginx-0.1.45-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 529
diff changeset
264 NULL, /* init thread */
b09ee85d0ac8 nginx-0.1.45-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 529
diff changeset
265 NULL, /* exit thread */
b09ee85d0ac8 nginx-0.1.45-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 529
diff changeset
266 NULL, /* exit process */
b09ee85d0ac8 nginx-0.1.45-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 529
diff changeset
267 NULL, /* exit master */
b09ee85d0ac8 nginx-0.1.45-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 529
diff changeset
268 NGX_MODULE_V1_PADDING
383
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
269 };
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
270
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
271
611
3f8a2132b93d nginx-0.3.27-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 599
diff changeset
272 static ngx_http_variable_t ngx_http_ssl_vars[] = {
3f8a2132b93d nginx-0.3.27-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 599
diff changeset
273
671
cec32b3753ac nginx-0.3.57-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 669
diff changeset
274 { ngx_string("ssl_protocol"), NULL, ngx_http_ssl_static_variable,
1565
4c43e25d11ea fix English grammar
Igor Sysoev <igor@sysoev.ru>
parents: 1310
diff changeset
275 (uintptr_t) ngx_ssl_get_protocol, NGX_HTTP_VAR_CHANGEABLE, 0 },
611
3f8a2132b93d nginx-0.3.27-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 599
diff changeset
276
671
cec32b3753ac nginx-0.3.57-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 669
diff changeset
277 { ngx_string("ssl_cipher"), NULL, ngx_http_ssl_static_variable,
1565
4c43e25d11ea fix English grammar
Igor Sysoev <igor@sysoev.ru>
parents: 1310
diff changeset
278 (uintptr_t) ngx_ssl_get_cipher_name, NGX_HTTP_VAR_CHANGEABLE, 0 },
611
3f8a2132b93d nginx-0.3.27-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 599
diff changeset
279
6816
ea93c7d8752a SSL: $ssl_ciphers (ticket #870).
Maxim Dounin <mdounin@mdounin.ru>
parents: 6815
diff changeset
280 { ngx_string("ssl_ciphers"), NULL, ngx_http_ssl_variable,
ea93c7d8752a SSL: $ssl_ciphers (ticket #870).
Maxim Dounin <mdounin@mdounin.ru>
parents: 6815
diff changeset
281 (uintptr_t) ngx_ssl_get_ciphers, NGX_HTTP_VAR_CHANGEABLE, 0 },
ea93c7d8752a SSL: $ssl_ciphers (ticket #870).
Maxim Dounin <mdounin@mdounin.ru>
parents: 6815
diff changeset
282
6817
e75e854657ba SSL: $ssl_curves (ticket #1088).
Maxim Dounin <mdounin@mdounin.ru>
parents: 6816
diff changeset
283 { ngx_string("ssl_curves"), NULL, ngx_http_ssl_variable,
e75e854657ba SSL: $ssl_curves (ticket #1088).
Maxim Dounin <mdounin@mdounin.ru>
parents: 6816
diff changeset
284 (uintptr_t) ngx_ssl_get_curves, NGX_HTTP_VAR_CHANGEABLE, 0 },
e75e854657ba SSL: $ssl_curves (ticket #1088).
Maxim Dounin <mdounin@mdounin.ru>
parents: 6816
diff changeset
285
3154
823f72db46c0 $ssl_session_id
Igor Sysoev <igor@sysoev.ru>
parents: 3140
diff changeset
286 { ngx_string("ssl_session_id"), NULL, ngx_http_ssl_variable,
823f72db46c0 $ssl_session_id
Igor Sysoev <igor@sysoev.ru>
parents: 3140
diff changeset
287 (uintptr_t) ngx_ssl_get_session_id, NGX_HTTP_VAR_CHANGEABLE, 0 },
823f72db46c0 $ssl_session_id
Igor Sysoev <igor@sysoev.ru>
parents: 3140
diff changeset
288
5573
7c05f6590753 SSL: the $ssl_session_reused variable.
Maxim Dounin <mdounin@mdounin.ru>
parents: 5545
diff changeset
289 { ngx_string("ssl_session_reused"), NULL, ngx_http_ssl_variable,
7c05f6590753 SSL: the $ssl_session_reused variable.
Maxim Dounin <mdounin@mdounin.ru>
parents: 5545
diff changeset
290 (uintptr_t) ngx_ssl_get_session_reused, NGX_HTTP_VAR_CHANGEABLE, 0 },
7c05f6590753 SSL: the $ssl_session_reused variable.
Maxim Dounin <mdounin@mdounin.ru>
parents: 5545
diff changeset
291
5658
94ae92776441 SSL: $ssl_server_name variable.
Maxim Dounin <mdounin@mdounin.ru>
parents: 5573
diff changeset
292 { ngx_string("ssl_server_name"), NULL, ngx_http_ssl_variable,
94ae92776441 SSL: $ssl_server_name variable.
Maxim Dounin <mdounin@mdounin.ru>
parents: 5573
diff changeset
293 (uintptr_t) ngx_ssl_get_server_name, NGX_HTTP_VAR_CHANGEABLE, 0 },
94ae92776441 SSL: $ssl_server_name variable.
Maxim Dounin <mdounin@mdounin.ru>
parents: 5573
diff changeset
294
2045
2b11822b12d6 $ssl_client_cert
Igor Sysoev <igor@sysoev.ru>
parents: 2044
diff changeset
295 { ngx_string("ssl_client_cert"), NULL, ngx_http_ssl_variable,
2b11822b12d6 $ssl_client_cert
Igor Sysoev <igor@sysoev.ru>
parents: 2044
diff changeset
296 (uintptr_t) ngx_ssl_get_certificate, NGX_HTTP_VAR_CHANGEABLE, 0 },
2b11822b12d6 $ssl_client_cert
Igor Sysoev <igor@sysoev.ru>
parents: 2044
diff changeset
297
2123
9697407e9ecb *) ssl_verify_client ask
Igor Sysoev <igor@sysoev.ru>
parents: 2045
diff changeset
298 { ngx_string("ssl_client_raw_cert"), NULL, ngx_http_ssl_variable,
9697407e9ecb *) ssl_verify_client ask
Igor Sysoev <igor@sysoev.ru>
parents: 2045
diff changeset
299 (uintptr_t) ngx_ssl_get_raw_certificate,
9697407e9ecb *) ssl_verify_client ask
Igor Sysoev <igor@sysoev.ru>
parents: 2045
diff changeset
300 NGX_HTTP_VAR_CHANGEABLE, 0 },
9697407e9ecb *) ssl_verify_client ask
Igor Sysoev <igor@sysoev.ru>
parents: 2045
diff changeset
301
7091
82f0b8dcca27 SSL: the $ssl_client_escaped_cert variable (ticket #857).
Maxim Dounin <mdounin@mdounin.ru>
parents: 7077
diff changeset
302 { ngx_string("ssl_client_escaped_cert"), NULL, ngx_http_ssl_variable,
82f0b8dcca27 SSL: the $ssl_client_escaped_cert variable (ticket #857).
Maxim Dounin <mdounin@mdounin.ru>
parents: 7077
diff changeset
303 (uintptr_t) ngx_ssl_get_escaped_certificate,
82f0b8dcca27 SSL: the $ssl_client_escaped_cert variable (ticket #857).
Maxim Dounin <mdounin@mdounin.ru>
parents: 7077
diff changeset
304 NGX_HTTP_VAR_CHANGEABLE, 0 },
82f0b8dcca27 SSL: the $ssl_client_escaped_cert variable (ticket #857).
Maxim Dounin <mdounin@mdounin.ru>
parents: 7077
diff changeset
305
671
cec32b3753ac nginx-0.3.57-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 669
diff changeset
306 { ngx_string("ssl_client_s_dn"), NULL, ngx_http_ssl_variable,
1565
4c43e25d11ea fix English grammar
Igor Sysoev <igor@sysoev.ru>
parents: 1310
diff changeset
307 (uintptr_t) ngx_ssl_get_subject_dn, NGX_HTTP_VAR_CHANGEABLE, 0 },
647
95d7da23ea53 nginx-0.3.45-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 637
diff changeset
308
671
cec32b3753ac nginx-0.3.57-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 669
diff changeset
309 { ngx_string("ssl_client_i_dn"), NULL, ngx_http_ssl_variable,
1565
4c43e25d11ea fix English grammar
Igor Sysoev <igor@sysoev.ru>
parents: 1310
diff changeset
310 (uintptr_t) ngx_ssl_get_issuer_dn, NGX_HTTP_VAR_CHANGEABLE, 0 },
671
cec32b3753ac nginx-0.3.57-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 669
diff changeset
311
6780
56d6bfe6b609 SSL: RFC2253 compliant $ssl_client_s_dn and $ssl_client_i_dn.
Dmitry Volyntsev <xeioex@nginx.com>
parents: 6591
diff changeset
312 { ngx_string("ssl_client_s_dn_legacy"), NULL, ngx_http_ssl_variable,
56d6bfe6b609 SSL: RFC2253 compliant $ssl_client_s_dn and $ssl_client_i_dn.
Dmitry Volyntsev <xeioex@nginx.com>
parents: 6591
diff changeset
313 (uintptr_t) ngx_ssl_get_subject_dn_legacy, NGX_HTTP_VAR_CHANGEABLE, 0 },
56d6bfe6b609 SSL: RFC2253 compliant $ssl_client_s_dn and $ssl_client_i_dn.
Dmitry Volyntsev <xeioex@nginx.com>
parents: 6591
diff changeset
314
56d6bfe6b609 SSL: RFC2253 compliant $ssl_client_s_dn and $ssl_client_i_dn.
Dmitry Volyntsev <xeioex@nginx.com>
parents: 6591
diff changeset
315 { ngx_string("ssl_client_i_dn_legacy"), NULL, ngx_http_ssl_variable,
56d6bfe6b609 SSL: RFC2253 compliant $ssl_client_s_dn and $ssl_client_i_dn.
Dmitry Volyntsev <xeioex@nginx.com>
parents: 6591
diff changeset
316 (uintptr_t) ngx_ssl_get_issuer_dn_legacy, NGX_HTTP_VAR_CHANGEABLE, 0 },
56d6bfe6b609 SSL: RFC2253 compliant $ssl_client_s_dn and $ssl_client_i_dn.
Dmitry Volyntsev <xeioex@nginx.com>
parents: 6591
diff changeset
317
671
cec32b3753ac nginx-0.3.57-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 669
diff changeset
318 { ngx_string("ssl_client_serial"), NULL, ngx_http_ssl_variable,
1565
4c43e25d11ea fix English grammar
Igor Sysoev <igor@sysoev.ru>
parents: 1310
diff changeset
319 (uintptr_t) ngx_ssl_get_serial_number, NGX_HTTP_VAR_CHANGEABLE, 0 },
647
95d7da23ea53 nginx-0.3.45-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 637
diff changeset
320
5700
5e892d40e5cc SSL: $ssl_client_fingerprint variable.
Sergey Budnevitch <sb@waeme.net>
parents: 5658
diff changeset
321 { ngx_string("ssl_client_fingerprint"), NULL, ngx_http_ssl_variable,
5e892d40e5cc SSL: $ssl_client_fingerprint variable.
Sergey Budnevitch <sb@waeme.net>
parents: 5658
diff changeset
322 (uintptr_t) ngx_ssl_get_fingerprint, NGX_HTTP_VAR_CHANGEABLE, 0 },
5e892d40e5cc SSL: $ssl_client_fingerprint variable.
Sergey Budnevitch <sb@waeme.net>
parents: 5658
diff changeset
323
2994
f33c48457d0c *) $ssl_client_verify
Igor Sysoev <igor@sysoev.ru>
parents: 2912
diff changeset
324 { ngx_string("ssl_client_verify"), NULL, ngx_http_ssl_variable,
f33c48457d0c *) $ssl_client_verify
Igor Sysoev <igor@sysoev.ru>
parents: 2912
diff changeset
325 (uintptr_t) ngx_ssl_get_client_verify, NGX_HTTP_VAR_CHANGEABLE, 0 },
f33c48457d0c *) $ssl_client_verify
Igor Sysoev <igor@sysoev.ru>
parents: 2912
diff changeset
326
6815
2d15fff64e3c SSL: $ssl_client_v_start, $ssl_client_v_end, $ssl_client_v_remain.
Maxim Dounin <mdounin@mdounin.ru>
parents: 6780
diff changeset
327 { ngx_string("ssl_client_v_start"), NULL, ngx_http_ssl_variable,
2d15fff64e3c SSL: $ssl_client_v_start, $ssl_client_v_end, $ssl_client_v_remain.
Maxim Dounin <mdounin@mdounin.ru>
parents: 6780
diff changeset
328 (uintptr_t) ngx_ssl_get_client_v_start, NGX_HTTP_VAR_CHANGEABLE, 0 },
2d15fff64e3c SSL: $ssl_client_v_start, $ssl_client_v_end, $ssl_client_v_remain.
Maxim Dounin <mdounin@mdounin.ru>
parents: 6780
diff changeset
329
2d15fff64e3c SSL: $ssl_client_v_start, $ssl_client_v_end, $ssl_client_v_remain.
Maxim Dounin <mdounin@mdounin.ru>
parents: 6780
diff changeset
330 { ngx_string("ssl_client_v_end"), NULL, ngx_http_ssl_variable,
2d15fff64e3c SSL: $ssl_client_v_start, $ssl_client_v_end, $ssl_client_v_remain.
Maxim Dounin <mdounin@mdounin.ru>
parents: 6780
diff changeset
331 (uintptr_t) ngx_ssl_get_client_v_end, NGX_HTTP_VAR_CHANGEABLE, 0 },
2d15fff64e3c SSL: $ssl_client_v_start, $ssl_client_v_end, $ssl_client_v_remain.
Maxim Dounin <mdounin@mdounin.ru>
parents: 6780
diff changeset
332
2d15fff64e3c SSL: $ssl_client_v_start, $ssl_client_v_end, $ssl_client_v_remain.
Maxim Dounin <mdounin@mdounin.ru>
parents: 6780
diff changeset
333 { ngx_string("ssl_client_v_remain"), NULL, ngx_http_ssl_variable,
2d15fff64e3c SSL: $ssl_client_v_start, $ssl_client_v_end, $ssl_client_v_remain.
Maxim Dounin <mdounin@mdounin.ru>
parents: 6780
diff changeset
334 (uintptr_t) ngx_ssl_get_client_v_remain, NGX_HTTP_VAR_CHANGEABLE, 0 },
2d15fff64e3c SSL: $ssl_client_v_start, $ssl_client_v_end, $ssl_client_v_remain.
Maxim Dounin <mdounin@mdounin.ru>
parents: 6780
diff changeset
335
7077
2a288909abc6 Variables: macros for null variables.
Ruslan Ermilov <ru@nginx.com>
parents: 6981
diff changeset
336 ngx_http_null_variable
611
3f8a2132b93d nginx-0.3.27-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 599
diff changeset
337 };
3f8a2132b93d nginx-0.3.27-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 599
diff changeset
338
3f8a2132b93d nginx-0.3.27-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 599
diff changeset
339
974
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents: 973
diff changeset
340 static ngx_str_t ngx_http_ssl_sess_id_ctx = ngx_string("HTTP");
973
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
341
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
342
5545
01e2a5bcdd8f SSL: support ALPN (IETF's successor to NPN).
Piotr Sikora <piotr@cloudflare.com>
parents: 5504
diff changeset
343 #ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
01e2a5bcdd8f SSL: support ALPN (IETF's successor to NPN).
Piotr Sikora <piotr@cloudflare.com>
parents: 5504
diff changeset
344
01e2a5bcdd8f SSL: support ALPN (IETF's successor to NPN).
Piotr Sikora <piotr@cloudflare.com>
parents: 5504
diff changeset
345 static int
01e2a5bcdd8f SSL: support ALPN (IETF's successor to NPN).
Piotr Sikora <piotr@cloudflare.com>
parents: 5504
diff changeset
346 ngx_http_ssl_alpn_select(ngx_ssl_conn_t *ssl_conn, const unsigned char **out,
01e2a5bcdd8f SSL: support ALPN (IETF's successor to NPN).
Piotr Sikora <piotr@cloudflare.com>
parents: 5504
diff changeset
347 unsigned char *outlen, const unsigned char *in, unsigned int inlen,
01e2a5bcdd8f SSL: support ALPN (IETF's successor to NPN).
Piotr Sikora <piotr@cloudflare.com>
parents: 5504
diff changeset
348 void *arg)
01e2a5bcdd8f SSL: support ALPN (IETF's successor to NPN).
Piotr Sikora <piotr@cloudflare.com>
parents: 5504
diff changeset
349 {
01e2a5bcdd8f SSL: support ALPN (IETF's successor to NPN).
Piotr Sikora <piotr@cloudflare.com>
parents: 5504
diff changeset
350 unsigned int srvlen;
01e2a5bcdd8f SSL: support ALPN (IETF's successor to NPN).
Piotr Sikora <piotr@cloudflare.com>
parents: 5504
diff changeset
351 unsigned char *srv;
01e2a5bcdd8f SSL: support ALPN (IETF's successor to NPN).
Piotr Sikora <piotr@cloudflare.com>
parents: 5504
diff changeset
352 #if (NGX_DEBUG)
01e2a5bcdd8f SSL: support ALPN (IETF's successor to NPN).
Piotr Sikora <piotr@cloudflare.com>
parents: 5504
diff changeset
353 unsigned int i;
01e2a5bcdd8f SSL: support ALPN (IETF's successor to NPN).
Piotr Sikora <piotr@cloudflare.com>
parents: 5504
diff changeset
354 #endif
6246
257b51c37c5a The HTTP/2 implementation (RFC 7240, 7241).
Valentin Bartenev <vbart@nginx.com>
parents: 6157
diff changeset
355 #if (NGX_HTTP_V2)
5545
01e2a5bcdd8f SSL: support ALPN (IETF's successor to NPN).
Piotr Sikora <piotr@cloudflare.com>
parents: 5504
diff changeset
356 ngx_http_connection_t *hc;
01e2a5bcdd8f SSL: support ALPN (IETF's successor to NPN).
Piotr Sikora <piotr@cloudflare.com>
parents: 5504
diff changeset
357 #endif
6246
257b51c37c5a The HTTP/2 implementation (RFC 7240, 7241).
Valentin Bartenev <vbart@nginx.com>
parents: 6157
diff changeset
358 #if (NGX_HTTP_V2 || NGX_DEBUG)
5545
01e2a5bcdd8f SSL: support ALPN (IETF's successor to NPN).
Piotr Sikora <piotr@cloudflare.com>
parents: 5504
diff changeset
359 ngx_connection_t *c;
01e2a5bcdd8f SSL: support ALPN (IETF's successor to NPN).
Piotr Sikora <piotr@cloudflare.com>
parents: 5504
diff changeset
360
01e2a5bcdd8f SSL: support ALPN (IETF's successor to NPN).
Piotr Sikora <piotr@cloudflare.com>
parents: 5504
diff changeset
361 c = ngx_ssl_get_connection(ssl_conn);
01e2a5bcdd8f SSL: support ALPN (IETF's successor to NPN).
Piotr Sikora <piotr@cloudflare.com>
parents: 5504
diff changeset
362 #endif
01e2a5bcdd8f SSL: support ALPN (IETF's successor to NPN).
Piotr Sikora <piotr@cloudflare.com>
parents: 5504
diff changeset
363
01e2a5bcdd8f SSL: support ALPN (IETF's successor to NPN).
Piotr Sikora <piotr@cloudflare.com>
parents: 5504
diff changeset
364 #if (NGX_DEBUG)
01e2a5bcdd8f SSL: support ALPN (IETF's successor to NPN).
Piotr Sikora <piotr@cloudflare.com>
parents: 5504
diff changeset
365 for (i = 0; i < inlen; i += in[i] + 1) {
6474
Ruslan Ermilov <ru@nginx.com>
parents: 6246
diff changeset
366 ngx_log_debug2(NGX_LOG_DEBUG_HTTP, c->log, 0,
6478
3ef7bb882ad4 Fixed logging with variable field width.
Sergey Kandaurov <pluknet@nginx.com>
parents: 6474
diff changeset
367 "SSL ALPN supported by client: %*s",
3ef7bb882ad4 Fixed logging with variable field width.
Sergey Kandaurov <pluknet@nginx.com>
parents: 6474
diff changeset
368 (size_t) in[i], &in[i + 1]);
5545
01e2a5bcdd8f SSL: support ALPN (IETF's successor to NPN).
Piotr Sikora <piotr@cloudflare.com>
parents: 5504
diff changeset
369 }
01e2a5bcdd8f SSL: support ALPN (IETF's successor to NPN).
Piotr Sikora <piotr@cloudflare.com>
parents: 5504
diff changeset
370 #endif
5106
afee87b8190a SSL: Next Protocol Negotiation extension support.
Valentin Bartenev <vbart@nginx.com>
parents: 5077
diff changeset
371
6246
257b51c37c5a The HTTP/2 implementation (RFC 7240, 7241).
Valentin Bartenev <vbart@nginx.com>
parents: 6157
diff changeset
372 #if (NGX_HTTP_V2)
5545
01e2a5bcdd8f SSL: support ALPN (IETF's successor to NPN).
Piotr Sikora <piotr@cloudflare.com>
parents: 5504
diff changeset
373 hc = c->data;
01e2a5bcdd8f SSL: support ALPN (IETF's successor to NPN).
Piotr Sikora <piotr@cloudflare.com>
parents: 5504
diff changeset
374
6246
257b51c37c5a The HTTP/2 implementation (RFC 7240, 7241).
Valentin Bartenev <vbart@nginx.com>
parents: 6157
diff changeset
375 if (hc->addr_conf->http2) {
257b51c37c5a The HTTP/2 implementation (RFC 7240, 7241).
Valentin Bartenev <vbart@nginx.com>
parents: 6157
diff changeset
376 srv =
257b51c37c5a The HTTP/2 implementation (RFC 7240, 7241).
Valentin Bartenev <vbart@nginx.com>
parents: 6157
diff changeset
377 (unsigned char *) NGX_HTTP_V2_ALPN_ADVERTISE NGX_HTTP_NPN_ADVERTISE;
257b51c37c5a The HTTP/2 implementation (RFC 7240, 7241).
Valentin Bartenev <vbart@nginx.com>
parents: 6157
diff changeset
378 srvlen = sizeof(NGX_HTTP_V2_ALPN_ADVERTISE NGX_HTTP_NPN_ADVERTISE) - 1;
5545
01e2a5bcdd8f SSL: support ALPN (IETF's successor to NPN).
Piotr Sikora <piotr@cloudflare.com>
parents: 5504
diff changeset
379
01e2a5bcdd8f SSL: support ALPN (IETF's successor to NPN).
Piotr Sikora <piotr@cloudflare.com>
parents: 5504
diff changeset
380 } else
01e2a5bcdd8f SSL: support ALPN (IETF's successor to NPN).
Piotr Sikora <piotr@cloudflare.com>
parents: 5504
diff changeset
381 #endif
01e2a5bcdd8f SSL: support ALPN (IETF's successor to NPN).
Piotr Sikora <piotr@cloudflare.com>
parents: 5504
diff changeset
382 {
01e2a5bcdd8f SSL: support ALPN (IETF's successor to NPN).
Piotr Sikora <piotr@cloudflare.com>
parents: 5504
diff changeset
383 srv = (unsigned char *) NGX_HTTP_NPN_ADVERTISE;
01e2a5bcdd8f SSL: support ALPN (IETF's successor to NPN).
Piotr Sikora <piotr@cloudflare.com>
parents: 5504
diff changeset
384 srvlen = sizeof(NGX_HTTP_NPN_ADVERTISE) - 1;
01e2a5bcdd8f SSL: support ALPN (IETF's successor to NPN).
Piotr Sikora <piotr@cloudflare.com>
parents: 5504
diff changeset
385 }
01e2a5bcdd8f SSL: support ALPN (IETF's successor to NPN).
Piotr Sikora <piotr@cloudflare.com>
parents: 5504
diff changeset
386
01e2a5bcdd8f SSL: support ALPN (IETF's successor to NPN).
Piotr Sikora <piotr@cloudflare.com>
parents: 5504
diff changeset
387 if (SSL_select_next_proto((unsigned char **) out, outlen, srv, srvlen,
01e2a5bcdd8f SSL: support ALPN (IETF's successor to NPN).
Piotr Sikora <piotr@cloudflare.com>
parents: 5504
diff changeset
388 in, inlen)
01e2a5bcdd8f SSL: support ALPN (IETF's successor to NPN).
Piotr Sikora <piotr@cloudflare.com>
parents: 5504
diff changeset
389 != OPENSSL_NPN_NEGOTIATED)
01e2a5bcdd8f SSL: support ALPN (IETF's successor to NPN).
Piotr Sikora <piotr@cloudflare.com>
parents: 5504
diff changeset
390 {
01e2a5bcdd8f SSL: support ALPN (IETF's successor to NPN).
Piotr Sikora <piotr@cloudflare.com>
parents: 5504
diff changeset
391 return SSL_TLSEXT_ERR_NOACK;
01e2a5bcdd8f SSL: support ALPN (IETF's successor to NPN).
Piotr Sikora <piotr@cloudflare.com>
parents: 5504
diff changeset
392 }
01e2a5bcdd8f SSL: support ALPN (IETF's successor to NPN).
Piotr Sikora <piotr@cloudflare.com>
parents: 5504
diff changeset
393
01e2a5bcdd8f SSL: support ALPN (IETF's successor to NPN).
Piotr Sikora <piotr@cloudflare.com>
parents: 5504
diff changeset
394 ngx_log_debug2(NGX_LOG_DEBUG_HTTP, c->log, 0,
6478
3ef7bb882ad4 Fixed logging with variable field width.
Sergey Kandaurov <pluknet@nginx.com>
parents: 6474
diff changeset
395 "SSL ALPN selected: %*s", (size_t) *outlen, *out);
5545
01e2a5bcdd8f SSL: support ALPN (IETF's successor to NPN).
Piotr Sikora <piotr@cloudflare.com>
parents: 5504
diff changeset
396
01e2a5bcdd8f SSL: support ALPN (IETF's successor to NPN).
Piotr Sikora <piotr@cloudflare.com>
parents: 5504
diff changeset
397 return SSL_TLSEXT_ERR_OK;
01e2a5bcdd8f SSL: support ALPN (IETF's successor to NPN).
Piotr Sikora <piotr@cloudflare.com>
parents: 5504
diff changeset
398 }
01e2a5bcdd8f SSL: support ALPN (IETF's successor to NPN).
Piotr Sikora <piotr@cloudflare.com>
parents: 5504
diff changeset
399
01e2a5bcdd8f SSL: support ALPN (IETF's successor to NPN).
Piotr Sikora <piotr@cloudflare.com>
parents: 5504
diff changeset
400 #endif
01e2a5bcdd8f SSL: support ALPN (IETF's successor to NPN).
Piotr Sikora <piotr@cloudflare.com>
parents: 5504
diff changeset
401
01e2a5bcdd8f SSL: support ALPN (IETF's successor to NPN).
Piotr Sikora <piotr@cloudflare.com>
parents: 5504
diff changeset
402
01e2a5bcdd8f SSL: support ALPN (IETF's successor to NPN).
Piotr Sikora <piotr@cloudflare.com>
parents: 5504
diff changeset
403 #ifdef TLSEXT_TYPE_next_proto_neg
5106
afee87b8190a SSL: Next Protocol Negotiation extension support.
Valentin Bartenev <vbart@nginx.com>
parents: 5077
diff changeset
404
afee87b8190a SSL: Next Protocol Negotiation extension support.
Valentin Bartenev <vbart@nginx.com>
parents: 5077
diff changeset
405 static int
afee87b8190a SSL: Next Protocol Negotiation extension support.
Valentin Bartenev <vbart@nginx.com>
parents: 5077
diff changeset
406 ngx_http_ssl_npn_advertised(ngx_ssl_conn_t *ssl_conn,
afee87b8190a SSL: Next Protocol Negotiation extension support.
Valentin Bartenev <vbart@nginx.com>
parents: 5077
diff changeset
407 const unsigned char **out, unsigned int *outlen, void *arg)
afee87b8190a SSL: Next Protocol Negotiation extension support.
Valentin Bartenev <vbart@nginx.com>
parents: 5077
diff changeset
408 {
6246
257b51c37c5a The HTTP/2 implementation (RFC 7240, 7241).
Valentin Bartenev <vbart@nginx.com>
parents: 6157
diff changeset
409 #if (NGX_HTTP_V2 || NGX_DEBUG)
5106
afee87b8190a SSL: Next Protocol Negotiation extension support.
Valentin Bartenev <vbart@nginx.com>
parents: 5077
diff changeset
410 ngx_connection_t *c;
afee87b8190a SSL: Next Protocol Negotiation extension support.
Valentin Bartenev <vbart@nginx.com>
parents: 5077
diff changeset
411
afee87b8190a SSL: Next Protocol Negotiation extension support.
Valentin Bartenev <vbart@nginx.com>
parents: 5077
diff changeset
412 c = ngx_ssl_get_connection(ssl_conn);
afee87b8190a SSL: Next Protocol Negotiation extension support.
Valentin Bartenev <vbart@nginx.com>
parents: 5077
diff changeset
413 ngx_log_debug0(NGX_LOG_DEBUG_HTTP, c->log, 0, "SSL NPN advertised");
afee87b8190a SSL: Next Protocol Negotiation extension support.
Valentin Bartenev <vbart@nginx.com>
parents: 5077
diff changeset
414 #endif
afee87b8190a SSL: Next Protocol Negotiation extension support.
Valentin Bartenev <vbart@nginx.com>
parents: 5077
diff changeset
415
6246
257b51c37c5a The HTTP/2 implementation (RFC 7240, 7241).
Valentin Bartenev <vbart@nginx.com>
parents: 6157
diff changeset
416 #if (NGX_HTTP_V2)
5121
c0f7b94e88ba Preliminary experimental support for SPDY draft 2.
Valentin Bartenev <vbart@nginx.com>
parents: 5106
diff changeset
417 {
c0f7b94e88ba Preliminary experimental support for SPDY draft 2.
Valentin Bartenev <vbart@nginx.com>
parents: 5106
diff changeset
418 ngx_http_connection_t *hc;
c0f7b94e88ba Preliminary experimental support for SPDY draft 2.
Valentin Bartenev <vbart@nginx.com>
parents: 5106
diff changeset
419
c0f7b94e88ba Preliminary experimental support for SPDY draft 2.
Valentin Bartenev <vbart@nginx.com>
parents: 5106
diff changeset
420 hc = c->data;
c0f7b94e88ba Preliminary experimental support for SPDY draft 2.
Valentin Bartenev <vbart@nginx.com>
parents: 5106
diff changeset
421
6246
257b51c37c5a The HTTP/2 implementation (RFC 7240, 7241).
Valentin Bartenev <vbart@nginx.com>
parents: 6157
diff changeset
422 if (hc->addr_conf->http2) {
257b51c37c5a The HTTP/2 implementation (RFC 7240, 7241).
Valentin Bartenev <vbart@nginx.com>
parents: 6157
diff changeset
423 *out =
257b51c37c5a The HTTP/2 implementation (RFC 7240, 7241).
Valentin Bartenev <vbart@nginx.com>
parents: 6157
diff changeset
424 (unsigned char *) NGX_HTTP_V2_NPN_ADVERTISE NGX_HTTP_NPN_ADVERTISE;
257b51c37c5a The HTTP/2 implementation (RFC 7240, 7241).
Valentin Bartenev <vbart@nginx.com>
parents: 6157
diff changeset
425 *outlen = sizeof(NGX_HTTP_V2_NPN_ADVERTISE NGX_HTTP_NPN_ADVERTISE) - 1;
5121
c0f7b94e88ba Preliminary experimental support for SPDY draft 2.
Valentin Bartenev <vbart@nginx.com>
parents: 5106
diff changeset
426
c0f7b94e88ba Preliminary experimental support for SPDY draft 2.
Valentin Bartenev <vbart@nginx.com>
parents: 5106
diff changeset
427 return SSL_TLSEXT_ERR_OK;
c0f7b94e88ba Preliminary experimental support for SPDY draft 2.
Valentin Bartenev <vbart@nginx.com>
parents: 5106
diff changeset
428 }
c0f7b94e88ba Preliminary experimental support for SPDY draft 2.
Valentin Bartenev <vbart@nginx.com>
parents: 5106
diff changeset
429 }
c0f7b94e88ba Preliminary experimental support for SPDY draft 2.
Valentin Bartenev <vbart@nginx.com>
parents: 5106
diff changeset
430 #endif
c0f7b94e88ba Preliminary experimental support for SPDY draft 2.
Valentin Bartenev <vbart@nginx.com>
parents: 5106
diff changeset
431
5106
afee87b8190a SSL: Next Protocol Negotiation extension support.
Valentin Bartenev <vbart@nginx.com>
parents: 5077
diff changeset
432 *out = (unsigned char *) NGX_HTTP_NPN_ADVERTISE;
afee87b8190a SSL: Next Protocol Negotiation extension support.
Valentin Bartenev <vbart@nginx.com>
parents: 5077
diff changeset
433 *outlen = sizeof(NGX_HTTP_NPN_ADVERTISE) - 1;
afee87b8190a SSL: Next Protocol Negotiation extension support.
Valentin Bartenev <vbart@nginx.com>
parents: 5077
diff changeset
434
afee87b8190a SSL: Next Protocol Negotiation extension support.
Valentin Bartenev <vbart@nginx.com>
parents: 5077
diff changeset
435 return SSL_TLSEXT_ERR_OK;
afee87b8190a SSL: Next Protocol Negotiation extension support.
Valentin Bartenev <vbart@nginx.com>
parents: 5077
diff changeset
436 }
afee87b8190a SSL: Next Protocol Negotiation extension support.
Valentin Bartenev <vbart@nginx.com>
parents: 5077
diff changeset
437
afee87b8190a SSL: Next Protocol Negotiation extension support.
Valentin Bartenev <vbart@nginx.com>
parents: 5077
diff changeset
438 #endif
afee87b8190a SSL: Next Protocol Negotiation extension support.
Valentin Bartenev <vbart@nginx.com>
parents: 5077
diff changeset
439
afee87b8190a SSL: Next Protocol Negotiation extension support.
Valentin Bartenev <vbart@nginx.com>
parents: 5077
diff changeset
440
973
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
441 static ngx_int_t
671
cec32b3753ac nginx-0.3.57-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 669
diff changeset
442 ngx_http_ssl_static_variable(ngx_http_request_t *r,
611
3f8a2132b93d nginx-0.3.27-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 599
diff changeset
443 ngx_http_variable_value_t *v, uintptr_t data)
3f8a2132b93d nginx-0.3.27-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 599
diff changeset
444 {
671
cec32b3753ac nginx-0.3.57-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 669
diff changeset
445 ngx_ssl_variable_handler_pt handler = (ngx_ssl_variable_handler_pt) data;
611
3f8a2132b93d nginx-0.3.27-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 599
diff changeset
446
1310
33d6c994a0b2 Sun Studio on sparc uses different bit order
Igor Sysoev <igor@sysoev.ru>
parents: 1219
diff changeset
447 size_t len;
33d6c994a0b2 Sun Studio on sparc uses different bit order
Igor Sysoev <igor@sysoev.ru>
parents: 1219
diff changeset
448 ngx_str_t s;
611
3f8a2132b93d nginx-0.3.27-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 599
diff changeset
449
3f8a2132b93d nginx-0.3.27-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 599
diff changeset
450 if (r->connection->ssl) {
3f8a2132b93d nginx-0.3.27-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 599
diff changeset
451
1310
33d6c994a0b2 Sun Studio on sparc uses different bit order
Igor Sysoev <igor@sysoev.ru>
parents: 1219
diff changeset
452 (void) handler(r->connection, NULL, &s);
33d6c994a0b2 Sun Studio on sparc uses different bit order
Igor Sysoev <igor@sysoev.ru>
parents: 1219
diff changeset
453
33d6c994a0b2 Sun Studio on sparc uses different bit order
Igor Sysoev <igor@sysoev.ru>
parents: 1219
diff changeset
454 v->data = s.data;
611
3f8a2132b93d nginx-0.3.27-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 599
diff changeset
455
671
cec32b3753ac nginx-0.3.57-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 669
diff changeset
456 for (len = 0; v->data[len]; len++) { /* void */ }
611
3f8a2132b93d nginx-0.3.27-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 599
diff changeset
457
3f8a2132b93d nginx-0.3.27-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 599
diff changeset
458 v->len = len;
3f8a2132b93d nginx-0.3.27-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 599
diff changeset
459 v->valid = 1;
1565
4c43e25d11ea fix English grammar
Igor Sysoev <igor@sysoev.ru>
parents: 1310
diff changeset
460 v->no_cacheable = 0;
611
3f8a2132b93d nginx-0.3.27-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 599
diff changeset
461 v->not_found = 0;
3f8a2132b93d nginx-0.3.27-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 599
diff changeset
462
3f8a2132b93d nginx-0.3.27-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 599
diff changeset
463 return NGX_OK;
3f8a2132b93d nginx-0.3.27-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 599
diff changeset
464 }
3f8a2132b93d nginx-0.3.27-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 599
diff changeset
465
3f8a2132b93d nginx-0.3.27-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 599
diff changeset
466 v->not_found = 1;
3f8a2132b93d nginx-0.3.27-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 599
diff changeset
467
3f8a2132b93d nginx-0.3.27-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 599
diff changeset
468 return NGX_OK;
3f8a2132b93d nginx-0.3.27-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 599
diff changeset
469 }
3f8a2132b93d nginx-0.3.27-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 599
diff changeset
470
3f8a2132b93d nginx-0.3.27-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 599
diff changeset
471
3f8a2132b93d nginx-0.3.27-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 599
diff changeset
472 static ngx_int_t
671
cec32b3753ac nginx-0.3.57-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 669
diff changeset
473 ngx_http_ssl_variable(ngx_http_request_t *r, ngx_http_variable_value_t *v,
647
95d7da23ea53 nginx-0.3.45-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 637
diff changeset
474 uintptr_t data)
95d7da23ea53 nginx-0.3.45-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 637
diff changeset
475 {
671
cec32b3753ac nginx-0.3.57-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 669
diff changeset
476 ngx_ssl_variable_handler_pt handler = (ngx_ssl_variable_handler_pt) data;
647
95d7da23ea53 nginx-0.3.45-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 637
diff changeset
477
1310
33d6c994a0b2 Sun Studio on sparc uses different bit order
Igor Sysoev <igor@sysoev.ru>
parents: 1219
diff changeset
478 ngx_str_t s;
33d6c994a0b2 Sun Studio on sparc uses different bit order
Igor Sysoev <igor@sysoev.ru>
parents: 1219
diff changeset
479
647
95d7da23ea53 nginx-0.3.45-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 637
diff changeset
480 if (r->connection->ssl) {
1310
33d6c994a0b2 Sun Studio on sparc uses different bit order
Igor Sysoev <igor@sysoev.ru>
parents: 1219
diff changeset
481
33d6c994a0b2 Sun Studio on sparc uses different bit order
Igor Sysoev <igor@sysoev.ru>
parents: 1219
diff changeset
482 if (handler(r->connection, r->pool, &s) != NGX_OK) {
647
95d7da23ea53 nginx-0.3.45-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 637
diff changeset
483 return NGX_ERROR;
95d7da23ea53 nginx-0.3.45-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 637
diff changeset
484 }
95d7da23ea53 nginx-0.3.45-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 637
diff changeset
485
1310
33d6c994a0b2 Sun Studio on sparc uses different bit order
Igor Sysoev <igor@sysoev.ru>
parents: 1219
diff changeset
486 v->len = s.len;
33d6c994a0b2 Sun Studio on sparc uses different bit order
Igor Sysoev <igor@sysoev.ru>
parents: 1219
diff changeset
487 v->data = s.data;
33d6c994a0b2 Sun Studio on sparc uses different bit order
Igor Sysoev <igor@sysoev.ru>
parents: 1219
diff changeset
488
647
95d7da23ea53 nginx-0.3.45-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 637
diff changeset
489 if (v->len) {
95d7da23ea53 nginx-0.3.45-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 637
diff changeset
490 v->valid = 1;
1565
4c43e25d11ea fix English grammar
Igor Sysoev <igor@sysoev.ru>
parents: 1310
diff changeset
491 v->no_cacheable = 0;
647
95d7da23ea53 nginx-0.3.45-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 637
diff changeset
492 v->not_found = 0;
95d7da23ea53 nginx-0.3.45-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 637
diff changeset
493
95d7da23ea53 nginx-0.3.45-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 637
diff changeset
494 return NGX_OK;
95d7da23ea53 nginx-0.3.45-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 637
diff changeset
495 }
95d7da23ea53 nginx-0.3.45-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 637
diff changeset
496 }
95d7da23ea53 nginx-0.3.45-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 637
diff changeset
497
95d7da23ea53 nginx-0.3.45-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 637
diff changeset
498 v->not_found = 1;
95d7da23ea53 nginx-0.3.45-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 637
diff changeset
499
95d7da23ea53 nginx-0.3.45-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 637
diff changeset
500 return NGX_OK;
95d7da23ea53 nginx-0.3.45-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 637
diff changeset
501 }
95d7da23ea53 nginx-0.3.45-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 637
diff changeset
502
95d7da23ea53 nginx-0.3.45-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 637
diff changeset
503
95d7da23ea53 nginx-0.3.45-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 637
diff changeset
504 static ngx_int_t
611
3f8a2132b93d nginx-0.3.27-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 599
diff changeset
505 ngx_http_ssl_add_variables(ngx_conf_t *cf)
3f8a2132b93d nginx-0.3.27-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 599
diff changeset
506 {
3f8a2132b93d nginx-0.3.27-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 599
diff changeset
507 ngx_http_variable_t *var, *v;
3f8a2132b93d nginx-0.3.27-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 599
diff changeset
508
3f8a2132b93d nginx-0.3.27-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 599
diff changeset
509 for (v = ngx_http_ssl_vars; v->name.len; v++) {
3f8a2132b93d nginx-0.3.27-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 599
diff changeset
510 var = ngx_http_add_variable(cf, &v->name, v->flags);
3f8a2132b93d nginx-0.3.27-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 599
diff changeset
511 if (var == NULL) {
3f8a2132b93d nginx-0.3.27-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 599
diff changeset
512 return NGX_ERROR;
3f8a2132b93d nginx-0.3.27-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 599
diff changeset
513 }
3f8a2132b93d nginx-0.3.27-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 599
diff changeset
514
637
e60fe4cf1d4e nginx-0.3.40-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 611
diff changeset
515 var->get_handler = v->get_handler;
611
3f8a2132b93d nginx-0.3.27-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 599
diff changeset
516 var->data = v->data;
3f8a2132b93d nginx-0.3.27-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 599
diff changeset
517 }
3f8a2132b93d nginx-0.3.27-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 599
diff changeset
518
3f8a2132b93d nginx-0.3.27-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 599
diff changeset
519 return NGX_OK;
3f8a2132b93d nginx-0.3.27-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 599
diff changeset
520 }
3f8a2132b93d nginx-0.3.27-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 599
diff changeset
521
3f8a2132b93d nginx-0.3.27-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 599
diff changeset
522
501
d4ea69372b94 nginx-0.1.25-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 485
diff changeset
523 static void *
d4ea69372b94 nginx-0.1.25-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 485
diff changeset
524 ngx_http_ssl_create_srv_conf(ngx_conf_t *cf)
383
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
525 {
971
948acd940145 style fix: scf > sscf
Igor Sysoev <igor@sysoev.ru>
parents: 970
diff changeset
526 ngx_http_ssl_srv_conf_t *sscf;
383
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
527
971
948acd940145 style fix: scf > sscf
Igor Sysoev <igor@sysoev.ru>
parents: 970
diff changeset
528 sscf = ngx_pcalloc(cf->pool, sizeof(ngx_http_ssl_srv_conf_t));
948acd940145 style fix: scf > sscf
Igor Sysoev <igor@sysoev.ru>
parents: 970
diff changeset
529 if (sscf == NULL) {
2912
c7d57b539248 return NULL instead of NGX_CONF_ERROR on a create conf failure
Igor Sysoev <igor@sysoev.ru>
parents: 2716
diff changeset
530 return NULL;
383
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
531 }
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
532
479
c52408583801 nginx-0.1.14-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 444
diff changeset
533 /*
c52408583801 nginx-0.1.14-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 444
diff changeset
534 * set by ngx_pcalloc():
c52408583801 nginx-0.1.14-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 444
diff changeset
535 *
971
948acd940145 style fix: scf > sscf
Igor Sysoev <igor@sysoev.ru>
parents: 970
diff changeset
536 * sscf->protocols = 0;
2044
f45cec1cd270 DH parameters, ssl_dhparam
Igor Sysoev <igor@sysoev.ru>
parents: 2032
diff changeset
537 * sscf->dhparam = { 0, NULL };
3960
0832a6997227 ECDHE support
Igor Sysoev <igor@sysoev.ru>
parents: 3959
diff changeset
538 * sscf->ecdh_curve = { 0, NULL };
2044
f45cec1cd270 DH parameters, ssl_dhparam
Igor Sysoev <igor@sysoev.ru>
parents: 2032
diff changeset
539 * sscf->client_certificate = { 0, NULL };
4872
7c3cca603438 OCSP stapling: ssl_trusted_certificate directive.
Maxim Dounin <mdounin@mdounin.ru>
parents: 4412
diff changeset
540 * sscf->trusted_certificate = { 0, NULL };
2995
cc07d164f0dc ssl_crl
Igor Sysoev <igor@sysoev.ru>
parents: 2994
diff changeset
541 * sscf->crl = { 0, NULL };
3516
dd1570b6f237 ngx_str_set() and ngx_str_null()
Igor Sysoev <igor@sysoev.ru>
parents: 3209
diff changeset
542 * sscf->ciphers = { 0, NULL };
973
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
543 * sscf->shm_zone = NULL;
4873
dd74fd35ceb5 OCSP stapling: ssl_stapling_file support.
Maxim Dounin <mdounin@mdounin.ru>
parents: 4872
diff changeset
544 * sscf->stapling_file = { 0, NULL };
4875
386a06a22c40 OCSP stapling: loading OCSP responses.
Maxim Dounin <mdounin@mdounin.ru>
parents: 4873
diff changeset
545 * sscf->stapling_responder = { 0, NULL };
479
c52408583801 nginx-0.1.14-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 444
diff changeset
546 */
c52408583801 nginx-0.1.14-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 444
diff changeset
547
971
948acd940145 style fix: scf > sscf
Igor Sysoev <igor@sysoev.ru>
parents: 970
diff changeset
548 sscf->enable = NGX_CONF_UNSET;
2123
9697407e9ecb *) ssl_verify_client ask
Igor Sysoev <igor@sysoev.ru>
parents: 2045
diff changeset
549 sscf->prefer_server_ciphers = NGX_CONF_UNSET;
5487
a297b7ad6f94 SSL: ssl_buffer_size directive.
Maxim Dounin <mdounin@mdounin.ru>
parents: 5425
diff changeset
550 sscf->buffer_size = NGX_CONF_UNSET_SIZE;
2710
218ee852de73 fix building by MSVC8
Igor Sysoev <igor@sysoev.ru>
parents: 2224
diff changeset
551 sscf->verify = NGX_CONF_UNSET_UINT;
218ee852de73 fix building by MSVC8
Igor Sysoev <igor@sysoev.ru>
parents: 2224
diff changeset
552 sscf->verify_depth = NGX_CONF_UNSET_UINT;
6550
51e1f047d15d SSL: support for multiple certificates (ticket #814).
Maxim Dounin <mdounin@mdounin.ru>
parents: 6489
diff changeset
553 sscf->certificates = NGX_CONF_UNSET_PTR;
51e1f047d15d SSL: support for multiple certificates (ticket #814).
Maxim Dounin <mdounin@mdounin.ru>
parents: 6489
diff changeset
554 sscf->certificate_keys = NGX_CONF_UNSET_PTR;
5744
42114bf12da0 SSL: the "ssl_password_file" directive.
Valentin Bartenev <vbart@nginx.com>
parents: 5700
diff changeset
555 sscf->passwords = NGX_CONF_UNSET_PTR;
973
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
556 sscf->builtin_session_cache = NGX_CONF_UNSET;
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
557 sscf->session_timeout = NGX_CONF_UNSET;
5503
d049b0ea00a3 SSL: ssl_session_tickets directive.
Dirkjan Bussink <d.bussink@gmail.com>
parents: 5487
diff changeset
558 sscf->session_tickets = NGX_CONF_UNSET;
5425
1356a3b96924 SSL: added ability to set keys used for Session Tickets (RFC5077).
Piotr Sikora <piotr@cloudflare.com>
parents: 5387
diff changeset
559 sscf->session_ticket_keys = NGX_CONF_UNSET_PTR;
4873
dd74fd35ceb5 OCSP stapling: ssl_stapling_file support.
Maxim Dounin <mdounin@mdounin.ru>
parents: 4872
diff changeset
560 sscf->stapling = NGX_CONF_UNSET;
4879
4a804fd04e6c OCSP stapling: ssl_stapling_verify directive.
Maxim Dounin <mdounin@mdounin.ru>
parents: 4875
diff changeset
561 sscf->stapling_verify = NGX_CONF_UNSET;
383
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
562
971
948acd940145 style fix: scf > sscf
Igor Sysoev <igor@sysoev.ru>
parents: 970
diff changeset
563 return sscf;
383
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
564 }
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
565
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
566
501
d4ea69372b94 nginx-0.1.25-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 485
diff changeset
567 static char *
d4ea69372b94 nginx-0.1.25-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 485
diff changeset
568 ngx_http_ssl_merge_srv_conf(ngx_conf_t *cf, void *parent, void *child)
383
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
569 {
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
570 ngx_http_ssl_srv_conf_t *prev = parent;
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
571 ngx_http_ssl_srv_conf_t *conf = child;
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
572
563
9c2f3ed7a247 nginx-0.3.3-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 547
diff changeset
573 ngx_pool_cleanup_t *cln;
9c2f3ed7a247 nginx-0.3.3-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 547
diff changeset
574
4234
d5462eab1440 Fixed segfault on configuration testing with ssl (ticket #37).
Maxim Dounin <mdounin@mdounin.ru>
parents: 4153
diff changeset
575 if (conf->enable == NGX_CONF_UNSET) {
d5462eab1440 Fixed segfault on configuration testing with ssl (ticket #37).
Maxim Dounin <mdounin@mdounin.ru>
parents: 4153
diff changeset
576 if (prev->enable == NGX_CONF_UNSET) {
d5462eab1440 Fixed segfault on configuration testing with ssl (ticket #37).
Maxim Dounin <mdounin@mdounin.ru>
parents: 4153
diff changeset
577 conf->enable = 0;
d5462eab1440 Fixed segfault on configuration testing with ssl (ticket #37).
Maxim Dounin <mdounin@mdounin.ru>
parents: 4153
diff changeset
578
d5462eab1440 Fixed segfault on configuration testing with ssl (ticket #37).
Maxim Dounin <mdounin@mdounin.ru>
parents: 4153
diff changeset
579 } else {
d5462eab1440 Fixed segfault on configuration testing with ssl (ticket #37).
Maxim Dounin <mdounin@mdounin.ru>
parents: 4153
diff changeset
580 conf->enable = prev->enable;
d5462eab1440 Fixed segfault on configuration testing with ssl (ticket #37).
Maxim Dounin <mdounin@mdounin.ru>
parents: 4153
diff changeset
581 conf->file = prev->file;
d5462eab1440 Fixed segfault on configuration testing with ssl (ticket #37).
Maxim Dounin <mdounin@mdounin.ru>
parents: 4153
diff changeset
582 conf->line = prev->line;
d5462eab1440 Fixed segfault on configuration testing with ssl (ticket #37).
Maxim Dounin <mdounin@mdounin.ru>
parents: 4153
diff changeset
583 }
d5462eab1440 Fixed segfault on configuration testing with ssl (ticket #37).
Maxim Dounin <mdounin@mdounin.ru>
parents: 4153
diff changeset
584 }
383
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
585
573
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 563
diff changeset
586 ngx_conf_merge_value(conf->session_timeout,
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 563
diff changeset
587 prev->session_timeout, 300);
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 563
diff changeset
588
547
818fbd4750b9 nginx-0.2.2-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 543
diff changeset
589 ngx_conf_merge_value(conf->prefer_server_ciphers,
818fbd4750b9 nginx-0.2.2-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 543
diff changeset
590 prev->prefer_server_ciphers, 0);
818fbd4750b9 nginx-0.2.2-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 543
diff changeset
591
818fbd4750b9 nginx-0.2.2-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 543
diff changeset
592 ngx_conf_merge_bitmask_value(conf->protocols, prev->protocols,
6157
b2899e7d0ef8 Disabled SSLv3 by default (ticket #653).
Maxim Dounin <mdounin@mdounin.ru>
parents: 6035
diff changeset
593 (NGX_CONF_BITMASK_SET|NGX_SSL_TLSv1
4400
a0505851e70c Added support for TLSv1.1, TLSv1.2 in ssl_protocols directive.
Maxim Dounin <mdounin@mdounin.ru>
parents: 4273
diff changeset
594 |NGX_SSL_TLSv1_1|NGX_SSL_TLSv1_2));
547
818fbd4750b9 nginx-0.2.2-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 543
diff changeset
595
5487
a297b7ad6f94 SSL: ssl_buffer_size directive.
Maxim Dounin <mdounin@mdounin.ru>
parents: 5425
diff changeset
596 ngx_conf_merge_size_value(conf->buffer_size, prev->buffer_size,
a297b7ad6f94 SSL: ssl_buffer_size directive.
Maxim Dounin <mdounin@mdounin.ru>
parents: 5425
diff changeset
597 NGX_SSL_BUFSIZE);
a297b7ad6f94 SSL: ssl_buffer_size directive.
Maxim Dounin <mdounin@mdounin.ru>
parents: 5425
diff changeset
598
2123
9697407e9ecb *) ssl_verify_client ask
Igor Sysoev <igor@sysoev.ru>
parents: 2045
diff changeset
599 ngx_conf_merge_uint_value(conf->verify, prev->verify, 0);
9697407e9ecb *) ssl_verify_client ask
Igor Sysoev <igor@sysoev.ru>
parents: 2045
diff changeset
600 ngx_conf_merge_uint_value(conf->verify_depth, prev->verify_depth, 1);
647
95d7da23ea53 nginx-0.3.45-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 637
diff changeset
601
6550
51e1f047d15d SSL: support for multiple certificates (ticket #814).
Maxim Dounin <mdounin@mdounin.ru>
parents: 6489
diff changeset
602 ngx_conf_merge_ptr_value(conf->certificates, prev->certificates, NULL);
51e1f047d15d SSL: support for multiple certificates (ticket #814).
Maxim Dounin <mdounin@mdounin.ru>
parents: 6489
diff changeset
603 ngx_conf_merge_ptr_value(conf->certificate_keys, prev->certificate_keys,
51e1f047d15d SSL: support for multiple certificates (ticket #814).
Maxim Dounin <mdounin@mdounin.ru>
parents: 6489
diff changeset
604 NULL);
383
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
605
5744
42114bf12da0 SSL: the "ssl_password_file" directive.
Valentin Bartenev <vbart@nginx.com>
parents: 5700
diff changeset
606 ngx_conf_merge_ptr_value(conf->passwords, prev->passwords, NULL);
42114bf12da0 SSL: the "ssl_password_file" directive.
Valentin Bartenev <vbart@nginx.com>
parents: 5700
diff changeset
607
2044
f45cec1cd270 DH parameters, ssl_dhparam
Igor Sysoev <igor@sysoev.ru>
parents: 2032
diff changeset
608 ngx_conf_merge_str_value(conf->dhparam, prev->dhparam, "");
f45cec1cd270 DH parameters, ssl_dhparam
Igor Sysoev <igor@sysoev.ru>
parents: 2032
diff changeset
609
647
95d7da23ea53 nginx-0.3.45-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 637
diff changeset
610 ngx_conf_merge_str_value(conf->client_certificate, prev->client_certificate,
95d7da23ea53 nginx-0.3.45-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 637
diff changeset
611 "");
4872
7c3cca603438 OCSP stapling: ssl_trusted_certificate directive.
Maxim Dounin <mdounin@mdounin.ru>
parents: 4412
diff changeset
612 ngx_conf_merge_str_value(conf->trusted_certificate,
7c3cca603438 OCSP stapling: ssl_trusted_certificate directive.
Maxim Dounin <mdounin@mdounin.ru>
parents: 4412
diff changeset
613 prev->trusted_certificate, "");
2995
cc07d164f0dc ssl_crl
Igor Sysoev <igor@sysoev.ru>
parents: 2994
diff changeset
614 ngx_conf_merge_str_value(conf->crl, prev->crl, "");
647
95d7da23ea53 nginx-0.3.45-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 637
diff changeset
615
3960
0832a6997227 ECDHE support
Igor Sysoev <igor@sysoev.ru>
parents: 3959
diff changeset
616 ngx_conf_merge_str_value(conf->ecdh_curve, prev->ecdh_curve,
0832a6997227 ECDHE support
Igor Sysoev <igor@sysoev.ru>
parents: 3959
diff changeset
617 NGX_DEFAULT_ECDH_CURVE);
0832a6997227 ECDHE support
Igor Sysoev <igor@sysoev.ru>
parents: 3959
diff changeset
618
2124
e0b424b98f24 fix typo
Igor Sysoev <igor@sysoev.ru>
parents: 2123
diff changeset
619 ngx_conf_merge_str_value(conf->ciphers, prev->ciphers, NGX_DEFAULT_CIPHERS);
479
c52408583801 nginx-0.1.14-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 444
diff changeset
620
4873
dd74fd35ceb5 OCSP stapling: ssl_stapling_file support.
Maxim Dounin <mdounin@mdounin.ru>
parents: 4872
diff changeset
621 ngx_conf_merge_value(conf->stapling, prev->stapling, 0);
4879
4a804fd04e6c OCSP stapling: ssl_stapling_verify directive.
Maxim Dounin <mdounin@mdounin.ru>
parents: 4875
diff changeset
622 ngx_conf_merge_value(conf->stapling_verify, prev->stapling_verify, 0);
4873
dd74fd35ceb5 OCSP stapling: ssl_stapling_file support.
Maxim Dounin <mdounin@mdounin.ru>
parents: 4872
diff changeset
623 ngx_conf_merge_str_value(conf->stapling_file, prev->stapling_file, "");
4875
386a06a22c40 OCSP stapling: loading OCSP responses.
Maxim Dounin <mdounin@mdounin.ru>
parents: 4873
diff changeset
624 ngx_conf_merge_str_value(conf->stapling_responder,
386a06a22c40 OCSP stapling: loading OCSP responses.
Maxim Dounin <mdounin@mdounin.ru>
parents: 4873
diff changeset
625 prev->stapling_responder, "");
479
c52408583801 nginx-0.1.14-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 444
diff changeset
626
547
818fbd4750b9 nginx-0.2.2-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 543
diff changeset
627 conf->ssl.log = cf->log;
386
fa72605e7089 nginx-0.0.7-2004-07-12-01:03:47 import
Igor Sysoev <igor@sysoev.ru>
parents: 385
diff changeset
628
2224
109849282793 *) listen ssl
Igor Sysoev <igor@sysoev.ru>
parents: 2124
diff changeset
629 if (conf->enable) {
109849282793 *) listen ssl
Igor Sysoev <igor@sysoev.ru>
parents: 2124
diff changeset
630
6550
51e1f047d15d SSL: support for multiple certificates (ticket #814).
Maxim Dounin <mdounin@mdounin.ru>
parents: 6489
diff changeset
631 if (conf->certificates == NULL) {
2224
109849282793 *) listen ssl
Igor Sysoev <igor@sysoev.ru>
parents: 2124
diff changeset
632 ngx_log_error(NGX_LOG_EMERG, cf->log, 0,
109849282793 *) listen ssl
Igor Sysoev <igor@sysoev.ru>
parents: 2124
diff changeset
633 "no \"ssl_certificate\" is defined for "
109849282793 *) listen ssl
Igor Sysoev <igor@sysoev.ru>
parents: 2124
diff changeset
634 "the \"ssl\" directive in %s:%ui",
109849282793 *) listen ssl
Igor Sysoev <igor@sysoev.ru>
parents: 2124
diff changeset
635 conf->file, conf->line);
109849282793 *) listen ssl
Igor Sysoev <igor@sysoev.ru>
parents: 2124
diff changeset
636 return NGX_CONF_ERROR;
109849282793 *) listen ssl
Igor Sysoev <igor@sysoev.ru>
parents: 2124
diff changeset
637 }
109849282793 *) listen ssl
Igor Sysoev <igor@sysoev.ru>
parents: 2124
diff changeset
638
6550
51e1f047d15d SSL: support for multiple certificates (ticket #814).
Maxim Dounin <mdounin@mdounin.ru>
parents: 6489
diff changeset
639 if (conf->certificate_keys == NULL) {
2224
109849282793 *) listen ssl
Igor Sysoev <igor@sysoev.ru>
parents: 2124
diff changeset
640 ngx_log_error(NGX_LOG_EMERG, cf->log, 0,
109849282793 *) listen ssl
Igor Sysoev <igor@sysoev.ru>
parents: 2124
diff changeset
641 "no \"ssl_certificate_key\" is defined for "
109849282793 *) listen ssl
Igor Sysoev <igor@sysoev.ru>
parents: 2124
diff changeset
642 "the \"ssl\" directive in %s:%ui",
109849282793 *) listen ssl
Igor Sysoev <igor@sysoev.ru>
parents: 2124
diff changeset
643 conf->file, conf->line);
109849282793 *) listen ssl
Igor Sysoev <igor@sysoev.ru>
parents: 2124
diff changeset
644 return NGX_CONF_ERROR;
109849282793 *) listen ssl
Igor Sysoev <igor@sysoev.ru>
parents: 2124
diff changeset
645 }
109849282793 *) listen ssl
Igor Sysoev <igor@sysoev.ru>
parents: 2124
diff changeset
646
6550
51e1f047d15d SSL: support for multiple certificates (ticket #814).
Maxim Dounin <mdounin@mdounin.ru>
parents: 6489
diff changeset
647 if (conf->certificate_keys->nelts < conf->certificates->nelts) {
51e1f047d15d SSL: support for multiple certificates (ticket #814).
Maxim Dounin <mdounin@mdounin.ru>
parents: 6489
diff changeset
648 ngx_log_error(NGX_LOG_EMERG, cf->log, 0,
51e1f047d15d SSL: support for multiple certificates (ticket #814).
Maxim Dounin <mdounin@mdounin.ru>
parents: 6489
diff changeset
649 "no \"ssl_certificate_key\" is defined "
51e1f047d15d SSL: support for multiple certificates (ticket #814).
Maxim Dounin <mdounin@mdounin.ru>
parents: 6489
diff changeset
650 "for certificate \"%V\" and "
51e1f047d15d SSL: support for multiple certificates (ticket #814).
Maxim Dounin <mdounin@mdounin.ru>
parents: 6489
diff changeset
651 "the \"ssl\" directive in %s:%ui",
51e1f047d15d SSL: support for multiple certificates (ticket #814).
Maxim Dounin <mdounin@mdounin.ru>
parents: 6489
diff changeset
652 ((ngx_str_t *) conf->certificates->elts)
51e1f047d15d SSL: support for multiple certificates (ticket #814).
Maxim Dounin <mdounin@mdounin.ru>
parents: 6489
diff changeset
653 + conf->certificates->nelts - 1,
51e1f047d15d SSL: support for multiple certificates (ticket #814).
Maxim Dounin <mdounin@mdounin.ru>
parents: 6489
diff changeset
654 conf->file, conf->line);
51e1f047d15d SSL: support for multiple certificates (ticket #814).
Maxim Dounin <mdounin@mdounin.ru>
parents: 6489
diff changeset
655 return NGX_CONF_ERROR;
51e1f047d15d SSL: support for multiple certificates (ticket #814).
Maxim Dounin <mdounin@mdounin.ru>
parents: 6489
diff changeset
656 }
51e1f047d15d SSL: support for multiple certificates (ticket #814).
Maxim Dounin <mdounin@mdounin.ru>
parents: 6489
diff changeset
657
2224
109849282793 *) listen ssl
Igor Sysoev <igor@sysoev.ru>
parents: 2124
diff changeset
658 } else {
109849282793 *) listen ssl
Igor Sysoev <igor@sysoev.ru>
parents: 2124
diff changeset
659
6550
51e1f047d15d SSL: support for multiple certificates (ticket #814).
Maxim Dounin <mdounin@mdounin.ru>
parents: 6489
diff changeset
660 if (conf->certificates == NULL) {
2224
109849282793 *) listen ssl
Igor Sysoev <igor@sysoev.ru>
parents: 2124
diff changeset
661 return NGX_CONF_OK;
109849282793 *) listen ssl
Igor Sysoev <igor@sysoev.ru>
parents: 2124
diff changeset
662 }
109849282793 *) listen ssl
Igor Sysoev <igor@sysoev.ru>
parents: 2124
diff changeset
663
6550
51e1f047d15d SSL: support for multiple certificates (ticket #814).
Maxim Dounin <mdounin@mdounin.ru>
parents: 6489
diff changeset
664 if (conf->certificate_keys == NULL
51e1f047d15d SSL: support for multiple certificates (ticket #814).
Maxim Dounin <mdounin@mdounin.ru>
parents: 6489
diff changeset
665 || conf->certificate_keys->nelts < conf->certificates->nelts)
51e1f047d15d SSL: support for multiple certificates (ticket #814).
Maxim Dounin <mdounin@mdounin.ru>
parents: 6489
diff changeset
666 {
2224
109849282793 *) listen ssl
Igor Sysoev <igor@sysoev.ru>
parents: 2124
diff changeset
667 ngx_log_error(NGX_LOG_EMERG, cf->log, 0,
109849282793 *) listen ssl
Igor Sysoev <igor@sysoev.ru>
parents: 2124
diff changeset
668 "no \"ssl_certificate_key\" is defined "
6550
51e1f047d15d SSL: support for multiple certificates (ticket #814).
Maxim Dounin <mdounin@mdounin.ru>
parents: 6489
diff changeset
669 "for certificate \"%V\"",
51e1f047d15d SSL: support for multiple certificates (ticket #814).
Maxim Dounin <mdounin@mdounin.ru>
parents: 6489
diff changeset
670 ((ngx_str_t *) conf->certificates->elts)
51e1f047d15d SSL: support for multiple certificates (ticket #814).
Maxim Dounin <mdounin@mdounin.ru>
parents: 6489
diff changeset
671 + conf->certificates->nelts - 1);
2224
109849282793 *) listen ssl
Igor Sysoev <igor@sysoev.ru>
parents: 2124
diff changeset
672 return NGX_CONF_ERROR;
109849282793 *) listen ssl
Igor Sysoev <igor@sysoev.ru>
parents: 2124
diff changeset
673 }
109849282793 *) listen ssl
Igor Sysoev <igor@sysoev.ru>
parents: 2124
diff changeset
674 }
109849282793 *) listen ssl
Igor Sysoev <igor@sysoev.ru>
parents: 2124
diff changeset
675
969
065b39794fff ngx_ssl_get_server_conf()
Igor Sysoev <igor@sysoev.ru>
parents: 671
diff changeset
676 if (ngx_ssl_create(&conf->ssl, conf->protocols, conf) != NGX_OK) {
386
fa72605e7089 nginx-0.0.7-2004-07-12-01:03:47 import
Igor Sysoev <igor@sysoev.ru>
parents: 385
diff changeset
677 return NGX_CONF_ERROR;
fa72605e7089 nginx-0.0.7-2004-07-12-01:03:47 import
Igor Sysoev <igor@sysoev.ru>
parents: 385
diff changeset
678 }
fa72605e7089 nginx-0.0.7-2004-07-12-01:03:47 import
Igor Sysoev <igor@sysoev.ru>
parents: 385
diff changeset
679
1219
86c5c9288acc SNI support
Igor Sysoev <igor@sysoev.ru>
parents: 974
diff changeset
680 #ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
86c5c9288acc SNI support
Igor Sysoev <igor@sysoev.ru>
parents: 974
diff changeset
681
86c5c9288acc SNI support
Igor Sysoev <igor@sysoev.ru>
parents: 974
diff changeset
682 if (SSL_CTX_set_tlsext_servername_callback(conf->ssl.ctx,
86c5c9288acc SNI support
Igor Sysoev <igor@sysoev.ru>
parents: 974
diff changeset
683 ngx_http_ssl_servername)
86c5c9288acc SNI support
Igor Sysoev <igor@sysoev.ru>
parents: 974
diff changeset
684 == 0)
86c5c9288acc SNI support
Igor Sysoev <igor@sysoev.ru>
parents: 974
diff changeset
685 {
3140
ba9a8ba4207e *) issue warning instead of failure: this is too common case
Igor Sysoev <igor@sysoev.ru>
parents: 2996
diff changeset
686 ngx_log_error(NGX_LOG_WARN, cf->log, 0,
3209
b82c623a607e fix typo
Igor Sysoev <igor@sysoev.ru>
parents: 3196
diff changeset
687 "nginx was built with SNI support, however, now it is linked "
3140
ba9a8ba4207e *) issue warning instead of failure: this is too common case
Igor Sysoev <igor@sysoev.ru>
parents: 2996
diff changeset
688 "dynamically to an OpenSSL library which has no tlsext support, "
ba9a8ba4207e *) issue warning instead of failure: this is too common case
Igor Sysoev <igor@sysoev.ru>
parents: 2996
diff changeset
689 "therefore SNI is not available");
1219
86c5c9288acc SNI support
Igor Sysoev <igor@sysoev.ru>
parents: 974
diff changeset
690 }
86c5c9288acc SNI support
Igor Sysoev <igor@sysoev.ru>
parents: 974
diff changeset
691
86c5c9288acc SNI support
Igor Sysoev <igor@sysoev.ru>
parents: 974
diff changeset
692 #endif
86c5c9288acc SNI support
Igor Sysoev <igor@sysoev.ru>
parents: 974
diff changeset
693
5545
01e2a5bcdd8f SSL: support ALPN (IETF's successor to NPN).
Piotr Sikora <piotr@cloudflare.com>
parents: 5504
diff changeset
694 #ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
01e2a5bcdd8f SSL: support ALPN (IETF's successor to NPN).
Piotr Sikora <piotr@cloudflare.com>
parents: 5504
diff changeset
695 SSL_CTX_set_alpn_select_cb(conf->ssl.ctx, ngx_http_ssl_alpn_select, NULL);
01e2a5bcdd8f SSL: support ALPN (IETF's successor to NPN).
Piotr Sikora <piotr@cloudflare.com>
parents: 5504
diff changeset
696 #endif
01e2a5bcdd8f SSL: support ALPN (IETF's successor to NPN).
Piotr Sikora <piotr@cloudflare.com>
parents: 5504
diff changeset
697
5106
afee87b8190a SSL: Next Protocol Negotiation extension support.
Valentin Bartenev <vbart@nginx.com>
parents: 5077
diff changeset
698 #ifdef TLSEXT_TYPE_next_proto_neg
afee87b8190a SSL: Next Protocol Negotiation extension support.
Valentin Bartenev <vbart@nginx.com>
parents: 5077
diff changeset
699 SSL_CTX_set_next_protos_advertised_cb(conf->ssl.ctx,
afee87b8190a SSL: Next Protocol Negotiation extension support.
Valentin Bartenev <vbart@nginx.com>
parents: 5077
diff changeset
700 ngx_http_ssl_npn_advertised, NULL);
afee87b8190a SSL: Next Protocol Negotiation extension support.
Valentin Bartenev <vbart@nginx.com>
parents: 5077
diff changeset
701 #endif
afee87b8190a SSL: Next Protocol Negotiation extension support.
Valentin Bartenev <vbart@nginx.com>
parents: 5077
diff changeset
702
563
9c2f3ed7a247 nginx-0.3.3-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 547
diff changeset
703 cln = ngx_pool_cleanup_add(cf->pool, 0);
9c2f3ed7a247 nginx-0.3.3-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 547
diff changeset
704 if (cln == NULL) {
509
9b8c906f6e63 nginx-0.1.29-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 507
diff changeset
705 return NGX_CONF_ERROR;
9b8c906f6e63 nginx-0.1.29-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 507
diff changeset
706 }
9b8c906f6e63 nginx-0.1.29-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 507
diff changeset
707
563
9c2f3ed7a247 nginx-0.3.3-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 547
diff changeset
708 cln->handler = ngx_ssl_cleanup_ctx;
9c2f3ed7a247 nginx-0.3.3-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 547
diff changeset
709 cln->data = &conf->ssl;
9c2f3ed7a247 nginx-0.3.3-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 547
diff changeset
710
6550
51e1f047d15d SSL: support for multiple certificates (ticket #814).
Maxim Dounin <mdounin@mdounin.ru>
parents: 6489
diff changeset
711 if (ngx_ssl_certificates(cf, &conf->ssl, conf->certificates,
51e1f047d15d SSL: support for multiple certificates (ticket #814).
Maxim Dounin <mdounin@mdounin.ru>
parents: 6489
diff changeset
712 conf->certificate_keys, conf->passwords)
970
35f98a8e275f style fix
Igor Sysoev <igor@sysoev.ru>
parents: 969
diff changeset
713 != NGX_OK)
529
e5d7d0334fdb nginx-0.1.39-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 509
diff changeset
714 {
386
fa72605e7089 nginx-0.0.7-2004-07-12-01:03:47 import
Igor Sysoev <igor@sysoev.ru>
parents: 385
diff changeset
715 return NGX_CONF_ERROR;
fa72605e7089 nginx-0.0.7-2004-07-12-01:03:47 import
Igor Sysoev <igor@sysoev.ru>
parents: 385
diff changeset
716 }
fa72605e7089 nginx-0.0.7-2004-07-12-01:03:47 import
Igor Sysoev <igor@sysoev.ru>
parents: 385
diff changeset
717
6591
04d8d1f85649 SSL: ngx_ssl_ciphers() to set list of ciphers.
Tim Taubert <tim@timtaubert.de>
parents: 6553
diff changeset
718 if (ngx_ssl_ciphers(cf, &conf->ssl, &conf->ciphers,
04d8d1f85649 SSL: ngx_ssl_ciphers() to set list of ciphers.
Tim Taubert <tim@timtaubert.de>
parents: 6553
diff changeset
719 conf->prefer_server_ciphers)
04d8d1f85649 SSL: ngx_ssl_ciphers() to set list of ciphers.
Tim Taubert <tim@timtaubert.de>
parents: 6553
diff changeset
720 != NGX_OK)
529
e5d7d0334fdb nginx-0.1.39-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 509
diff changeset
721 {
5387
0fbcfab0bfd7 SSL: stop loading configs with invalid "ssl_ciphers" values.
Piotr Sikora <piotr@cloudflare.com>
parents: 5121
diff changeset
722 return NGX_CONF_ERROR;
547
818fbd4750b9 nginx-0.2.2-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 543
diff changeset
723 }
818fbd4750b9 nginx-0.2.2-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 543
diff changeset
724
5487
a297b7ad6f94 SSL: ssl_buffer_size directive.
Maxim Dounin <mdounin@mdounin.ru>
parents: 5425
diff changeset
725 conf->ssl.buffer_size = conf->buffer_size;
a297b7ad6f94 SSL: ssl_buffer_size directive.
Maxim Dounin <mdounin@mdounin.ru>
parents: 5425
diff changeset
726
647
95d7da23ea53 nginx-0.3.45-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 637
diff changeset
727 if (conf->verify) {
2123
9697407e9ecb *) ssl_verify_client ask
Igor Sysoev <igor@sysoev.ru>
parents: 2045
diff changeset
728
4884
e406c997470a SSL: the "ssl_verify_client" directive parameter "optional_no_ca".
Maxim Dounin <mdounin@mdounin.ru>
parents: 4879
diff changeset
729 if (conf->client_certificate.len == 0 && conf->verify != 3) {
2123
9697407e9ecb *) ssl_verify_client ask
Igor Sysoev <igor@sysoev.ru>
parents: 2045
diff changeset
730 ngx_log_error(NGX_LOG_EMERG, cf->log, 0,
9697407e9ecb *) ssl_verify_client ask
Igor Sysoev <igor@sysoev.ru>
parents: 2045
diff changeset
731 "no ssl_client_certificate for ssl_client_verify");
9697407e9ecb *) ssl_verify_client ask
Igor Sysoev <igor@sysoev.ru>
parents: 2045
diff changeset
732 return NGX_CONF_ERROR;
9697407e9ecb *) ssl_verify_client ask
Igor Sysoev <igor@sysoev.ru>
parents: 2045
diff changeset
733 }
9697407e9ecb *) ssl_verify_client ask
Igor Sysoev <igor@sysoev.ru>
parents: 2045
diff changeset
734
671
cec32b3753ac nginx-0.3.57-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 669
diff changeset
735 if (ngx_ssl_client_certificate(cf, &conf->ssl,
970
35f98a8e275f style fix
Igor Sysoev <igor@sysoev.ru>
parents: 969
diff changeset
736 &conf->client_certificate,
35f98a8e275f style fix
Igor Sysoev <igor@sysoev.ru>
parents: 969
diff changeset
737 conf->verify_depth)
671
cec32b3753ac nginx-0.3.57-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 669
diff changeset
738 != NGX_OK)
cec32b3753ac nginx-0.3.57-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 669
diff changeset
739 {
cec32b3753ac nginx-0.3.57-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 669
diff changeset
740 return NGX_CONF_ERROR;
647
95d7da23ea53 nginx-0.3.45-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 637
diff changeset
741 }
4872
7c3cca603438 OCSP stapling: ssl_trusted_certificate directive.
Maxim Dounin <mdounin@mdounin.ru>
parents: 4412
diff changeset
742 }
2995
cc07d164f0dc ssl_crl
Igor Sysoev <igor@sysoev.ru>
parents: 2994
diff changeset
743
4872
7c3cca603438 OCSP stapling: ssl_trusted_certificate directive.
Maxim Dounin <mdounin@mdounin.ru>
parents: 4412
diff changeset
744 if (ngx_ssl_trusted_certificate(cf, &conf->ssl,
7c3cca603438 OCSP stapling: ssl_trusted_certificate directive.
Maxim Dounin <mdounin@mdounin.ru>
parents: 4412
diff changeset
745 &conf->trusted_certificate,
7c3cca603438 OCSP stapling: ssl_trusted_certificate directive.
Maxim Dounin <mdounin@mdounin.ru>
parents: 4412
diff changeset
746 conf->verify_depth)
7c3cca603438 OCSP stapling: ssl_trusted_certificate directive.
Maxim Dounin <mdounin@mdounin.ru>
parents: 4412
diff changeset
747 != NGX_OK)
7c3cca603438 OCSP stapling: ssl_trusted_certificate directive.
Maxim Dounin <mdounin@mdounin.ru>
parents: 4412
diff changeset
748 {
7c3cca603438 OCSP stapling: ssl_trusted_certificate directive.
Maxim Dounin <mdounin@mdounin.ru>
parents: 4412
diff changeset
749 return NGX_CONF_ERROR;
7c3cca603438 OCSP stapling: ssl_trusted_certificate directive.
Maxim Dounin <mdounin@mdounin.ru>
parents: 4412
diff changeset
750 }
7c3cca603438 OCSP stapling: ssl_trusted_certificate directive.
Maxim Dounin <mdounin@mdounin.ru>
parents: 4412
diff changeset
751
7c3cca603438 OCSP stapling: ssl_trusted_certificate directive.
Maxim Dounin <mdounin@mdounin.ru>
parents: 4412
diff changeset
752 if (ngx_ssl_crl(cf, &conf->ssl, &conf->crl) != NGX_OK) {
7c3cca603438 OCSP stapling: ssl_trusted_certificate directive.
Maxim Dounin <mdounin@mdounin.ru>
parents: 4412
diff changeset
753 return NGX_CONF_ERROR;
647
95d7da23ea53 nginx-0.3.45-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 637
diff changeset
754 }
95d7da23ea53 nginx-0.3.45-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 637
diff changeset
755
2044
f45cec1cd270 DH parameters, ssl_dhparam
Igor Sysoev <igor@sysoev.ru>
parents: 2032
diff changeset
756 if (ngx_ssl_dhparam(cf, &conf->ssl, &conf->dhparam) != NGX_OK) {
f45cec1cd270 DH parameters, ssl_dhparam
Igor Sysoev <igor@sysoev.ru>
parents: 2032
diff changeset
757 return NGX_CONF_ERROR;
f45cec1cd270 DH parameters, ssl_dhparam
Igor Sysoev <igor@sysoev.ru>
parents: 2032
diff changeset
758 }
f45cec1cd270 DH parameters, ssl_dhparam
Igor Sysoev <igor@sysoev.ru>
parents: 2032
diff changeset
759
3960
0832a6997227 ECDHE support
Igor Sysoev <igor@sysoev.ru>
parents: 3959
diff changeset
760 if (ngx_ssl_ecdh_curve(cf, &conf->ssl, &conf->ecdh_curve) != NGX_OK) {
0832a6997227 ECDHE support
Igor Sysoev <igor@sysoev.ru>
parents: 3959
diff changeset
761 return NGX_CONF_ERROR;
0832a6997227 ECDHE support
Igor Sysoev <igor@sysoev.ru>
parents: 3959
diff changeset
762 }
0832a6997227 ECDHE support
Igor Sysoev <igor@sysoev.ru>
parents: 3959
diff changeset
763
973
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
764 ngx_conf_merge_value(conf->builtin_session_cache,
2032
12b3ad3353f9 ssl_session_cache none
Igor Sysoev <igor@sysoev.ru>
parents: 1778
diff changeset
765 prev->builtin_session_cache, NGX_SSL_NONE_SCACHE);
973
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
766
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
767 if (conf->shm_zone == NULL) {
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
768 conf->shm_zone = prev->shm_zone;
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
769 }
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
770
974
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents: 973
diff changeset
771 if (ngx_ssl_session_cache(&conf->ssl, &ngx_http_ssl_sess_id_ctx,
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents: 973
diff changeset
772 conf->builtin_session_cache,
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents: 973
diff changeset
773 conf->shm_zone, conf->session_timeout)
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents: 973
diff changeset
774 != NGX_OK)
973
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
775 {
974
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents: 973
diff changeset
776 return NGX_CONF_ERROR;
973
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
777 }
573
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 563
diff changeset
778
5503
d049b0ea00a3 SSL: ssl_session_tickets directive.
Dirkjan Bussink <d.bussink@gmail.com>
parents: 5487
diff changeset
779 ngx_conf_merge_value(conf->session_tickets, prev->session_tickets, 1);
d049b0ea00a3 SSL: ssl_session_tickets directive.
Dirkjan Bussink <d.bussink@gmail.com>
parents: 5487
diff changeset
780
d049b0ea00a3 SSL: ssl_session_tickets directive.
Dirkjan Bussink <d.bussink@gmail.com>
parents: 5487
diff changeset
781 #ifdef SSL_OP_NO_TICKET
d049b0ea00a3 SSL: ssl_session_tickets directive.
Dirkjan Bussink <d.bussink@gmail.com>
parents: 5487
diff changeset
782 if (!conf->session_tickets) {
d049b0ea00a3 SSL: ssl_session_tickets directive.
Dirkjan Bussink <d.bussink@gmail.com>
parents: 5487
diff changeset
783 SSL_CTX_set_options(conf->ssl.ctx, SSL_OP_NO_TICKET);
d049b0ea00a3 SSL: ssl_session_tickets directive.
Dirkjan Bussink <d.bussink@gmail.com>
parents: 5487
diff changeset
784 }
d049b0ea00a3 SSL: ssl_session_tickets directive.
Dirkjan Bussink <d.bussink@gmail.com>
parents: 5487
diff changeset
785 #endif
d049b0ea00a3 SSL: ssl_session_tickets directive.
Dirkjan Bussink <d.bussink@gmail.com>
parents: 5487
diff changeset
786
5425
1356a3b96924 SSL: added ability to set keys used for Session Tickets (RFC5077).
Piotr Sikora <piotr@cloudflare.com>
parents: 5387
diff changeset
787 ngx_conf_merge_ptr_value(conf->session_ticket_keys,
1356a3b96924 SSL: added ability to set keys used for Session Tickets (RFC5077).
Piotr Sikora <piotr@cloudflare.com>
parents: 5387
diff changeset
788 prev->session_ticket_keys, NULL);
1356a3b96924 SSL: added ability to set keys used for Session Tickets (RFC5077).
Piotr Sikora <piotr@cloudflare.com>
parents: 5387
diff changeset
789
1356a3b96924 SSL: added ability to set keys used for Session Tickets (RFC5077).
Piotr Sikora <piotr@cloudflare.com>
parents: 5387
diff changeset
790 if (ngx_ssl_session_ticket_keys(cf, &conf->ssl, conf->session_ticket_keys)
1356a3b96924 SSL: added ability to set keys used for Session Tickets (RFC5077).
Piotr Sikora <piotr@cloudflare.com>
parents: 5387
diff changeset
791 != NGX_OK)
1356a3b96924 SSL: added ability to set keys used for Session Tickets (RFC5077).
Piotr Sikora <piotr@cloudflare.com>
parents: 5387
diff changeset
792 {
1356a3b96924 SSL: added ability to set keys used for Session Tickets (RFC5077).
Piotr Sikora <piotr@cloudflare.com>
parents: 5387
diff changeset
793 return NGX_CONF_ERROR;
1356a3b96924 SSL: added ability to set keys used for Session Tickets (RFC5077).
Piotr Sikora <piotr@cloudflare.com>
parents: 5387
diff changeset
794 }
1356a3b96924 SSL: added ability to set keys used for Session Tickets (RFC5077).
Piotr Sikora <piotr@cloudflare.com>
parents: 5387
diff changeset
795
4875
386a06a22c40 OCSP stapling: loading OCSP responses.
Maxim Dounin <mdounin@mdounin.ru>
parents: 4873
diff changeset
796 if (conf->stapling) {
386a06a22c40 OCSP stapling: loading OCSP responses.
Maxim Dounin <mdounin@mdounin.ru>
parents: 4873
diff changeset
797
4879
4a804fd04e6c OCSP stapling: ssl_stapling_verify directive.
Maxim Dounin <mdounin@mdounin.ru>
parents: 4875
diff changeset
798 if (ngx_ssl_stapling(cf, &conf->ssl, &conf->stapling_file,
4a804fd04e6c OCSP stapling: ssl_stapling_verify directive.
Maxim Dounin <mdounin@mdounin.ru>
parents: 4875
diff changeset
799 &conf->stapling_responder, conf->stapling_verify)
4875
386a06a22c40 OCSP stapling: loading OCSP responses.
Maxim Dounin <mdounin@mdounin.ru>
parents: 4873
diff changeset
800 != NGX_OK)
386a06a22c40 OCSP stapling: loading OCSP responses.
Maxim Dounin <mdounin@mdounin.ru>
parents: 4873
diff changeset
801 {
386a06a22c40 OCSP stapling: loading OCSP responses.
Maxim Dounin <mdounin@mdounin.ru>
parents: 4873
diff changeset
802 return NGX_CONF_ERROR;
386a06a22c40 OCSP stapling: loading OCSP responses.
Maxim Dounin <mdounin@mdounin.ru>
parents: 4873
diff changeset
803 }
386a06a22c40 OCSP stapling: loading OCSP responses.
Maxim Dounin <mdounin@mdounin.ru>
parents: 4873
diff changeset
804
4873
dd74fd35ceb5 OCSP stapling: ssl_stapling_file support.
Maxim Dounin <mdounin@mdounin.ru>
parents: 4872
diff changeset
805 }
dd74fd35ceb5 OCSP stapling: ssl_stapling_file support.
Maxim Dounin <mdounin@mdounin.ru>
parents: 4872
diff changeset
806
383
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
807 return NGX_CONF_OK;
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
808 }
563
9c2f3ed7a247 nginx-0.3.3-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 547
diff changeset
809
9c2f3ed7a247 nginx-0.3.3-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 547
diff changeset
810
973
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
811 static char *
2224
109849282793 *) listen ssl
Igor Sysoev <igor@sysoev.ru>
parents: 2124
diff changeset
812 ngx_http_ssl_enable(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
109849282793 *) listen ssl
Igor Sysoev <igor@sysoev.ru>
parents: 2124
diff changeset
813 {
109849282793 *) listen ssl
Igor Sysoev <igor@sysoev.ru>
parents: 2124
diff changeset
814 ngx_http_ssl_srv_conf_t *sscf = conf;
109849282793 *) listen ssl
Igor Sysoev <igor@sysoev.ru>
parents: 2124
diff changeset
815
109849282793 *) listen ssl
Igor Sysoev <igor@sysoev.ru>
parents: 2124
diff changeset
816 char *rv;
109849282793 *) listen ssl
Igor Sysoev <igor@sysoev.ru>
parents: 2124
diff changeset
817
109849282793 *) listen ssl
Igor Sysoev <igor@sysoev.ru>
parents: 2124
diff changeset
818 rv = ngx_conf_set_flag_slot(cf, cmd, conf);
109849282793 *) listen ssl
Igor Sysoev <igor@sysoev.ru>
parents: 2124
diff changeset
819
109849282793 *) listen ssl
Igor Sysoev <igor@sysoev.ru>
parents: 2124
diff changeset
820 if (rv != NGX_CONF_OK) {
109849282793 *) listen ssl
Igor Sysoev <igor@sysoev.ru>
parents: 2124
diff changeset
821 return rv;
109849282793 *) listen ssl
Igor Sysoev <igor@sysoev.ru>
parents: 2124
diff changeset
822 }
109849282793 *) listen ssl
Igor Sysoev <igor@sysoev.ru>
parents: 2124
diff changeset
823
109849282793 *) listen ssl
Igor Sysoev <igor@sysoev.ru>
parents: 2124
diff changeset
824 sscf->file = cf->conf_file->file.name.data;
109849282793 *) listen ssl
Igor Sysoev <igor@sysoev.ru>
parents: 2124
diff changeset
825 sscf->line = cf->conf_file->line;
109849282793 *) listen ssl
Igor Sysoev <igor@sysoev.ru>
parents: 2124
diff changeset
826
109849282793 *) listen ssl
Igor Sysoev <igor@sysoev.ru>
parents: 2124
diff changeset
827 return NGX_CONF_OK;
109849282793 *) listen ssl
Igor Sysoev <igor@sysoev.ru>
parents: 2124
diff changeset
828 }
109849282793 *) listen ssl
Igor Sysoev <igor@sysoev.ru>
parents: 2124
diff changeset
829
109849282793 *) listen ssl
Igor Sysoev <igor@sysoev.ru>
parents: 2124
diff changeset
830
109849282793 *) listen ssl
Igor Sysoev <igor@sysoev.ru>
parents: 2124
diff changeset
831 static char *
5744
42114bf12da0 SSL: the "ssl_password_file" directive.
Valentin Bartenev <vbart@nginx.com>
parents: 5700
diff changeset
832 ngx_http_ssl_password_file(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
42114bf12da0 SSL: the "ssl_password_file" directive.
Valentin Bartenev <vbart@nginx.com>
parents: 5700
diff changeset
833 {
42114bf12da0 SSL: the "ssl_password_file" directive.
Valentin Bartenev <vbart@nginx.com>
parents: 5700
diff changeset
834 ngx_http_ssl_srv_conf_t *sscf = conf;
42114bf12da0 SSL: the "ssl_password_file" directive.
Valentin Bartenev <vbart@nginx.com>
parents: 5700
diff changeset
835
42114bf12da0 SSL: the "ssl_password_file" directive.
Valentin Bartenev <vbart@nginx.com>
parents: 5700
diff changeset
836 ngx_str_t *value;
42114bf12da0 SSL: the "ssl_password_file" directive.
Valentin Bartenev <vbart@nginx.com>
parents: 5700
diff changeset
837
42114bf12da0 SSL: the "ssl_password_file" directive.
Valentin Bartenev <vbart@nginx.com>
parents: 5700
diff changeset
838 if (sscf->passwords != NGX_CONF_UNSET_PTR) {
42114bf12da0 SSL: the "ssl_password_file" directive.
Valentin Bartenev <vbart@nginx.com>
parents: 5700
diff changeset
839 return "is duplicate";
42114bf12da0 SSL: the "ssl_password_file" directive.
Valentin Bartenev <vbart@nginx.com>
parents: 5700
diff changeset
840 }
42114bf12da0 SSL: the "ssl_password_file" directive.
Valentin Bartenev <vbart@nginx.com>
parents: 5700
diff changeset
841
42114bf12da0 SSL: the "ssl_password_file" directive.
Valentin Bartenev <vbart@nginx.com>
parents: 5700
diff changeset
842 value = cf->args->elts;
42114bf12da0 SSL: the "ssl_password_file" directive.
Valentin Bartenev <vbart@nginx.com>
parents: 5700
diff changeset
843
42114bf12da0 SSL: the "ssl_password_file" directive.
Valentin Bartenev <vbart@nginx.com>
parents: 5700
diff changeset
844 sscf->passwords = ngx_ssl_read_password_file(cf, &value[1]);
42114bf12da0 SSL: the "ssl_password_file" directive.
Valentin Bartenev <vbart@nginx.com>
parents: 5700
diff changeset
845
42114bf12da0 SSL: the "ssl_password_file" directive.
Valentin Bartenev <vbart@nginx.com>
parents: 5700
diff changeset
846 if (sscf->passwords == NULL) {
42114bf12da0 SSL: the "ssl_password_file" directive.
Valentin Bartenev <vbart@nginx.com>
parents: 5700
diff changeset
847 return NGX_CONF_ERROR;
42114bf12da0 SSL: the "ssl_password_file" directive.
Valentin Bartenev <vbart@nginx.com>
parents: 5700
diff changeset
848 }
42114bf12da0 SSL: the "ssl_password_file" directive.
Valentin Bartenev <vbart@nginx.com>
parents: 5700
diff changeset
849
42114bf12da0 SSL: the "ssl_password_file" directive.
Valentin Bartenev <vbart@nginx.com>
parents: 5700
diff changeset
850 return NGX_CONF_OK;
42114bf12da0 SSL: the "ssl_password_file" directive.
Valentin Bartenev <vbart@nginx.com>
parents: 5700
diff changeset
851 }
42114bf12da0 SSL: the "ssl_password_file" directive.
Valentin Bartenev <vbart@nginx.com>
parents: 5700
diff changeset
852
42114bf12da0 SSL: the "ssl_password_file" directive.
Valentin Bartenev <vbart@nginx.com>
parents: 5700
diff changeset
853
42114bf12da0 SSL: the "ssl_password_file" directive.
Valentin Bartenev <vbart@nginx.com>
parents: 5700
diff changeset
854 static char *
973
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
855 ngx_http_ssl_session_cache(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
856 {
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
857 ngx_http_ssl_srv_conf_t *sscf = conf;
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
858
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
859 size_t len;
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
860 ngx_str_t *value, name, size;
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
861 ngx_int_t n;
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
862 ngx_uint_t i, j;
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
863
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
864 value = cf->args->elts;
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
865
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
866 for (i = 1; i < cf->args->nelts; i++) {
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
867
1778
14510c3cc6cb ssl_session_cache off
Igor Sysoev <igor@sysoev.ru>
parents: 1565
diff changeset
868 if (ngx_strcmp(value[i].data, "off") == 0) {
14510c3cc6cb ssl_session_cache off
Igor Sysoev <igor@sysoev.ru>
parents: 1565
diff changeset
869 sscf->builtin_session_cache = NGX_SSL_NO_SCACHE;
14510c3cc6cb ssl_session_cache off
Igor Sysoev <igor@sysoev.ru>
parents: 1565
diff changeset
870 continue;
14510c3cc6cb ssl_session_cache off
Igor Sysoev <igor@sysoev.ru>
parents: 1565
diff changeset
871 }
14510c3cc6cb ssl_session_cache off
Igor Sysoev <igor@sysoev.ru>
parents: 1565
diff changeset
872
2032
12b3ad3353f9 ssl_session_cache none
Igor Sysoev <igor@sysoev.ru>
parents: 1778
diff changeset
873 if (ngx_strcmp(value[i].data, "none") == 0) {
12b3ad3353f9 ssl_session_cache none
Igor Sysoev <igor@sysoev.ru>
parents: 1778
diff changeset
874 sscf->builtin_session_cache = NGX_SSL_NONE_SCACHE;
12b3ad3353f9 ssl_session_cache none
Igor Sysoev <igor@sysoev.ru>
parents: 1778
diff changeset
875 continue;
12b3ad3353f9 ssl_session_cache none
Igor Sysoev <igor@sysoev.ru>
parents: 1778
diff changeset
876 }
12b3ad3353f9 ssl_session_cache none
Igor Sysoev <igor@sysoev.ru>
parents: 1778
diff changeset
877
973
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
878 if (ngx_strcmp(value[i].data, "builtin") == 0) {
974
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents: 973
diff changeset
879 sscf->builtin_session_cache = NGX_SSL_DFLT_BUILTIN_SCACHE;
973
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
880 continue;
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
881 }
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
882
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
883 if (value[i].len > sizeof("builtin:") - 1
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
884 && ngx_strncmp(value[i].data, "builtin:", sizeof("builtin:") - 1)
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
885 == 0)
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
886 {
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
887 n = ngx_atoi(value[i].data + sizeof("builtin:") - 1,
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
888 value[i].len - (sizeof("builtin:") - 1));
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
889
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
890 if (n == NGX_ERROR) {
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
891 goto invalid;
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
892 }
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
893
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
894 sscf->builtin_session_cache = n;
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
895
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
896 continue;
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
897 }
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
898
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
899 if (value[i].len > sizeof("shared:") - 1
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
900 && ngx_strncmp(value[i].data, "shared:", sizeof("shared:") - 1)
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
901 == 0)
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
902 {
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
903 len = 0;
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
904
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
905 for (j = sizeof("shared:") - 1; j < value[i].len; j++) {
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
906 if (value[i].data[j] == ':') {
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
907 break;
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
908 }
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
909
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
910 len++;
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
911 }
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
912
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
913 if (len == 0) {
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
914 goto invalid;
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
915 }
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
916
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
917 name.len = len;
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
918 name.data = value[i].data + sizeof("shared:") - 1;
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
919
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
920 size.len = value[i].len - j - 1;
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
921 size.data = name.data + len + 1;
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
922
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
923 n = ngx_parse_size(&size);
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
924
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
925 if (n == NGX_ERROR) {
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
926 goto invalid;
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
927 }
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
928
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
929 if (n < (ngx_int_t) (8 * ngx_pagesize)) {
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
930 ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
974
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents: 973
diff changeset
931 "session cache \"%V\" is too small",
973
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
932 &value[i]);
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
933
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
934 return NGX_CONF_ERROR;
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
935 }
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
936
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
937 sscf->shm_zone = ngx_shared_memory_add(cf, &name, n,
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
938 &ngx_http_ssl_module);
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
939 if (sscf->shm_zone == NULL) {
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
940 return NGX_CONF_ERROR;
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
941 }
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
942
4153
7de74ed694c8 Fix for "ssl_session_cache builtin" (broken since 1.1.1, r3993).
Maxim Dounin <mdounin@mdounin.ru>
parents: 3992
diff changeset
943 sscf->shm_zone->init = ngx_ssl_session_cache_init;
7de74ed694c8 Fix for "ssl_session_cache builtin" (broken since 1.1.1, r3993).
Maxim Dounin <mdounin@mdounin.ru>
parents: 3992
diff changeset
944
973
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
945 continue;
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
946 }
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
947
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
948 goto invalid;
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
949 }
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
950
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
951 if (sscf->shm_zone && sscf->builtin_session_cache == NGX_CONF_UNSET) {
974
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents: 973
diff changeset
952 sscf->builtin_session_cache = NGX_SSL_NO_BUILTIN_SCACHE;
973
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
953 }
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
954
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
955 return NGX_CONF_OK;
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
956
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
957 invalid:
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
958
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
959 ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
960 "invalid session cache \"%V\"", &value[i]);
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
961
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
962 return NGX_CONF_ERROR;
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
963 }
4875
386a06a22c40 OCSP stapling: loading OCSP responses.
Maxim Dounin <mdounin@mdounin.ru>
parents: 4873
diff changeset
964
386a06a22c40 OCSP stapling: loading OCSP responses.
Maxim Dounin <mdounin@mdounin.ru>
parents: 4873
diff changeset
965
386a06a22c40 OCSP stapling: loading OCSP responses.
Maxim Dounin <mdounin@mdounin.ru>
parents: 4873
diff changeset
966 static ngx_int_t
386a06a22c40 OCSP stapling: loading OCSP responses.
Maxim Dounin <mdounin@mdounin.ru>
parents: 4873
diff changeset
967 ngx_http_ssl_init(ngx_conf_t *cf)
386a06a22c40 OCSP stapling: loading OCSP responses.
Maxim Dounin <mdounin@mdounin.ru>
parents: 4873
diff changeset
968 {
386a06a22c40 OCSP stapling: loading OCSP responses.
Maxim Dounin <mdounin@mdounin.ru>
parents: 4873
diff changeset
969 ngx_uint_t s;
386a06a22c40 OCSP stapling: loading OCSP responses.
Maxim Dounin <mdounin@mdounin.ru>
parents: 4873
diff changeset
970 ngx_http_ssl_srv_conf_t *sscf;
386a06a22c40 OCSP stapling: loading OCSP responses.
Maxim Dounin <mdounin@mdounin.ru>
parents: 4873
diff changeset
971 ngx_http_core_loc_conf_t *clcf;
386a06a22c40 OCSP stapling: loading OCSP responses.
Maxim Dounin <mdounin@mdounin.ru>
parents: 4873
diff changeset
972 ngx_http_core_srv_conf_t **cscfp;
386a06a22c40 OCSP stapling: loading OCSP responses.
Maxim Dounin <mdounin@mdounin.ru>
parents: 4873
diff changeset
973 ngx_http_core_main_conf_t *cmcf;
386a06a22c40 OCSP stapling: loading OCSP responses.
Maxim Dounin <mdounin@mdounin.ru>
parents: 4873
diff changeset
974
386a06a22c40 OCSP stapling: loading OCSP responses.
Maxim Dounin <mdounin@mdounin.ru>
parents: 4873
diff changeset
975 cmcf = ngx_http_conf_get_module_main_conf(cf, ngx_http_core_module);
386a06a22c40 OCSP stapling: loading OCSP responses.
Maxim Dounin <mdounin@mdounin.ru>
parents: 4873
diff changeset
976 cscfp = cmcf->servers.elts;
386a06a22c40 OCSP stapling: loading OCSP responses.
Maxim Dounin <mdounin@mdounin.ru>
parents: 4873
diff changeset
977
386a06a22c40 OCSP stapling: loading OCSP responses.
Maxim Dounin <mdounin@mdounin.ru>
parents: 4873
diff changeset
978 for (s = 0; s < cmcf->servers.nelts; s++) {
386a06a22c40 OCSP stapling: loading OCSP responses.
Maxim Dounin <mdounin@mdounin.ru>
parents: 4873
diff changeset
979
386a06a22c40 OCSP stapling: loading OCSP responses.
Maxim Dounin <mdounin@mdounin.ru>
parents: 4873
diff changeset
980 sscf = cscfp[s]->ctx->srv_conf[ngx_http_ssl_module.ctx_index];
386a06a22c40 OCSP stapling: loading OCSP responses.
Maxim Dounin <mdounin@mdounin.ru>
parents: 4873
diff changeset
981
4887
4b4f4cea6dfb OCSP stapling: properly check if there is ssl.ctx.
Maxim Dounin <mdounin@mdounin.ru>
parents: 4884
diff changeset
982 if (sscf->ssl.ctx == NULL || !sscf->stapling) {
4875
386a06a22c40 OCSP stapling: loading OCSP responses.
Maxim Dounin <mdounin@mdounin.ru>
parents: 4873
diff changeset
983 continue;
386a06a22c40 OCSP stapling: loading OCSP responses.
Maxim Dounin <mdounin@mdounin.ru>
parents: 4873
diff changeset
984 }
386a06a22c40 OCSP stapling: loading OCSP responses.
Maxim Dounin <mdounin@mdounin.ru>
parents: 4873
diff changeset
985
386a06a22c40 OCSP stapling: loading OCSP responses.
Maxim Dounin <mdounin@mdounin.ru>
parents: 4873
diff changeset
986 clcf = cscfp[s]->ctx->loc_conf[ngx_http_core_module.ctx_index];
386a06a22c40 OCSP stapling: loading OCSP responses.
Maxim Dounin <mdounin@mdounin.ru>
parents: 4873
diff changeset
987
386a06a22c40 OCSP stapling: loading OCSP responses.
Maxim Dounin <mdounin@mdounin.ru>
parents: 4873
diff changeset
988 if (ngx_ssl_stapling_resolver(cf, &sscf->ssl, clcf->resolver,
386a06a22c40 OCSP stapling: loading OCSP responses.
Maxim Dounin <mdounin@mdounin.ru>
parents: 4873
diff changeset
989 clcf->resolver_timeout)
386a06a22c40 OCSP stapling: loading OCSP responses.
Maxim Dounin <mdounin@mdounin.ru>
parents: 4873
diff changeset
990 != NGX_OK)
386a06a22c40 OCSP stapling: loading OCSP responses.
Maxim Dounin <mdounin@mdounin.ru>
parents: 4873
diff changeset
991 {
386a06a22c40 OCSP stapling: loading OCSP responses.
Maxim Dounin <mdounin@mdounin.ru>
parents: 4873
diff changeset
992 return NGX_ERROR;
386a06a22c40 OCSP stapling: loading OCSP responses.
Maxim Dounin <mdounin@mdounin.ru>
parents: 4873
diff changeset
993 }
386a06a22c40 OCSP stapling: loading OCSP responses.
Maxim Dounin <mdounin@mdounin.ru>
parents: 4873
diff changeset
994 }
386a06a22c40 OCSP stapling: loading OCSP responses.
Maxim Dounin <mdounin@mdounin.ru>
parents: 4873
diff changeset
995
386a06a22c40 OCSP stapling: loading OCSP responses.
Maxim Dounin <mdounin@mdounin.ru>
parents: 4873
diff changeset
996 return NGX_OK;
386a06a22c40 OCSP stapling: loading OCSP responses.
Maxim Dounin <mdounin@mdounin.ru>
parents: 4873
diff changeset
997 }