nginx: src/http/modules/ngx_http_ssl

annotate src/http/modules/ngx_http_ssl_module.c @ 5503:d049b0ea00a3

SSL: ssl_session_tickets directive. This adds support so it's possible to explicitly disable SSL Session Tickets. In order to have good Forward Secrecy support either the session ticket key has to be reloaded by using nginx' binary upgrade process or using an external key file and reloading the configuration. This directive adds another possibility to have good support by disabling session tickets altogether. If session tickets are enabled and the process lives for a long a time, an attacker can grab the session ticket from the process and use that to decrypt any traffic that occured during the entire lifetime of the process.

author	Dirkjan Bussink <d.bussink@gmail.com>
date	Fri, 10 Jan 2014 16:12:40 +0100
parents	a297b7ad6f94
children	8ed467553f6b

rev	line source
441 da8c5707af39 nginx-0.1.0-2004-09-28-12:34:51 import; set copyright and remove unused files Igor Sysoev <igor@sysoev.ru> parents: 396 diff changeset	1
da8c5707af39 nginx-0.1.0-2004-09-28-12:34:51 import; set copyright and remove unused files Igor Sysoev <igor@sysoev.ru> parents: 396 diff changeset	2 /*
444 42d11f017717 nginx-0.1.0-2004-09-29-20:00:49 import; remove years from copyright Igor Sysoev <igor@sysoev.ru> parents: 441 diff changeset	3 * Copyright (C) Igor Sysoev
4412 d620f497c50f Copyright updated. Maxim Konovalov <maxim@nginx.com> parents: 4400 diff changeset	4 * Copyright (C) Nginx, Inc.
441 da8c5707af39 nginx-0.1.0-2004-09-28-12:34:51 import; set copyright and remove unused files Igor Sysoev <igor@sysoev.ru> parents: 396 diff changeset	5 */
da8c5707af39 nginx-0.1.0-2004-09-28-12:34:51 import; set copyright and remove unused files Igor Sysoev <igor@sysoev.ru> parents: 396 diff changeset	6
383 c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	7
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	8 #include <ngx_config.h>
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	9 #include <ngx_core.h>
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	10 #include <ngx_http.h>
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	11
573 58475592100c nginx-0.3.8-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 563 diff changeset	12
671 cec32b3753ac nginx-0.3.57-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 669 diff changeset	13 typedef ngx_int_t (ngx_ssl_variable_handler_pt)(ngx_connection_t c,
cec32b3753ac nginx-0.3.57-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 669 diff changeset	14 ngx_pool_t pool, ngx_str_t s);
611 3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	15
3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	16
3960 0832a6997227 ECDHE support Igor Sysoev <igor@sysoev.ru> parents: 3959 diff changeset	17 #define NGX_DEFAULT_CIPHERS "HIGH:!aNULL:!MD5"
0832a6997227 ECDHE support Igor Sysoev <igor@sysoev.ru> parents: 3959 diff changeset	18 #define NGX_DEFAULT_ECDH_CURVE "prime256v1"
383 c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	19
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	20
5106 afee87b8190a SSL: Next Protocol Negotiation extension support. Valentin Bartenev <vbart@nginx.com> parents: 5077 diff changeset	21 #ifdef TLSEXT_TYPE_next_proto_neg
afee87b8190a SSL: Next Protocol Negotiation extension support. Valentin Bartenev <vbart@nginx.com> parents: 5077 diff changeset	22 static int ngx_http_ssl_npn_advertised(ngx_ssl_conn_t *ssl_conn,
afee87b8190a SSL: Next Protocol Negotiation extension support. Valentin Bartenev <vbart@nginx.com> parents: 5077 diff changeset	23 const unsigned char *out, unsigned int outlen, void *arg);
afee87b8190a SSL: Next Protocol Negotiation extension support. Valentin Bartenev <vbart@nginx.com> parents: 5077 diff changeset	24 #endif
afee87b8190a SSL: Next Protocol Negotiation extension support. Valentin Bartenev <vbart@nginx.com> parents: 5077 diff changeset	25
671 cec32b3753ac nginx-0.3.57-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 669 diff changeset	26 static ngx_int_t ngx_http_ssl_static_variable(ngx_http_request_t *r,
611 3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	27 ngx_http_variable_value_t *v, uintptr_t data);
671 cec32b3753ac nginx-0.3.57-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 669 diff changeset	28 static ngx_int_t ngx_http_ssl_variable(ngx_http_request_t *r,
647 95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	29 ngx_http_variable_value_t *v, uintptr_t data);
611 3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	30
3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	31 static ngx_int_t ngx_http_ssl_add_variables(ngx_conf_t *cf);
383 c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	32 static void ngx_http_ssl_create_srv_conf(ngx_conf_t cf);
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	33 static char ngx_http_ssl_merge_srv_conf(ngx_conf_t cf,
501 d4ea69372b94 nginx-0.1.25-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 485 diff changeset	34 void parent, void child);
383 c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	35
2224 109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	36 static char ngx_http_ssl_enable(ngx_conf_t cf, ngx_command_t *cmd,
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	37 void *conf);
973 e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	38 static char ngx_http_ssl_session_cache(ngx_conf_t cf, ngx_command_t *cmd,
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	39 void *conf);
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	40
4875 386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4873 diff changeset	41 static ngx_int_t ngx_http_ssl_init(ngx_conf_t *cf);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4873 diff changeset	42
383 c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	43
547 818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	44 static ngx_conf_bitmask_t ngx_http_ssl_protocols[] = {
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	45 { ngx_string("SSLv2"), NGX_SSL_SSLv2 },
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	46 { ngx_string("SSLv3"), NGX_SSL_SSLv3 },
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	47 { ngx_string("TLSv1"), NGX_SSL_TLSv1 },
4400 a0505851e70c Added support for TLSv1.1, TLSv1.2 in ssl_protocols directive. Maxim Dounin <mdounin@mdounin.ru> parents: 4273 diff changeset	48 { ngx_string("TLSv1.1"), NGX_SSL_TLSv1_1 },
a0505851e70c Added support for TLSv1.1, TLSv1.2 in ssl_protocols directive. Maxim Dounin <mdounin@mdounin.ru> parents: 4273 diff changeset	49 { ngx_string("TLSv1.2"), NGX_SSL_TLSv1_2 },
547 818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	50 { ngx_null_string, 0 }
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	51 };
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	52
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	53
2123 9697407e9ecb ) ssl_verify_client ask Igor Sysoev <igor@sysoev.ru>* parents: 2045 diff changeset	54 static ngx_conf_enum_t ngx_http_ssl_verify[] = {
9697407e9ecb ) ssl_verify_client ask Igor Sysoev <igor@sysoev.ru>* parents: 2045 diff changeset	55 { ngx_string("off"), 0 },
9697407e9ecb ) ssl_verify_client ask Igor Sysoev <igor@sysoev.ru>* parents: 2045 diff changeset	56 { ngx_string("on"), 1 },
2994 f33c48457d0c ) $ssl_client_verify Igor Sysoev <igor@sysoev.ru>* parents: 2912 diff changeset	57 { ngx_string("optional"), 2 },
4884 e406c997470a SSL: the "ssl_verify_client" directive parameter "optional_no_ca". Maxim Dounin <mdounin@mdounin.ru> parents: 4879 diff changeset	58 { ngx_string("optional_no_ca"), 3 },
2123 9697407e9ecb ) ssl_verify_client ask Igor Sysoev <igor@sysoev.ru>* parents: 2045 diff changeset	59 { ngx_null_string, 0 }
9697407e9ecb ) ssl_verify_client ask Igor Sysoev <igor@sysoev.ru>* parents: 2045 diff changeset	60 };
9697407e9ecb ) ssl_verify_client ask Igor Sysoev <igor@sysoev.ru>* parents: 2045 diff changeset	61
9697407e9ecb ) ssl_verify_client ask Igor Sysoev <igor@sysoev.ru>* parents: 2045 diff changeset	62
395 f8f0f1834266 nginx-0.0.7-2004-07-16-21:11:43 import Igor Sysoev <igor@sysoev.ru> parents: 394 diff changeset	63 static ngx_command_t ngx_http_ssl_commands[] = {
383 c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	64
393 5659d773cfa8 nginx-0.0.7-2004-07-15-20:35:51 import Igor Sysoev <igor@sysoev.ru> parents: 392 diff changeset	65 { ngx_string("ssl"),
599 869b6444d234 nginx-0.3.21-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 573 diff changeset	66 NGX_HTTP_MAIN_CONF\|NGX_HTTP_SRV_CONF\|NGX_CONF_FLAG,
2224 109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	67 ngx_http_ssl_enable,
383 c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	68 NGX_HTTP_SRV_CONF_OFFSET,
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	69 offsetof(ngx_http_ssl_srv_conf_t, enable),
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	70 NULL },
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	71
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	72 { ngx_string("ssl_certificate"),
599 869b6444d234 nginx-0.3.21-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 573 diff changeset	73 NGX_HTTP_MAIN_CONF\|NGX_HTTP_SRV_CONF\|NGX_CONF_TAKE1,
383 c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	74 ngx_conf_set_str_slot,
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	75 NGX_HTTP_SRV_CONF_OFFSET,
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	76 offsetof(ngx_http_ssl_srv_conf_t, certificate),
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	77 NULL },
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	78
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	79 { ngx_string("ssl_certificate_key"),
599 869b6444d234 nginx-0.3.21-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 573 diff changeset	80 NGX_HTTP_MAIN_CONF\|NGX_HTTP_SRV_CONF\|NGX_CONF_TAKE1,
383 c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	81 ngx_conf_set_str_slot,
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	82 NGX_HTTP_SRV_CONF_OFFSET,
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	83 offsetof(ngx_http_ssl_srv_conf_t, certificate_key),
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	84 NULL },
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	85
2044 f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	86 { ngx_string("ssl_dhparam"),
f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	87 NGX_HTTP_MAIN_CONF\|NGX_HTTP_SRV_CONF\|NGX_CONF_TAKE1,
f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	88 ngx_conf_set_str_slot,
f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	89 NGX_HTTP_SRV_CONF_OFFSET,
f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	90 offsetof(ngx_http_ssl_srv_conf_t, dhparam),
f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	91 NULL },
f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	92
3960 0832a6997227 ECDHE support Igor Sysoev <igor@sysoev.ru> parents: 3959 diff changeset	93 { ngx_string("ssl_ecdh_curve"),
0832a6997227 ECDHE support Igor Sysoev <igor@sysoev.ru> parents: 3959 diff changeset	94 NGX_HTTP_MAIN_CONF\|NGX_HTTP_SRV_CONF\|NGX_CONF_TAKE1,
0832a6997227 ECDHE support Igor Sysoev <igor@sysoev.ru> parents: 3959 diff changeset	95 ngx_conf_set_str_slot,
0832a6997227 ECDHE support Igor Sysoev <igor@sysoev.ru> parents: 3959 diff changeset	96 NGX_HTTP_SRV_CONF_OFFSET,
0832a6997227 ECDHE support Igor Sysoev <igor@sysoev.ru> parents: 3959 diff changeset	97 offsetof(ngx_http_ssl_srv_conf_t, ecdh_curve),
0832a6997227 ECDHE support Igor Sysoev <igor@sysoev.ru> parents: 3959 diff changeset	98 NULL },
0832a6997227 ECDHE support Igor Sysoev <igor@sysoev.ru> parents: 3959 diff changeset	99
547 818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	100 { ngx_string("ssl_protocols"),
563 9c2f3ed7a247 nginx-0.3.3-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 547 diff changeset	101 NGX_HTTP_MAIN_CONF\|NGX_HTTP_SRV_CONF\|NGX_CONF_1MORE,
547 818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	102 ngx_conf_set_bitmask_slot,
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	103 NGX_HTTP_SRV_CONF_OFFSET,
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	104 offsetof(ngx_http_ssl_srv_conf_t, protocols),
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	105 &ngx_http_ssl_protocols },
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	106
479 c52408583801 nginx-0.1.14-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 444 diff changeset	107 { ngx_string("ssl_ciphers"),
563 9c2f3ed7a247 nginx-0.3.3-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 547 diff changeset	108 NGX_HTTP_MAIN_CONF\|NGX_HTTP_SRV_CONF\|NGX_CONF_TAKE1,
479 c52408583801 nginx-0.1.14-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 444 diff changeset	109 ngx_conf_set_str_slot,
c52408583801 nginx-0.1.14-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 444 diff changeset	110 NGX_HTTP_SRV_CONF_OFFSET,
c52408583801 nginx-0.1.14-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 444 diff changeset	111 offsetof(ngx_http_ssl_srv_conf_t, ciphers),
c52408583801 nginx-0.1.14-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 444 diff changeset	112 NULL },
c52408583801 nginx-0.1.14-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 444 diff changeset	113
5487 a297b7ad6f94 SSL: ssl_buffer_size directive. Maxim Dounin <mdounin@mdounin.ru> parents: 5425 diff changeset	114 { ngx_string("ssl_buffer_size"),
a297b7ad6f94 SSL: ssl_buffer_size directive. Maxim Dounin <mdounin@mdounin.ru> parents: 5425 diff changeset	115 NGX_HTTP_MAIN_CONF\|NGX_HTTP_SRV_CONF\|NGX_CONF_TAKE1,
a297b7ad6f94 SSL: ssl_buffer_size directive. Maxim Dounin <mdounin@mdounin.ru> parents: 5425 diff changeset	116 ngx_conf_set_size_slot,
a297b7ad6f94 SSL: ssl_buffer_size directive. Maxim Dounin <mdounin@mdounin.ru> parents: 5425 diff changeset	117 NGX_HTTP_SRV_CONF_OFFSET,
a297b7ad6f94 SSL: ssl_buffer_size directive. Maxim Dounin <mdounin@mdounin.ru> parents: 5425 diff changeset	118 offsetof(ngx_http_ssl_srv_conf_t, buffer_size),
a297b7ad6f94 SSL: ssl_buffer_size directive. Maxim Dounin <mdounin@mdounin.ru> parents: 5425 diff changeset	119 NULL },
a297b7ad6f94 SSL: ssl_buffer_size directive. Maxim Dounin <mdounin@mdounin.ru> parents: 5425 diff changeset	120
647 95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	121 { ngx_string("ssl_verify_client"),
4273 e444e8f6538b Fixed NGX_CONF_TAKE1/NGX_CONF_FLAG misuse. Sergey Budnevitch <sb@waeme.net> parents: 4234 diff changeset	122 NGX_HTTP_MAIN_CONF\|NGX_HTTP_SRV_CONF\|NGX_CONF_TAKE1,
2123 9697407e9ecb ) ssl_verify_client ask Igor Sysoev <igor@sysoev.ru>* parents: 2045 diff changeset	123 ngx_conf_set_enum_slot,
647 95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	124 NGX_HTTP_SRV_CONF_OFFSET,
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	125 offsetof(ngx_http_ssl_srv_conf_t, verify),
2123 9697407e9ecb ) ssl_verify_client ask Igor Sysoev <igor@sysoev.ru>* parents: 2045 diff changeset	126 &ngx_http_ssl_verify },
647 95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	127
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	128 { ngx_string("ssl_verify_depth"),
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	129 NGX_HTTP_MAIN_CONF\|NGX_HTTP_SRV_CONF\|NGX_CONF_1MORE,
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	130 ngx_conf_set_num_slot,
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	131 NGX_HTTP_SRV_CONF_OFFSET,
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	132 offsetof(ngx_http_ssl_srv_conf_t, verify_depth),
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	133 NULL },
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	134
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	135 { ngx_string("ssl_client_certificate"),
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	136 NGX_HTTP_MAIN_CONF\|NGX_HTTP_SRV_CONF\|NGX_CONF_TAKE1,
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	137 ngx_conf_set_str_slot,
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	138 NGX_HTTP_SRV_CONF_OFFSET,
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	139 offsetof(ngx_http_ssl_srv_conf_t, client_certificate),
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	140 NULL },
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	141
4872 7c3cca603438 OCSP stapling: ssl_trusted_certificate directive. Maxim Dounin <mdounin@mdounin.ru> parents: 4412 diff changeset	142 { ngx_string("ssl_trusted_certificate"),
7c3cca603438 OCSP stapling: ssl_trusted_certificate directive. Maxim Dounin <mdounin@mdounin.ru> parents: 4412 diff changeset	143 NGX_HTTP_MAIN_CONF\|NGX_HTTP_SRV_CONF\|NGX_CONF_TAKE1,
7c3cca603438 OCSP stapling: ssl_trusted_certificate directive. Maxim Dounin <mdounin@mdounin.ru> parents: 4412 diff changeset	144 ngx_conf_set_str_slot,
7c3cca603438 OCSP stapling: ssl_trusted_certificate directive. Maxim Dounin <mdounin@mdounin.ru> parents: 4412 diff changeset	145 NGX_HTTP_SRV_CONF_OFFSET,
7c3cca603438 OCSP stapling: ssl_trusted_certificate directive. Maxim Dounin <mdounin@mdounin.ru> parents: 4412 diff changeset	146 offsetof(ngx_http_ssl_srv_conf_t, trusted_certificate),
7c3cca603438 OCSP stapling: ssl_trusted_certificate directive. Maxim Dounin <mdounin@mdounin.ru> parents: 4412 diff changeset	147 NULL },
7c3cca603438 OCSP stapling: ssl_trusted_certificate directive. Maxim Dounin <mdounin@mdounin.ru> parents: 4412 diff changeset	148
547 818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	149 { ngx_string("ssl_prefer_server_ciphers"),
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	150 NGX_HTTP_MAIN_CONF\|NGX_HTTP_SRV_CONF\|NGX_CONF_FLAG,
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	151 ngx_conf_set_flag_slot,
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	152 NGX_HTTP_SRV_CONF_OFFSET,
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	153 offsetof(ngx_http_ssl_srv_conf_t, prefer_server_ciphers),
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	154 NULL },
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	155
973 e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	156 { ngx_string("ssl_session_cache"),
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	157 NGX_HTTP_MAIN_CONF\|NGX_HTTP_SRV_CONF\|NGX_CONF_TAKE12,
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	158 ngx_http_ssl_session_cache,
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	159 NGX_HTTP_SRV_CONF_OFFSET,
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	160 0,
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	161 NULL },
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	162
5503 d049b0ea00a3 SSL: ssl_session_tickets directive. Dirkjan Bussink <d.bussink@gmail.com> parents: 5487 diff changeset	163 { ngx_string("ssl_session_tickets"),
d049b0ea00a3 SSL: ssl_session_tickets directive. Dirkjan Bussink <d.bussink@gmail.com> parents: 5487 diff changeset	164 NGX_HTTP_MAIN_CONF\|NGX_HTTP_SRV_CONF\|NGX_CONF_FLAG,
d049b0ea00a3 SSL: ssl_session_tickets directive. Dirkjan Bussink <d.bussink@gmail.com> parents: 5487 diff changeset	165 ngx_conf_set_flag_slot,
d049b0ea00a3 SSL: ssl_session_tickets directive. Dirkjan Bussink <d.bussink@gmail.com> parents: 5487 diff changeset	166 NGX_HTTP_SRV_CONF_OFFSET,
d049b0ea00a3 SSL: ssl_session_tickets directive. Dirkjan Bussink <d.bussink@gmail.com> parents: 5487 diff changeset	167 offsetof(ngx_http_ssl_srv_conf_t, session_tickets),
d049b0ea00a3 SSL: ssl_session_tickets directive. Dirkjan Bussink <d.bussink@gmail.com> parents: 5487 diff changeset	168 NULL },
d049b0ea00a3 SSL: ssl_session_tickets directive. Dirkjan Bussink <d.bussink@gmail.com> parents: 5487 diff changeset	169
5425 1356a3b96924 SSL: added ability to set keys used for Session Tickets (RFC5077). Piotr Sikora <piotr@cloudflare.com> parents: 5387 diff changeset	170 { ngx_string("ssl_session_ticket_key"),
1356a3b96924 SSL: added ability to set keys used for Session Tickets (RFC5077). Piotr Sikora <piotr@cloudflare.com> parents: 5387 diff changeset	171 NGX_HTTP_MAIN_CONF\|NGX_HTTP_SRV_CONF\|NGX_CONF_TAKE1,
1356a3b96924 SSL: added ability to set keys used for Session Tickets (RFC5077). Piotr Sikora <piotr@cloudflare.com> parents: 5387 diff changeset	172 ngx_conf_set_str_array_slot,
1356a3b96924 SSL: added ability to set keys used for Session Tickets (RFC5077). Piotr Sikora <piotr@cloudflare.com> parents: 5387 diff changeset	173 NGX_HTTP_SRV_CONF_OFFSET,
1356a3b96924 SSL: added ability to set keys used for Session Tickets (RFC5077). Piotr Sikora <piotr@cloudflare.com> parents: 5387 diff changeset	174 offsetof(ngx_http_ssl_srv_conf_t, session_ticket_keys),
1356a3b96924 SSL: added ability to set keys used for Session Tickets (RFC5077). Piotr Sikora <piotr@cloudflare.com> parents: 5387 diff changeset	175 NULL },
1356a3b96924 SSL: added ability to set keys used for Session Tickets (RFC5077). Piotr Sikora <piotr@cloudflare.com> parents: 5387 diff changeset	176
573 58475592100c nginx-0.3.8-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 563 diff changeset	177 { ngx_string("ssl_session_timeout"),
58475592100c nginx-0.3.8-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 563 diff changeset	178 NGX_HTTP_MAIN_CONF\|NGX_HTTP_SRV_CONF\|NGX_CONF_TAKE1,
58475592100c nginx-0.3.8-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 563 diff changeset	179 ngx_conf_set_sec_slot,
58475592100c nginx-0.3.8-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 563 diff changeset	180 NGX_HTTP_SRV_CONF_OFFSET,
58475592100c nginx-0.3.8-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 563 diff changeset	181 offsetof(ngx_http_ssl_srv_conf_t, session_timeout),
58475592100c nginx-0.3.8-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 563 diff changeset	182 NULL },
58475592100c nginx-0.3.8-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 563 diff changeset	183
2995 cc07d164f0dc ssl_crl Igor Sysoev <igor@sysoev.ru> parents: 2994 diff changeset	184 { ngx_string("ssl_crl"),
cc07d164f0dc ssl_crl Igor Sysoev <igor@sysoev.ru> parents: 2994 diff changeset	185 NGX_HTTP_MAIN_CONF\|NGX_HTTP_SRV_CONF\|NGX_CONF_TAKE1,
cc07d164f0dc ssl_crl Igor Sysoev <igor@sysoev.ru> parents: 2994 diff changeset	186 ngx_conf_set_str_slot,
cc07d164f0dc ssl_crl Igor Sysoev <igor@sysoev.ru> parents: 2994 diff changeset	187 NGX_HTTP_SRV_CONF_OFFSET,
cc07d164f0dc ssl_crl Igor Sysoev <igor@sysoev.ru> parents: 2994 diff changeset	188 offsetof(ngx_http_ssl_srv_conf_t, crl),
cc07d164f0dc ssl_crl Igor Sysoev <igor@sysoev.ru> parents: 2994 diff changeset	189 NULL },
cc07d164f0dc ssl_crl Igor Sysoev <igor@sysoev.ru> parents: 2994 diff changeset	190
4873 dd74fd35ceb5 OCSP stapling: ssl_stapling_file support. Maxim Dounin <mdounin@mdounin.ru> parents: 4872 diff changeset	191 { ngx_string("ssl_stapling"),
dd74fd35ceb5 OCSP stapling: ssl_stapling_file support. Maxim Dounin <mdounin@mdounin.ru> parents: 4872 diff changeset	192 NGX_HTTP_MAIN_CONF\|NGX_HTTP_SRV_CONF\|NGX_CONF_FLAG,
dd74fd35ceb5 OCSP stapling: ssl_stapling_file support. Maxim Dounin <mdounin@mdounin.ru> parents: 4872 diff changeset	193 ngx_conf_set_flag_slot,
dd74fd35ceb5 OCSP stapling: ssl_stapling_file support. Maxim Dounin <mdounin@mdounin.ru> parents: 4872 diff changeset	194 NGX_HTTP_SRV_CONF_OFFSET,
dd74fd35ceb5 OCSP stapling: ssl_stapling_file support. Maxim Dounin <mdounin@mdounin.ru> parents: 4872 diff changeset	195 offsetof(ngx_http_ssl_srv_conf_t, stapling),
dd74fd35ceb5 OCSP stapling: ssl_stapling_file support. Maxim Dounin <mdounin@mdounin.ru> parents: 4872 diff changeset	196 NULL },
dd74fd35ceb5 OCSP stapling: ssl_stapling_file support. Maxim Dounin <mdounin@mdounin.ru> parents: 4872 diff changeset	197
dd74fd35ceb5 OCSP stapling: ssl_stapling_file support. Maxim Dounin <mdounin@mdounin.ru> parents: 4872 diff changeset	198 { ngx_string("ssl_stapling_file"),
dd74fd35ceb5 OCSP stapling: ssl_stapling_file support. Maxim Dounin <mdounin@mdounin.ru> parents: 4872 diff changeset	199 NGX_HTTP_MAIN_CONF\|NGX_HTTP_SRV_CONF\|NGX_CONF_TAKE1,
dd74fd35ceb5 OCSP stapling: ssl_stapling_file support. Maxim Dounin <mdounin@mdounin.ru> parents: 4872 diff changeset	200 ngx_conf_set_str_slot,
dd74fd35ceb5 OCSP stapling: ssl_stapling_file support. Maxim Dounin <mdounin@mdounin.ru> parents: 4872 diff changeset	201 NGX_HTTP_SRV_CONF_OFFSET,
dd74fd35ceb5 OCSP stapling: ssl_stapling_file support. Maxim Dounin <mdounin@mdounin.ru> parents: 4872 diff changeset	202 offsetof(ngx_http_ssl_srv_conf_t, stapling_file),
dd74fd35ceb5 OCSP stapling: ssl_stapling_file support. Maxim Dounin <mdounin@mdounin.ru> parents: 4872 diff changeset	203 NULL },
dd74fd35ceb5 OCSP stapling: ssl_stapling_file support. Maxim Dounin <mdounin@mdounin.ru> parents: 4872 diff changeset	204
4875 386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4873 diff changeset	205 { ngx_string("ssl_stapling_responder"),
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4873 diff changeset	206 NGX_HTTP_MAIN_CONF\|NGX_HTTP_SRV_CONF\|NGX_CONF_TAKE1,
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4873 diff changeset	207 ngx_conf_set_str_slot,
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4873 diff changeset	208 NGX_HTTP_SRV_CONF_OFFSET,
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4873 diff changeset	209 offsetof(ngx_http_ssl_srv_conf_t, stapling_responder),
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4873 diff changeset	210 NULL },
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4873 diff changeset	211
4879 4a804fd04e6c OCSP stapling: ssl_stapling_verify directive. Maxim Dounin <mdounin@mdounin.ru> parents: 4875 diff changeset	212 { ngx_string("ssl_stapling_verify"),
4a804fd04e6c OCSP stapling: ssl_stapling_verify directive. Maxim Dounin <mdounin@mdounin.ru> parents: 4875 diff changeset	213 NGX_HTTP_MAIN_CONF\|NGX_HTTP_SRV_CONF\|NGX_CONF_FLAG,
4a804fd04e6c OCSP stapling: ssl_stapling_verify directive. Maxim Dounin <mdounin@mdounin.ru> parents: 4875 diff changeset	214 ngx_conf_set_flag_slot,
4a804fd04e6c OCSP stapling: ssl_stapling_verify directive. Maxim Dounin <mdounin@mdounin.ru> parents: 4875 diff changeset	215 NGX_HTTP_SRV_CONF_OFFSET,
4a804fd04e6c OCSP stapling: ssl_stapling_verify directive. Maxim Dounin <mdounin@mdounin.ru> parents: 4875 diff changeset	216 offsetof(ngx_http_ssl_srv_conf_t, stapling_verify),
4a804fd04e6c OCSP stapling: ssl_stapling_verify directive. Maxim Dounin <mdounin@mdounin.ru> parents: 4875 diff changeset	217 NULL },
4a804fd04e6c OCSP stapling: ssl_stapling_verify directive. Maxim Dounin <mdounin@mdounin.ru> parents: 4875 diff changeset	218
383 c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	219 ngx_null_command
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	220 };
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	221
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	222
395 f8f0f1834266 nginx-0.0.7-2004-07-16-21:11:43 import Igor Sysoev <igor@sysoev.ru> parents: 394 diff changeset	223 static ngx_http_module_t ngx_http_ssl_module_ctx = {
611 3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	224 ngx_http_ssl_add_variables, /* preconfiguration */
4875 386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4873 diff changeset	225 ngx_http_ssl_init, /* postconfiguration */
383 c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	226
541 b09ee85d0ac8 nginx-0.1.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 529 diff changeset	227 NULL, /* create main configuration */
b09ee85d0ac8 nginx-0.1.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 529 diff changeset	228 NULL, /* init main configuration */
383 c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	229
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	230 ngx_http_ssl_create_srv_conf, /* create server configuration */
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	231 ngx_http_ssl_merge_srv_conf, /* merge server configuration */
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	232
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	233 NULL, /* create location configuration */
485 4ebe09b07e30 nginx-0.1.17-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 479 diff changeset	234 NULL /* merge location configuration */
383 c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	235 };
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	236
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	237
395 f8f0f1834266 nginx-0.0.7-2004-07-16-21:11:43 import Igor Sysoev <igor@sysoev.ru> parents: 394 diff changeset	238 ngx_module_t ngx_http_ssl_module = {
509 9b8c906f6e63 nginx-0.1.29-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 507 diff changeset	239 NGX_MODULE_V1,
395 f8f0f1834266 nginx-0.0.7-2004-07-16-21:11:43 import Igor Sysoev <igor@sysoev.ru> parents: 394 diff changeset	240 &ngx_http_ssl_module_ctx, /* module context */
f8f0f1834266 nginx-0.0.7-2004-07-16-21:11:43 import Igor Sysoev <igor@sysoev.ru> parents: 394 diff changeset	241 ngx_http_ssl_commands, /* module directives */
383 c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	242 NGX_HTTP_MODULE, /* module type */
541 b09ee85d0ac8 nginx-0.1.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 529 diff changeset	243 NULL, /* init master */
393 5659d773cfa8 nginx-0.0.7-2004-07-15-20:35:51 import Igor Sysoev <igor@sysoev.ru> parents: 392 diff changeset	244 NULL, /* init module */
541 b09ee85d0ac8 nginx-0.1.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 529 diff changeset	245 NULL, /* init process */
b09ee85d0ac8 nginx-0.1.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 529 diff changeset	246 NULL, /* init thread */
b09ee85d0ac8 nginx-0.1.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 529 diff changeset	247 NULL, /* exit thread */
b09ee85d0ac8 nginx-0.1.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 529 diff changeset	248 NULL, /* exit process */
b09ee85d0ac8 nginx-0.1.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 529 diff changeset	249 NULL, /* exit master */
b09ee85d0ac8 nginx-0.1.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 529 diff changeset	250 NGX_MODULE_V1_PADDING
383 c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	251 };
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	252
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	253
611 3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	254 static ngx_http_variable_t ngx_http_ssl_vars[] = {
3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	255
671 cec32b3753ac nginx-0.3.57-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 669 diff changeset	256 { ngx_string("ssl_protocol"), NULL, ngx_http_ssl_static_variable,
1565 4c43e25d11ea fix English grammar Igor Sysoev <igor@sysoev.ru> parents: 1310 diff changeset	257 (uintptr_t) ngx_ssl_get_protocol, NGX_HTTP_VAR_CHANGEABLE, 0 },
611 3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	258
671 cec32b3753ac nginx-0.3.57-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 669 diff changeset	259 { ngx_string("ssl_cipher"), NULL, ngx_http_ssl_static_variable,
1565 4c43e25d11ea fix English grammar Igor Sysoev <igor@sysoev.ru> parents: 1310 diff changeset	260 (uintptr_t) ngx_ssl_get_cipher_name, NGX_HTTP_VAR_CHANGEABLE, 0 },
611 3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	261
3154 823f72db46c0 $ssl_session_id Igor Sysoev <igor@sysoev.ru> parents: 3140 diff changeset	262 { ngx_string("ssl_session_id"), NULL, ngx_http_ssl_variable,
823f72db46c0 $ssl_session_id Igor Sysoev <igor@sysoev.ru> parents: 3140 diff changeset	263 (uintptr_t) ngx_ssl_get_session_id, NGX_HTTP_VAR_CHANGEABLE, 0 },
823f72db46c0 $ssl_session_id Igor Sysoev <igor@sysoev.ru> parents: 3140 diff changeset	264
2045 2b11822b12d6 $ssl_client_cert Igor Sysoev <igor@sysoev.ru> parents: 2044 diff changeset	265 { ngx_string("ssl_client_cert"), NULL, ngx_http_ssl_variable,
2b11822b12d6 $ssl_client_cert Igor Sysoev <igor@sysoev.ru> parents: 2044 diff changeset	266 (uintptr_t) ngx_ssl_get_certificate, NGX_HTTP_VAR_CHANGEABLE, 0 },
2b11822b12d6 $ssl_client_cert Igor Sysoev <igor@sysoev.ru> parents: 2044 diff changeset	267
2123 9697407e9ecb ) ssl_verify_client ask Igor Sysoev <igor@sysoev.ru>* parents: 2045 diff changeset	268 { ngx_string("ssl_client_raw_cert"), NULL, ngx_http_ssl_variable,
9697407e9ecb ) ssl_verify_client ask Igor Sysoev <igor@sysoev.ru>* parents: 2045 diff changeset	269 (uintptr_t) ngx_ssl_get_raw_certificate,
9697407e9ecb ) ssl_verify_client ask Igor Sysoev <igor@sysoev.ru>* parents: 2045 diff changeset	270 NGX_HTTP_VAR_CHANGEABLE, 0 },
9697407e9ecb ) ssl_verify_client ask Igor Sysoev <igor@sysoev.ru>* parents: 2045 diff changeset	271
671 cec32b3753ac nginx-0.3.57-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 669 diff changeset	272 { ngx_string("ssl_client_s_dn"), NULL, ngx_http_ssl_variable,
1565 4c43e25d11ea fix English grammar Igor Sysoev <igor@sysoev.ru> parents: 1310 diff changeset	273 (uintptr_t) ngx_ssl_get_subject_dn, NGX_HTTP_VAR_CHANGEABLE, 0 },
647 95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	274
671 cec32b3753ac nginx-0.3.57-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 669 diff changeset	275 { ngx_string("ssl_client_i_dn"), NULL, ngx_http_ssl_variable,
1565 4c43e25d11ea fix English grammar Igor Sysoev <igor@sysoev.ru> parents: 1310 diff changeset	276 (uintptr_t) ngx_ssl_get_issuer_dn, NGX_HTTP_VAR_CHANGEABLE, 0 },
671 cec32b3753ac nginx-0.3.57-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 669 diff changeset	277
cec32b3753ac nginx-0.3.57-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 669 diff changeset	278 { ngx_string("ssl_client_serial"), NULL, ngx_http_ssl_variable,
1565 4c43e25d11ea fix English grammar Igor Sysoev <igor@sysoev.ru> parents: 1310 diff changeset	279 (uintptr_t) ngx_ssl_get_serial_number, NGX_HTTP_VAR_CHANGEABLE, 0 },
647 95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	280
2994 f33c48457d0c ) $ssl_client_verify Igor Sysoev <igor@sysoev.ru>* parents: 2912 diff changeset	281 { ngx_string("ssl_client_verify"), NULL, ngx_http_ssl_variable,
f33c48457d0c ) $ssl_client_verify Igor Sysoev <igor@sysoev.ru>* parents: 2912 diff changeset	282 (uintptr_t) ngx_ssl_get_client_verify, NGX_HTTP_VAR_CHANGEABLE, 0 },
f33c48457d0c ) $ssl_client_verify Igor Sysoev <igor@sysoev.ru>* parents: 2912 diff changeset	283
637 e60fe4cf1d4e nginx-0.3.40-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 611 diff changeset	284 { ngx_null_string, NULL, NULL, 0, 0, 0 }
611 3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	285 };
3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	286
3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	287
974 8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 973 diff changeset	288 static ngx_str_t ngx_http_ssl_sess_id_ctx = ngx_string("HTTP");
973 e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	289
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	290
5106 afee87b8190a SSL: Next Protocol Negotiation extension support. Valentin Bartenev <vbart@nginx.com> parents: 5077 diff changeset	291 #ifdef TLSEXT_TYPE_next_proto_neg
afee87b8190a SSL: Next Protocol Negotiation extension support. Valentin Bartenev <vbart@nginx.com> parents: 5077 diff changeset	292
afee87b8190a SSL: Next Protocol Negotiation extension support. Valentin Bartenev <vbart@nginx.com> parents: 5077 diff changeset	293 #define NGX_HTTP_NPN_ADVERTISE "\x08http/1.1"
afee87b8190a SSL: Next Protocol Negotiation extension support. Valentin Bartenev <vbart@nginx.com> parents: 5077 diff changeset	294
afee87b8190a SSL: Next Protocol Negotiation extension support. Valentin Bartenev <vbart@nginx.com> parents: 5077 diff changeset	295 static int
afee87b8190a SSL: Next Protocol Negotiation extension support. Valentin Bartenev <vbart@nginx.com> parents: 5077 diff changeset	296 ngx_http_ssl_npn_advertised(ngx_ssl_conn_t *ssl_conn,
afee87b8190a SSL: Next Protocol Negotiation extension support. Valentin Bartenev <vbart@nginx.com> parents: 5077 diff changeset	297 const unsigned char *out, unsigned int outlen, void *arg)
afee87b8190a SSL: Next Protocol Negotiation extension support. Valentin Bartenev <vbart@nginx.com> parents: 5077 diff changeset	298 {
5121 c0f7b94e88ba Preliminary experimental support for SPDY draft 2. Valentin Bartenev <vbart@nginx.com> parents: 5106 diff changeset	299 #if (NGX_HTTP_SPDY \|\| NGX_DEBUG)
5106 afee87b8190a SSL: Next Protocol Negotiation extension support. Valentin Bartenev <vbart@nginx.com> parents: 5077 diff changeset	300 ngx_connection_t *c;
afee87b8190a SSL: Next Protocol Negotiation extension support. Valentin Bartenev <vbart@nginx.com> parents: 5077 diff changeset	301
afee87b8190a SSL: Next Protocol Negotiation extension support. Valentin Bartenev <vbart@nginx.com> parents: 5077 diff changeset	302 c = ngx_ssl_get_connection(ssl_conn);
afee87b8190a SSL: Next Protocol Negotiation extension support. Valentin Bartenev <vbart@nginx.com> parents: 5077 diff changeset	303 ngx_log_debug0(NGX_LOG_DEBUG_HTTP, c->log, 0, "SSL NPN advertised");
afee87b8190a SSL: Next Protocol Negotiation extension support. Valentin Bartenev <vbart@nginx.com> parents: 5077 diff changeset	304 #endif
afee87b8190a SSL: Next Protocol Negotiation extension support. Valentin Bartenev <vbart@nginx.com> parents: 5077 diff changeset	305
5121 c0f7b94e88ba Preliminary experimental support for SPDY draft 2. Valentin Bartenev <vbart@nginx.com> parents: 5106 diff changeset	306 #if (NGX_HTTP_SPDY)
c0f7b94e88ba Preliminary experimental support for SPDY draft 2. Valentin Bartenev <vbart@nginx.com> parents: 5106 diff changeset	307 {
c0f7b94e88ba Preliminary experimental support for SPDY draft 2. Valentin Bartenev <vbart@nginx.com> parents: 5106 diff changeset	308 ngx_http_connection_t *hc;
c0f7b94e88ba Preliminary experimental support for SPDY draft 2. Valentin Bartenev <vbart@nginx.com> parents: 5106 diff changeset	309
c0f7b94e88ba Preliminary experimental support for SPDY draft 2. Valentin Bartenev <vbart@nginx.com> parents: 5106 diff changeset	310 hc = c->data;
c0f7b94e88ba Preliminary experimental support for SPDY draft 2. Valentin Bartenev <vbart@nginx.com> parents: 5106 diff changeset	311
c0f7b94e88ba Preliminary experimental support for SPDY draft 2. Valentin Bartenev <vbart@nginx.com> parents: 5106 diff changeset	312 if (hc->addr_conf->spdy) {
c0f7b94e88ba Preliminary experimental support for SPDY draft 2. Valentin Bartenev <vbart@nginx.com> parents: 5106 diff changeset	313 out = (unsigned char ) NGX_SPDY_NPN_ADVERTISE NGX_HTTP_NPN_ADVERTISE;
c0f7b94e88ba Preliminary experimental support for SPDY draft 2. Valentin Bartenev <vbart@nginx.com> parents: 5106 diff changeset	314 *outlen = sizeof(NGX_SPDY_NPN_ADVERTISE NGX_HTTP_NPN_ADVERTISE) - 1;
c0f7b94e88ba Preliminary experimental support for SPDY draft 2. Valentin Bartenev <vbart@nginx.com> parents: 5106 diff changeset	315
c0f7b94e88ba Preliminary experimental support for SPDY draft 2. Valentin Bartenev <vbart@nginx.com> parents: 5106 diff changeset	316 return SSL_TLSEXT_ERR_OK;
c0f7b94e88ba Preliminary experimental support for SPDY draft 2. Valentin Bartenev <vbart@nginx.com> parents: 5106 diff changeset	317 }
c0f7b94e88ba Preliminary experimental support for SPDY draft 2. Valentin Bartenev <vbart@nginx.com> parents: 5106 diff changeset	318 }
c0f7b94e88ba Preliminary experimental support for SPDY draft 2. Valentin Bartenev <vbart@nginx.com> parents: 5106 diff changeset	319 #endif
c0f7b94e88ba Preliminary experimental support for SPDY draft 2. Valentin Bartenev <vbart@nginx.com> parents: 5106 diff changeset	320
5106 afee87b8190a SSL: Next Protocol Negotiation extension support. Valentin Bartenev <vbart@nginx.com> parents: 5077 diff changeset	321 out = (unsigned char ) NGX_HTTP_NPN_ADVERTISE;
afee87b8190a SSL: Next Protocol Negotiation extension support. Valentin Bartenev <vbart@nginx.com> parents: 5077 diff changeset	322 *outlen = sizeof(NGX_HTTP_NPN_ADVERTISE) - 1;
afee87b8190a SSL: Next Protocol Negotiation extension support. Valentin Bartenev <vbart@nginx.com> parents: 5077 diff changeset	323
afee87b8190a SSL: Next Protocol Negotiation extension support. Valentin Bartenev <vbart@nginx.com> parents: 5077 diff changeset	324 return SSL_TLSEXT_ERR_OK;
afee87b8190a SSL: Next Protocol Negotiation extension support. Valentin Bartenev <vbart@nginx.com> parents: 5077 diff changeset	325 }
afee87b8190a SSL: Next Protocol Negotiation extension support. Valentin Bartenev <vbart@nginx.com> parents: 5077 diff changeset	326
afee87b8190a SSL: Next Protocol Negotiation extension support. Valentin Bartenev <vbart@nginx.com> parents: 5077 diff changeset	327 #endif
afee87b8190a SSL: Next Protocol Negotiation extension support. Valentin Bartenev <vbart@nginx.com> parents: 5077 diff changeset	328
afee87b8190a SSL: Next Protocol Negotiation extension support. Valentin Bartenev <vbart@nginx.com> parents: 5077 diff changeset	329
973 e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	330 static ngx_int_t
671 cec32b3753ac nginx-0.3.57-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 669 diff changeset	331 ngx_http_ssl_static_variable(ngx_http_request_t *r,
611 3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	332 ngx_http_variable_value_t *v, uintptr_t data)
3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	333 {
671 cec32b3753ac nginx-0.3.57-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 669 diff changeset	334 ngx_ssl_variable_handler_pt handler = (ngx_ssl_variable_handler_pt) data;
611 3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	335
1310 33d6c994a0b2 Sun Studio on sparc uses different bit order Igor Sysoev <igor@sysoev.ru> parents: 1219 diff changeset	336 size_t len;
33d6c994a0b2 Sun Studio on sparc uses different bit order Igor Sysoev <igor@sysoev.ru> parents: 1219 diff changeset	337 ngx_str_t s;
611 3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	338
3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	339 if (r->connection->ssl) {
3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	340
1310 33d6c994a0b2 Sun Studio on sparc uses different bit order Igor Sysoev <igor@sysoev.ru> parents: 1219 diff changeset	341 (void) handler(r->connection, NULL, &s);
33d6c994a0b2 Sun Studio on sparc uses different bit order Igor Sysoev <igor@sysoev.ru> parents: 1219 diff changeset	342
33d6c994a0b2 Sun Studio on sparc uses different bit order Igor Sysoev <igor@sysoev.ru> parents: 1219 diff changeset	343 v->data = s.data;
611 3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	344
671 cec32b3753ac nginx-0.3.57-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 669 diff changeset	345 for (len = 0; v->data[len]; len++) { /* void */ }
611 3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	346
3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	347 v->len = len;
3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	348 v->valid = 1;
1565 4c43e25d11ea fix English grammar Igor Sysoev <igor@sysoev.ru> parents: 1310 diff changeset	349 v->no_cacheable = 0;
611 3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	350 v->not_found = 0;
3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	351
3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	352 return NGX_OK;
3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	353 }
3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	354
3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	355 v->not_found = 1;
3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	356
3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	357 return NGX_OK;
3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	358 }
3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	359
3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	360
3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	361 static ngx_int_t
671 cec32b3753ac nginx-0.3.57-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 669 diff changeset	362 ngx_http_ssl_variable(ngx_http_request_t r, ngx_http_variable_value_t v,
647 95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	363 uintptr_t data)
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	364 {
671 cec32b3753ac nginx-0.3.57-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 669 diff changeset	365 ngx_ssl_variable_handler_pt handler = (ngx_ssl_variable_handler_pt) data;
647 95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	366
1310 33d6c994a0b2 Sun Studio on sparc uses different bit order Igor Sysoev <igor@sysoev.ru> parents: 1219 diff changeset	367 ngx_str_t s;
33d6c994a0b2 Sun Studio on sparc uses different bit order Igor Sysoev <igor@sysoev.ru> parents: 1219 diff changeset	368
647 95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	369 if (r->connection->ssl) {
1310 33d6c994a0b2 Sun Studio on sparc uses different bit order Igor Sysoev <igor@sysoev.ru> parents: 1219 diff changeset	370
33d6c994a0b2 Sun Studio on sparc uses different bit order Igor Sysoev <igor@sysoev.ru> parents: 1219 diff changeset	371 if (handler(r->connection, r->pool, &s) != NGX_OK) {
647 95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	372 return NGX_ERROR;
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	373 }
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	374
1310 33d6c994a0b2 Sun Studio on sparc uses different bit order Igor Sysoev <igor@sysoev.ru> parents: 1219 diff changeset	375 v->len = s.len;
33d6c994a0b2 Sun Studio on sparc uses different bit order Igor Sysoev <igor@sysoev.ru> parents: 1219 diff changeset	376 v->data = s.data;
33d6c994a0b2 Sun Studio on sparc uses different bit order Igor Sysoev <igor@sysoev.ru> parents: 1219 diff changeset	377
647 95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	378 if (v->len) {
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	379 v->valid = 1;
1565 4c43e25d11ea fix English grammar Igor Sysoev <igor@sysoev.ru> parents: 1310 diff changeset	380 v->no_cacheable = 0;
647 95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	381 v->not_found = 0;
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	382
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	383 return NGX_OK;
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	384 }
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	385 }
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	386
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	387 v->not_found = 1;
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	388
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	389 return NGX_OK;
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	390 }
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	391
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	392
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	393 static ngx_int_t
611 3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	394 ngx_http_ssl_add_variables(ngx_conf_t *cf)
3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	395 {
3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	396 ngx_http_variable_t var, v;
3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	397
3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	398 for (v = ngx_http_ssl_vars; v->name.len; v++) {
3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	399 var = ngx_http_add_variable(cf, &v->name, v->flags);
3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	400 if (var == NULL) {
3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	401 return NGX_ERROR;
3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	402 }
3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	403
637 e60fe4cf1d4e nginx-0.3.40-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 611 diff changeset	404 var->get_handler = v->get_handler;
611 3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	405 var->data = v->data;
3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	406 }
3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	407
3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	408 return NGX_OK;
3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	409 }
3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	410
3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	411
501 d4ea69372b94 nginx-0.1.25-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 485 diff changeset	412 static void *
d4ea69372b94 nginx-0.1.25-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 485 diff changeset	413 ngx_http_ssl_create_srv_conf(ngx_conf_t *cf)
383 c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	414 {
971 948acd940145 style fix: scf > sscf Igor Sysoev <igor@sysoev.ru> parents: 970 diff changeset	415 ngx_http_ssl_srv_conf_t *sscf;
383 c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	416
971 948acd940145 style fix: scf > sscf Igor Sysoev <igor@sysoev.ru> parents: 970 diff changeset	417 sscf = ngx_pcalloc(cf->pool, sizeof(ngx_http_ssl_srv_conf_t));
948acd940145 style fix: scf > sscf Igor Sysoev <igor@sysoev.ru> parents: 970 diff changeset	418 if (sscf == NULL) {
2912 c7d57b539248 return NULL instead of NGX_CONF_ERROR on a create conf failure Igor Sysoev <igor@sysoev.ru> parents: 2716 diff changeset	419 return NULL;
383 c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	420 }
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	421
479 c52408583801 nginx-0.1.14-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 444 diff changeset	422 /*
c52408583801 nginx-0.1.14-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 444 diff changeset	423 * set by ngx_pcalloc():
c52408583801 nginx-0.1.14-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 444 diff changeset	424 *
971 948acd940145 style fix: scf > sscf Igor Sysoev <igor@sysoev.ru> parents: 970 diff changeset	425 * sscf->protocols = 0;
2044 f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	426 * sscf->certificate = { 0, NULL };
f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	427 * sscf->certificate_key = { 0, NULL };
f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	428 * sscf->dhparam = { 0, NULL };
3960 0832a6997227 ECDHE support Igor Sysoev <igor@sysoev.ru> parents: 3959 diff changeset	429 * sscf->ecdh_curve = { 0, NULL };
2044 f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	430 * sscf->client_certificate = { 0, NULL };
4872 7c3cca603438 OCSP stapling: ssl_trusted_certificate directive. Maxim Dounin <mdounin@mdounin.ru> parents: 4412 diff changeset	431 * sscf->trusted_certificate = { 0, NULL };
2995 cc07d164f0dc ssl_crl Igor Sysoev <igor@sysoev.ru> parents: 2994 diff changeset	432 * sscf->crl = { 0, NULL };
3516 dd1570b6f237 ngx_str_set() and ngx_str_null() Igor Sysoev <igor@sysoev.ru> parents: 3209 diff changeset	433 * sscf->ciphers = { 0, NULL };
973 e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	434 * sscf->shm_zone = NULL;
4873 dd74fd35ceb5 OCSP stapling: ssl_stapling_file support. Maxim Dounin <mdounin@mdounin.ru> parents: 4872 diff changeset	435 * sscf->stapling_file = { 0, NULL };
4875 386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4873 diff changeset	436 * sscf->stapling_responder = { 0, NULL };
479 c52408583801 nginx-0.1.14-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 444 diff changeset	437 */
c52408583801 nginx-0.1.14-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 444 diff changeset	438
971 948acd940145 style fix: scf > sscf Igor Sysoev <igor@sysoev.ru> parents: 970 diff changeset	439 sscf->enable = NGX_CONF_UNSET;
2123 9697407e9ecb ) ssl_verify_client ask Igor Sysoev <igor@sysoev.ru>* parents: 2045 diff changeset	440 sscf->prefer_server_ciphers = NGX_CONF_UNSET;
5487 a297b7ad6f94 SSL: ssl_buffer_size directive. Maxim Dounin <mdounin@mdounin.ru> parents: 5425 diff changeset	441 sscf->buffer_size = NGX_CONF_UNSET_SIZE;
2710 218ee852de73 fix building by MSVC8 Igor Sysoev <igor@sysoev.ru> parents: 2224 diff changeset	442 sscf->verify = NGX_CONF_UNSET_UINT;
218ee852de73 fix building by MSVC8 Igor Sysoev <igor@sysoev.ru> parents: 2224 diff changeset	443 sscf->verify_depth = NGX_CONF_UNSET_UINT;
973 e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	444 sscf->builtin_session_cache = NGX_CONF_UNSET;
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	445 sscf->session_timeout = NGX_CONF_UNSET;
5503 d049b0ea00a3 SSL: ssl_session_tickets directive. Dirkjan Bussink <d.bussink@gmail.com> parents: 5487 diff changeset	446 sscf->session_tickets = NGX_CONF_UNSET;
5425 1356a3b96924 SSL: added ability to set keys used for Session Tickets (RFC5077). Piotr Sikora <piotr@cloudflare.com> parents: 5387 diff changeset	447 sscf->session_ticket_keys = NGX_CONF_UNSET_PTR;
4873 dd74fd35ceb5 OCSP stapling: ssl_stapling_file support. Maxim Dounin <mdounin@mdounin.ru> parents: 4872 diff changeset	448 sscf->stapling = NGX_CONF_UNSET;
4879 4a804fd04e6c OCSP stapling: ssl_stapling_verify directive. Maxim Dounin <mdounin@mdounin.ru> parents: 4875 diff changeset	449 sscf->stapling_verify = NGX_CONF_UNSET;
383 c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	450
971 948acd940145 style fix: scf > sscf Igor Sysoev <igor@sysoev.ru> parents: 970 diff changeset	451 return sscf;
383 c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	452 }
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	453
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	454
501 d4ea69372b94 nginx-0.1.25-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 485 diff changeset	455 static char *
d4ea69372b94 nginx-0.1.25-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 485 diff changeset	456 ngx_http_ssl_merge_srv_conf(ngx_conf_t cf, void parent, void *child)
383 c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	457 {
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	458 ngx_http_ssl_srv_conf_t *prev = parent;
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	459 ngx_http_ssl_srv_conf_t *conf = child;
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	460
563 9c2f3ed7a247 nginx-0.3.3-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 547 diff changeset	461 ngx_pool_cleanup_t *cln;
9c2f3ed7a247 nginx-0.3.3-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 547 diff changeset	462
4234 d5462eab1440 Fixed segfault on configuration testing with ssl (ticket #37). Maxim Dounin <mdounin@mdounin.ru> parents: 4153 diff changeset	463 if (conf->enable == NGX_CONF_UNSET) {
d5462eab1440 Fixed segfault on configuration testing with ssl (ticket #37). Maxim Dounin <mdounin@mdounin.ru> parents: 4153 diff changeset	464 if (prev->enable == NGX_CONF_UNSET) {
d5462eab1440 Fixed segfault on configuration testing with ssl (ticket #37). Maxim Dounin <mdounin@mdounin.ru> parents: 4153 diff changeset	465 conf->enable = 0;
d5462eab1440 Fixed segfault on configuration testing with ssl (ticket #37). Maxim Dounin <mdounin@mdounin.ru> parents: 4153 diff changeset	466
d5462eab1440 Fixed segfault on configuration testing with ssl (ticket #37). Maxim Dounin <mdounin@mdounin.ru> parents: 4153 diff changeset	467 } else {
d5462eab1440 Fixed segfault on configuration testing with ssl (ticket #37). Maxim Dounin <mdounin@mdounin.ru> parents: 4153 diff changeset	468 conf->enable = prev->enable;
d5462eab1440 Fixed segfault on configuration testing with ssl (ticket #37). Maxim Dounin <mdounin@mdounin.ru> parents: 4153 diff changeset	469 conf->file = prev->file;
d5462eab1440 Fixed segfault on configuration testing with ssl (ticket #37). Maxim Dounin <mdounin@mdounin.ru> parents: 4153 diff changeset	470 conf->line = prev->line;
d5462eab1440 Fixed segfault on configuration testing with ssl (ticket #37). Maxim Dounin <mdounin@mdounin.ru> parents: 4153 diff changeset	471 }
d5462eab1440 Fixed segfault on configuration testing with ssl (ticket #37). Maxim Dounin <mdounin@mdounin.ru> parents: 4153 diff changeset	472 }
383 c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	473
573 58475592100c nginx-0.3.8-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 563 diff changeset	474 ngx_conf_merge_value(conf->session_timeout,
58475592100c nginx-0.3.8-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 563 diff changeset	475 prev->session_timeout, 300);
58475592100c nginx-0.3.8-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 563 diff changeset	476
547 818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	477 ngx_conf_merge_value(conf->prefer_server_ciphers,
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	478 prev->prefer_server_ciphers, 0);
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	479
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	480 ngx_conf_merge_bitmask_value(conf->protocols, prev->protocols,
4400 a0505851e70c Added support for TLSv1.1, TLSv1.2 in ssl_protocols directive. Maxim Dounin <mdounin@mdounin.ru> parents: 4273 diff changeset	481 (NGX_CONF_BITMASK_SET\|NGX_SSL_SSLv3\|NGX_SSL_TLSv1
a0505851e70c Added support for TLSv1.1, TLSv1.2 in ssl_protocols directive. Maxim Dounin <mdounin@mdounin.ru> parents: 4273 diff changeset	482 \|NGX_SSL_TLSv1_1\|NGX_SSL_TLSv1_2));
547 818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	483
5487 a297b7ad6f94 SSL: ssl_buffer_size directive. Maxim Dounin <mdounin@mdounin.ru> parents: 5425 diff changeset	484 ngx_conf_merge_size_value(conf->buffer_size, prev->buffer_size,
a297b7ad6f94 SSL: ssl_buffer_size directive. Maxim Dounin <mdounin@mdounin.ru> parents: 5425 diff changeset	485 NGX_SSL_BUFSIZE);
a297b7ad6f94 SSL: ssl_buffer_size directive. Maxim Dounin <mdounin@mdounin.ru> parents: 5425 diff changeset	486
2123 9697407e9ecb ) ssl_verify_client ask Igor Sysoev <igor@sysoev.ru>* parents: 2045 diff changeset	487 ngx_conf_merge_uint_value(conf->verify, prev->verify, 0);
9697407e9ecb ) ssl_verify_client ask Igor Sysoev <igor@sysoev.ru>* parents: 2045 diff changeset	488 ngx_conf_merge_uint_value(conf->verify_depth, prev->verify_depth, 1);
647 95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	489
2224 109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	490 ngx_conf_merge_str_value(conf->certificate, prev->certificate, "");
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	491 ngx_conf_merge_str_value(conf->certificate_key, prev->certificate_key, "");
383 c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	492
2044 f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	493 ngx_conf_merge_str_value(conf->dhparam, prev->dhparam, "");
f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	494
647 95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	495 ngx_conf_merge_str_value(conf->client_certificate, prev->client_certificate,
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	496 "");
4872 7c3cca603438 OCSP stapling: ssl_trusted_certificate directive. Maxim Dounin <mdounin@mdounin.ru> parents: 4412 diff changeset	497 ngx_conf_merge_str_value(conf->trusted_certificate,
7c3cca603438 OCSP stapling: ssl_trusted_certificate directive. Maxim Dounin <mdounin@mdounin.ru> parents: 4412 diff changeset	498 prev->trusted_certificate, "");
2995 cc07d164f0dc ssl_crl Igor Sysoev <igor@sysoev.ru> parents: 2994 diff changeset	499 ngx_conf_merge_str_value(conf->crl, prev->crl, "");
647 95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	500
3960 0832a6997227 ECDHE support Igor Sysoev <igor@sysoev.ru> parents: 3959 diff changeset	501 ngx_conf_merge_str_value(conf->ecdh_curve, prev->ecdh_curve,
0832a6997227 ECDHE support Igor Sysoev <igor@sysoev.ru> parents: 3959 diff changeset	502 NGX_DEFAULT_ECDH_CURVE);
0832a6997227 ECDHE support Igor Sysoev <igor@sysoev.ru> parents: 3959 diff changeset	503
2124 e0b424b98f24 fix typo Igor Sysoev <igor@sysoev.ru> parents: 2123 diff changeset	504 ngx_conf_merge_str_value(conf->ciphers, prev->ciphers, NGX_DEFAULT_CIPHERS);
479 c52408583801 nginx-0.1.14-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 444 diff changeset	505
4873 dd74fd35ceb5 OCSP stapling: ssl_stapling_file support. Maxim Dounin <mdounin@mdounin.ru> parents: 4872 diff changeset	506 ngx_conf_merge_value(conf->stapling, prev->stapling, 0);
4879 4a804fd04e6c OCSP stapling: ssl_stapling_verify directive. Maxim Dounin <mdounin@mdounin.ru> parents: 4875 diff changeset	507 ngx_conf_merge_value(conf->stapling_verify, prev->stapling_verify, 0);
4873 dd74fd35ceb5 OCSP stapling: ssl_stapling_file support. Maxim Dounin <mdounin@mdounin.ru> parents: 4872 diff changeset	508 ngx_conf_merge_str_value(conf->stapling_file, prev->stapling_file, "");
4875 386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4873 diff changeset	509 ngx_conf_merge_str_value(conf->stapling_responder,
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4873 diff changeset	510 prev->stapling_responder, "");
479 c52408583801 nginx-0.1.14-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 444 diff changeset	511
547 818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	512 conf->ssl.log = cf->log;
386 fa72605e7089 nginx-0.0.7-2004-07-12-01:03:47 import Igor Sysoev <igor@sysoev.ru> parents: 385 diff changeset	513
2224 109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	514 if (conf->enable) {
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	515
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	516 if (conf->certificate.len == 0) {
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	517 ngx_log_error(NGX_LOG_EMERG, cf->log, 0,
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	518 "no \"ssl_certificate\" is defined for "
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	519 "the \"ssl\" directive in %s:%ui",
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	520 conf->file, conf->line);
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	521 return NGX_CONF_ERROR;
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	522 }
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	523
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	524 if (conf->certificate_key.len == 0) {
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	525 ngx_log_error(NGX_LOG_EMERG, cf->log, 0,
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	526 "no \"ssl_certificate_key\" is defined for "
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	527 "the \"ssl\" directive in %s:%ui",
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	528 conf->file, conf->line);
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	529 return NGX_CONF_ERROR;
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	530 }
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	531
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	532 } else {
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	533
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	534 if (conf->certificate.len == 0) {
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	535 return NGX_CONF_OK;
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	536 }
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	537
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	538 if (conf->certificate_key.len == 0) {
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	539 ngx_log_error(NGX_LOG_EMERG, cf->log, 0,
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	540 "no \"ssl_certificate_key\" is defined "
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	541 "for certificate \"%V\"", &conf->certificate);
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	542 return NGX_CONF_ERROR;
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	543 }
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	544 }
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	545
969 065b39794fff ngx_ssl_get_server_conf() Igor Sysoev <igor@sysoev.ru> parents: 671 diff changeset	546 if (ngx_ssl_create(&conf->ssl, conf->protocols, conf) != NGX_OK) {
386 fa72605e7089 nginx-0.0.7-2004-07-12-01:03:47 import Igor Sysoev <igor@sysoev.ru> parents: 385 diff changeset	547 return NGX_CONF_ERROR;
fa72605e7089 nginx-0.0.7-2004-07-12-01:03:47 import Igor Sysoev <igor@sysoev.ru> parents: 385 diff changeset	548 }
fa72605e7089 nginx-0.0.7-2004-07-12-01:03:47 import Igor Sysoev <igor@sysoev.ru> parents: 385 diff changeset	549
1219 86c5c9288acc SNI support Igor Sysoev <igor@sysoev.ru> parents: 974 diff changeset	550 #ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
86c5c9288acc SNI support Igor Sysoev <igor@sysoev.ru> parents: 974 diff changeset	551
86c5c9288acc SNI support Igor Sysoev <igor@sysoev.ru> parents: 974 diff changeset	552 if (SSL_CTX_set_tlsext_servername_callback(conf->ssl.ctx,
86c5c9288acc SNI support Igor Sysoev <igor@sysoev.ru> parents: 974 diff changeset	553 ngx_http_ssl_servername)
86c5c9288acc SNI support Igor Sysoev <igor@sysoev.ru> parents: 974 diff changeset	554 == 0)
86c5c9288acc SNI support Igor Sysoev <igor@sysoev.ru> parents: 974 diff changeset	555 {
3140 ba9a8ba4207e ) issue warning instead of failure: this is too common case Igor Sysoev <igor@sysoev.ru>* parents: 2996 diff changeset	556 ngx_log_error(NGX_LOG_WARN, cf->log, 0,
3209 b82c623a607e fix typo Igor Sysoev <igor@sysoev.ru> parents: 3196 diff changeset	557 "nginx was built with SNI support, however, now it is linked "
3140 ba9a8ba4207e ) issue warning instead of failure: this is too common case Igor Sysoev <igor@sysoev.ru>* parents: 2996 diff changeset	558 "dynamically to an OpenSSL library which has no tlsext support, "
ba9a8ba4207e ) issue warning instead of failure: this is too common case Igor Sysoev <igor@sysoev.ru>* parents: 2996 diff changeset	559 "therefore SNI is not available");
1219 86c5c9288acc SNI support Igor Sysoev <igor@sysoev.ru> parents: 974 diff changeset	560 }
86c5c9288acc SNI support Igor Sysoev <igor@sysoev.ru> parents: 974 diff changeset	561
86c5c9288acc SNI support Igor Sysoev <igor@sysoev.ru> parents: 974 diff changeset	562 #endif
86c5c9288acc SNI support Igor Sysoev <igor@sysoev.ru> parents: 974 diff changeset	563
5106 afee87b8190a SSL: Next Protocol Negotiation extension support. Valentin Bartenev <vbart@nginx.com> parents: 5077 diff changeset	564 #ifdef TLSEXT_TYPE_next_proto_neg
afee87b8190a SSL: Next Protocol Negotiation extension support. Valentin Bartenev <vbart@nginx.com> parents: 5077 diff changeset	565 SSL_CTX_set_next_protos_advertised_cb(conf->ssl.ctx,
afee87b8190a SSL: Next Protocol Negotiation extension support. Valentin Bartenev <vbart@nginx.com> parents: 5077 diff changeset	566 ngx_http_ssl_npn_advertised, NULL);
afee87b8190a SSL: Next Protocol Negotiation extension support. Valentin Bartenev <vbart@nginx.com> parents: 5077 diff changeset	567 #endif
afee87b8190a SSL: Next Protocol Negotiation extension support. Valentin Bartenev <vbart@nginx.com> parents: 5077 diff changeset	568
563 9c2f3ed7a247 nginx-0.3.3-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 547 diff changeset	569 cln = ngx_pool_cleanup_add(cf->pool, 0);
9c2f3ed7a247 nginx-0.3.3-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 547 diff changeset	570 if (cln == NULL) {
509 9b8c906f6e63 nginx-0.1.29-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 507 diff changeset	571 return NGX_CONF_ERROR;
9b8c906f6e63 nginx-0.1.29-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 507 diff changeset	572 }
9b8c906f6e63 nginx-0.1.29-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 507 diff changeset	573
563 9c2f3ed7a247 nginx-0.3.3-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 547 diff changeset	574 cln->handler = ngx_ssl_cleanup_ctx;
9c2f3ed7a247 nginx-0.3.3-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 547 diff changeset	575 cln->data = &conf->ssl;
9c2f3ed7a247 nginx-0.3.3-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 547 diff changeset	576
9c2f3ed7a247 nginx-0.3.3-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 547 diff changeset	577 if (ngx_ssl_certificate(cf, &conf->ssl, &conf->certificate,
970 35f98a8e275f style fix Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	578 &conf->certificate_key)
35f98a8e275f style fix Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	579 != NGX_OK)
529 e5d7d0334fdb nginx-0.1.39-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 509 diff changeset	580 {
386 fa72605e7089 nginx-0.0.7-2004-07-12-01:03:47 import Igor Sysoev <igor@sysoev.ru> parents: 385 diff changeset	581 return NGX_CONF_ERROR;
fa72605e7089 nginx-0.0.7-2004-07-12-01:03:47 import Igor Sysoev <igor@sysoev.ru> parents: 385 diff changeset	582 }
fa72605e7089 nginx-0.0.7-2004-07-12-01:03:47 import Igor Sysoev <igor@sysoev.ru> parents: 385 diff changeset	583
547 818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	584 if (SSL_CTX_set_cipher_list(conf->ssl.ctx,
563 9c2f3ed7a247 nginx-0.3.3-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 547 diff changeset	585 (const char *) conf->ciphers.data)
9c2f3ed7a247 nginx-0.3.3-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 547 diff changeset	586 == 0)
529 e5d7d0334fdb nginx-0.1.39-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 509 diff changeset	587 {
395 f8f0f1834266 nginx-0.0.7-2004-07-16-21:11:43 import Igor Sysoev <igor@sysoev.ru> parents: 394 diff changeset	588 ngx_ssl_error(NGX_LOG_EMERG, cf->log, 0,
547 818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	589 "SSL_CTX_set_cipher_list(\"%V\") failed",
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	590 &conf->ciphers);
5387 0fbcfab0bfd7 SSL: stop loading configs with invalid "ssl_ciphers" values. Piotr Sikora <piotr@cloudflare.com> parents: 5121 diff changeset	591 return NGX_CONF_ERROR;
547 818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	592 }
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	593
5487 a297b7ad6f94 SSL: ssl_buffer_size directive. Maxim Dounin <mdounin@mdounin.ru> parents: 5425 diff changeset	594 conf->ssl.buffer_size = conf->buffer_size;
a297b7ad6f94 SSL: ssl_buffer_size directive. Maxim Dounin <mdounin@mdounin.ru> parents: 5425 diff changeset	595
647 95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	596 if (conf->verify) {
2123 9697407e9ecb ) ssl_verify_client ask Igor Sysoev <igor@sysoev.ru>* parents: 2045 diff changeset	597
4884 e406c997470a SSL: the "ssl_verify_client" directive parameter "optional_no_ca". Maxim Dounin <mdounin@mdounin.ru> parents: 4879 diff changeset	598 if (conf->client_certificate.len == 0 && conf->verify != 3) {
2123 9697407e9ecb ) ssl_verify_client ask Igor Sysoev <igor@sysoev.ru>* parents: 2045 diff changeset	599 ngx_log_error(NGX_LOG_EMERG, cf->log, 0,
9697407e9ecb ) ssl_verify_client ask Igor Sysoev <igor@sysoev.ru>* parents: 2045 diff changeset	600 "no ssl_client_certificate for ssl_client_verify");
9697407e9ecb ) ssl_verify_client ask Igor Sysoev <igor@sysoev.ru>* parents: 2045 diff changeset	601 return NGX_CONF_ERROR;
9697407e9ecb ) ssl_verify_client ask Igor Sysoev <igor@sysoev.ru>* parents: 2045 diff changeset	602 }
9697407e9ecb ) ssl_verify_client ask Igor Sysoev <igor@sysoev.ru>* parents: 2045 diff changeset	603
671 cec32b3753ac nginx-0.3.57-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 669 diff changeset	604 if (ngx_ssl_client_certificate(cf, &conf->ssl,
970 35f98a8e275f style fix Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	605 &conf->client_certificate,
35f98a8e275f style fix Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	606 conf->verify_depth)
671 cec32b3753ac nginx-0.3.57-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 669 diff changeset	607 != NGX_OK)
cec32b3753ac nginx-0.3.57-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 669 diff changeset	608 {
cec32b3753ac nginx-0.3.57-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 669 diff changeset	609 return NGX_CONF_ERROR;
647 95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	610 }
4872 7c3cca603438 OCSP stapling: ssl_trusted_certificate directive. Maxim Dounin <mdounin@mdounin.ru> parents: 4412 diff changeset	611 }
2995 cc07d164f0dc ssl_crl Igor Sysoev <igor@sysoev.ru> parents: 2994 diff changeset	612
4872 7c3cca603438 OCSP stapling: ssl_trusted_certificate directive. Maxim Dounin <mdounin@mdounin.ru> parents: 4412 diff changeset	613 if (ngx_ssl_trusted_certificate(cf, &conf->ssl,
7c3cca603438 OCSP stapling: ssl_trusted_certificate directive. Maxim Dounin <mdounin@mdounin.ru> parents: 4412 diff changeset	614 &conf->trusted_certificate,
7c3cca603438 OCSP stapling: ssl_trusted_certificate directive. Maxim Dounin <mdounin@mdounin.ru> parents: 4412 diff changeset	615 conf->verify_depth)
7c3cca603438 OCSP stapling: ssl_trusted_certificate directive. Maxim Dounin <mdounin@mdounin.ru> parents: 4412 diff changeset	616 != NGX_OK)
7c3cca603438 OCSP stapling: ssl_trusted_certificate directive. Maxim Dounin <mdounin@mdounin.ru> parents: 4412 diff changeset	617 {
7c3cca603438 OCSP stapling: ssl_trusted_certificate directive. Maxim Dounin <mdounin@mdounin.ru> parents: 4412 diff changeset	618 return NGX_CONF_ERROR;
7c3cca603438 OCSP stapling: ssl_trusted_certificate directive. Maxim Dounin <mdounin@mdounin.ru> parents: 4412 diff changeset	619 }
7c3cca603438 OCSP stapling: ssl_trusted_certificate directive. Maxim Dounin <mdounin@mdounin.ru> parents: 4412 diff changeset	620
7c3cca603438 OCSP stapling: ssl_trusted_certificate directive. Maxim Dounin <mdounin@mdounin.ru> parents: 4412 diff changeset	621 if (ngx_ssl_crl(cf, &conf->ssl, &conf->crl) != NGX_OK) {
7c3cca603438 OCSP stapling: ssl_trusted_certificate directive. Maxim Dounin <mdounin@mdounin.ru> parents: 4412 diff changeset	622 return NGX_CONF_ERROR;
647 95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	623 }
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	624
547 818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	625 if (conf->prefer_server_ciphers) {
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	626 SSL_CTX_set_options(conf->ssl.ctx, SSL_OP_CIPHER_SERVER_PREFERENCE);
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	627 }
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	628
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	629 /* a temporary 512-bit RSA key is required for export versions of MSIE */
3959 b1f48fa31e6c MSIE export versions are rare now, so RSA 512 key is generated on demand Igor Sysoev <igor@sysoev.ru> parents: 3938 diff changeset	630 SSL_CTX_set_tmp_rsa_callback(conf->ssl.ctx, ngx_ssl_rsa512_key_callback);
386 fa72605e7089 nginx-0.0.7-2004-07-12-01:03:47 import Igor Sysoev <igor@sysoev.ru> parents: 385 diff changeset	631
2044 f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	632 if (ngx_ssl_dhparam(cf, &conf->ssl, &conf->dhparam) != NGX_OK) {
f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	633 return NGX_CONF_ERROR;
f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	634 }
f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	635
3960 0832a6997227 ECDHE support Igor Sysoev <igor@sysoev.ru> parents: 3959 diff changeset	636 if (ngx_ssl_ecdh_curve(cf, &conf->ssl, &conf->ecdh_curve) != NGX_OK) {
0832a6997227 ECDHE support Igor Sysoev <igor@sysoev.ru> parents: 3959 diff changeset	637 return NGX_CONF_ERROR;
0832a6997227 ECDHE support Igor Sysoev <igor@sysoev.ru> parents: 3959 diff changeset	638 }
0832a6997227 ECDHE support Igor Sysoev <igor@sysoev.ru> parents: 3959 diff changeset	639
973 e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	640 ngx_conf_merge_value(conf->builtin_session_cache,
2032 12b3ad3353f9 ssl_session_cache none Igor Sysoev <igor@sysoev.ru> parents: 1778 diff changeset	641 prev->builtin_session_cache, NGX_SSL_NONE_SCACHE);
973 e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	642
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	643 if (conf->shm_zone == NULL) {
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	644 conf->shm_zone = prev->shm_zone;
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	645 }
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	646
974 8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 973 diff changeset	647 if (ngx_ssl_session_cache(&conf->ssl, &ngx_http_ssl_sess_id_ctx,
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 973 diff changeset	648 conf->builtin_session_cache,
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 973 diff changeset	649 conf->shm_zone, conf->session_timeout)
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 973 diff changeset	650 != NGX_OK)
973 e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	651 {
974 8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 973 diff changeset	652 return NGX_CONF_ERROR;
973 e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	653 }
573 58475592100c nginx-0.3.8-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 563 diff changeset	654
5503 d049b0ea00a3 SSL: ssl_session_tickets directive. Dirkjan Bussink <d.bussink@gmail.com> parents: 5487 diff changeset	655 ngx_conf_merge_value(conf->session_tickets, prev->session_tickets, 1);
d049b0ea00a3 SSL: ssl_session_tickets directive. Dirkjan Bussink <d.bussink@gmail.com> parents: 5487 diff changeset	656
d049b0ea00a3 SSL: ssl_session_tickets directive. Dirkjan Bussink <d.bussink@gmail.com> parents: 5487 diff changeset	657 #ifdef SSL_OP_NO_TICKET
d049b0ea00a3 SSL: ssl_session_tickets directive. Dirkjan Bussink <d.bussink@gmail.com> parents: 5487 diff changeset	658 if (!conf->session_tickets) {
d049b0ea00a3 SSL: ssl_session_tickets directive. Dirkjan Bussink <d.bussink@gmail.com> parents: 5487 diff changeset	659 SSL_CTX_set_options(conf->ssl.ctx, SSL_OP_NO_TICKET);
d049b0ea00a3 SSL: ssl_session_tickets directive. Dirkjan Bussink <d.bussink@gmail.com> parents: 5487 diff changeset	660 }
d049b0ea00a3 SSL: ssl_session_tickets directive. Dirkjan Bussink <d.bussink@gmail.com> parents: 5487 diff changeset	661 #endif
d049b0ea00a3 SSL: ssl_session_tickets directive. Dirkjan Bussink <d.bussink@gmail.com> parents: 5487 diff changeset	662
5425 1356a3b96924 SSL: added ability to set keys used for Session Tickets (RFC5077). Piotr Sikora <piotr@cloudflare.com> parents: 5387 diff changeset	663 ngx_conf_merge_ptr_value(conf->session_ticket_keys,
1356a3b96924 SSL: added ability to set keys used for Session Tickets (RFC5077). Piotr Sikora <piotr@cloudflare.com> parents: 5387 diff changeset	664 prev->session_ticket_keys, NULL);
1356a3b96924 SSL: added ability to set keys used for Session Tickets (RFC5077). Piotr Sikora <piotr@cloudflare.com> parents: 5387 diff changeset	665
1356a3b96924 SSL: added ability to set keys used for Session Tickets (RFC5077). Piotr Sikora <piotr@cloudflare.com> parents: 5387 diff changeset	666 if (ngx_ssl_session_ticket_keys(cf, &conf->ssl, conf->session_ticket_keys)
1356a3b96924 SSL: added ability to set keys used for Session Tickets (RFC5077). Piotr Sikora <piotr@cloudflare.com> parents: 5387 diff changeset	667 != NGX_OK)
1356a3b96924 SSL: added ability to set keys used for Session Tickets (RFC5077). Piotr Sikora <piotr@cloudflare.com> parents: 5387 diff changeset	668 {
1356a3b96924 SSL: added ability to set keys used for Session Tickets (RFC5077). Piotr Sikora <piotr@cloudflare.com> parents: 5387 diff changeset	669 return NGX_CONF_ERROR;
1356a3b96924 SSL: added ability to set keys used for Session Tickets (RFC5077). Piotr Sikora <piotr@cloudflare.com> parents: 5387 diff changeset	670 }
1356a3b96924 SSL: added ability to set keys used for Session Tickets (RFC5077). Piotr Sikora <piotr@cloudflare.com> parents: 5387 diff changeset	671
4875 386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4873 diff changeset	672 if (conf->stapling) {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4873 diff changeset	673
4879 4a804fd04e6c OCSP stapling: ssl_stapling_verify directive. Maxim Dounin <mdounin@mdounin.ru> parents: 4875 diff changeset	674 if (ngx_ssl_stapling(cf, &conf->ssl, &conf->stapling_file,
4a804fd04e6c OCSP stapling: ssl_stapling_verify directive. Maxim Dounin <mdounin@mdounin.ru> parents: 4875 diff changeset	675 &conf->stapling_responder, conf->stapling_verify)
4875 386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4873 diff changeset	676 != NGX_OK)
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4873 diff changeset	677 {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4873 diff changeset	678 return NGX_CONF_ERROR;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4873 diff changeset	679 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4873 diff changeset	680
4873 dd74fd35ceb5 OCSP stapling: ssl_stapling_file support. Maxim Dounin <mdounin@mdounin.ru> parents: 4872 diff changeset	681 }
dd74fd35ceb5 OCSP stapling: ssl_stapling_file support. Maxim Dounin <mdounin@mdounin.ru> parents: 4872 diff changeset	682
383 c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	683 return NGX_CONF_OK;
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	684 }
563 9c2f3ed7a247 nginx-0.3.3-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 547 diff changeset	685
9c2f3ed7a247 nginx-0.3.3-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 547 diff changeset	686
973 e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	687 static char *
2224 109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	688 ngx_http_ssl_enable(ngx_conf_t cf, ngx_command_t cmd, void *conf)
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	689 {
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	690 ngx_http_ssl_srv_conf_t *sscf = conf;
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	691
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	692 char *rv;
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	693
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	694 rv = ngx_conf_set_flag_slot(cf, cmd, conf);
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	695
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	696 if (rv != NGX_CONF_OK) {
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	697 return rv;
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	698 }
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	699
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	700 sscf->file = cf->conf_file->file.name.data;
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	701 sscf->line = cf->conf_file->line;
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	702
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	703 return NGX_CONF_OK;
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	704 }
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	705
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	706
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	707 static char *
973 e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	708 ngx_http_ssl_session_cache(ngx_conf_t cf, ngx_command_t cmd, void *conf)
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	709 {
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	710 ngx_http_ssl_srv_conf_t *sscf = conf;
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	711
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	712 size_t len;
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	713 ngx_str_t *value, name, size;
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	714 ngx_int_t n;
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	715 ngx_uint_t i, j;
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	716
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	717 value = cf->args->elts;
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	718
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	719 for (i = 1; i < cf->args->nelts; i++) {
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	720
1778 14510c3cc6cb ssl_session_cache off Igor Sysoev <igor@sysoev.ru> parents: 1565 diff changeset	721 if (ngx_strcmp(value[i].data, "off") == 0) {
14510c3cc6cb ssl_session_cache off Igor Sysoev <igor@sysoev.ru> parents: 1565 diff changeset	722 sscf->builtin_session_cache = NGX_SSL_NO_SCACHE;
14510c3cc6cb ssl_session_cache off Igor Sysoev <igor@sysoev.ru> parents: 1565 diff changeset	723 continue;
14510c3cc6cb ssl_session_cache off Igor Sysoev <igor@sysoev.ru> parents: 1565 diff changeset	724 }
14510c3cc6cb ssl_session_cache off Igor Sysoev <igor@sysoev.ru> parents: 1565 diff changeset	725
2032 12b3ad3353f9 ssl_session_cache none Igor Sysoev <igor@sysoev.ru> parents: 1778 diff changeset	726 if (ngx_strcmp(value[i].data, "none") == 0) {
12b3ad3353f9 ssl_session_cache none Igor Sysoev <igor@sysoev.ru> parents: 1778 diff changeset	727 sscf->builtin_session_cache = NGX_SSL_NONE_SCACHE;
12b3ad3353f9 ssl_session_cache none Igor Sysoev <igor@sysoev.ru> parents: 1778 diff changeset	728 continue;
12b3ad3353f9 ssl_session_cache none Igor Sysoev <igor@sysoev.ru> parents: 1778 diff changeset	729 }
12b3ad3353f9 ssl_session_cache none Igor Sysoev <igor@sysoev.ru> parents: 1778 diff changeset	730
973 e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	731 if (ngx_strcmp(value[i].data, "builtin") == 0) {
974 8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 973 diff changeset	732 sscf->builtin_session_cache = NGX_SSL_DFLT_BUILTIN_SCACHE;
973 e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	733 continue;
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	734 }
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	735
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	736 if (value[i].len > sizeof("builtin:") - 1
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	737 && ngx_strncmp(value[i].data, "builtin:", sizeof("builtin:") - 1)
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	738 == 0)
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	739 {
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	740 n = ngx_atoi(value[i].data + sizeof("builtin:") - 1,
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	741 value[i].len - (sizeof("builtin:") - 1));
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	742
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	743 if (n == NGX_ERROR) {
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	744 goto invalid;
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	745 }
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	746
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	747 sscf->builtin_session_cache = n;
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	748
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	749 continue;
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	750 }
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	751
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	752 if (value[i].len > sizeof("shared:") - 1
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	753 && ngx_strncmp(value[i].data, "shared:", sizeof("shared:") - 1)
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	754 == 0)
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	755 {
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	756 len = 0;
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	757
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	758 for (j = sizeof("shared:") - 1; j < value[i].len; j++) {
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	759 if (value[i].data[j] == ':') {
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	760 break;
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	761 }
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	762
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	763 len++;
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	764 }
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	765
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	766 if (len == 0) {
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	767 goto invalid;
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	768 }
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	769
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	770 name.len = len;
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	771 name.data = value[i].data + sizeof("shared:") - 1;
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	772
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	773 size.len = value[i].len - j - 1;
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	774 size.data = name.data + len + 1;
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	775
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	776 n = ngx_parse_size(&size);
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	777
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	778 if (n == NGX_ERROR) {
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	779 goto invalid;
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	780 }
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	781
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	782 if (n < (ngx_int_t) (8 * ngx_pagesize)) {
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	783 ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
974 8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 973 diff changeset	784 "session cache \"%V\" is too small",
973 e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	785 &value[i]);
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	786
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	787 return NGX_CONF_ERROR;
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	788 }
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	789
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	790 sscf->shm_zone = ngx_shared_memory_add(cf, &name, n,
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	791 &ngx_http_ssl_module);
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	792 if (sscf->shm_zone == NULL) {
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	793 return NGX_CONF_ERROR;
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	794 }
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	795
4153 7de74ed694c8 Fix for "ssl_session_cache builtin" (broken since 1.1.1, r3993). Maxim Dounin <mdounin@mdounin.ru> parents: 3992 diff changeset	796 sscf->shm_zone->init = ngx_ssl_session_cache_init;
7de74ed694c8 Fix for "ssl_session_cache builtin" (broken since 1.1.1, r3993). Maxim Dounin <mdounin@mdounin.ru> parents: 3992 diff changeset	797
973 e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	798 continue;
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	799 }
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	800
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	801 goto invalid;
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	802 }
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	803
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	804 if (sscf->shm_zone && sscf->builtin_session_cache == NGX_CONF_UNSET) {
974 8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 973 diff changeset	805 sscf->builtin_session_cache = NGX_SSL_NO_BUILTIN_SCACHE;
973 e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	806 }
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	807
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	808 return NGX_CONF_OK;
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	809
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	810 invalid:
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	811
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	812 ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	813 "invalid session cache \"%V\"", &value[i]);
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	814
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	815 return NGX_CONF_ERROR;
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	816 }
4875 386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4873 diff changeset	817
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4873 diff changeset	818
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4873 diff changeset	819 static ngx_int_t
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4873 diff changeset	820 ngx_http_ssl_init(ngx_conf_t *cf)
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4873 diff changeset	821 {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4873 diff changeset	822 ngx_uint_t s;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4873 diff changeset	823 ngx_http_ssl_srv_conf_t *sscf;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4873 diff changeset	824 ngx_http_core_loc_conf_t *clcf;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4873 diff changeset	825 ngx_http_core_srv_conf_t **cscfp;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4873 diff changeset	826 ngx_http_core_main_conf_t *cmcf;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4873 diff changeset	827
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4873 diff changeset	828 cmcf = ngx_http_conf_get_module_main_conf(cf, ngx_http_core_module);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4873 diff changeset	829 cscfp = cmcf->servers.elts;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4873 diff changeset	830
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4873 diff changeset	831 for (s = 0; s < cmcf->servers.nelts; s++) {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4873 diff changeset	832
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4873 diff changeset	833 sscf = cscfp[s]->ctx->srv_conf[ngx_http_ssl_module.ctx_index];
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4873 diff changeset	834
4887 4b4f4cea6dfb OCSP stapling: properly check if there is ssl.ctx. Maxim Dounin <mdounin@mdounin.ru> parents: 4884 diff changeset	835 if (sscf->ssl.ctx == NULL \|\| !sscf->stapling) {
4875 386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4873 diff changeset	836 continue;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4873 diff changeset	837 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4873 diff changeset	838
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4873 diff changeset	839 clcf = cscfp[s]->ctx->loc_conf[ngx_http_core_module.ctx_index];
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4873 diff changeset	840
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4873 diff changeset	841 if (ngx_ssl_stapling_resolver(cf, &sscf->ssl, clcf->resolver,
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4873 diff changeset	842 clcf->resolver_timeout)
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4873 diff changeset	843 != NGX_OK)
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4873 diff changeset	844 {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4873 diff changeset	845 return NGX_ERROR;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4873 diff changeset	846 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4873 diff changeset	847 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4873 diff changeset	848
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4873 diff changeset	849 return NGX_OK;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4873 diff changeset	850 }

Mercurial > hg > nginx

annotate src/http/modules/ngx_http_ssl_module.c @ 5503:d049b0ea00a3