nginx: src/http/modules/ngx_http_ssl

annotate src/http/modules/ngx_http_ssl_module.c @ 7676:d225b70d38b6

Proxy: detection of data after final chunk. Previously, additional data after final chunk was either ignored (in the same buffer, or during unbuffered proxying) or sent to the client (in the next buffer already if it was already read from the socket). Now additional data are properly detected and ignored in all cases. Additionally, a warning is now logged and keepalive is disabled in the connection.

author	Maxim Dounin <mdounin@mdounin.ru>
date	Mon, 06 Jul 2020 18:36:20 +0300
parents	b56f725dd4bb
children	3bff3f397c05 7995cd199b52

rev	line source
441 da8c5707af39 nginx-0.1.0-2004-09-28-12:34:51 import; set copyright and remove unused files Igor Sysoev <igor@sysoev.ru> parents: 396 diff changeset	1
da8c5707af39 nginx-0.1.0-2004-09-28-12:34:51 import; set copyright and remove unused files Igor Sysoev <igor@sysoev.ru> parents: 396 diff changeset	2 /*
444 42d11f017717 nginx-0.1.0-2004-09-29-20:00:49 import; remove years from copyright Igor Sysoev <igor@sysoev.ru> parents: 441 diff changeset	3 * Copyright (C) Igor Sysoev
4412 d620f497c50f Copyright updated. Maxim Konovalov <maxim@nginx.com> parents: 4400 diff changeset	4 * Copyright (C) Nginx, Inc.
441 da8c5707af39 nginx-0.1.0-2004-09-28-12:34:51 import; set copyright and remove unused files Igor Sysoev <igor@sysoev.ru> parents: 396 diff changeset	5 */
da8c5707af39 nginx-0.1.0-2004-09-28-12:34:51 import; set copyright and remove unused files Igor Sysoev <igor@sysoev.ru> parents: 396 diff changeset	6
383 c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	7
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	8 #include <ngx_config.h>
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	9 #include <ngx_core.h>
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	10 #include <ngx_http.h>
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	11
573 58475592100c nginx-0.3.8-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 563 diff changeset	12
671 cec32b3753ac nginx-0.3.57-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 669 diff changeset	13 typedef ngx_int_t (ngx_ssl_variable_handler_pt)(ngx_connection_t c,
cec32b3753ac nginx-0.3.57-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 669 diff changeset	14 ngx_pool_t pool, ngx_str_t s);
611 3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	15
3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	16
3960 0832a6997227 ECDHE support Igor Sysoev <igor@sysoev.ru> parents: 3959 diff changeset	17 #define NGX_DEFAULT_CIPHERS "HIGH:!aNULL:!MD5"
6553 2014ed60f17f SSL: support for multiple curves (ticket #885). Maxim Dounin <mdounin@mdounin.ru> parents: 6550 diff changeset	18 #define NGX_DEFAULT_ECDH_CURVE "auto"
383 c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	19
5545 01e2a5bcdd8f SSL: support ALPN (IETF's successor to NPN). Piotr Sikora <piotr@cloudflare.com> parents: 5504 diff changeset	20 #define NGX_HTTP_NPN_ADVERTISE "\x08http/1.1"
01e2a5bcdd8f SSL: support ALPN (IETF's successor to NPN). Piotr Sikora <piotr@cloudflare.com> parents: 5504 diff changeset	21
01e2a5bcdd8f SSL: support ALPN (IETF's successor to NPN). Piotr Sikora <piotr@cloudflare.com> parents: 5504 diff changeset	22
01e2a5bcdd8f SSL: support ALPN (IETF's successor to NPN). Piotr Sikora <piotr@cloudflare.com> parents: 5504 diff changeset	23 #ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
01e2a5bcdd8f SSL: support ALPN (IETF's successor to NPN). Piotr Sikora <piotr@cloudflare.com> parents: 5504 diff changeset	24 static int ngx_http_ssl_alpn_select(ngx_ssl_conn_t *ssl_conn,
01e2a5bcdd8f SSL: support ALPN (IETF's successor to NPN). Piotr Sikora <piotr@cloudflare.com> parents: 5504 diff changeset	25 const unsigned char *out, unsigned char outlen,
01e2a5bcdd8f SSL: support ALPN (IETF's successor to NPN). Piotr Sikora <piotr@cloudflare.com> parents: 5504 diff changeset	26 const unsigned char in, unsigned int inlen, void arg);
01e2a5bcdd8f SSL: support ALPN (IETF's successor to NPN). Piotr Sikora <piotr@cloudflare.com> parents: 5504 diff changeset	27 #endif
383 c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	28
5106 afee87b8190a SSL: Next Protocol Negotiation extension support. Valentin Bartenev <vbart@nginx.com> parents: 5077 diff changeset	29 #ifdef TLSEXT_TYPE_next_proto_neg
afee87b8190a SSL: Next Protocol Negotiation extension support. Valentin Bartenev <vbart@nginx.com> parents: 5077 diff changeset	30 static int ngx_http_ssl_npn_advertised(ngx_ssl_conn_t *ssl_conn,
afee87b8190a SSL: Next Protocol Negotiation extension support. Valentin Bartenev <vbart@nginx.com> parents: 5077 diff changeset	31 const unsigned char *out, unsigned int outlen, void *arg);
afee87b8190a SSL: Next Protocol Negotiation extension support. Valentin Bartenev <vbart@nginx.com> parents: 5077 diff changeset	32 #endif
afee87b8190a SSL: Next Protocol Negotiation extension support. Valentin Bartenev <vbart@nginx.com> parents: 5077 diff changeset	33
671 cec32b3753ac nginx-0.3.57-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 669 diff changeset	34 static ngx_int_t ngx_http_ssl_static_variable(ngx_http_request_t *r,
611 3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	35 ngx_http_variable_value_t *v, uintptr_t data);
671 cec32b3753ac nginx-0.3.57-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 669 diff changeset	36 static ngx_int_t ngx_http_ssl_variable(ngx_http_request_t *r,
647 95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	37 ngx_http_variable_value_t *v, uintptr_t data);
611 3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	38
3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	39 static ngx_int_t ngx_http_ssl_add_variables(ngx_conf_t *cf);
383 c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	40 static void ngx_http_ssl_create_srv_conf(ngx_conf_t cf);
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	41 static char ngx_http_ssl_merge_srv_conf(ngx_conf_t cf,
501 d4ea69372b94 nginx-0.1.25-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 485 diff changeset	42 void parent, void child);
383 c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	43
7462 be2af41d3620 SSL: variables support in ssl_certificate and ssl_certificate_key. Maxim Dounin <mdounin@mdounin.ru> parents: 7333 diff changeset	44 static ngx_int_t ngx_http_ssl_compile_certificates(ngx_conf_t *cf,
be2af41d3620 SSL: variables support in ssl_certificate and ssl_certificate_key. Maxim Dounin <mdounin@mdounin.ru> parents: 7333 diff changeset	45 ngx_http_ssl_srv_conf_t *conf);
be2af41d3620 SSL: variables support in ssl_certificate and ssl_certificate_key. Maxim Dounin <mdounin@mdounin.ru> parents: 7333 diff changeset	46
2224 109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	47 static char ngx_http_ssl_enable(ngx_conf_t cf, ngx_command_t *cmd,
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	48 void *conf);
5744 42114bf12da0 SSL: the "ssl_password_file" directive. Valentin Bartenev <vbart@nginx.com> parents: 5700 diff changeset	49 static char ngx_http_ssl_password_file(ngx_conf_t cf, ngx_command_t *cmd,
42114bf12da0 SSL: the "ssl_password_file" directive. Valentin Bartenev <vbart@nginx.com> parents: 5700 diff changeset	50 void *conf);
973 e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	51 static char ngx_http_ssl_session_cache(ngx_conf_t cf, ngx_command_t *cmd,
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	52 void *conf);
7654 b56f725dd4bb OCSP: certificate status cache. Roman Arutyunyan <arut@nginx.com> parents: 7653 diff changeset	53 static char ngx_http_ssl_ocsp_cache(ngx_conf_t cf, ngx_command_t *cmd,
b56f725dd4bb OCSP: certificate status cache. Roman Arutyunyan <arut@nginx.com> parents: 7653 diff changeset	54 void *conf);
973 e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	55
4875 386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4873 diff changeset	56 static ngx_int_t ngx_http_ssl_init(ngx_conf_t *cf);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4873 diff changeset	57
383 c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	58
547 818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	59 static ngx_conf_bitmask_t ngx_http_ssl_protocols[] = {
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	60 { ngx_string("SSLv2"), NGX_SSL_SSLv2 },
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	61 { ngx_string("SSLv3"), NGX_SSL_SSLv3 },
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	62 { ngx_string("TLSv1"), NGX_SSL_TLSv1 },
4400 a0505851e70c Added support for TLSv1.1, TLSv1.2 in ssl_protocols directive. Maxim Dounin <mdounin@mdounin.ru> parents: 4273 diff changeset	63 { ngx_string("TLSv1.1"), NGX_SSL_TLSv1_1 },
a0505851e70c Added support for TLSv1.1, TLSv1.2 in ssl_protocols directive. Maxim Dounin <mdounin@mdounin.ru> parents: 4273 diff changeset	64 { ngx_string("TLSv1.2"), NGX_SSL_TLSv1_2 },
6981 08dc60979133 SSL: added support for TLSv1.3 in ssl_protocols directive. Sergey Kandaurov <pluknet@nginx.com> parents: 6817 diff changeset	65 { ngx_string("TLSv1.3"), NGX_SSL_TLSv1_3 },
547 818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	66 { ngx_null_string, 0 }
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	67 };
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	68
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	69
2123 9697407e9ecb ) ssl_verify_client ask Igor Sysoev <igor@sysoev.ru>* parents: 2045 diff changeset	70 static ngx_conf_enum_t ngx_http_ssl_verify[] = {
9697407e9ecb ) ssl_verify_client ask Igor Sysoev <igor@sysoev.ru>* parents: 2045 diff changeset	71 { ngx_string("off"), 0 },
9697407e9ecb ) ssl_verify_client ask Igor Sysoev <igor@sysoev.ru>* parents: 2045 diff changeset	72 { ngx_string("on"), 1 },
2994 f33c48457d0c ) $ssl_client_verify Igor Sysoev <igor@sysoev.ru>* parents: 2912 diff changeset	73 { ngx_string("optional"), 2 },
4884 e406c997470a SSL: the "ssl_verify_client" directive parameter "optional_no_ca". Maxim Dounin <mdounin@mdounin.ru> parents: 4879 diff changeset	74 { ngx_string("optional_no_ca"), 3 },
2123 9697407e9ecb ) ssl_verify_client ask Igor Sysoev <igor@sysoev.ru>* parents: 2045 diff changeset	75 { ngx_null_string, 0 }
9697407e9ecb ) ssl_verify_client ask Igor Sysoev <igor@sysoev.ru>* parents: 2045 diff changeset	76 };
9697407e9ecb ) ssl_verify_client ask Igor Sysoev <igor@sysoev.ru>* parents: 2045 diff changeset	77
9697407e9ecb ) ssl_verify_client ask Igor Sysoev <igor@sysoev.ru>* parents: 2045 diff changeset	78
7653 8409f9df6219 SSL: client certificate validation with OCSP (ticket #1534). Roman Arutyunyan <arut@nginx.com> parents: 7567 diff changeset	79 static ngx_conf_enum_t ngx_http_ssl_ocsp[] = {
8409f9df6219 SSL: client certificate validation with OCSP (ticket #1534). Roman Arutyunyan <arut@nginx.com> parents: 7567 diff changeset	80 { ngx_string("off"), 0 },
8409f9df6219 SSL: client certificate validation with OCSP (ticket #1534). Roman Arutyunyan <arut@nginx.com> parents: 7567 diff changeset	81 { ngx_string("on"), 1 },
8409f9df6219 SSL: client certificate validation with OCSP (ticket #1534). Roman Arutyunyan <arut@nginx.com> parents: 7567 diff changeset	82 { ngx_string("leaf"), 2 },
8409f9df6219 SSL: client certificate validation with OCSP (ticket #1534). Roman Arutyunyan <arut@nginx.com> parents: 7567 diff changeset	83 { ngx_null_string, 0 }
8409f9df6219 SSL: client certificate validation with OCSP (ticket #1534). Roman Arutyunyan <arut@nginx.com> parents: 7567 diff changeset	84 };
8409f9df6219 SSL: client certificate validation with OCSP (ticket #1534). Roman Arutyunyan <arut@nginx.com> parents: 7567 diff changeset	85
8409f9df6219 SSL: client certificate validation with OCSP (ticket #1534). Roman Arutyunyan <arut@nginx.com> parents: 7567 diff changeset	86
7270 46c0c7ef4913 SSL: deprecated the "ssl" directive. Ruslan Ermilov <ru@nginx.com> parents: 7269 diff changeset	87 static ngx_conf_deprecated_t ngx_http_ssl_deprecated = {
46c0c7ef4913 SSL: deprecated the "ssl" directive. Ruslan Ermilov <ru@nginx.com> parents: 7269 diff changeset	88 ngx_conf_deprecated, "ssl", "listen ... ssl"
46c0c7ef4913 SSL: deprecated the "ssl" directive. Ruslan Ermilov <ru@nginx.com> parents: 7269 diff changeset	89 };
46c0c7ef4913 SSL: deprecated the "ssl" directive. Ruslan Ermilov <ru@nginx.com> parents: 7269 diff changeset	90
46c0c7ef4913 SSL: deprecated the "ssl" directive. Ruslan Ermilov <ru@nginx.com> parents: 7269 diff changeset	91
395 f8f0f1834266 nginx-0.0.7-2004-07-16-21:11:43 import Igor Sysoev <igor@sysoev.ru> parents: 394 diff changeset	92 static ngx_command_t ngx_http_ssl_commands[] = {
383 c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	93
393 5659d773cfa8 nginx-0.0.7-2004-07-15-20:35:51 import Igor Sysoev <igor@sysoev.ru> parents: 392 diff changeset	94 { ngx_string("ssl"),
599 869b6444d234 nginx-0.3.21-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 573 diff changeset	95 NGX_HTTP_MAIN_CONF\|NGX_HTTP_SRV_CONF\|NGX_CONF_FLAG,
2224 109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	96 ngx_http_ssl_enable,
383 c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	97 NGX_HTTP_SRV_CONF_OFFSET,
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	98 offsetof(ngx_http_ssl_srv_conf_t, enable),
7270 46c0c7ef4913 SSL: deprecated the "ssl" directive. Ruslan Ermilov <ru@nginx.com> parents: 7269 diff changeset	99 &ngx_http_ssl_deprecated },
383 c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	100
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	101 { ngx_string("ssl_certificate"),
599 869b6444d234 nginx-0.3.21-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 573 diff changeset	102 NGX_HTTP_MAIN_CONF\|NGX_HTTP_SRV_CONF\|NGX_CONF_TAKE1,
6550 51e1f047d15d SSL: support for multiple certificates (ticket #814). Maxim Dounin <mdounin@mdounin.ru> parents: 6489 diff changeset	103 ngx_conf_set_str_array_slot,
383 c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	104 NGX_HTTP_SRV_CONF_OFFSET,
6550 51e1f047d15d SSL: support for multiple certificates (ticket #814). Maxim Dounin <mdounin@mdounin.ru> parents: 6489 diff changeset	105 offsetof(ngx_http_ssl_srv_conf_t, certificates),
383 c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	106 NULL },
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	107
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	108 { ngx_string("ssl_certificate_key"),
599 869b6444d234 nginx-0.3.21-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 573 diff changeset	109 NGX_HTTP_MAIN_CONF\|NGX_HTTP_SRV_CONF\|NGX_CONF_TAKE1,
6550 51e1f047d15d SSL: support for multiple certificates (ticket #814). Maxim Dounin <mdounin@mdounin.ru> parents: 6489 diff changeset	110 ngx_conf_set_str_array_slot,
383 c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	111 NGX_HTTP_SRV_CONF_OFFSET,
6550 51e1f047d15d SSL: support for multiple certificates (ticket #814). Maxim Dounin <mdounin@mdounin.ru> parents: 6489 diff changeset	112 offsetof(ngx_http_ssl_srv_conf_t, certificate_keys),
383 c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	113 NULL },
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	114
5744 42114bf12da0 SSL: the "ssl_password_file" directive. Valentin Bartenev <vbart@nginx.com> parents: 5700 diff changeset	115 { ngx_string("ssl_password_file"),
42114bf12da0 SSL: the "ssl_password_file" directive. Valentin Bartenev <vbart@nginx.com> parents: 5700 diff changeset	116 NGX_HTTP_MAIN_CONF\|NGX_HTTP_SRV_CONF\|NGX_CONF_TAKE1,
42114bf12da0 SSL: the "ssl_password_file" directive. Valentin Bartenev <vbart@nginx.com> parents: 5700 diff changeset	117 ngx_http_ssl_password_file,
42114bf12da0 SSL: the "ssl_password_file" directive. Valentin Bartenev <vbart@nginx.com> parents: 5700 diff changeset	118 NGX_HTTP_SRV_CONF_OFFSET,
42114bf12da0 SSL: the "ssl_password_file" directive. Valentin Bartenev <vbart@nginx.com> parents: 5700 diff changeset	119 0,
42114bf12da0 SSL: the "ssl_password_file" directive. Valentin Bartenev <vbart@nginx.com> parents: 5700 diff changeset	120 NULL },
42114bf12da0 SSL: the "ssl_password_file" directive. Valentin Bartenev <vbart@nginx.com> parents: 5700 diff changeset	121
2044 f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	122 { ngx_string("ssl_dhparam"),
f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	123 NGX_HTTP_MAIN_CONF\|NGX_HTTP_SRV_CONF\|NGX_CONF_TAKE1,
f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	124 ngx_conf_set_str_slot,
f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	125 NGX_HTTP_SRV_CONF_OFFSET,
f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	126 offsetof(ngx_http_ssl_srv_conf_t, dhparam),
f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	127 NULL },
f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	128
3960 0832a6997227 ECDHE support Igor Sysoev <igor@sysoev.ru> parents: 3959 diff changeset	129 { ngx_string("ssl_ecdh_curve"),
0832a6997227 ECDHE support Igor Sysoev <igor@sysoev.ru> parents: 3959 diff changeset	130 NGX_HTTP_MAIN_CONF\|NGX_HTTP_SRV_CONF\|NGX_CONF_TAKE1,
0832a6997227 ECDHE support Igor Sysoev <igor@sysoev.ru> parents: 3959 diff changeset	131 ngx_conf_set_str_slot,
0832a6997227 ECDHE support Igor Sysoev <igor@sysoev.ru> parents: 3959 diff changeset	132 NGX_HTTP_SRV_CONF_OFFSET,
0832a6997227 ECDHE support Igor Sysoev <igor@sysoev.ru> parents: 3959 diff changeset	133 offsetof(ngx_http_ssl_srv_conf_t, ecdh_curve),
0832a6997227 ECDHE support Igor Sysoev <igor@sysoev.ru> parents: 3959 diff changeset	134 NULL },
0832a6997227 ECDHE support Igor Sysoev <igor@sysoev.ru> parents: 3959 diff changeset	135
547 818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	136 { ngx_string("ssl_protocols"),
563 9c2f3ed7a247 nginx-0.3.3-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 547 diff changeset	137 NGX_HTTP_MAIN_CONF\|NGX_HTTP_SRV_CONF\|NGX_CONF_1MORE,
547 818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	138 ngx_conf_set_bitmask_slot,
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	139 NGX_HTTP_SRV_CONF_OFFSET,
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	140 offsetof(ngx_http_ssl_srv_conf_t, protocols),
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	141 &ngx_http_ssl_protocols },
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	142
479 c52408583801 nginx-0.1.14-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 444 diff changeset	143 { ngx_string("ssl_ciphers"),
563 9c2f3ed7a247 nginx-0.3.3-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 547 diff changeset	144 NGX_HTTP_MAIN_CONF\|NGX_HTTP_SRV_CONF\|NGX_CONF_TAKE1,
479 c52408583801 nginx-0.1.14-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 444 diff changeset	145 ngx_conf_set_str_slot,
c52408583801 nginx-0.1.14-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 444 diff changeset	146 NGX_HTTP_SRV_CONF_OFFSET,
c52408583801 nginx-0.1.14-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 444 diff changeset	147 offsetof(ngx_http_ssl_srv_conf_t, ciphers),
c52408583801 nginx-0.1.14-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 444 diff changeset	148 NULL },
c52408583801 nginx-0.1.14-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 444 diff changeset	149
5487 a297b7ad6f94 SSL: ssl_buffer_size directive. Maxim Dounin <mdounin@mdounin.ru> parents: 5425 diff changeset	150 { ngx_string("ssl_buffer_size"),
a297b7ad6f94 SSL: ssl_buffer_size directive. Maxim Dounin <mdounin@mdounin.ru> parents: 5425 diff changeset	151 NGX_HTTP_MAIN_CONF\|NGX_HTTP_SRV_CONF\|NGX_CONF_TAKE1,
a297b7ad6f94 SSL: ssl_buffer_size directive. Maxim Dounin <mdounin@mdounin.ru> parents: 5425 diff changeset	152 ngx_conf_set_size_slot,
a297b7ad6f94 SSL: ssl_buffer_size directive. Maxim Dounin <mdounin@mdounin.ru> parents: 5425 diff changeset	153 NGX_HTTP_SRV_CONF_OFFSET,
a297b7ad6f94 SSL: ssl_buffer_size directive. Maxim Dounin <mdounin@mdounin.ru> parents: 5425 diff changeset	154 offsetof(ngx_http_ssl_srv_conf_t, buffer_size),
a297b7ad6f94 SSL: ssl_buffer_size directive. Maxim Dounin <mdounin@mdounin.ru> parents: 5425 diff changeset	155 NULL },
a297b7ad6f94 SSL: ssl_buffer_size directive. Maxim Dounin <mdounin@mdounin.ru> parents: 5425 diff changeset	156
647 95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	157 { ngx_string("ssl_verify_client"),
4273 e444e8f6538b Fixed NGX_CONF_TAKE1/NGX_CONF_FLAG misuse. Sergey Budnevitch <sb@waeme.net> parents: 4234 diff changeset	158 NGX_HTTP_MAIN_CONF\|NGX_HTTP_SRV_CONF\|NGX_CONF_TAKE1,
2123 9697407e9ecb ) ssl_verify_client ask Igor Sysoev <igor@sysoev.ru>* parents: 2045 diff changeset	159 ngx_conf_set_enum_slot,
647 95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	160 NGX_HTTP_SRV_CONF_OFFSET,
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	161 offsetof(ngx_http_ssl_srv_conf_t, verify),
2123 9697407e9ecb ) ssl_verify_client ask Igor Sysoev <igor@sysoev.ru>* parents: 2045 diff changeset	162 &ngx_http_ssl_verify },
647 95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	163
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	164 { ngx_string("ssl_verify_depth"),
5504 8ed467553f6b SSL: fixed ssl_verify_depth to take only one argument. Maxim Dounin <mdounin@mdounin.ru> parents: 5503 diff changeset	165 NGX_HTTP_MAIN_CONF\|NGX_HTTP_SRV_CONF\|NGX_CONF_TAKE1,
647 95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	166 ngx_conf_set_num_slot,
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	167 NGX_HTTP_SRV_CONF_OFFSET,
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	168 offsetof(ngx_http_ssl_srv_conf_t, verify_depth),
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	169 NULL },
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	170
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	171 { ngx_string("ssl_client_certificate"),
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	172 NGX_HTTP_MAIN_CONF\|NGX_HTTP_SRV_CONF\|NGX_CONF_TAKE1,
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	173 ngx_conf_set_str_slot,
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	174 NGX_HTTP_SRV_CONF_OFFSET,
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	175 offsetof(ngx_http_ssl_srv_conf_t, client_certificate),
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	176 NULL },
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	177
4872 7c3cca603438 OCSP stapling: ssl_trusted_certificate directive. Maxim Dounin <mdounin@mdounin.ru> parents: 4412 diff changeset	178 { ngx_string("ssl_trusted_certificate"),
7c3cca603438 OCSP stapling: ssl_trusted_certificate directive. Maxim Dounin <mdounin@mdounin.ru> parents: 4412 diff changeset	179 NGX_HTTP_MAIN_CONF\|NGX_HTTP_SRV_CONF\|NGX_CONF_TAKE1,
7c3cca603438 OCSP stapling: ssl_trusted_certificate directive. Maxim Dounin <mdounin@mdounin.ru> parents: 4412 diff changeset	180 ngx_conf_set_str_slot,
7c3cca603438 OCSP stapling: ssl_trusted_certificate directive. Maxim Dounin <mdounin@mdounin.ru> parents: 4412 diff changeset	181 NGX_HTTP_SRV_CONF_OFFSET,
7c3cca603438 OCSP stapling: ssl_trusted_certificate directive. Maxim Dounin <mdounin@mdounin.ru> parents: 4412 diff changeset	182 offsetof(ngx_http_ssl_srv_conf_t, trusted_certificate),
7c3cca603438 OCSP stapling: ssl_trusted_certificate directive. Maxim Dounin <mdounin@mdounin.ru> parents: 4412 diff changeset	183 NULL },
7c3cca603438 OCSP stapling: ssl_trusted_certificate directive. Maxim Dounin <mdounin@mdounin.ru> parents: 4412 diff changeset	184
547 818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	185 { ngx_string("ssl_prefer_server_ciphers"),
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	186 NGX_HTTP_MAIN_CONF\|NGX_HTTP_SRV_CONF\|NGX_CONF_FLAG,
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	187 ngx_conf_set_flag_slot,
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	188 NGX_HTTP_SRV_CONF_OFFSET,
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	189 offsetof(ngx_http_ssl_srv_conf_t, prefer_server_ciphers),
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	190 NULL },
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	191
973 e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	192 { ngx_string("ssl_session_cache"),
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	193 NGX_HTTP_MAIN_CONF\|NGX_HTTP_SRV_CONF\|NGX_CONF_TAKE12,
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	194 ngx_http_ssl_session_cache,
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	195 NGX_HTTP_SRV_CONF_OFFSET,
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	196 0,
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	197 NULL },
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	198
5503 d049b0ea00a3 SSL: ssl_session_tickets directive. Dirkjan Bussink <d.bussink@gmail.com> parents: 5487 diff changeset	199 { ngx_string("ssl_session_tickets"),
d049b0ea00a3 SSL: ssl_session_tickets directive. Dirkjan Bussink <d.bussink@gmail.com> parents: 5487 diff changeset	200 NGX_HTTP_MAIN_CONF\|NGX_HTTP_SRV_CONF\|NGX_CONF_FLAG,
d049b0ea00a3 SSL: ssl_session_tickets directive. Dirkjan Bussink <d.bussink@gmail.com> parents: 5487 diff changeset	201 ngx_conf_set_flag_slot,
d049b0ea00a3 SSL: ssl_session_tickets directive. Dirkjan Bussink <d.bussink@gmail.com> parents: 5487 diff changeset	202 NGX_HTTP_SRV_CONF_OFFSET,
d049b0ea00a3 SSL: ssl_session_tickets directive. Dirkjan Bussink <d.bussink@gmail.com> parents: 5487 diff changeset	203 offsetof(ngx_http_ssl_srv_conf_t, session_tickets),
d049b0ea00a3 SSL: ssl_session_tickets directive. Dirkjan Bussink <d.bussink@gmail.com> parents: 5487 diff changeset	204 NULL },
d049b0ea00a3 SSL: ssl_session_tickets directive. Dirkjan Bussink <d.bussink@gmail.com> parents: 5487 diff changeset	205
5425 1356a3b96924 SSL: added ability to set keys used for Session Tickets (RFC5077). Piotr Sikora <piotr@cloudflare.com> parents: 5387 diff changeset	206 { ngx_string("ssl_session_ticket_key"),
1356a3b96924 SSL: added ability to set keys used for Session Tickets (RFC5077). Piotr Sikora <piotr@cloudflare.com> parents: 5387 diff changeset	207 NGX_HTTP_MAIN_CONF\|NGX_HTTP_SRV_CONF\|NGX_CONF_TAKE1,
1356a3b96924 SSL: added ability to set keys used for Session Tickets (RFC5077). Piotr Sikora <piotr@cloudflare.com> parents: 5387 diff changeset	208 ngx_conf_set_str_array_slot,
1356a3b96924 SSL: added ability to set keys used for Session Tickets (RFC5077). Piotr Sikora <piotr@cloudflare.com> parents: 5387 diff changeset	209 NGX_HTTP_SRV_CONF_OFFSET,
1356a3b96924 SSL: added ability to set keys used for Session Tickets (RFC5077). Piotr Sikora <piotr@cloudflare.com> parents: 5387 diff changeset	210 offsetof(ngx_http_ssl_srv_conf_t, session_ticket_keys),
1356a3b96924 SSL: added ability to set keys used for Session Tickets (RFC5077). Piotr Sikora <piotr@cloudflare.com> parents: 5387 diff changeset	211 NULL },
1356a3b96924 SSL: added ability to set keys used for Session Tickets (RFC5077). Piotr Sikora <piotr@cloudflare.com> parents: 5387 diff changeset	212
573 58475592100c nginx-0.3.8-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 563 diff changeset	213 { ngx_string("ssl_session_timeout"),
58475592100c nginx-0.3.8-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 563 diff changeset	214 NGX_HTTP_MAIN_CONF\|NGX_HTTP_SRV_CONF\|NGX_CONF_TAKE1,
58475592100c nginx-0.3.8-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 563 diff changeset	215 ngx_conf_set_sec_slot,
58475592100c nginx-0.3.8-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 563 diff changeset	216 NGX_HTTP_SRV_CONF_OFFSET,
58475592100c nginx-0.3.8-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 563 diff changeset	217 offsetof(ngx_http_ssl_srv_conf_t, session_timeout),
58475592100c nginx-0.3.8-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 563 diff changeset	218 NULL },
58475592100c nginx-0.3.8-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 563 diff changeset	219
2995 cc07d164f0dc ssl_crl Igor Sysoev <igor@sysoev.ru> parents: 2994 diff changeset	220 { ngx_string("ssl_crl"),
cc07d164f0dc ssl_crl Igor Sysoev <igor@sysoev.ru> parents: 2994 diff changeset	221 NGX_HTTP_MAIN_CONF\|NGX_HTTP_SRV_CONF\|NGX_CONF_TAKE1,
cc07d164f0dc ssl_crl Igor Sysoev <igor@sysoev.ru> parents: 2994 diff changeset	222 ngx_conf_set_str_slot,
cc07d164f0dc ssl_crl Igor Sysoev <igor@sysoev.ru> parents: 2994 diff changeset	223 NGX_HTTP_SRV_CONF_OFFSET,
cc07d164f0dc ssl_crl Igor Sysoev <igor@sysoev.ru> parents: 2994 diff changeset	224 offsetof(ngx_http_ssl_srv_conf_t, crl),
cc07d164f0dc ssl_crl Igor Sysoev <igor@sysoev.ru> parents: 2994 diff changeset	225 NULL },
cc07d164f0dc ssl_crl Igor Sysoev <igor@sysoev.ru> parents: 2994 diff changeset	226
7653 8409f9df6219 SSL: client certificate validation with OCSP (ticket #1534). Roman Arutyunyan <arut@nginx.com> parents: 7567 diff changeset	227 { ngx_string("ssl_ocsp"),
8409f9df6219 SSL: client certificate validation with OCSP (ticket #1534). Roman Arutyunyan <arut@nginx.com> parents: 7567 diff changeset	228 NGX_HTTP_MAIN_CONF\|NGX_HTTP_SRV_CONF\|NGX_CONF_FLAG,
8409f9df6219 SSL: client certificate validation with OCSP (ticket #1534). Roman Arutyunyan <arut@nginx.com> parents: 7567 diff changeset	229 ngx_conf_set_enum_slot,
8409f9df6219 SSL: client certificate validation with OCSP (ticket #1534). Roman Arutyunyan <arut@nginx.com> parents: 7567 diff changeset	230 NGX_HTTP_SRV_CONF_OFFSET,
8409f9df6219 SSL: client certificate validation with OCSP (ticket #1534). Roman Arutyunyan <arut@nginx.com> parents: 7567 diff changeset	231 offsetof(ngx_http_ssl_srv_conf_t, ocsp),
8409f9df6219 SSL: client certificate validation with OCSP (ticket #1534). Roman Arutyunyan <arut@nginx.com> parents: 7567 diff changeset	232 &ngx_http_ssl_ocsp },
8409f9df6219 SSL: client certificate validation with OCSP (ticket #1534). Roman Arutyunyan <arut@nginx.com> parents: 7567 diff changeset	233
8409f9df6219 SSL: client certificate validation with OCSP (ticket #1534). Roman Arutyunyan <arut@nginx.com> parents: 7567 diff changeset	234 { ngx_string("ssl_ocsp_responder"),
8409f9df6219 SSL: client certificate validation with OCSP (ticket #1534). Roman Arutyunyan <arut@nginx.com> parents: 7567 diff changeset	235 NGX_HTTP_MAIN_CONF\|NGX_HTTP_SRV_CONF\|NGX_CONF_TAKE1,
8409f9df6219 SSL: client certificate validation with OCSP (ticket #1534). Roman Arutyunyan <arut@nginx.com> parents: 7567 diff changeset	236 ngx_conf_set_str_slot,
8409f9df6219 SSL: client certificate validation with OCSP (ticket #1534). Roman Arutyunyan <arut@nginx.com> parents: 7567 diff changeset	237 NGX_HTTP_SRV_CONF_OFFSET,
8409f9df6219 SSL: client certificate validation with OCSP (ticket #1534). Roman Arutyunyan <arut@nginx.com> parents: 7567 diff changeset	238 offsetof(ngx_http_ssl_srv_conf_t, ocsp_responder),
8409f9df6219 SSL: client certificate validation with OCSP (ticket #1534). Roman Arutyunyan <arut@nginx.com> parents: 7567 diff changeset	239 NULL },
8409f9df6219 SSL: client certificate validation with OCSP (ticket #1534). Roman Arutyunyan <arut@nginx.com> parents: 7567 diff changeset	240
7654 b56f725dd4bb OCSP: certificate status cache. Roman Arutyunyan <arut@nginx.com> parents: 7653 diff changeset	241 { ngx_string("ssl_ocsp_cache"),
b56f725dd4bb OCSP: certificate status cache. Roman Arutyunyan <arut@nginx.com> parents: 7653 diff changeset	242 NGX_HTTP_MAIN_CONF\|NGX_HTTP_SRV_CONF\|NGX_CONF_TAKE1,
b56f725dd4bb OCSP: certificate status cache. Roman Arutyunyan <arut@nginx.com> parents: 7653 diff changeset	243 ngx_http_ssl_ocsp_cache,
b56f725dd4bb OCSP: certificate status cache. Roman Arutyunyan <arut@nginx.com> parents: 7653 diff changeset	244 NGX_HTTP_SRV_CONF_OFFSET,
b56f725dd4bb OCSP: certificate status cache. Roman Arutyunyan <arut@nginx.com> parents: 7653 diff changeset	245 0,
b56f725dd4bb OCSP: certificate status cache. Roman Arutyunyan <arut@nginx.com> parents: 7653 diff changeset	246 NULL },
b56f725dd4bb OCSP: certificate status cache. Roman Arutyunyan <arut@nginx.com> parents: 7653 diff changeset	247
4873 dd74fd35ceb5 OCSP stapling: ssl_stapling_file support. Maxim Dounin <mdounin@mdounin.ru> parents: 4872 diff changeset	248 { ngx_string("ssl_stapling"),
dd74fd35ceb5 OCSP stapling: ssl_stapling_file support. Maxim Dounin <mdounin@mdounin.ru> parents: 4872 diff changeset	249 NGX_HTTP_MAIN_CONF\|NGX_HTTP_SRV_CONF\|NGX_CONF_FLAG,
dd74fd35ceb5 OCSP stapling: ssl_stapling_file support. Maxim Dounin <mdounin@mdounin.ru> parents: 4872 diff changeset	250 ngx_conf_set_flag_slot,
dd74fd35ceb5 OCSP stapling: ssl_stapling_file support. Maxim Dounin <mdounin@mdounin.ru> parents: 4872 diff changeset	251 NGX_HTTP_SRV_CONF_OFFSET,
dd74fd35ceb5 OCSP stapling: ssl_stapling_file support. Maxim Dounin <mdounin@mdounin.ru> parents: 4872 diff changeset	252 offsetof(ngx_http_ssl_srv_conf_t, stapling),
dd74fd35ceb5 OCSP stapling: ssl_stapling_file support. Maxim Dounin <mdounin@mdounin.ru> parents: 4872 diff changeset	253 NULL },
dd74fd35ceb5 OCSP stapling: ssl_stapling_file support. Maxim Dounin <mdounin@mdounin.ru> parents: 4872 diff changeset	254
dd74fd35ceb5 OCSP stapling: ssl_stapling_file support. Maxim Dounin <mdounin@mdounin.ru> parents: 4872 diff changeset	255 { ngx_string("ssl_stapling_file"),
dd74fd35ceb5 OCSP stapling: ssl_stapling_file support. Maxim Dounin <mdounin@mdounin.ru> parents: 4872 diff changeset	256 NGX_HTTP_MAIN_CONF\|NGX_HTTP_SRV_CONF\|NGX_CONF_TAKE1,
dd74fd35ceb5 OCSP stapling: ssl_stapling_file support. Maxim Dounin <mdounin@mdounin.ru> parents: 4872 diff changeset	257 ngx_conf_set_str_slot,
dd74fd35ceb5 OCSP stapling: ssl_stapling_file support. Maxim Dounin <mdounin@mdounin.ru> parents: 4872 diff changeset	258 NGX_HTTP_SRV_CONF_OFFSET,
dd74fd35ceb5 OCSP stapling: ssl_stapling_file support. Maxim Dounin <mdounin@mdounin.ru> parents: 4872 diff changeset	259 offsetof(ngx_http_ssl_srv_conf_t, stapling_file),
dd74fd35ceb5 OCSP stapling: ssl_stapling_file support. Maxim Dounin <mdounin@mdounin.ru> parents: 4872 diff changeset	260 NULL },
dd74fd35ceb5 OCSP stapling: ssl_stapling_file support. Maxim Dounin <mdounin@mdounin.ru> parents: 4872 diff changeset	261
4875 386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4873 diff changeset	262 { ngx_string("ssl_stapling_responder"),
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4873 diff changeset	263 NGX_HTTP_MAIN_CONF\|NGX_HTTP_SRV_CONF\|NGX_CONF_TAKE1,
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4873 diff changeset	264 ngx_conf_set_str_slot,
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4873 diff changeset	265 NGX_HTTP_SRV_CONF_OFFSET,
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4873 diff changeset	266 offsetof(ngx_http_ssl_srv_conf_t, stapling_responder),
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4873 diff changeset	267 NULL },
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4873 diff changeset	268
4879 4a804fd04e6c OCSP stapling: ssl_stapling_verify directive. Maxim Dounin <mdounin@mdounin.ru> parents: 4875 diff changeset	269 { ngx_string("ssl_stapling_verify"),
4a804fd04e6c OCSP stapling: ssl_stapling_verify directive. Maxim Dounin <mdounin@mdounin.ru> parents: 4875 diff changeset	270 NGX_HTTP_MAIN_CONF\|NGX_HTTP_SRV_CONF\|NGX_CONF_FLAG,
4a804fd04e6c OCSP stapling: ssl_stapling_verify directive. Maxim Dounin <mdounin@mdounin.ru> parents: 4875 diff changeset	271 ngx_conf_set_flag_slot,
4a804fd04e6c OCSP stapling: ssl_stapling_verify directive. Maxim Dounin <mdounin@mdounin.ru> parents: 4875 diff changeset	272 NGX_HTTP_SRV_CONF_OFFSET,
4a804fd04e6c OCSP stapling: ssl_stapling_verify directive. Maxim Dounin <mdounin@mdounin.ru> parents: 4875 diff changeset	273 offsetof(ngx_http_ssl_srv_conf_t, stapling_verify),
4a804fd04e6c OCSP stapling: ssl_stapling_verify directive. Maxim Dounin <mdounin@mdounin.ru> parents: 4875 diff changeset	274 NULL },
4a804fd04e6c OCSP stapling: ssl_stapling_verify directive. Maxim Dounin <mdounin@mdounin.ru> parents: 4875 diff changeset	275
7333 ba971deb4b44 SSL: support for TLSv1.3 early data with BoringSSL. Maxim Dounin <mdounin@mdounin.ru> parents: 7270 diff changeset	276 { ngx_string("ssl_early_data"),
ba971deb4b44 SSL: support for TLSv1.3 early data with BoringSSL. Maxim Dounin <mdounin@mdounin.ru> parents: 7270 diff changeset	277 NGX_HTTP_MAIN_CONF\|NGX_HTTP_SRV_CONF\|NGX_CONF_FLAG,
ba971deb4b44 SSL: support for TLSv1.3 early data with BoringSSL. Maxim Dounin <mdounin@mdounin.ru> parents: 7270 diff changeset	278 ngx_conf_set_flag_slot,
ba971deb4b44 SSL: support for TLSv1.3 early data with BoringSSL. Maxim Dounin <mdounin@mdounin.ru> parents: 7270 diff changeset	279 NGX_HTTP_SRV_CONF_OFFSET,
ba971deb4b44 SSL: support for TLSv1.3 early data with BoringSSL. Maxim Dounin <mdounin@mdounin.ru> parents: 7270 diff changeset	280 offsetof(ngx_http_ssl_srv_conf_t, early_data),
ba971deb4b44 SSL: support for TLSv1.3 early data with BoringSSL. Maxim Dounin <mdounin@mdounin.ru> parents: 7270 diff changeset	281 NULL },
ba971deb4b44 SSL: support for TLSv1.3 early data with BoringSSL. Maxim Dounin <mdounin@mdounin.ru> parents: 7270 diff changeset	282
383 c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	283 ngx_null_command
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	284 };
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	285
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	286
395 f8f0f1834266 nginx-0.0.7-2004-07-16-21:11:43 import Igor Sysoev <igor@sysoev.ru> parents: 394 diff changeset	287 static ngx_http_module_t ngx_http_ssl_module_ctx = {
611 3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	288 ngx_http_ssl_add_variables, /* preconfiguration */
4875 386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4873 diff changeset	289 ngx_http_ssl_init, /* postconfiguration */
383 c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	290
541 b09ee85d0ac8 nginx-0.1.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 529 diff changeset	291 NULL, /* create main configuration */
b09ee85d0ac8 nginx-0.1.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 529 diff changeset	292 NULL, /* init main configuration */
383 c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	293
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	294 ngx_http_ssl_create_srv_conf, /* create server configuration */
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	295 ngx_http_ssl_merge_srv_conf, /* merge server configuration */
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	296
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	297 NULL, /* create location configuration */
485 4ebe09b07e30 nginx-0.1.17-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 479 diff changeset	298 NULL /* merge location configuration */
383 c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	299 };
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	300
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	301
395 f8f0f1834266 nginx-0.0.7-2004-07-16-21:11:43 import Igor Sysoev <igor@sysoev.ru> parents: 394 diff changeset	302 ngx_module_t ngx_http_ssl_module = {
509 9b8c906f6e63 nginx-0.1.29-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 507 diff changeset	303 NGX_MODULE_V1,
395 f8f0f1834266 nginx-0.0.7-2004-07-16-21:11:43 import Igor Sysoev <igor@sysoev.ru> parents: 394 diff changeset	304 &ngx_http_ssl_module_ctx, /* module context */
f8f0f1834266 nginx-0.0.7-2004-07-16-21:11:43 import Igor Sysoev <igor@sysoev.ru> parents: 394 diff changeset	305 ngx_http_ssl_commands, /* module directives */
383 c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	306 NGX_HTTP_MODULE, /* module type */
541 b09ee85d0ac8 nginx-0.1.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 529 diff changeset	307 NULL, /* init master */
393 5659d773cfa8 nginx-0.0.7-2004-07-15-20:35:51 import Igor Sysoev <igor@sysoev.ru> parents: 392 diff changeset	308 NULL, /* init module */
541 b09ee85d0ac8 nginx-0.1.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 529 diff changeset	309 NULL, /* init process */
b09ee85d0ac8 nginx-0.1.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 529 diff changeset	310 NULL, /* init thread */
b09ee85d0ac8 nginx-0.1.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 529 diff changeset	311 NULL, /* exit thread */
b09ee85d0ac8 nginx-0.1.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 529 diff changeset	312 NULL, /* exit process */
b09ee85d0ac8 nginx-0.1.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 529 diff changeset	313 NULL, /* exit master */
b09ee85d0ac8 nginx-0.1.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 529 diff changeset	314 NGX_MODULE_V1_PADDING
383 c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	315 };
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	316
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	317
611 3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	318 static ngx_http_variable_t ngx_http_ssl_vars[] = {
3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	319
671 cec32b3753ac nginx-0.3.57-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 669 diff changeset	320 { ngx_string("ssl_protocol"), NULL, ngx_http_ssl_static_variable,
1565 4c43e25d11ea fix English grammar Igor Sysoev <igor@sysoev.ru> parents: 1310 diff changeset	321 (uintptr_t) ngx_ssl_get_protocol, NGX_HTTP_VAR_CHANGEABLE, 0 },
611 3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	322
671 cec32b3753ac nginx-0.3.57-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 669 diff changeset	323 { ngx_string("ssl_cipher"), NULL, ngx_http_ssl_static_variable,
1565 4c43e25d11ea fix English grammar Igor Sysoev <igor@sysoev.ru> parents: 1310 diff changeset	324 (uintptr_t) ngx_ssl_get_cipher_name, NGX_HTTP_VAR_CHANGEABLE, 0 },
611 3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	325
6816 ea93c7d8752a SSL: $ssl_ciphers (ticket #870). Maxim Dounin <mdounin@mdounin.ru> parents: 6815 diff changeset	326 { ngx_string("ssl_ciphers"), NULL, ngx_http_ssl_variable,
ea93c7d8752a SSL: $ssl_ciphers (ticket #870). Maxim Dounin <mdounin@mdounin.ru> parents: 6815 diff changeset	327 (uintptr_t) ngx_ssl_get_ciphers, NGX_HTTP_VAR_CHANGEABLE, 0 },
ea93c7d8752a SSL: $ssl_ciphers (ticket #870). Maxim Dounin <mdounin@mdounin.ru> parents: 6815 diff changeset	328
6817 e75e854657ba SSL: $ssl_curves (ticket #1088). Maxim Dounin <mdounin@mdounin.ru> parents: 6816 diff changeset	329 { ngx_string("ssl_curves"), NULL, ngx_http_ssl_variable,
e75e854657ba SSL: $ssl_curves (ticket #1088). Maxim Dounin <mdounin@mdounin.ru> parents: 6816 diff changeset	330 (uintptr_t) ngx_ssl_get_curves, NGX_HTTP_VAR_CHANGEABLE, 0 },
e75e854657ba SSL: $ssl_curves (ticket #1088). Maxim Dounin <mdounin@mdounin.ru> parents: 6816 diff changeset	331
3154 823f72db46c0 $ssl_session_id Igor Sysoev <igor@sysoev.ru> parents: 3140 diff changeset	332 { ngx_string("ssl_session_id"), NULL, ngx_http_ssl_variable,
823f72db46c0 $ssl_session_id Igor Sysoev <igor@sysoev.ru> parents: 3140 diff changeset	333 (uintptr_t) ngx_ssl_get_session_id, NGX_HTTP_VAR_CHANGEABLE, 0 },
823f72db46c0 $ssl_session_id Igor Sysoev <igor@sysoev.ru> parents: 3140 diff changeset	334
5573 7c05f6590753 SSL: the $ssl_session_reused variable. Maxim Dounin <mdounin@mdounin.ru> parents: 5545 diff changeset	335 { ngx_string("ssl_session_reused"), NULL, ngx_http_ssl_variable,
7c05f6590753 SSL: the $ssl_session_reused variable. Maxim Dounin <mdounin@mdounin.ru> parents: 5545 diff changeset	336 (uintptr_t) ngx_ssl_get_session_reused, NGX_HTTP_VAR_CHANGEABLE, 0 },
7c05f6590753 SSL: the $ssl_session_reused variable. Maxim Dounin <mdounin@mdounin.ru> parents: 5545 diff changeset	337
7333 ba971deb4b44 SSL: support for TLSv1.3 early data with BoringSSL. Maxim Dounin <mdounin@mdounin.ru> parents: 7270 diff changeset	338 { ngx_string("ssl_early_data"), NULL, ngx_http_ssl_variable,
ba971deb4b44 SSL: support for TLSv1.3 early data with BoringSSL. Maxim Dounin <mdounin@mdounin.ru> parents: 7270 diff changeset	339 (uintptr_t) ngx_ssl_get_early_data,
ba971deb4b44 SSL: support for TLSv1.3 early data with BoringSSL. Maxim Dounin <mdounin@mdounin.ru> parents: 7270 diff changeset	340 NGX_HTTP_VAR_CHANGEABLE\|NGX_HTTP_VAR_NOCACHEABLE, 0 },
ba971deb4b44 SSL: support for TLSv1.3 early data with BoringSSL. Maxim Dounin <mdounin@mdounin.ru> parents: 7270 diff changeset	341
5658 94ae92776441 SSL: $ssl_server_name variable. Maxim Dounin <mdounin@mdounin.ru> parents: 5573 diff changeset	342 { ngx_string("ssl_server_name"), NULL, ngx_http_ssl_variable,
94ae92776441 SSL: $ssl_server_name variable. Maxim Dounin <mdounin@mdounin.ru> parents: 5573 diff changeset	343 (uintptr_t) ngx_ssl_get_server_name, NGX_HTTP_VAR_CHANGEABLE, 0 },
94ae92776441 SSL: $ssl_server_name variable. Maxim Dounin <mdounin@mdounin.ru> parents: 5573 diff changeset	344
2045 2b11822b12d6 $ssl_client_cert Igor Sysoev <igor@sysoev.ru> parents: 2044 diff changeset	345 { ngx_string("ssl_client_cert"), NULL, ngx_http_ssl_variable,
2b11822b12d6 $ssl_client_cert Igor Sysoev <igor@sysoev.ru> parents: 2044 diff changeset	346 (uintptr_t) ngx_ssl_get_certificate, NGX_HTTP_VAR_CHANGEABLE, 0 },
2b11822b12d6 $ssl_client_cert Igor Sysoev <igor@sysoev.ru> parents: 2044 diff changeset	347
2123 9697407e9ecb ) ssl_verify_client ask Igor Sysoev <igor@sysoev.ru>* parents: 2045 diff changeset	348 { ngx_string("ssl_client_raw_cert"), NULL, ngx_http_ssl_variable,
9697407e9ecb ) ssl_verify_client ask Igor Sysoev <igor@sysoev.ru>* parents: 2045 diff changeset	349 (uintptr_t) ngx_ssl_get_raw_certificate,
9697407e9ecb ) ssl_verify_client ask Igor Sysoev <igor@sysoev.ru>* parents: 2045 diff changeset	350 NGX_HTTP_VAR_CHANGEABLE, 0 },
9697407e9ecb ) ssl_verify_client ask Igor Sysoev <igor@sysoev.ru>* parents: 2045 diff changeset	351
7091 82f0b8dcca27 SSL: the $ssl_client_escaped_cert variable (ticket #857). Maxim Dounin <mdounin@mdounin.ru> parents: 7077 diff changeset	352 { ngx_string("ssl_client_escaped_cert"), NULL, ngx_http_ssl_variable,
82f0b8dcca27 SSL: the $ssl_client_escaped_cert variable (ticket #857). Maxim Dounin <mdounin@mdounin.ru> parents: 7077 diff changeset	353 (uintptr_t) ngx_ssl_get_escaped_certificate,
82f0b8dcca27 SSL: the $ssl_client_escaped_cert variable (ticket #857). Maxim Dounin <mdounin@mdounin.ru> parents: 7077 diff changeset	354 NGX_HTTP_VAR_CHANGEABLE, 0 },
82f0b8dcca27 SSL: the $ssl_client_escaped_cert variable (ticket #857). Maxim Dounin <mdounin@mdounin.ru> parents: 7077 diff changeset	355
671 cec32b3753ac nginx-0.3.57-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 669 diff changeset	356 { ngx_string("ssl_client_s_dn"), NULL, ngx_http_ssl_variable,
1565 4c43e25d11ea fix English grammar Igor Sysoev <igor@sysoev.ru> parents: 1310 diff changeset	357 (uintptr_t) ngx_ssl_get_subject_dn, NGX_HTTP_VAR_CHANGEABLE, 0 },
647 95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	358
671 cec32b3753ac nginx-0.3.57-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 669 diff changeset	359 { ngx_string("ssl_client_i_dn"), NULL, ngx_http_ssl_variable,
1565 4c43e25d11ea fix English grammar Igor Sysoev <igor@sysoev.ru> parents: 1310 diff changeset	360 (uintptr_t) ngx_ssl_get_issuer_dn, NGX_HTTP_VAR_CHANGEABLE, 0 },
671 cec32b3753ac nginx-0.3.57-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 669 diff changeset	361
6780 56d6bfe6b609 SSL: RFC2253 compliant $ssl_client_s_dn and $ssl_client_i_dn. Dmitry Volyntsev <xeioex@nginx.com> parents: 6591 diff changeset	362 { ngx_string("ssl_client_s_dn_legacy"), NULL, ngx_http_ssl_variable,
56d6bfe6b609 SSL: RFC2253 compliant $ssl_client_s_dn and $ssl_client_i_dn. Dmitry Volyntsev <xeioex@nginx.com> parents: 6591 diff changeset	363 (uintptr_t) ngx_ssl_get_subject_dn_legacy, NGX_HTTP_VAR_CHANGEABLE, 0 },
56d6bfe6b609 SSL: RFC2253 compliant $ssl_client_s_dn and $ssl_client_i_dn. Dmitry Volyntsev <xeioex@nginx.com> parents: 6591 diff changeset	364
56d6bfe6b609 SSL: RFC2253 compliant $ssl_client_s_dn and $ssl_client_i_dn. Dmitry Volyntsev <xeioex@nginx.com> parents: 6591 diff changeset	365 { ngx_string("ssl_client_i_dn_legacy"), NULL, ngx_http_ssl_variable,
56d6bfe6b609 SSL: RFC2253 compliant $ssl_client_s_dn and $ssl_client_i_dn. Dmitry Volyntsev <xeioex@nginx.com> parents: 6591 diff changeset	366 (uintptr_t) ngx_ssl_get_issuer_dn_legacy, NGX_HTTP_VAR_CHANGEABLE, 0 },
56d6bfe6b609 SSL: RFC2253 compliant $ssl_client_s_dn and $ssl_client_i_dn. Dmitry Volyntsev <xeioex@nginx.com> parents: 6591 diff changeset	367
671 cec32b3753ac nginx-0.3.57-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 669 diff changeset	368 { ngx_string("ssl_client_serial"), NULL, ngx_http_ssl_variable,
1565 4c43e25d11ea fix English grammar Igor Sysoev <igor@sysoev.ru> parents: 1310 diff changeset	369 (uintptr_t) ngx_ssl_get_serial_number, NGX_HTTP_VAR_CHANGEABLE, 0 },
647 95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	370
5700 5e892d40e5cc SSL: $ssl_client_fingerprint variable. Sergey Budnevitch <sb@waeme.net> parents: 5658 diff changeset	371 { ngx_string("ssl_client_fingerprint"), NULL, ngx_http_ssl_variable,
5e892d40e5cc SSL: $ssl_client_fingerprint variable. Sergey Budnevitch <sb@waeme.net> parents: 5658 diff changeset	372 (uintptr_t) ngx_ssl_get_fingerprint, NGX_HTTP_VAR_CHANGEABLE, 0 },
5e892d40e5cc SSL: $ssl_client_fingerprint variable. Sergey Budnevitch <sb@waeme.net> parents: 5658 diff changeset	373
2994 f33c48457d0c ) $ssl_client_verify Igor Sysoev <igor@sysoev.ru>* parents: 2912 diff changeset	374 { ngx_string("ssl_client_verify"), NULL, ngx_http_ssl_variable,
f33c48457d0c ) $ssl_client_verify Igor Sysoev <igor@sysoev.ru>* parents: 2912 diff changeset	375 (uintptr_t) ngx_ssl_get_client_verify, NGX_HTTP_VAR_CHANGEABLE, 0 },
f33c48457d0c ) $ssl_client_verify Igor Sysoev <igor@sysoev.ru>* parents: 2912 diff changeset	376
6815 2d15fff64e3c SSL: $ssl_client_v_start, $ssl_client_v_end, $ssl_client_v_remain. Maxim Dounin <mdounin@mdounin.ru> parents: 6780 diff changeset	377 { ngx_string("ssl_client_v_start"), NULL, ngx_http_ssl_variable,
2d15fff64e3c SSL: $ssl_client_v_start, $ssl_client_v_end, $ssl_client_v_remain. Maxim Dounin <mdounin@mdounin.ru> parents: 6780 diff changeset	378 (uintptr_t) ngx_ssl_get_client_v_start, NGX_HTTP_VAR_CHANGEABLE, 0 },
2d15fff64e3c SSL: $ssl_client_v_start, $ssl_client_v_end, $ssl_client_v_remain. Maxim Dounin <mdounin@mdounin.ru> parents: 6780 diff changeset	379
2d15fff64e3c SSL: $ssl_client_v_start, $ssl_client_v_end, $ssl_client_v_remain. Maxim Dounin <mdounin@mdounin.ru> parents: 6780 diff changeset	380 { ngx_string("ssl_client_v_end"), NULL, ngx_http_ssl_variable,
2d15fff64e3c SSL: $ssl_client_v_start, $ssl_client_v_end, $ssl_client_v_remain. Maxim Dounin <mdounin@mdounin.ru> parents: 6780 diff changeset	381 (uintptr_t) ngx_ssl_get_client_v_end, NGX_HTTP_VAR_CHANGEABLE, 0 },
2d15fff64e3c SSL: $ssl_client_v_start, $ssl_client_v_end, $ssl_client_v_remain. Maxim Dounin <mdounin@mdounin.ru> parents: 6780 diff changeset	382
2d15fff64e3c SSL: $ssl_client_v_start, $ssl_client_v_end, $ssl_client_v_remain. Maxim Dounin <mdounin@mdounin.ru> parents: 6780 diff changeset	383 { ngx_string("ssl_client_v_remain"), NULL, ngx_http_ssl_variable,
2d15fff64e3c SSL: $ssl_client_v_start, $ssl_client_v_end, $ssl_client_v_remain. Maxim Dounin <mdounin@mdounin.ru> parents: 6780 diff changeset	384 (uintptr_t) ngx_ssl_get_client_v_remain, NGX_HTTP_VAR_CHANGEABLE, 0 },
2d15fff64e3c SSL: $ssl_client_v_start, $ssl_client_v_end, $ssl_client_v_remain. Maxim Dounin <mdounin@mdounin.ru> parents: 6780 diff changeset	385
7077 2a288909abc6 Variables: macros for null variables. Ruslan Ermilov <ru@nginx.com> parents: 6981 diff changeset	386 ngx_http_null_variable
611 3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	387 };
3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	388
3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	389
974 8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 973 diff changeset	390 static ngx_str_t ngx_http_ssl_sess_id_ctx = ngx_string("HTTP");
973 e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	391
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	392
5545 01e2a5bcdd8f SSL: support ALPN (IETF's successor to NPN). Piotr Sikora <piotr@cloudflare.com> parents: 5504 diff changeset	393 #ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
01e2a5bcdd8f SSL: support ALPN (IETF's successor to NPN). Piotr Sikora <piotr@cloudflare.com> parents: 5504 diff changeset	394
01e2a5bcdd8f SSL: support ALPN (IETF's successor to NPN). Piotr Sikora <piotr@cloudflare.com> parents: 5504 diff changeset	395 static int
01e2a5bcdd8f SSL: support ALPN (IETF's successor to NPN). Piotr Sikora <piotr@cloudflare.com> parents: 5504 diff changeset	396 ngx_http_ssl_alpn_select(ngx_ssl_conn_t ssl_conn, const unsigned char *out,
01e2a5bcdd8f SSL: support ALPN (IETF's successor to NPN). Piotr Sikora <piotr@cloudflare.com> parents: 5504 diff changeset	397 unsigned char outlen, const unsigned char in, unsigned int inlen,
01e2a5bcdd8f SSL: support ALPN (IETF's successor to NPN). Piotr Sikora <piotr@cloudflare.com> parents: 5504 diff changeset	398 void *arg)
01e2a5bcdd8f SSL: support ALPN (IETF's successor to NPN). Piotr Sikora <piotr@cloudflare.com> parents: 5504 diff changeset	399 {
01e2a5bcdd8f SSL: support ALPN (IETF's successor to NPN). Piotr Sikora <piotr@cloudflare.com> parents: 5504 diff changeset	400 unsigned int srvlen;
01e2a5bcdd8f SSL: support ALPN (IETF's successor to NPN). Piotr Sikora <piotr@cloudflare.com> parents: 5504 diff changeset	401 unsigned char *srv;
01e2a5bcdd8f SSL: support ALPN (IETF's successor to NPN). Piotr Sikora <piotr@cloudflare.com> parents: 5504 diff changeset	402 #if (NGX_DEBUG)
01e2a5bcdd8f SSL: support ALPN (IETF's successor to NPN). Piotr Sikora <piotr@cloudflare.com> parents: 5504 diff changeset	403 unsigned int i;
01e2a5bcdd8f SSL: support ALPN (IETF's successor to NPN). Piotr Sikora <piotr@cloudflare.com> parents: 5504 diff changeset	404 #endif
6246 257b51c37c5a The HTTP/2 implementation (RFC 7240, 7241). Valentin Bartenev <vbart@nginx.com> parents: 6157 diff changeset	405 #if (NGX_HTTP_V2)
5545 01e2a5bcdd8f SSL: support ALPN (IETF's successor to NPN). Piotr Sikora <piotr@cloudflare.com> parents: 5504 diff changeset	406 ngx_http_connection_t *hc;
01e2a5bcdd8f SSL: support ALPN (IETF's successor to NPN). Piotr Sikora <piotr@cloudflare.com> parents: 5504 diff changeset	407 #endif
6246 257b51c37c5a The HTTP/2 implementation (RFC 7240, 7241). Valentin Bartenev <vbart@nginx.com> parents: 6157 diff changeset	408 #if (NGX_HTTP_V2 \|\| NGX_DEBUG)
5545 01e2a5bcdd8f SSL: support ALPN (IETF's successor to NPN). Piotr Sikora <piotr@cloudflare.com> parents: 5504 diff changeset	409 ngx_connection_t *c;
01e2a5bcdd8f SSL: support ALPN (IETF's successor to NPN). Piotr Sikora <piotr@cloudflare.com> parents: 5504 diff changeset	410
01e2a5bcdd8f SSL: support ALPN (IETF's successor to NPN). Piotr Sikora <piotr@cloudflare.com> parents: 5504 diff changeset	411 c = ngx_ssl_get_connection(ssl_conn);
01e2a5bcdd8f SSL: support ALPN (IETF's successor to NPN). Piotr Sikora <piotr@cloudflare.com> parents: 5504 diff changeset	412 #endif
01e2a5bcdd8f SSL: support ALPN (IETF's successor to NPN). Piotr Sikora <piotr@cloudflare.com> parents: 5504 diff changeset	413
01e2a5bcdd8f SSL: support ALPN (IETF's successor to NPN). Piotr Sikora <piotr@cloudflare.com> parents: 5504 diff changeset	414 #if (NGX_DEBUG)
01e2a5bcdd8f SSL: support ALPN (IETF's successor to NPN). Piotr Sikora <piotr@cloudflare.com> parents: 5504 diff changeset	415 for (i = 0; i < inlen; i += in[i] + 1) {
6474 2cd019520210 Style. Ruslan Ermilov <ru@nginx.com> parents: 6246 diff changeset	416 ngx_log_debug2(NGX_LOG_DEBUG_HTTP, c->log, 0,
6478 3ef7bb882ad4 Fixed logging with variable field width. Sergey Kandaurov <pluknet@nginx.com> parents: 6474 diff changeset	417 "SSL ALPN supported by client: %*s",
3ef7bb882ad4 Fixed logging with variable field width. Sergey Kandaurov <pluknet@nginx.com> parents: 6474 diff changeset	418 (size_t) in[i], &in[i + 1]);
5545 01e2a5bcdd8f SSL: support ALPN (IETF's successor to NPN). Piotr Sikora <piotr@cloudflare.com> parents: 5504 diff changeset	419 }
01e2a5bcdd8f SSL: support ALPN (IETF's successor to NPN). Piotr Sikora <piotr@cloudflare.com> parents: 5504 diff changeset	420 #endif
5106 afee87b8190a SSL: Next Protocol Negotiation extension support. Valentin Bartenev <vbart@nginx.com> parents: 5077 diff changeset	421
6246 257b51c37c5a The HTTP/2 implementation (RFC 7240, 7241). Valentin Bartenev <vbart@nginx.com> parents: 6157 diff changeset	422 #if (NGX_HTTP_V2)
5545 01e2a5bcdd8f SSL: support ALPN (IETF's successor to NPN). Piotr Sikora <piotr@cloudflare.com> parents: 5504 diff changeset	423 hc = c->data;
01e2a5bcdd8f SSL: support ALPN (IETF's successor to NPN). Piotr Sikora <piotr@cloudflare.com> parents: 5504 diff changeset	424
6246 257b51c37c5a The HTTP/2 implementation (RFC 7240, 7241). Valentin Bartenev <vbart@nginx.com> parents: 6157 diff changeset	425 if (hc->addr_conf->http2) {
257b51c37c5a The HTTP/2 implementation (RFC 7240, 7241). Valentin Bartenev <vbart@nginx.com> parents: 6157 diff changeset	426 srv =
257b51c37c5a The HTTP/2 implementation (RFC 7240, 7241). Valentin Bartenev <vbart@nginx.com> parents: 6157 diff changeset	427 (unsigned char *) NGX_HTTP_V2_ALPN_ADVERTISE NGX_HTTP_NPN_ADVERTISE;
257b51c37c5a The HTTP/2 implementation (RFC 7240, 7241). Valentin Bartenev <vbart@nginx.com> parents: 6157 diff changeset	428 srvlen = sizeof(NGX_HTTP_V2_ALPN_ADVERTISE NGX_HTTP_NPN_ADVERTISE) - 1;
5545 01e2a5bcdd8f SSL: support ALPN (IETF's successor to NPN). Piotr Sikora <piotr@cloudflare.com> parents: 5504 diff changeset	429
01e2a5bcdd8f SSL: support ALPN (IETF's successor to NPN). Piotr Sikora <piotr@cloudflare.com> parents: 5504 diff changeset	430 } else
01e2a5bcdd8f SSL: support ALPN (IETF's successor to NPN). Piotr Sikora <piotr@cloudflare.com> parents: 5504 diff changeset	431 #endif
01e2a5bcdd8f SSL: support ALPN (IETF's successor to NPN). Piotr Sikora <piotr@cloudflare.com> parents: 5504 diff changeset	432 {
01e2a5bcdd8f SSL: support ALPN (IETF's successor to NPN). Piotr Sikora <piotr@cloudflare.com> parents: 5504 diff changeset	433 srv = (unsigned char *) NGX_HTTP_NPN_ADVERTISE;
01e2a5bcdd8f SSL: support ALPN (IETF's successor to NPN). Piotr Sikora <piotr@cloudflare.com> parents: 5504 diff changeset	434 srvlen = sizeof(NGX_HTTP_NPN_ADVERTISE) - 1;
01e2a5bcdd8f SSL: support ALPN (IETF's successor to NPN). Piotr Sikora <piotr@cloudflare.com> parents: 5504 diff changeset	435 }
01e2a5bcdd8f SSL: support ALPN (IETF's successor to NPN). Piotr Sikora <piotr@cloudflare.com> parents: 5504 diff changeset	436
01e2a5bcdd8f SSL: support ALPN (IETF's successor to NPN). Piotr Sikora <piotr@cloudflare.com> parents: 5504 diff changeset	437 if (SSL_select_next_proto((unsigned char **) out, outlen, srv, srvlen,
01e2a5bcdd8f SSL: support ALPN (IETF's successor to NPN). Piotr Sikora <piotr@cloudflare.com> parents: 5504 diff changeset	438 in, inlen)
01e2a5bcdd8f SSL: support ALPN (IETF's successor to NPN). Piotr Sikora <piotr@cloudflare.com> parents: 5504 diff changeset	439 != OPENSSL_NPN_NEGOTIATED)
01e2a5bcdd8f SSL: support ALPN (IETF's successor to NPN). Piotr Sikora <piotr@cloudflare.com> parents: 5504 diff changeset	440 {
01e2a5bcdd8f SSL: support ALPN (IETF's successor to NPN). Piotr Sikora <piotr@cloudflare.com> parents: 5504 diff changeset	441 return SSL_TLSEXT_ERR_NOACK;
01e2a5bcdd8f SSL: support ALPN (IETF's successor to NPN). Piotr Sikora <piotr@cloudflare.com> parents: 5504 diff changeset	442 }
01e2a5bcdd8f SSL: support ALPN (IETF's successor to NPN). Piotr Sikora <piotr@cloudflare.com> parents: 5504 diff changeset	443
01e2a5bcdd8f SSL: support ALPN (IETF's successor to NPN). Piotr Sikora <piotr@cloudflare.com> parents: 5504 diff changeset	444 ngx_log_debug2(NGX_LOG_DEBUG_HTTP, c->log, 0,
6478 3ef7bb882ad4 Fixed logging with variable field width. Sergey Kandaurov <pluknet@nginx.com> parents: 6474 diff changeset	445 "SSL ALPN selected: %s", (size_t) outlen, *out);
5545 01e2a5bcdd8f SSL: support ALPN (IETF's successor to NPN). Piotr Sikora <piotr@cloudflare.com> parents: 5504 diff changeset	446
01e2a5bcdd8f SSL: support ALPN (IETF's successor to NPN). Piotr Sikora <piotr@cloudflare.com> parents: 5504 diff changeset	447 return SSL_TLSEXT_ERR_OK;
01e2a5bcdd8f SSL: support ALPN (IETF's successor to NPN). Piotr Sikora <piotr@cloudflare.com> parents: 5504 diff changeset	448 }
01e2a5bcdd8f SSL: support ALPN (IETF's successor to NPN). Piotr Sikora <piotr@cloudflare.com> parents: 5504 diff changeset	449
01e2a5bcdd8f SSL: support ALPN (IETF's successor to NPN). Piotr Sikora <piotr@cloudflare.com> parents: 5504 diff changeset	450 #endif
01e2a5bcdd8f SSL: support ALPN (IETF's successor to NPN). Piotr Sikora <piotr@cloudflare.com> parents: 5504 diff changeset	451
01e2a5bcdd8f SSL: support ALPN (IETF's successor to NPN). Piotr Sikora <piotr@cloudflare.com> parents: 5504 diff changeset	452
01e2a5bcdd8f SSL: support ALPN (IETF's successor to NPN). Piotr Sikora <piotr@cloudflare.com> parents: 5504 diff changeset	453 #ifdef TLSEXT_TYPE_next_proto_neg
5106 afee87b8190a SSL: Next Protocol Negotiation extension support. Valentin Bartenev <vbart@nginx.com> parents: 5077 diff changeset	454
afee87b8190a SSL: Next Protocol Negotiation extension support. Valentin Bartenev <vbart@nginx.com> parents: 5077 diff changeset	455 static int
afee87b8190a SSL: Next Protocol Negotiation extension support. Valentin Bartenev <vbart@nginx.com> parents: 5077 diff changeset	456 ngx_http_ssl_npn_advertised(ngx_ssl_conn_t *ssl_conn,
afee87b8190a SSL: Next Protocol Negotiation extension support. Valentin Bartenev <vbart@nginx.com> parents: 5077 diff changeset	457 const unsigned char *out, unsigned int outlen, void *arg)
afee87b8190a SSL: Next Protocol Negotiation extension support. Valentin Bartenev <vbart@nginx.com> parents: 5077 diff changeset	458 {
6246 257b51c37c5a The HTTP/2 implementation (RFC 7240, 7241). Valentin Bartenev <vbart@nginx.com> parents: 6157 diff changeset	459 #if (NGX_HTTP_V2 \|\| NGX_DEBUG)
5106 afee87b8190a SSL: Next Protocol Negotiation extension support. Valentin Bartenev <vbart@nginx.com> parents: 5077 diff changeset	460 ngx_connection_t *c;
afee87b8190a SSL: Next Protocol Negotiation extension support. Valentin Bartenev <vbart@nginx.com> parents: 5077 diff changeset	461
afee87b8190a SSL: Next Protocol Negotiation extension support. Valentin Bartenev <vbart@nginx.com> parents: 5077 diff changeset	462 c = ngx_ssl_get_connection(ssl_conn);
afee87b8190a SSL: Next Protocol Negotiation extension support. Valentin Bartenev <vbart@nginx.com> parents: 5077 diff changeset	463 ngx_log_debug0(NGX_LOG_DEBUG_HTTP, c->log, 0, "SSL NPN advertised");
afee87b8190a SSL: Next Protocol Negotiation extension support. Valentin Bartenev <vbart@nginx.com> parents: 5077 diff changeset	464 #endif
afee87b8190a SSL: Next Protocol Negotiation extension support. Valentin Bartenev <vbart@nginx.com> parents: 5077 diff changeset	465
6246 257b51c37c5a The HTTP/2 implementation (RFC 7240, 7241). Valentin Bartenev <vbart@nginx.com> parents: 6157 diff changeset	466 #if (NGX_HTTP_V2)
5121 c0f7b94e88ba Preliminary experimental support for SPDY draft 2. Valentin Bartenev <vbart@nginx.com> parents: 5106 diff changeset	467 {
c0f7b94e88ba Preliminary experimental support for SPDY draft 2. Valentin Bartenev <vbart@nginx.com> parents: 5106 diff changeset	468 ngx_http_connection_t *hc;
c0f7b94e88ba Preliminary experimental support for SPDY draft 2. Valentin Bartenev <vbart@nginx.com> parents: 5106 diff changeset	469
c0f7b94e88ba Preliminary experimental support for SPDY draft 2. Valentin Bartenev <vbart@nginx.com> parents: 5106 diff changeset	470 hc = c->data;
c0f7b94e88ba Preliminary experimental support for SPDY draft 2. Valentin Bartenev <vbart@nginx.com> parents: 5106 diff changeset	471
6246 257b51c37c5a The HTTP/2 implementation (RFC 7240, 7241). Valentin Bartenev <vbart@nginx.com> parents: 6157 diff changeset	472 if (hc->addr_conf->http2) {
257b51c37c5a The HTTP/2 implementation (RFC 7240, 7241). Valentin Bartenev <vbart@nginx.com> parents: 6157 diff changeset	473 *out =
257b51c37c5a The HTTP/2 implementation (RFC 7240, 7241). Valentin Bartenev <vbart@nginx.com> parents: 6157 diff changeset	474 (unsigned char *) NGX_HTTP_V2_NPN_ADVERTISE NGX_HTTP_NPN_ADVERTISE;
257b51c37c5a The HTTP/2 implementation (RFC 7240, 7241). Valentin Bartenev <vbart@nginx.com> parents: 6157 diff changeset	475 *outlen = sizeof(NGX_HTTP_V2_NPN_ADVERTISE NGX_HTTP_NPN_ADVERTISE) - 1;
5121 c0f7b94e88ba Preliminary experimental support for SPDY draft 2. Valentin Bartenev <vbart@nginx.com> parents: 5106 diff changeset	476
c0f7b94e88ba Preliminary experimental support for SPDY draft 2. Valentin Bartenev <vbart@nginx.com> parents: 5106 diff changeset	477 return SSL_TLSEXT_ERR_OK;
c0f7b94e88ba Preliminary experimental support for SPDY draft 2. Valentin Bartenev <vbart@nginx.com> parents: 5106 diff changeset	478 }
c0f7b94e88ba Preliminary experimental support for SPDY draft 2. Valentin Bartenev <vbart@nginx.com> parents: 5106 diff changeset	479 }
c0f7b94e88ba Preliminary experimental support for SPDY draft 2. Valentin Bartenev <vbart@nginx.com> parents: 5106 diff changeset	480 #endif
c0f7b94e88ba Preliminary experimental support for SPDY draft 2. Valentin Bartenev <vbart@nginx.com> parents: 5106 diff changeset	481
5106 afee87b8190a SSL: Next Protocol Negotiation extension support. Valentin Bartenev <vbart@nginx.com> parents: 5077 diff changeset	482 out = (unsigned char ) NGX_HTTP_NPN_ADVERTISE;
afee87b8190a SSL: Next Protocol Negotiation extension support. Valentin Bartenev <vbart@nginx.com> parents: 5077 diff changeset	483 *outlen = sizeof(NGX_HTTP_NPN_ADVERTISE) - 1;
afee87b8190a SSL: Next Protocol Negotiation extension support. Valentin Bartenev <vbart@nginx.com> parents: 5077 diff changeset	484
afee87b8190a SSL: Next Protocol Negotiation extension support. Valentin Bartenev <vbart@nginx.com> parents: 5077 diff changeset	485 return SSL_TLSEXT_ERR_OK;
afee87b8190a SSL: Next Protocol Negotiation extension support. Valentin Bartenev <vbart@nginx.com> parents: 5077 diff changeset	486 }
afee87b8190a SSL: Next Protocol Negotiation extension support. Valentin Bartenev <vbart@nginx.com> parents: 5077 diff changeset	487
afee87b8190a SSL: Next Protocol Negotiation extension support. Valentin Bartenev <vbart@nginx.com> parents: 5077 diff changeset	488 #endif
afee87b8190a SSL: Next Protocol Negotiation extension support. Valentin Bartenev <vbart@nginx.com> parents: 5077 diff changeset	489
afee87b8190a SSL: Next Protocol Negotiation extension support. Valentin Bartenev <vbart@nginx.com> parents: 5077 diff changeset	490
973 e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	491 static ngx_int_t
671 cec32b3753ac nginx-0.3.57-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 669 diff changeset	492 ngx_http_ssl_static_variable(ngx_http_request_t *r,
611 3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	493 ngx_http_variable_value_t *v, uintptr_t data)
3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	494 {
671 cec32b3753ac nginx-0.3.57-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 669 diff changeset	495 ngx_ssl_variable_handler_pt handler = (ngx_ssl_variable_handler_pt) data;
611 3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	496
1310 33d6c994a0b2 Sun Studio on sparc uses different bit order Igor Sysoev <igor@sysoev.ru> parents: 1219 diff changeset	497 size_t len;
33d6c994a0b2 Sun Studio on sparc uses different bit order Igor Sysoev <igor@sysoev.ru> parents: 1219 diff changeset	498 ngx_str_t s;
611 3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	499
3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	500 if (r->connection->ssl) {
3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	501
1310 33d6c994a0b2 Sun Studio on sparc uses different bit order Igor Sysoev <igor@sysoev.ru> parents: 1219 diff changeset	502 (void) handler(r->connection, NULL, &s);
33d6c994a0b2 Sun Studio on sparc uses different bit order Igor Sysoev <igor@sysoev.ru> parents: 1219 diff changeset	503
33d6c994a0b2 Sun Studio on sparc uses different bit order Igor Sysoev <igor@sysoev.ru> parents: 1219 diff changeset	504 v->data = s.data;
611 3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	505
671 cec32b3753ac nginx-0.3.57-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 669 diff changeset	506 for (len = 0; v->data[len]; len++) { /* void */ }
611 3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	507
3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	508 v->len = len;
3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	509 v->valid = 1;
1565 4c43e25d11ea fix English grammar Igor Sysoev <igor@sysoev.ru> parents: 1310 diff changeset	510 v->no_cacheable = 0;
611 3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	511 v->not_found = 0;
3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	512
3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	513 return NGX_OK;
3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	514 }
3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	515
3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	516 v->not_found = 1;
3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	517
3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	518 return NGX_OK;
3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	519 }
3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	520
3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	521
3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	522 static ngx_int_t
671 cec32b3753ac nginx-0.3.57-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 669 diff changeset	523 ngx_http_ssl_variable(ngx_http_request_t r, ngx_http_variable_value_t v,
647 95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	524 uintptr_t data)
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	525 {
671 cec32b3753ac nginx-0.3.57-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 669 diff changeset	526 ngx_ssl_variable_handler_pt handler = (ngx_ssl_variable_handler_pt) data;
647 95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	527
1310 33d6c994a0b2 Sun Studio on sparc uses different bit order Igor Sysoev <igor@sysoev.ru> parents: 1219 diff changeset	528 ngx_str_t s;
33d6c994a0b2 Sun Studio on sparc uses different bit order Igor Sysoev <igor@sysoev.ru> parents: 1219 diff changeset	529
647 95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	530 if (r->connection->ssl) {
1310 33d6c994a0b2 Sun Studio on sparc uses different bit order Igor Sysoev <igor@sysoev.ru> parents: 1219 diff changeset	531
33d6c994a0b2 Sun Studio on sparc uses different bit order Igor Sysoev <igor@sysoev.ru> parents: 1219 diff changeset	532 if (handler(r->connection, r->pool, &s) != NGX_OK) {
647 95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	533 return NGX_ERROR;
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	534 }
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	535
1310 33d6c994a0b2 Sun Studio on sparc uses different bit order Igor Sysoev <igor@sysoev.ru> parents: 1219 diff changeset	536 v->len = s.len;
33d6c994a0b2 Sun Studio on sparc uses different bit order Igor Sysoev <igor@sysoev.ru> parents: 1219 diff changeset	537 v->data = s.data;
33d6c994a0b2 Sun Studio on sparc uses different bit order Igor Sysoev <igor@sysoev.ru> parents: 1219 diff changeset	538
647 95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	539 if (v->len) {
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	540 v->valid = 1;
1565 4c43e25d11ea fix English grammar Igor Sysoev <igor@sysoev.ru> parents: 1310 diff changeset	541 v->no_cacheable = 0;
647 95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	542 v->not_found = 0;
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	543
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	544 return NGX_OK;
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	545 }
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	546 }
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	547
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	548 v->not_found = 1;
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	549
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	550 return NGX_OK;
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	551 }
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	552
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	553
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	554 static ngx_int_t
611 3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	555 ngx_http_ssl_add_variables(ngx_conf_t *cf)
3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	556 {
3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	557 ngx_http_variable_t var, v;
3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	558
3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	559 for (v = ngx_http_ssl_vars; v->name.len; v++) {
3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	560 var = ngx_http_add_variable(cf, &v->name, v->flags);
3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	561 if (var == NULL) {
3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	562 return NGX_ERROR;
3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	563 }
3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	564
637 e60fe4cf1d4e nginx-0.3.40-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 611 diff changeset	565 var->get_handler = v->get_handler;
611 3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	566 var->data = v->data;
3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	567 }
3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	568
3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	569 return NGX_OK;
3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	570 }
3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	571
3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	572
501 d4ea69372b94 nginx-0.1.25-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 485 diff changeset	573 static void *
d4ea69372b94 nginx-0.1.25-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 485 diff changeset	574 ngx_http_ssl_create_srv_conf(ngx_conf_t *cf)
383 c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	575 {
971 948acd940145 style fix: scf > sscf Igor Sysoev <igor@sysoev.ru> parents: 970 diff changeset	576 ngx_http_ssl_srv_conf_t *sscf;
383 c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	577
971 948acd940145 style fix: scf > sscf Igor Sysoev <igor@sysoev.ru> parents: 970 diff changeset	578 sscf = ngx_pcalloc(cf->pool, sizeof(ngx_http_ssl_srv_conf_t));
948acd940145 style fix: scf > sscf Igor Sysoev <igor@sysoev.ru> parents: 970 diff changeset	579 if (sscf == NULL) {
2912 c7d57b539248 return NULL instead of NGX_CONF_ERROR on a create conf failure Igor Sysoev <igor@sysoev.ru> parents: 2716 diff changeset	580 return NULL;
383 c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	581 }
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	582
479 c52408583801 nginx-0.1.14-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 444 diff changeset	583 /*
c52408583801 nginx-0.1.14-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 444 diff changeset	584 * set by ngx_pcalloc():
c52408583801 nginx-0.1.14-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 444 diff changeset	585 *
971 948acd940145 style fix: scf > sscf Igor Sysoev <igor@sysoev.ru> parents: 970 diff changeset	586 * sscf->protocols = 0;
7462 be2af41d3620 SSL: variables support in ssl_certificate and ssl_certificate_key. Maxim Dounin <mdounin@mdounin.ru> parents: 7333 diff changeset	587 * sscf->certificate_values = NULL;
2044 f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	588 * sscf->dhparam = { 0, NULL };
3960 0832a6997227 ECDHE support Igor Sysoev <igor@sysoev.ru> parents: 3959 diff changeset	589 * sscf->ecdh_curve = { 0, NULL };
2044 f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	590 * sscf->client_certificate = { 0, NULL };
4872 7c3cca603438 OCSP stapling: ssl_trusted_certificate directive. Maxim Dounin <mdounin@mdounin.ru> parents: 4412 diff changeset	591 * sscf->trusted_certificate = { 0, NULL };
2995 cc07d164f0dc ssl_crl Igor Sysoev <igor@sysoev.ru> parents: 2994 diff changeset	592 * sscf->crl = { 0, NULL };
3516 dd1570b6f237 ngx_str_set() and ngx_str_null() Igor Sysoev <igor@sysoev.ru> parents: 3209 diff changeset	593 * sscf->ciphers = { 0, NULL };
973 e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	594 * sscf->shm_zone = NULL;
7653 8409f9df6219 SSL: client certificate validation with OCSP (ticket #1534). Roman Arutyunyan <arut@nginx.com> parents: 7567 diff changeset	595 * sscf->ocsp_responder = { 0, NULL };
4873 dd74fd35ceb5 OCSP stapling: ssl_stapling_file support. Maxim Dounin <mdounin@mdounin.ru> parents: 4872 diff changeset	596 * sscf->stapling_file = { 0, NULL };
4875 386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4873 diff changeset	597 * sscf->stapling_responder = { 0, NULL };
479 c52408583801 nginx-0.1.14-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 444 diff changeset	598 */
c52408583801 nginx-0.1.14-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 444 diff changeset	599
971 948acd940145 style fix: scf > sscf Igor Sysoev <igor@sysoev.ru> parents: 970 diff changeset	600 sscf->enable = NGX_CONF_UNSET;
2123 9697407e9ecb ) ssl_verify_client ask Igor Sysoev <igor@sysoev.ru>* parents: 2045 diff changeset	601 sscf->prefer_server_ciphers = NGX_CONF_UNSET;
7333 ba971deb4b44 SSL: support for TLSv1.3 early data with BoringSSL. Maxim Dounin <mdounin@mdounin.ru> parents: 7270 diff changeset	602 sscf->early_data = NGX_CONF_UNSET;
5487 a297b7ad6f94 SSL: ssl_buffer_size directive. Maxim Dounin <mdounin@mdounin.ru> parents: 5425 diff changeset	603 sscf->buffer_size = NGX_CONF_UNSET_SIZE;
2710 218ee852de73 fix building by MSVC8 Igor Sysoev <igor@sysoev.ru> parents: 2224 diff changeset	604 sscf->verify = NGX_CONF_UNSET_UINT;
218ee852de73 fix building by MSVC8 Igor Sysoev <igor@sysoev.ru> parents: 2224 diff changeset	605 sscf->verify_depth = NGX_CONF_UNSET_UINT;
6550 51e1f047d15d SSL: support for multiple certificates (ticket #814). Maxim Dounin <mdounin@mdounin.ru> parents: 6489 diff changeset	606 sscf->certificates = NGX_CONF_UNSET_PTR;
51e1f047d15d SSL: support for multiple certificates (ticket #814). Maxim Dounin <mdounin@mdounin.ru> parents: 6489 diff changeset	607 sscf->certificate_keys = NGX_CONF_UNSET_PTR;
5744 42114bf12da0 SSL: the "ssl_password_file" directive. Valentin Bartenev <vbart@nginx.com> parents: 5700 diff changeset	608 sscf->passwords = NGX_CONF_UNSET_PTR;
973 e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	609 sscf->builtin_session_cache = NGX_CONF_UNSET;
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	610 sscf->session_timeout = NGX_CONF_UNSET;
5503 d049b0ea00a3 SSL: ssl_session_tickets directive. Dirkjan Bussink <d.bussink@gmail.com> parents: 5487 diff changeset	611 sscf->session_tickets = NGX_CONF_UNSET;
5425 1356a3b96924 SSL: added ability to set keys used for Session Tickets (RFC5077). Piotr Sikora <piotr@cloudflare.com> parents: 5387 diff changeset	612 sscf->session_ticket_keys = NGX_CONF_UNSET_PTR;
7653 8409f9df6219 SSL: client certificate validation with OCSP (ticket #1534). Roman Arutyunyan <arut@nginx.com> parents: 7567 diff changeset	613 sscf->ocsp = NGX_CONF_UNSET_UINT;
7654 b56f725dd4bb OCSP: certificate status cache. Roman Arutyunyan <arut@nginx.com> parents: 7653 diff changeset	614 sscf->ocsp_cache_zone = NGX_CONF_UNSET_PTR;
4873 dd74fd35ceb5 OCSP stapling: ssl_stapling_file support. Maxim Dounin <mdounin@mdounin.ru> parents: 4872 diff changeset	615 sscf->stapling = NGX_CONF_UNSET;
4879 4a804fd04e6c OCSP stapling: ssl_stapling_verify directive. Maxim Dounin <mdounin@mdounin.ru> parents: 4875 diff changeset	616 sscf->stapling_verify = NGX_CONF_UNSET;
383 c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	617
971 948acd940145 style fix: scf > sscf Igor Sysoev <igor@sysoev.ru> parents: 970 diff changeset	618 return sscf;
383 c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	619 }
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	620
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	621
501 d4ea69372b94 nginx-0.1.25-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 485 diff changeset	622 static char *
d4ea69372b94 nginx-0.1.25-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 485 diff changeset	623 ngx_http_ssl_merge_srv_conf(ngx_conf_t cf, void parent, void *child)
383 c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	624 {
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	625 ngx_http_ssl_srv_conf_t *prev = parent;
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	626 ngx_http_ssl_srv_conf_t *conf = child;
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	627
563 9c2f3ed7a247 nginx-0.3.3-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 547 diff changeset	628 ngx_pool_cleanup_t *cln;
9c2f3ed7a247 nginx-0.3.3-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 547 diff changeset	629
4234 d5462eab1440 Fixed segfault on configuration testing with ssl (ticket #37). Maxim Dounin <mdounin@mdounin.ru> parents: 4153 diff changeset	630 if (conf->enable == NGX_CONF_UNSET) {
d5462eab1440 Fixed segfault on configuration testing with ssl (ticket #37). Maxim Dounin <mdounin@mdounin.ru> parents: 4153 diff changeset	631 if (prev->enable == NGX_CONF_UNSET) {
d5462eab1440 Fixed segfault on configuration testing with ssl (ticket #37). Maxim Dounin <mdounin@mdounin.ru> parents: 4153 diff changeset	632 conf->enable = 0;
d5462eab1440 Fixed segfault on configuration testing with ssl (ticket #37). Maxim Dounin <mdounin@mdounin.ru> parents: 4153 diff changeset	633
d5462eab1440 Fixed segfault on configuration testing with ssl (ticket #37). Maxim Dounin <mdounin@mdounin.ru> parents: 4153 diff changeset	634 } else {
d5462eab1440 Fixed segfault on configuration testing with ssl (ticket #37). Maxim Dounin <mdounin@mdounin.ru> parents: 4153 diff changeset	635 conf->enable = prev->enable;
d5462eab1440 Fixed segfault on configuration testing with ssl (ticket #37). Maxim Dounin <mdounin@mdounin.ru> parents: 4153 diff changeset	636 conf->file = prev->file;
d5462eab1440 Fixed segfault on configuration testing with ssl (ticket #37). Maxim Dounin <mdounin@mdounin.ru> parents: 4153 diff changeset	637 conf->line = prev->line;
d5462eab1440 Fixed segfault on configuration testing with ssl (ticket #37). Maxim Dounin <mdounin@mdounin.ru> parents: 4153 diff changeset	638 }
d5462eab1440 Fixed segfault on configuration testing with ssl (ticket #37). Maxim Dounin <mdounin@mdounin.ru> parents: 4153 diff changeset	639 }
383 c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	640
573 58475592100c nginx-0.3.8-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 563 diff changeset	641 ngx_conf_merge_value(conf->session_timeout,
58475592100c nginx-0.3.8-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 563 diff changeset	642 prev->session_timeout, 300);
58475592100c nginx-0.3.8-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 563 diff changeset	643
547 818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	644 ngx_conf_merge_value(conf->prefer_server_ciphers,
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	645 prev->prefer_server_ciphers, 0);
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	646
7333 ba971deb4b44 SSL: support for TLSv1.3 early data with BoringSSL. Maxim Dounin <mdounin@mdounin.ru> parents: 7270 diff changeset	647 ngx_conf_merge_value(conf->early_data, prev->early_data, 0);
ba971deb4b44 SSL: support for TLSv1.3 early data with BoringSSL. Maxim Dounin <mdounin@mdounin.ru> parents: 7270 diff changeset	648
547 818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	649 ngx_conf_merge_bitmask_value(conf->protocols, prev->protocols,
6157 b2899e7d0ef8 Disabled SSLv3 by default (ticket #653). Maxim Dounin <mdounin@mdounin.ru> parents: 6035 diff changeset	650 (NGX_CONF_BITMASK_SET\|NGX_SSL_TLSv1
4400 a0505851e70c Added support for TLSv1.1, TLSv1.2 in ssl_protocols directive. Maxim Dounin <mdounin@mdounin.ru> parents: 4273 diff changeset	651 \|NGX_SSL_TLSv1_1\|NGX_SSL_TLSv1_2));
547 818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	652
5487 a297b7ad6f94 SSL: ssl_buffer_size directive. Maxim Dounin <mdounin@mdounin.ru> parents: 5425 diff changeset	653 ngx_conf_merge_size_value(conf->buffer_size, prev->buffer_size,
a297b7ad6f94 SSL: ssl_buffer_size directive. Maxim Dounin <mdounin@mdounin.ru> parents: 5425 diff changeset	654 NGX_SSL_BUFSIZE);
a297b7ad6f94 SSL: ssl_buffer_size directive. Maxim Dounin <mdounin@mdounin.ru> parents: 5425 diff changeset	655
2123 9697407e9ecb ) ssl_verify_client ask Igor Sysoev <igor@sysoev.ru>* parents: 2045 diff changeset	656 ngx_conf_merge_uint_value(conf->verify, prev->verify, 0);
9697407e9ecb ) ssl_verify_client ask Igor Sysoev <igor@sysoev.ru>* parents: 2045 diff changeset	657 ngx_conf_merge_uint_value(conf->verify_depth, prev->verify_depth, 1);
647 95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	658
6550 51e1f047d15d SSL: support for multiple certificates (ticket #814). Maxim Dounin <mdounin@mdounin.ru> parents: 6489 diff changeset	659 ngx_conf_merge_ptr_value(conf->certificates, prev->certificates, NULL);
51e1f047d15d SSL: support for multiple certificates (ticket #814). Maxim Dounin <mdounin@mdounin.ru> parents: 6489 diff changeset	660 ngx_conf_merge_ptr_value(conf->certificate_keys, prev->certificate_keys,
51e1f047d15d SSL: support for multiple certificates (ticket #814). Maxim Dounin <mdounin@mdounin.ru> parents: 6489 diff changeset	661 NULL);
383 c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	662
5744 42114bf12da0 SSL: the "ssl_password_file" directive. Valentin Bartenev <vbart@nginx.com> parents: 5700 diff changeset	663 ngx_conf_merge_ptr_value(conf->passwords, prev->passwords, NULL);
42114bf12da0 SSL: the "ssl_password_file" directive. Valentin Bartenev <vbart@nginx.com> parents: 5700 diff changeset	664
2044 f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	665 ngx_conf_merge_str_value(conf->dhparam, prev->dhparam, "");
f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	666
647 95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	667 ngx_conf_merge_str_value(conf->client_certificate, prev->client_certificate,
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	668 "");
4872 7c3cca603438 OCSP stapling: ssl_trusted_certificate directive. Maxim Dounin <mdounin@mdounin.ru> parents: 4412 diff changeset	669 ngx_conf_merge_str_value(conf->trusted_certificate,
7c3cca603438 OCSP stapling: ssl_trusted_certificate directive. Maxim Dounin <mdounin@mdounin.ru> parents: 4412 diff changeset	670 prev->trusted_certificate, "");
2995 cc07d164f0dc ssl_crl Igor Sysoev <igor@sysoev.ru> parents: 2994 diff changeset	671 ngx_conf_merge_str_value(conf->crl, prev->crl, "");
647 95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	672
3960 0832a6997227 ECDHE support Igor Sysoev <igor@sysoev.ru> parents: 3959 diff changeset	673 ngx_conf_merge_str_value(conf->ecdh_curve, prev->ecdh_curve,
0832a6997227 ECDHE support Igor Sysoev <igor@sysoev.ru> parents: 3959 diff changeset	674 NGX_DEFAULT_ECDH_CURVE);
0832a6997227 ECDHE support Igor Sysoev <igor@sysoev.ru> parents: 3959 diff changeset	675
2124 e0b424b98f24 fix typo Igor Sysoev <igor@sysoev.ru> parents: 2123 diff changeset	676 ngx_conf_merge_str_value(conf->ciphers, prev->ciphers, NGX_DEFAULT_CIPHERS);
479 c52408583801 nginx-0.1.14-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 444 diff changeset	677
7653 8409f9df6219 SSL: client certificate validation with OCSP (ticket #1534). Roman Arutyunyan <arut@nginx.com> parents: 7567 diff changeset	678 ngx_conf_merge_uint_value(conf->ocsp, prev->ocsp, 0);
8409f9df6219 SSL: client certificate validation with OCSP (ticket #1534). Roman Arutyunyan <arut@nginx.com> parents: 7567 diff changeset	679 ngx_conf_merge_str_value(conf->ocsp_responder, prev->ocsp_responder, "");
7654 b56f725dd4bb OCSP: certificate status cache. Roman Arutyunyan <arut@nginx.com> parents: 7653 diff changeset	680 ngx_conf_merge_ptr_value(conf->ocsp_cache_zone,
b56f725dd4bb OCSP: certificate status cache. Roman Arutyunyan <arut@nginx.com> parents: 7653 diff changeset	681 prev->ocsp_cache_zone, NULL);
7653 8409f9df6219 SSL: client certificate validation with OCSP (ticket #1534). Roman Arutyunyan <arut@nginx.com> parents: 7567 diff changeset	682
4873 dd74fd35ceb5 OCSP stapling: ssl_stapling_file support. Maxim Dounin <mdounin@mdounin.ru> parents: 4872 diff changeset	683 ngx_conf_merge_value(conf->stapling, prev->stapling, 0);
4879 4a804fd04e6c OCSP stapling: ssl_stapling_verify directive. Maxim Dounin <mdounin@mdounin.ru> parents: 4875 diff changeset	684 ngx_conf_merge_value(conf->stapling_verify, prev->stapling_verify, 0);
4873 dd74fd35ceb5 OCSP stapling: ssl_stapling_file support. Maxim Dounin <mdounin@mdounin.ru> parents: 4872 diff changeset	685 ngx_conf_merge_str_value(conf->stapling_file, prev->stapling_file, "");
4875 386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4873 diff changeset	686 ngx_conf_merge_str_value(conf->stapling_responder,
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4873 diff changeset	687 prev->stapling_responder, "");
479 c52408583801 nginx-0.1.14-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 444 diff changeset	688
547 818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	689 conf->ssl.log = cf->log;
386 fa72605e7089 nginx-0.0.7-2004-07-12-01:03:47 import Igor Sysoev <igor@sysoev.ru> parents: 385 diff changeset	690
2224 109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	691 if (conf->enable) {
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	692
6550 51e1f047d15d SSL: support for multiple certificates (ticket #814). Maxim Dounin <mdounin@mdounin.ru> parents: 6489 diff changeset	693 if (conf->certificates == NULL) {
2224 109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	694 ngx_log_error(NGX_LOG_EMERG, cf->log, 0,
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	695 "no \"ssl_certificate\" is defined for "
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	696 "the \"ssl\" directive in %s:%ui",
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	697 conf->file, conf->line);
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	698 return NGX_CONF_ERROR;
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	699 }
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	700
6550 51e1f047d15d SSL: support for multiple certificates (ticket #814). Maxim Dounin <mdounin@mdounin.ru> parents: 6489 diff changeset	701 if (conf->certificate_keys == NULL) {
2224 109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	702 ngx_log_error(NGX_LOG_EMERG, cf->log, 0,
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	703 "no \"ssl_certificate_key\" is defined for "
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	704 "the \"ssl\" directive in %s:%ui",
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	705 conf->file, conf->line);
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	706 return NGX_CONF_ERROR;
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	707 }
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	708
6550 51e1f047d15d SSL: support for multiple certificates (ticket #814). Maxim Dounin <mdounin@mdounin.ru> parents: 6489 diff changeset	709 if (conf->certificate_keys->nelts < conf->certificates->nelts) {
51e1f047d15d SSL: support for multiple certificates (ticket #814). Maxim Dounin <mdounin@mdounin.ru> parents: 6489 diff changeset	710 ngx_log_error(NGX_LOG_EMERG, cf->log, 0,
51e1f047d15d SSL: support for multiple certificates (ticket #814). Maxim Dounin <mdounin@mdounin.ru> parents: 6489 diff changeset	711 "no \"ssl_certificate_key\" is defined "
51e1f047d15d SSL: support for multiple certificates (ticket #814). Maxim Dounin <mdounin@mdounin.ru> parents: 6489 diff changeset	712 "for certificate \"%V\" and "
51e1f047d15d SSL: support for multiple certificates (ticket #814). Maxim Dounin <mdounin@mdounin.ru> parents: 6489 diff changeset	713 "the \"ssl\" directive in %s:%ui",
51e1f047d15d SSL: support for multiple certificates (ticket #814). Maxim Dounin <mdounin@mdounin.ru> parents: 6489 diff changeset	714 ((ngx_str_t *) conf->certificates->elts)
51e1f047d15d SSL: support for multiple certificates (ticket #814). Maxim Dounin <mdounin@mdounin.ru> parents: 6489 diff changeset	715 + conf->certificates->nelts - 1,
51e1f047d15d SSL: support for multiple certificates (ticket #814). Maxim Dounin <mdounin@mdounin.ru> parents: 6489 diff changeset	716 conf->file, conf->line);
51e1f047d15d SSL: support for multiple certificates (ticket #814). Maxim Dounin <mdounin@mdounin.ru> parents: 6489 diff changeset	717 return NGX_CONF_ERROR;
51e1f047d15d SSL: support for multiple certificates (ticket #814). Maxim Dounin <mdounin@mdounin.ru> parents: 6489 diff changeset	718 }
51e1f047d15d SSL: support for multiple certificates (ticket #814). Maxim Dounin <mdounin@mdounin.ru> parents: 6489 diff changeset	719
2224 109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	720 } else {
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	721
6550 51e1f047d15d SSL: support for multiple certificates (ticket #814). Maxim Dounin <mdounin@mdounin.ru> parents: 6489 diff changeset	722 if (conf->certificates == NULL) {
2224 109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	723 return NGX_CONF_OK;
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	724 }
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	725
6550 51e1f047d15d SSL: support for multiple certificates (ticket #814). Maxim Dounin <mdounin@mdounin.ru> parents: 6489 diff changeset	726 if (conf->certificate_keys == NULL
51e1f047d15d SSL: support for multiple certificates (ticket #814). Maxim Dounin <mdounin@mdounin.ru> parents: 6489 diff changeset	727 \|\| conf->certificate_keys->nelts < conf->certificates->nelts)
51e1f047d15d SSL: support for multiple certificates (ticket #814). Maxim Dounin <mdounin@mdounin.ru> parents: 6489 diff changeset	728 {
2224 109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	729 ngx_log_error(NGX_LOG_EMERG, cf->log, 0,
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	730 "no \"ssl_certificate_key\" is defined "
6550 51e1f047d15d SSL: support for multiple certificates (ticket #814). Maxim Dounin <mdounin@mdounin.ru> parents: 6489 diff changeset	731 "for certificate \"%V\"",
51e1f047d15d SSL: support for multiple certificates (ticket #814). Maxim Dounin <mdounin@mdounin.ru> parents: 6489 diff changeset	732 ((ngx_str_t *) conf->certificates->elts)
51e1f047d15d SSL: support for multiple certificates (ticket #814). Maxim Dounin <mdounin@mdounin.ru> parents: 6489 diff changeset	733 + conf->certificates->nelts - 1);
2224 109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	734 return NGX_CONF_ERROR;
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	735 }
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	736 }
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	737
969 065b39794fff ngx_ssl_get_server_conf() Igor Sysoev <igor@sysoev.ru> parents: 671 diff changeset	738 if (ngx_ssl_create(&conf->ssl, conf->protocols, conf) != NGX_OK) {
386 fa72605e7089 nginx-0.0.7-2004-07-12-01:03:47 import Igor Sysoev <igor@sysoev.ru> parents: 385 diff changeset	739 return NGX_CONF_ERROR;
fa72605e7089 nginx-0.0.7-2004-07-12-01:03:47 import Igor Sysoev <igor@sysoev.ru> parents: 385 diff changeset	740 }
fa72605e7089 nginx-0.0.7-2004-07-12-01:03:47 import Igor Sysoev <igor@sysoev.ru> parents: 385 diff changeset	741
7473 8981dbb12254 SSL: fixed potential leak on memory allocation errors. Maxim Dounin <mdounin@mdounin.ru> parents: 7466 diff changeset	742 cln = ngx_pool_cleanup_add(cf->pool, 0);
8981dbb12254 SSL: fixed potential leak on memory allocation errors. Maxim Dounin <mdounin@mdounin.ru> parents: 7466 diff changeset	743 if (cln == NULL) {
8981dbb12254 SSL: fixed potential leak on memory allocation errors. Maxim Dounin <mdounin@mdounin.ru> parents: 7466 diff changeset	744 ngx_ssl_cleanup_ctx(&conf->ssl);
8981dbb12254 SSL: fixed potential leak on memory allocation errors. Maxim Dounin <mdounin@mdounin.ru> parents: 7466 diff changeset	745 return NGX_CONF_ERROR;
8981dbb12254 SSL: fixed potential leak on memory allocation errors. Maxim Dounin <mdounin@mdounin.ru> parents: 7466 diff changeset	746 }
8981dbb12254 SSL: fixed potential leak on memory allocation errors. Maxim Dounin <mdounin@mdounin.ru> parents: 7466 diff changeset	747
8981dbb12254 SSL: fixed potential leak on memory allocation errors. Maxim Dounin <mdounin@mdounin.ru> parents: 7466 diff changeset	748 cln->handler = ngx_ssl_cleanup_ctx;
8981dbb12254 SSL: fixed potential leak on memory allocation errors. Maxim Dounin <mdounin@mdounin.ru> parents: 7466 diff changeset	749 cln->data = &conf->ssl;
8981dbb12254 SSL: fixed potential leak on memory allocation errors. Maxim Dounin <mdounin@mdounin.ru> parents: 7466 diff changeset	750
1219 86c5c9288acc SNI support Igor Sysoev <igor@sysoev.ru> parents: 974 diff changeset	751 #ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
86c5c9288acc SNI support Igor Sysoev <igor@sysoev.ru> parents: 974 diff changeset	752
86c5c9288acc SNI support Igor Sysoev <igor@sysoev.ru> parents: 974 diff changeset	753 if (SSL_CTX_set_tlsext_servername_callback(conf->ssl.ctx,
86c5c9288acc SNI support Igor Sysoev <igor@sysoev.ru> parents: 974 diff changeset	754 ngx_http_ssl_servername)
86c5c9288acc SNI support Igor Sysoev <igor@sysoev.ru> parents: 974 diff changeset	755 == 0)
86c5c9288acc SNI support Igor Sysoev <igor@sysoev.ru> parents: 974 diff changeset	756 {
3140 ba9a8ba4207e ) issue warning instead of failure: this is too common case Igor Sysoev <igor@sysoev.ru>* parents: 2996 diff changeset	757 ngx_log_error(NGX_LOG_WARN, cf->log, 0,
3209 b82c623a607e fix typo Igor Sysoev <igor@sysoev.ru> parents: 3196 diff changeset	758 "nginx was built with SNI support, however, now it is linked "
3140 ba9a8ba4207e ) issue warning instead of failure: this is too common case Igor Sysoev <igor@sysoev.ru>* parents: 2996 diff changeset	759 "dynamically to an OpenSSL library which has no tlsext support, "
ba9a8ba4207e ) issue warning instead of failure: this is too common case Igor Sysoev <igor@sysoev.ru>* parents: 2996 diff changeset	760 "therefore SNI is not available");
1219 86c5c9288acc SNI support Igor Sysoev <igor@sysoev.ru> parents: 974 diff changeset	761 }
86c5c9288acc SNI support Igor Sysoev <igor@sysoev.ru> parents: 974 diff changeset	762
86c5c9288acc SNI support Igor Sysoev <igor@sysoev.ru> parents: 974 diff changeset	763 #endif
86c5c9288acc SNI support Igor Sysoev <igor@sysoev.ru> parents: 974 diff changeset	764
5545 01e2a5bcdd8f SSL: support ALPN (IETF's successor to NPN). Piotr Sikora <piotr@cloudflare.com> parents: 5504 diff changeset	765 #ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
01e2a5bcdd8f SSL: support ALPN (IETF's successor to NPN). Piotr Sikora <piotr@cloudflare.com> parents: 5504 diff changeset	766 SSL_CTX_set_alpn_select_cb(conf->ssl.ctx, ngx_http_ssl_alpn_select, NULL);
01e2a5bcdd8f SSL: support ALPN (IETF's successor to NPN). Piotr Sikora <piotr@cloudflare.com> parents: 5504 diff changeset	767 #endif
01e2a5bcdd8f SSL: support ALPN (IETF's successor to NPN). Piotr Sikora <piotr@cloudflare.com> parents: 5504 diff changeset	768
5106 afee87b8190a SSL: Next Protocol Negotiation extension support. Valentin Bartenev <vbart@nginx.com> parents: 5077 diff changeset	769 #ifdef TLSEXT_TYPE_next_proto_neg
afee87b8190a SSL: Next Protocol Negotiation extension support. Valentin Bartenev <vbart@nginx.com> parents: 5077 diff changeset	770 SSL_CTX_set_next_protos_advertised_cb(conf->ssl.ctx,
afee87b8190a SSL: Next Protocol Negotiation extension support. Valentin Bartenev <vbart@nginx.com> parents: 5077 diff changeset	771 ngx_http_ssl_npn_advertised, NULL);
afee87b8190a SSL: Next Protocol Negotiation extension support. Valentin Bartenev <vbart@nginx.com> parents: 5077 diff changeset	772 #endif
afee87b8190a SSL: Next Protocol Negotiation extension support. Valentin Bartenev <vbart@nginx.com> parents: 5077 diff changeset	773
7462 be2af41d3620 SSL: variables support in ssl_certificate and ssl_certificate_key. Maxim Dounin <mdounin@mdounin.ru> parents: 7333 diff changeset	774 if (ngx_http_ssl_compile_certificates(cf, conf) != NGX_OK) {
386 fa72605e7089 nginx-0.0.7-2004-07-12-01:03:47 import Igor Sysoev <igor@sysoev.ru> parents: 385 diff changeset	775 return NGX_CONF_ERROR;
fa72605e7089 nginx-0.0.7-2004-07-12-01:03:47 import Igor Sysoev <igor@sysoev.ru> parents: 385 diff changeset	776 }
fa72605e7089 nginx-0.0.7-2004-07-12-01:03:47 import Igor Sysoev <igor@sysoev.ru> parents: 385 diff changeset	777
7462 be2af41d3620 SSL: variables support in ssl_certificate and ssl_certificate_key. Maxim Dounin <mdounin@mdounin.ru> parents: 7333 diff changeset	778 if (conf->certificate_values) {
be2af41d3620 SSL: variables support in ssl_certificate and ssl_certificate_key. Maxim Dounin <mdounin@mdounin.ru> parents: 7333 diff changeset	779
be2af41d3620 SSL: variables support in ssl_certificate and ssl_certificate_key. Maxim Dounin <mdounin@mdounin.ru> parents: 7333 diff changeset	780 #ifdef SSL_R_CERT_CB_ERROR
be2af41d3620 SSL: variables support in ssl_certificate and ssl_certificate_key. Maxim Dounin <mdounin@mdounin.ru> parents: 7333 diff changeset	781
be2af41d3620 SSL: variables support in ssl_certificate and ssl_certificate_key. Maxim Dounin <mdounin@mdounin.ru> parents: 7333 diff changeset	782 /* install callback to lookup certificates */
be2af41d3620 SSL: variables support in ssl_certificate and ssl_certificate_key. Maxim Dounin <mdounin@mdounin.ru> parents: 7333 diff changeset	783
7466 48c87377aabd SSL: fixed possible segfault with dynamic certificates. Maxim Dounin <mdounin@mdounin.ru> parents: 7465 diff changeset	784 SSL_CTX_set_cert_cb(conf->ssl.ctx, ngx_http_ssl_certificate, conf);
7462 be2af41d3620 SSL: variables support in ssl_certificate and ssl_certificate_key. Maxim Dounin <mdounin@mdounin.ru> parents: 7333 diff changeset	785
be2af41d3620 SSL: variables support in ssl_certificate and ssl_certificate_key. Maxim Dounin <mdounin@mdounin.ru> parents: 7333 diff changeset	786 #else
be2af41d3620 SSL: variables support in ssl_certificate and ssl_certificate_key. Maxim Dounin <mdounin@mdounin.ru> parents: 7333 diff changeset	787 ngx_log_error(NGX_LOG_EMERG, cf->log, 0,
be2af41d3620 SSL: variables support in ssl_certificate and ssl_certificate_key. Maxim Dounin <mdounin@mdounin.ru> parents: 7333 diff changeset	788 "variables in "
be2af41d3620 SSL: variables support in ssl_certificate and ssl_certificate_key. Maxim Dounin <mdounin@mdounin.ru> parents: 7333 diff changeset	789 "\"ssl_certificate\" and \"ssl_certificate_key\" "
be2af41d3620 SSL: variables support in ssl_certificate and ssl_certificate_key. Maxim Dounin <mdounin@mdounin.ru> parents: 7333 diff changeset	790 "directives are not supported on this platform");
be2af41d3620 SSL: variables support in ssl_certificate and ssl_certificate_key. Maxim Dounin <mdounin@mdounin.ru> parents: 7333 diff changeset	791 return NGX_CONF_ERROR;
be2af41d3620 SSL: variables support in ssl_certificate and ssl_certificate_key. Maxim Dounin <mdounin@mdounin.ru> parents: 7333 diff changeset	792 #endif
be2af41d3620 SSL: variables support in ssl_certificate and ssl_certificate_key. Maxim Dounin <mdounin@mdounin.ru> parents: 7333 diff changeset	793
be2af41d3620 SSL: variables support in ssl_certificate and ssl_certificate_key. Maxim Dounin <mdounin@mdounin.ru> parents: 7333 diff changeset	794 } else {
be2af41d3620 SSL: variables support in ssl_certificate and ssl_certificate_key. Maxim Dounin <mdounin@mdounin.ru> parents: 7333 diff changeset	795
be2af41d3620 SSL: variables support in ssl_certificate and ssl_certificate_key. Maxim Dounin <mdounin@mdounin.ru> parents: 7333 diff changeset	796 /* configure certificates */
be2af41d3620 SSL: variables support in ssl_certificate and ssl_certificate_key. Maxim Dounin <mdounin@mdounin.ru> parents: 7333 diff changeset	797
be2af41d3620 SSL: variables support in ssl_certificate and ssl_certificate_key. Maxim Dounin <mdounin@mdounin.ru> parents: 7333 diff changeset	798 if (ngx_ssl_certificates(cf, &conf->ssl, conf->certificates,
be2af41d3620 SSL: variables support in ssl_certificate and ssl_certificate_key. Maxim Dounin <mdounin@mdounin.ru> parents: 7333 diff changeset	799 conf->certificate_keys, conf->passwords)
be2af41d3620 SSL: variables support in ssl_certificate and ssl_certificate_key. Maxim Dounin <mdounin@mdounin.ru> parents: 7333 diff changeset	800 != NGX_OK)
be2af41d3620 SSL: variables support in ssl_certificate and ssl_certificate_key. Maxim Dounin <mdounin@mdounin.ru> parents: 7333 diff changeset	801 {
be2af41d3620 SSL: variables support in ssl_certificate and ssl_certificate_key. Maxim Dounin <mdounin@mdounin.ru> parents: 7333 diff changeset	802 return NGX_CONF_ERROR;
be2af41d3620 SSL: variables support in ssl_certificate and ssl_certificate_key. Maxim Dounin <mdounin@mdounin.ru> parents: 7333 diff changeset	803 }
be2af41d3620 SSL: variables support in ssl_certificate and ssl_certificate_key. Maxim Dounin <mdounin@mdounin.ru> parents: 7333 diff changeset	804 }
be2af41d3620 SSL: variables support in ssl_certificate and ssl_certificate_key. Maxim Dounin <mdounin@mdounin.ru> parents: 7333 diff changeset	805
6591 04d8d1f85649 SSL: ngx_ssl_ciphers() to set list of ciphers. Tim Taubert <tim@timtaubert.de> parents: 6553 diff changeset	806 if (ngx_ssl_ciphers(cf, &conf->ssl, &conf->ciphers,
04d8d1f85649 SSL: ngx_ssl_ciphers() to set list of ciphers. Tim Taubert <tim@timtaubert.de> parents: 6553 diff changeset	807 conf->prefer_server_ciphers)
04d8d1f85649 SSL: ngx_ssl_ciphers() to set list of ciphers. Tim Taubert <tim@timtaubert.de> parents: 6553 diff changeset	808 != NGX_OK)
529 e5d7d0334fdb nginx-0.1.39-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 509 diff changeset	809 {
5387 0fbcfab0bfd7 SSL: stop loading configs with invalid "ssl_ciphers" values. Piotr Sikora <piotr@cloudflare.com> parents: 5121 diff changeset	810 return NGX_CONF_ERROR;
547 818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	811 }
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	812
5487 a297b7ad6f94 SSL: ssl_buffer_size directive. Maxim Dounin <mdounin@mdounin.ru> parents: 5425 diff changeset	813 conf->ssl.buffer_size = conf->buffer_size;
a297b7ad6f94 SSL: ssl_buffer_size directive. Maxim Dounin <mdounin@mdounin.ru> parents: 5425 diff changeset	814
647 95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	815 if (conf->verify) {
2123 9697407e9ecb ) ssl_verify_client ask Igor Sysoev <igor@sysoev.ru>* parents: 2045 diff changeset	816
4884 e406c997470a SSL: the "ssl_verify_client" directive parameter "optional_no_ca". Maxim Dounin <mdounin@mdounin.ru> parents: 4879 diff changeset	817 if (conf->client_certificate.len == 0 && conf->verify != 3) {
2123 9697407e9ecb ) ssl_verify_client ask Igor Sysoev <igor@sysoev.ru>* parents: 2045 diff changeset	818 ngx_log_error(NGX_LOG_EMERG, cf->log, 0,
7567 ef7ee19776db SSL: fixed ssl_verify_client error message. Sergey Kandaurov <pluknet@nginx.com> parents: 7473 diff changeset	819 "no ssl_client_certificate for ssl_verify_client");
2123 9697407e9ecb ) ssl_verify_client ask Igor Sysoev <igor@sysoev.ru>* parents: 2045 diff changeset	820 return NGX_CONF_ERROR;
9697407e9ecb ) ssl_verify_client ask Igor Sysoev <igor@sysoev.ru>* parents: 2045 diff changeset	821 }
9697407e9ecb ) ssl_verify_client ask Igor Sysoev <igor@sysoev.ru>* parents: 2045 diff changeset	822
671 cec32b3753ac nginx-0.3.57-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 669 diff changeset	823 if (ngx_ssl_client_certificate(cf, &conf->ssl,
970 35f98a8e275f style fix Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	824 &conf->client_certificate,
35f98a8e275f style fix Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	825 conf->verify_depth)
671 cec32b3753ac nginx-0.3.57-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 669 diff changeset	826 != NGX_OK)
cec32b3753ac nginx-0.3.57-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 669 diff changeset	827 {
cec32b3753ac nginx-0.3.57-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 669 diff changeset	828 return NGX_CONF_ERROR;
647 95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	829 }
4872 7c3cca603438 OCSP stapling: ssl_trusted_certificate directive. Maxim Dounin <mdounin@mdounin.ru> parents: 4412 diff changeset	830 }
2995 cc07d164f0dc ssl_crl Igor Sysoev <igor@sysoev.ru> parents: 2994 diff changeset	831
4872 7c3cca603438 OCSP stapling: ssl_trusted_certificate directive. Maxim Dounin <mdounin@mdounin.ru> parents: 4412 diff changeset	832 if (ngx_ssl_trusted_certificate(cf, &conf->ssl,
7c3cca603438 OCSP stapling: ssl_trusted_certificate directive. Maxim Dounin <mdounin@mdounin.ru> parents: 4412 diff changeset	833 &conf->trusted_certificate,
7c3cca603438 OCSP stapling: ssl_trusted_certificate directive. Maxim Dounin <mdounin@mdounin.ru> parents: 4412 diff changeset	834 conf->verify_depth)
7c3cca603438 OCSP stapling: ssl_trusted_certificate directive. Maxim Dounin <mdounin@mdounin.ru> parents: 4412 diff changeset	835 != NGX_OK)
7c3cca603438 OCSP stapling: ssl_trusted_certificate directive. Maxim Dounin <mdounin@mdounin.ru> parents: 4412 diff changeset	836 {
7c3cca603438 OCSP stapling: ssl_trusted_certificate directive. Maxim Dounin <mdounin@mdounin.ru> parents: 4412 diff changeset	837 return NGX_CONF_ERROR;
7c3cca603438 OCSP stapling: ssl_trusted_certificate directive. Maxim Dounin <mdounin@mdounin.ru> parents: 4412 diff changeset	838 }
7c3cca603438 OCSP stapling: ssl_trusted_certificate directive. Maxim Dounin <mdounin@mdounin.ru> parents: 4412 diff changeset	839
7c3cca603438 OCSP stapling: ssl_trusted_certificate directive. Maxim Dounin <mdounin@mdounin.ru> parents: 4412 diff changeset	840 if (ngx_ssl_crl(cf, &conf->ssl, &conf->crl) != NGX_OK) {
7c3cca603438 OCSP stapling: ssl_trusted_certificate directive. Maxim Dounin <mdounin@mdounin.ru> parents: 4412 diff changeset	841 return NGX_CONF_ERROR;
647 95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	842 }
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	843
7653 8409f9df6219 SSL: client certificate validation with OCSP (ticket #1534). Roman Arutyunyan <arut@nginx.com> parents: 7567 diff changeset	844 if (conf->ocsp) {
8409f9df6219 SSL: client certificate validation with OCSP (ticket #1534). Roman Arutyunyan <arut@nginx.com> parents: 7567 diff changeset	845
8409f9df6219 SSL: client certificate validation with OCSP (ticket #1534). Roman Arutyunyan <arut@nginx.com> parents: 7567 diff changeset	846 if (conf->verify == 3) {
8409f9df6219 SSL: client certificate validation with OCSP (ticket #1534). Roman Arutyunyan <arut@nginx.com> parents: 7567 diff changeset	847 ngx_log_error(NGX_LOG_EMERG, cf->log, 0,
8409f9df6219 SSL: client certificate validation with OCSP (ticket #1534). Roman Arutyunyan <arut@nginx.com> parents: 7567 diff changeset	848 "\"ssl_ocsp\" is incompatible with "
8409f9df6219 SSL: client certificate validation with OCSP (ticket #1534). Roman Arutyunyan <arut@nginx.com> parents: 7567 diff changeset	849 "\"ssl_verify_client optional_no_ca\"");
8409f9df6219 SSL: client certificate validation with OCSP (ticket #1534). Roman Arutyunyan <arut@nginx.com> parents: 7567 diff changeset	850 return NGX_CONF_ERROR;
8409f9df6219 SSL: client certificate validation with OCSP (ticket #1534). Roman Arutyunyan <arut@nginx.com> parents: 7567 diff changeset	851 }
8409f9df6219 SSL: client certificate validation with OCSP (ticket #1534). Roman Arutyunyan <arut@nginx.com> parents: 7567 diff changeset	852
7654 b56f725dd4bb OCSP: certificate status cache. Roman Arutyunyan <arut@nginx.com> parents: 7653 diff changeset	853 if (ngx_ssl_ocsp(cf, &conf->ssl, &conf->ocsp_responder, conf->ocsp,
b56f725dd4bb OCSP: certificate status cache. Roman Arutyunyan <arut@nginx.com> parents: 7653 diff changeset	854 conf->ocsp_cache_zone)
7653 8409f9df6219 SSL: client certificate validation with OCSP (ticket #1534). Roman Arutyunyan <arut@nginx.com> parents: 7567 diff changeset	855 != NGX_OK)
8409f9df6219 SSL: client certificate validation with OCSP (ticket #1534). Roman Arutyunyan <arut@nginx.com> parents: 7567 diff changeset	856 {
8409f9df6219 SSL: client certificate validation with OCSP (ticket #1534). Roman Arutyunyan <arut@nginx.com> parents: 7567 diff changeset	857 return NGX_CONF_ERROR;
8409f9df6219 SSL: client certificate validation with OCSP (ticket #1534). Roman Arutyunyan <arut@nginx.com> parents: 7567 diff changeset	858 }
8409f9df6219 SSL: client certificate validation with OCSP (ticket #1534). Roman Arutyunyan <arut@nginx.com> parents: 7567 diff changeset	859 }
8409f9df6219 SSL: client certificate validation with OCSP (ticket #1534). Roman Arutyunyan <arut@nginx.com> parents: 7567 diff changeset	860
2044 f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	861 if (ngx_ssl_dhparam(cf, &conf->ssl, &conf->dhparam) != NGX_OK) {
f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	862 return NGX_CONF_ERROR;
f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	863 }
f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	864
3960 0832a6997227 ECDHE support Igor Sysoev <igor@sysoev.ru> parents: 3959 diff changeset	865 if (ngx_ssl_ecdh_curve(cf, &conf->ssl, &conf->ecdh_curve) != NGX_OK) {
0832a6997227 ECDHE support Igor Sysoev <igor@sysoev.ru> parents: 3959 diff changeset	866 return NGX_CONF_ERROR;
0832a6997227 ECDHE support Igor Sysoev <igor@sysoev.ru> parents: 3959 diff changeset	867 }
0832a6997227 ECDHE support Igor Sysoev <igor@sysoev.ru> parents: 3959 diff changeset	868
973 e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	869 ngx_conf_merge_value(conf->builtin_session_cache,
2032 12b3ad3353f9 ssl_session_cache none Igor Sysoev <igor@sysoev.ru> parents: 1778 diff changeset	870 prev->builtin_session_cache, NGX_SSL_NONE_SCACHE);
973 e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	871
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	872 if (conf->shm_zone == NULL) {
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	873 conf->shm_zone = prev->shm_zone;
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	874 }
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	875
974 8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 973 diff changeset	876 if (ngx_ssl_session_cache(&conf->ssl, &ngx_http_ssl_sess_id_ctx,
7465 6708bec13757 SSL: adjusted session id context with dynamic certificates. Maxim Dounin <mdounin@mdounin.ru> parents: 7463 diff changeset	877 conf->certificates, conf->builtin_session_cache,
974 8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 973 diff changeset	878 conf->shm_zone, conf->session_timeout)
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 973 diff changeset	879 != NGX_OK)
973 e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	880 {
974 8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 973 diff changeset	881 return NGX_CONF_ERROR;
973 e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	882 }
573 58475592100c nginx-0.3.8-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 563 diff changeset	883
5503 d049b0ea00a3 SSL: ssl_session_tickets directive. Dirkjan Bussink <d.bussink@gmail.com> parents: 5487 diff changeset	884 ngx_conf_merge_value(conf->session_tickets, prev->session_tickets, 1);
d049b0ea00a3 SSL: ssl_session_tickets directive. Dirkjan Bussink <d.bussink@gmail.com> parents: 5487 diff changeset	885
d049b0ea00a3 SSL: ssl_session_tickets directive. Dirkjan Bussink <d.bussink@gmail.com> parents: 5487 diff changeset	886 #ifdef SSL_OP_NO_TICKET
d049b0ea00a3 SSL: ssl_session_tickets directive. Dirkjan Bussink <d.bussink@gmail.com> parents: 5487 diff changeset	887 if (!conf->session_tickets) {
d049b0ea00a3 SSL: ssl_session_tickets directive. Dirkjan Bussink <d.bussink@gmail.com> parents: 5487 diff changeset	888 SSL_CTX_set_options(conf->ssl.ctx, SSL_OP_NO_TICKET);
d049b0ea00a3 SSL: ssl_session_tickets directive. Dirkjan Bussink <d.bussink@gmail.com> parents: 5487 diff changeset	889 }
d049b0ea00a3 SSL: ssl_session_tickets directive. Dirkjan Bussink <d.bussink@gmail.com> parents: 5487 diff changeset	890 #endif
d049b0ea00a3 SSL: ssl_session_tickets directive. Dirkjan Bussink <d.bussink@gmail.com> parents: 5487 diff changeset	891
5425 1356a3b96924 SSL: added ability to set keys used for Session Tickets (RFC5077). Piotr Sikora <piotr@cloudflare.com> parents: 5387 diff changeset	892 ngx_conf_merge_ptr_value(conf->session_ticket_keys,
1356a3b96924 SSL: added ability to set keys used for Session Tickets (RFC5077). Piotr Sikora <piotr@cloudflare.com> parents: 5387 diff changeset	893 prev->session_ticket_keys, NULL);
1356a3b96924 SSL: added ability to set keys used for Session Tickets (RFC5077). Piotr Sikora <piotr@cloudflare.com> parents: 5387 diff changeset	894
1356a3b96924 SSL: added ability to set keys used for Session Tickets (RFC5077). Piotr Sikora <piotr@cloudflare.com> parents: 5387 diff changeset	895 if (ngx_ssl_session_ticket_keys(cf, &conf->ssl, conf->session_ticket_keys)
1356a3b96924 SSL: added ability to set keys used for Session Tickets (RFC5077). Piotr Sikora <piotr@cloudflare.com> parents: 5387 diff changeset	896 != NGX_OK)
1356a3b96924 SSL: added ability to set keys used for Session Tickets (RFC5077). Piotr Sikora <piotr@cloudflare.com> parents: 5387 diff changeset	897 {
1356a3b96924 SSL: added ability to set keys used for Session Tickets (RFC5077). Piotr Sikora <piotr@cloudflare.com> parents: 5387 diff changeset	898 return NGX_CONF_ERROR;
1356a3b96924 SSL: added ability to set keys used for Session Tickets (RFC5077). Piotr Sikora <piotr@cloudflare.com> parents: 5387 diff changeset	899 }
1356a3b96924 SSL: added ability to set keys used for Session Tickets (RFC5077). Piotr Sikora <piotr@cloudflare.com> parents: 5387 diff changeset	900
4875 386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4873 diff changeset	901 if (conf->stapling) {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4873 diff changeset	902
4879 4a804fd04e6c OCSP stapling: ssl_stapling_verify directive. Maxim Dounin <mdounin@mdounin.ru> parents: 4875 diff changeset	903 if (ngx_ssl_stapling(cf, &conf->ssl, &conf->stapling_file,
4a804fd04e6c OCSP stapling: ssl_stapling_verify directive. Maxim Dounin <mdounin@mdounin.ru> parents: 4875 diff changeset	904 &conf->stapling_responder, conf->stapling_verify)
4875 386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4873 diff changeset	905 != NGX_OK)
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4873 diff changeset	906 {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4873 diff changeset	907 return NGX_CONF_ERROR;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4873 diff changeset	908 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4873 diff changeset	909
4873 dd74fd35ceb5 OCSP stapling: ssl_stapling_file support. Maxim Dounin <mdounin@mdounin.ru> parents: 4872 diff changeset	910 }
dd74fd35ceb5 OCSP stapling: ssl_stapling_file support. Maxim Dounin <mdounin@mdounin.ru> parents: 4872 diff changeset	911
7333 ba971deb4b44 SSL: support for TLSv1.3 early data with BoringSSL. Maxim Dounin <mdounin@mdounin.ru> parents: 7270 diff changeset	912 if (ngx_ssl_early_data(cf, &conf->ssl, conf->early_data) != NGX_OK) {
ba971deb4b44 SSL: support for TLSv1.3 early data with BoringSSL. Maxim Dounin <mdounin@mdounin.ru> parents: 7270 diff changeset	913 return NGX_CONF_ERROR;
ba971deb4b44 SSL: support for TLSv1.3 early data with BoringSSL. Maxim Dounin <mdounin@mdounin.ru> parents: 7270 diff changeset	914 }
ba971deb4b44 SSL: support for TLSv1.3 early data with BoringSSL. Maxim Dounin <mdounin@mdounin.ru> parents: 7270 diff changeset	915
383 c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	916 return NGX_CONF_OK;
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	917 }
563 9c2f3ed7a247 nginx-0.3.3-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 547 diff changeset	918
9c2f3ed7a247 nginx-0.3.3-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 547 diff changeset	919
7462 be2af41d3620 SSL: variables support in ssl_certificate and ssl_certificate_key. Maxim Dounin <mdounin@mdounin.ru> parents: 7333 diff changeset	920 static ngx_int_t
be2af41d3620 SSL: variables support in ssl_certificate and ssl_certificate_key. Maxim Dounin <mdounin@mdounin.ru> parents: 7333 diff changeset	921 ngx_http_ssl_compile_certificates(ngx_conf_t *cf,
be2af41d3620 SSL: variables support in ssl_certificate and ssl_certificate_key. Maxim Dounin <mdounin@mdounin.ru> parents: 7333 diff changeset	922 ngx_http_ssl_srv_conf_t *conf)
be2af41d3620 SSL: variables support in ssl_certificate and ssl_certificate_key. Maxim Dounin <mdounin@mdounin.ru> parents: 7333 diff changeset	923 {
be2af41d3620 SSL: variables support in ssl_certificate and ssl_certificate_key. Maxim Dounin <mdounin@mdounin.ru> parents: 7333 diff changeset	924 ngx_str_t cert, key;
be2af41d3620 SSL: variables support in ssl_certificate and ssl_certificate_key. Maxim Dounin <mdounin@mdounin.ru> parents: 7333 diff changeset	925 ngx_uint_t i, nelts;
be2af41d3620 SSL: variables support in ssl_certificate and ssl_certificate_key. Maxim Dounin <mdounin@mdounin.ru> parents: 7333 diff changeset	926 ngx_http_complex_value_t *cv;
be2af41d3620 SSL: variables support in ssl_certificate and ssl_certificate_key. Maxim Dounin <mdounin@mdounin.ru> parents: 7333 diff changeset	927 ngx_http_compile_complex_value_t ccv;
be2af41d3620 SSL: variables support in ssl_certificate and ssl_certificate_key. Maxim Dounin <mdounin@mdounin.ru> parents: 7333 diff changeset	928
be2af41d3620 SSL: variables support in ssl_certificate and ssl_certificate_key. Maxim Dounin <mdounin@mdounin.ru> parents: 7333 diff changeset	929 cert = conf->certificates->elts;
be2af41d3620 SSL: variables support in ssl_certificate and ssl_certificate_key. Maxim Dounin <mdounin@mdounin.ru> parents: 7333 diff changeset	930 key = conf->certificate_keys->elts;
be2af41d3620 SSL: variables support in ssl_certificate and ssl_certificate_key. Maxim Dounin <mdounin@mdounin.ru> parents: 7333 diff changeset	931 nelts = conf->certificates->nelts;
be2af41d3620 SSL: variables support in ssl_certificate and ssl_certificate_key. Maxim Dounin <mdounin@mdounin.ru> parents: 7333 diff changeset	932
be2af41d3620 SSL: variables support in ssl_certificate and ssl_certificate_key. Maxim Dounin <mdounin@mdounin.ru> parents: 7333 diff changeset	933 for (i = 0; i < nelts; i++) {
be2af41d3620 SSL: variables support in ssl_certificate and ssl_certificate_key. Maxim Dounin <mdounin@mdounin.ru> parents: 7333 diff changeset	934
be2af41d3620 SSL: variables support in ssl_certificate and ssl_certificate_key. Maxim Dounin <mdounin@mdounin.ru> parents: 7333 diff changeset	935 if (ngx_http_script_variables_count(&cert[i])) {
be2af41d3620 SSL: variables support in ssl_certificate and ssl_certificate_key. Maxim Dounin <mdounin@mdounin.ru> parents: 7333 diff changeset	936 goto found;
be2af41d3620 SSL: variables support in ssl_certificate and ssl_certificate_key. Maxim Dounin <mdounin@mdounin.ru> parents: 7333 diff changeset	937 }
be2af41d3620 SSL: variables support in ssl_certificate and ssl_certificate_key. Maxim Dounin <mdounin@mdounin.ru> parents: 7333 diff changeset	938
be2af41d3620 SSL: variables support in ssl_certificate and ssl_certificate_key. Maxim Dounin <mdounin@mdounin.ru> parents: 7333 diff changeset	939 if (ngx_http_script_variables_count(&key[i])) {
be2af41d3620 SSL: variables support in ssl_certificate and ssl_certificate_key. Maxim Dounin <mdounin@mdounin.ru> parents: 7333 diff changeset	940 goto found;
be2af41d3620 SSL: variables support in ssl_certificate and ssl_certificate_key. Maxim Dounin <mdounin@mdounin.ru> parents: 7333 diff changeset	941 }
be2af41d3620 SSL: variables support in ssl_certificate and ssl_certificate_key. Maxim Dounin <mdounin@mdounin.ru> parents: 7333 diff changeset	942 }
be2af41d3620 SSL: variables support in ssl_certificate and ssl_certificate_key. Maxim Dounin <mdounin@mdounin.ru> parents: 7333 diff changeset	943
be2af41d3620 SSL: variables support in ssl_certificate and ssl_certificate_key. Maxim Dounin <mdounin@mdounin.ru> parents: 7333 diff changeset	944 return NGX_OK;
be2af41d3620 SSL: variables support in ssl_certificate and ssl_certificate_key. Maxim Dounin <mdounin@mdounin.ru> parents: 7333 diff changeset	945
be2af41d3620 SSL: variables support in ssl_certificate and ssl_certificate_key. Maxim Dounin <mdounin@mdounin.ru> parents: 7333 diff changeset	946 found:
be2af41d3620 SSL: variables support in ssl_certificate and ssl_certificate_key. Maxim Dounin <mdounin@mdounin.ru> parents: 7333 diff changeset	947
be2af41d3620 SSL: variables support in ssl_certificate and ssl_certificate_key. Maxim Dounin <mdounin@mdounin.ru> parents: 7333 diff changeset	948 conf->certificate_values = ngx_array_create(cf->pool, nelts,
be2af41d3620 SSL: variables support in ssl_certificate and ssl_certificate_key. Maxim Dounin <mdounin@mdounin.ru> parents: 7333 diff changeset	949 sizeof(ngx_http_complex_value_t));
be2af41d3620 SSL: variables support in ssl_certificate and ssl_certificate_key. Maxim Dounin <mdounin@mdounin.ru> parents: 7333 diff changeset	950 if (conf->certificate_values == NULL) {
be2af41d3620 SSL: variables support in ssl_certificate and ssl_certificate_key. Maxim Dounin <mdounin@mdounin.ru> parents: 7333 diff changeset	951 return NGX_ERROR;
be2af41d3620 SSL: variables support in ssl_certificate and ssl_certificate_key. Maxim Dounin <mdounin@mdounin.ru> parents: 7333 diff changeset	952 }
be2af41d3620 SSL: variables support in ssl_certificate and ssl_certificate_key. Maxim Dounin <mdounin@mdounin.ru> parents: 7333 diff changeset	953
be2af41d3620 SSL: variables support in ssl_certificate and ssl_certificate_key. Maxim Dounin <mdounin@mdounin.ru> parents: 7333 diff changeset	954 conf->certificate_key_values = ngx_array_create(cf->pool, nelts,
be2af41d3620 SSL: variables support in ssl_certificate and ssl_certificate_key. Maxim Dounin <mdounin@mdounin.ru> parents: 7333 diff changeset	955 sizeof(ngx_http_complex_value_t));
be2af41d3620 SSL: variables support in ssl_certificate and ssl_certificate_key. Maxim Dounin <mdounin@mdounin.ru> parents: 7333 diff changeset	956 if (conf->certificate_key_values == NULL) {
be2af41d3620 SSL: variables support in ssl_certificate and ssl_certificate_key. Maxim Dounin <mdounin@mdounin.ru> parents: 7333 diff changeset	957 return NGX_ERROR;
be2af41d3620 SSL: variables support in ssl_certificate and ssl_certificate_key. Maxim Dounin <mdounin@mdounin.ru> parents: 7333 diff changeset	958 }
be2af41d3620 SSL: variables support in ssl_certificate and ssl_certificate_key. Maxim Dounin <mdounin@mdounin.ru> parents: 7333 diff changeset	959
be2af41d3620 SSL: variables support in ssl_certificate and ssl_certificate_key. Maxim Dounin <mdounin@mdounin.ru> parents: 7333 diff changeset	960 for (i = 0; i < nelts; i++) {
be2af41d3620 SSL: variables support in ssl_certificate and ssl_certificate_key. Maxim Dounin <mdounin@mdounin.ru> parents: 7333 diff changeset	961
be2af41d3620 SSL: variables support in ssl_certificate and ssl_certificate_key. Maxim Dounin <mdounin@mdounin.ru> parents: 7333 diff changeset	962 cv = ngx_array_push(conf->certificate_values);
be2af41d3620 SSL: variables support in ssl_certificate and ssl_certificate_key. Maxim Dounin <mdounin@mdounin.ru> parents: 7333 diff changeset	963 if (cv == NULL) {
be2af41d3620 SSL: variables support in ssl_certificate and ssl_certificate_key. Maxim Dounin <mdounin@mdounin.ru> parents: 7333 diff changeset	964 return NGX_ERROR;
be2af41d3620 SSL: variables support in ssl_certificate and ssl_certificate_key. Maxim Dounin <mdounin@mdounin.ru> parents: 7333 diff changeset	965 }
be2af41d3620 SSL: variables support in ssl_certificate and ssl_certificate_key. Maxim Dounin <mdounin@mdounin.ru> parents: 7333 diff changeset	966
be2af41d3620 SSL: variables support in ssl_certificate and ssl_certificate_key. Maxim Dounin <mdounin@mdounin.ru> parents: 7333 diff changeset	967 ngx_memzero(&ccv, sizeof(ngx_http_compile_complex_value_t));
be2af41d3620 SSL: variables support in ssl_certificate and ssl_certificate_key. Maxim Dounin <mdounin@mdounin.ru> parents: 7333 diff changeset	968
be2af41d3620 SSL: variables support in ssl_certificate and ssl_certificate_key. Maxim Dounin <mdounin@mdounin.ru> parents: 7333 diff changeset	969 ccv.cf = cf;
be2af41d3620 SSL: variables support in ssl_certificate and ssl_certificate_key. Maxim Dounin <mdounin@mdounin.ru> parents: 7333 diff changeset	970 ccv.value = &cert[i];
be2af41d3620 SSL: variables support in ssl_certificate and ssl_certificate_key. Maxim Dounin <mdounin@mdounin.ru> parents: 7333 diff changeset	971 ccv.complex_value = cv;
be2af41d3620 SSL: variables support in ssl_certificate and ssl_certificate_key. Maxim Dounin <mdounin@mdounin.ru> parents: 7333 diff changeset	972 ccv.zero = 1;
be2af41d3620 SSL: variables support in ssl_certificate and ssl_certificate_key. Maxim Dounin <mdounin@mdounin.ru> parents: 7333 diff changeset	973
be2af41d3620 SSL: variables support in ssl_certificate and ssl_certificate_key. Maxim Dounin <mdounin@mdounin.ru> parents: 7333 diff changeset	974 if (ngx_http_compile_complex_value(&ccv) != NGX_OK) {
be2af41d3620 SSL: variables support in ssl_certificate and ssl_certificate_key. Maxim Dounin <mdounin@mdounin.ru> parents: 7333 diff changeset	975 return NGX_ERROR;
be2af41d3620 SSL: variables support in ssl_certificate and ssl_certificate_key. Maxim Dounin <mdounin@mdounin.ru> parents: 7333 diff changeset	976 }
be2af41d3620 SSL: variables support in ssl_certificate and ssl_certificate_key. Maxim Dounin <mdounin@mdounin.ru> parents: 7333 diff changeset	977
be2af41d3620 SSL: variables support in ssl_certificate and ssl_certificate_key. Maxim Dounin <mdounin@mdounin.ru> parents: 7333 diff changeset	978 cv = ngx_array_push(conf->certificate_key_values);
be2af41d3620 SSL: variables support in ssl_certificate and ssl_certificate_key. Maxim Dounin <mdounin@mdounin.ru> parents: 7333 diff changeset	979 if (cv == NULL) {
be2af41d3620 SSL: variables support in ssl_certificate and ssl_certificate_key. Maxim Dounin <mdounin@mdounin.ru> parents: 7333 diff changeset	980 return NGX_ERROR;
be2af41d3620 SSL: variables support in ssl_certificate and ssl_certificate_key. Maxim Dounin <mdounin@mdounin.ru> parents: 7333 diff changeset	981 }
be2af41d3620 SSL: variables support in ssl_certificate and ssl_certificate_key. Maxim Dounin <mdounin@mdounin.ru> parents: 7333 diff changeset	982
be2af41d3620 SSL: variables support in ssl_certificate and ssl_certificate_key. Maxim Dounin <mdounin@mdounin.ru> parents: 7333 diff changeset	983 ngx_memzero(&ccv, sizeof(ngx_http_compile_complex_value_t));
be2af41d3620 SSL: variables support in ssl_certificate and ssl_certificate_key. Maxim Dounin <mdounin@mdounin.ru> parents: 7333 diff changeset	984
be2af41d3620 SSL: variables support in ssl_certificate and ssl_certificate_key. Maxim Dounin <mdounin@mdounin.ru> parents: 7333 diff changeset	985 ccv.cf = cf;
be2af41d3620 SSL: variables support in ssl_certificate and ssl_certificate_key. Maxim Dounin <mdounin@mdounin.ru> parents: 7333 diff changeset	986 ccv.value = &key[i];
be2af41d3620 SSL: variables support in ssl_certificate and ssl_certificate_key. Maxim Dounin <mdounin@mdounin.ru> parents: 7333 diff changeset	987 ccv.complex_value = cv;
be2af41d3620 SSL: variables support in ssl_certificate and ssl_certificate_key. Maxim Dounin <mdounin@mdounin.ru> parents: 7333 diff changeset	988 ccv.zero = 1;
be2af41d3620 SSL: variables support in ssl_certificate and ssl_certificate_key. Maxim Dounin <mdounin@mdounin.ru> parents: 7333 diff changeset	989
be2af41d3620 SSL: variables support in ssl_certificate and ssl_certificate_key. Maxim Dounin <mdounin@mdounin.ru> parents: 7333 diff changeset	990 if (ngx_http_compile_complex_value(&ccv) != NGX_OK) {
be2af41d3620 SSL: variables support in ssl_certificate and ssl_certificate_key. Maxim Dounin <mdounin@mdounin.ru> parents: 7333 diff changeset	991 return NGX_ERROR;
be2af41d3620 SSL: variables support in ssl_certificate and ssl_certificate_key. Maxim Dounin <mdounin@mdounin.ru> parents: 7333 diff changeset	992 }
be2af41d3620 SSL: variables support in ssl_certificate and ssl_certificate_key. Maxim Dounin <mdounin@mdounin.ru> parents: 7333 diff changeset	993 }
be2af41d3620 SSL: variables support in ssl_certificate and ssl_certificate_key. Maxim Dounin <mdounin@mdounin.ru> parents: 7333 diff changeset	994
7463 180df83473a4 SSL: passwords support for dynamic certificate loading. Maxim Dounin <mdounin@mdounin.ru> parents: 7462 diff changeset	995 conf->passwords = ngx_ssl_preserve_passwords(cf, conf->passwords);
180df83473a4 SSL: passwords support for dynamic certificate loading. Maxim Dounin <mdounin@mdounin.ru> parents: 7462 diff changeset	996 if (conf->passwords == NULL) {
180df83473a4 SSL: passwords support for dynamic certificate loading. Maxim Dounin <mdounin@mdounin.ru> parents: 7462 diff changeset	997 return NGX_ERROR;
180df83473a4 SSL: passwords support for dynamic certificate loading. Maxim Dounin <mdounin@mdounin.ru> parents: 7462 diff changeset	998 }
180df83473a4 SSL: passwords support for dynamic certificate loading. Maxim Dounin <mdounin@mdounin.ru> parents: 7462 diff changeset	999
7462 be2af41d3620 SSL: variables support in ssl_certificate and ssl_certificate_key. Maxim Dounin <mdounin@mdounin.ru> parents: 7333 diff changeset	1000 return NGX_OK;
be2af41d3620 SSL: variables support in ssl_certificate and ssl_certificate_key. Maxim Dounin <mdounin@mdounin.ru> parents: 7333 diff changeset	1001 }
be2af41d3620 SSL: variables support in ssl_certificate and ssl_certificate_key. Maxim Dounin <mdounin@mdounin.ru> parents: 7333 diff changeset	1002
be2af41d3620 SSL: variables support in ssl_certificate and ssl_certificate_key. Maxim Dounin <mdounin@mdounin.ru> parents: 7333 diff changeset	1003
973 e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	1004 static char *
2224 109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	1005 ngx_http_ssl_enable(ngx_conf_t cf, ngx_command_t cmd, void *conf)
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	1006 {
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	1007 ngx_http_ssl_srv_conf_t *sscf = conf;
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	1008
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	1009 char *rv;
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	1010
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	1011 rv = ngx_conf_set_flag_slot(cf, cmd, conf);
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	1012
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	1013 if (rv != NGX_CONF_OK) {
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	1014 return rv;
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	1015 }
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	1016
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	1017 sscf->file = cf->conf_file->file.name.data;
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	1018 sscf->line = cf->conf_file->line;
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	1019
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	1020 return NGX_CONF_OK;
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	1021 }
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	1022
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	1023
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	1024 static char *
5744 42114bf12da0 SSL: the "ssl_password_file" directive. Valentin Bartenev <vbart@nginx.com> parents: 5700 diff changeset	1025 ngx_http_ssl_password_file(ngx_conf_t cf, ngx_command_t cmd, void *conf)
42114bf12da0 SSL: the "ssl_password_file" directive. Valentin Bartenev <vbart@nginx.com> parents: 5700 diff changeset	1026 {
42114bf12da0 SSL: the "ssl_password_file" directive. Valentin Bartenev <vbart@nginx.com> parents: 5700 diff changeset	1027 ngx_http_ssl_srv_conf_t *sscf = conf;
42114bf12da0 SSL: the "ssl_password_file" directive. Valentin Bartenev <vbart@nginx.com> parents: 5700 diff changeset	1028
42114bf12da0 SSL: the "ssl_password_file" directive. Valentin Bartenev <vbart@nginx.com> parents: 5700 diff changeset	1029 ngx_str_t *value;
42114bf12da0 SSL: the "ssl_password_file" directive. Valentin Bartenev <vbart@nginx.com> parents: 5700 diff changeset	1030
42114bf12da0 SSL: the "ssl_password_file" directive. Valentin Bartenev <vbart@nginx.com> parents: 5700 diff changeset	1031 if (sscf->passwords != NGX_CONF_UNSET_PTR) {
42114bf12da0 SSL: the "ssl_password_file" directive. Valentin Bartenev <vbart@nginx.com> parents: 5700 diff changeset	1032 return "is duplicate";
42114bf12da0 SSL: the "ssl_password_file" directive. Valentin Bartenev <vbart@nginx.com> parents: 5700 diff changeset	1033 }
42114bf12da0 SSL: the "ssl_password_file" directive. Valentin Bartenev <vbart@nginx.com> parents: 5700 diff changeset	1034
42114bf12da0 SSL: the "ssl_password_file" directive. Valentin Bartenev <vbart@nginx.com> parents: 5700 diff changeset	1035 value = cf->args->elts;
42114bf12da0 SSL: the "ssl_password_file" directive. Valentin Bartenev <vbart@nginx.com> parents: 5700 diff changeset	1036
42114bf12da0 SSL: the "ssl_password_file" directive. Valentin Bartenev <vbart@nginx.com> parents: 5700 diff changeset	1037 sscf->passwords = ngx_ssl_read_password_file(cf, &value[1]);
42114bf12da0 SSL: the "ssl_password_file" directive. Valentin Bartenev <vbart@nginx.com> parents: 5700 diff changeset	1038
42114bf12da0 SSL: the "ssl_password_file" directive. Valentin Bartenev <vbart@nginx.com> parents: 5700 diff changeset	1039 if (sscf->passwords == NULL) {
42114bf12da0 SSL: the "ssl_password_file" directive. Valentin Bartenev <vbart@nginx.com> parents: 5700 diff changeset	1040 return NGX_CONF_ERROR;
42114bf12da0 SSL: the "ssl_password_file" directive. Valentin Bartenev <vbart@nginx.com> parents: 5700 diff changeset	1041 }
42114bf12da0 SSL: the "ssl_password_file" directive. Valentin Bartenev <vbart@nginx.com> parents: 5700 diff changeset	1042
42114bf12da0 SSL: the "ssl_password_file" directive. Valentin Bartenev <vbart@nginx.com> parents: 5700 diff changeset	1043 return NGX_CONF_OK;
42114bf12da0 SSL: the "ssl_password_file" directive. Valentin Bartenev <vbart@nginx.com> parents: 5700 diff changeset	1044 }
42114bf12da0 SSL: the "ssl_password_file" directive. Valentin Bartenev <vbart@nginx.com> parents: 5700 diff changeset	1045
42114bf12da0 SSL: the "ssl_password_file" directive. Valentin Bartenev <vbart@nginx.com> parents: 5700 diff changeset	1046
42114bf12da0 SSL: the "ssl_password_file" directive. Valentin Bartenev <vbart@nginx.com> parents: 5700 diff changeset	1047 static char *
973 e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	1048 ngx_http_ssl_session_cache(ngx_conf_t cf, ngx_command_t cmd, void *conf)
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	1049 {
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	1050 ngx_http_ssl_srv_conf_t *sscf = conf;
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	1051
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	1052 size_t len;
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	1053 ngx_str_t *value, name, size;
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	1054 ngx_int_t n;
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	1055 ngx_uint_t i, j;
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	1056
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	1057 value = cf->args->elts;
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	1058
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	1059 for (i = 1; i < cf->args->nelts; i++) {
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	1060
1778 14510c3cc6cb ssl_session_cache off Igor Sysoev <igor@sysoev.ru> parents: 1565 diff changeset	1061 if (ngx_strcmp(value[i].data, "off") == 0) {
14510c3cc6cb ssl_session_cache off Igor Sysoev <igor@sysoev.ru> parents: 1565 diff changeset	1062 sscf->builtin_session_cache = NGX_SSL_NO_SCACHE;
14510c3cc6cb ssl_session_cache off Igor Sysoev <igor@sysoev.ru> parents: 1565 diff changeset	1063 continue;
14510c3cc6cb ssl_session_cache off Igor Sysoev <igor@sysoev.ru> parents: 1565 diff changeset	1064 }
14510c3cc6cb ssl_session_cache off Igor Sysoev <igor@sysoev.ru> parents: 1565 diff changeset	1065
2032 12b3ad3353f9 ssl_session_cache none Igor Sysoev <igor@sysoev.ru> parents: 1778 diff changeset	1066 if (ngx_strcmp(value[i].data, "none") == 0) {
12b3ad3353f9 ssl_session_cache none Igor Sysoev <igor@sysoev.ru> parents: 1778 diff changeset	1067 sscf->builtin_session_cache = NGX_SSL_NONE_SCACHE;
12b3ad3353f9 ssl_session_cache none Igor Sysoev <igor@sysoev.ru> parents: 1778 diff changeset	1068 continue;
12b3ad3353f9 ssl_session_cache none Igor Sysoev <igor@sysoev.ru> parents: 1778 diff changeset	1069 }
12b3ad3353f9 ssl_session_cache none Igor Sysoev <igor@sysoev.ru> parents: 1778 diff changeset	1070
973 e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	1071 if (ngx_strcmp(value[i].data, "builtin") == 0) {
974 8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 973 diff changeset	1072 sscf->builtin_session_cache = NGX_SSL_DFLT_BUILTIN_SCACHE;
973 e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	1073 continue;
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	1074 }
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	1075
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	1076 if (value[i].len > sizeof("builtin:") - 1
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	1077 && ngx_strncmp(value[i].data, "builtin:", sizeof("builtin:") - 1)
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	1078 == 0)
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	1079 {
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	1080 n = ngx_atoi(value[i].data + sizeof("builtin:") - 1,
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	1081 value[i].len - (sizeof("builtin:") - 1));
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	1082
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	1083 if (n == NGX_ERROR) {
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	1084 goto invalid;
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	1085 }
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	1086
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	1087 sscf->builtin_session_cache = n;
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	1088
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	1089 continue;
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	1090 }
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	1091
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	1092 if (value[i].len > sizeof("shared:") - 1
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	1093 && ngx_strncmp(value[i].data, "shared:", sizeof("shared:") - 1)
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	1094 == 0)
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	1095 {
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	1096 len = 0;
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	1097
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	1098 for (j = sizeof("shared:") - 1; j < value[i].len; j++) {
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	1099 if (value[i].data[j] == ':') {
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	1100 break;
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	1101 }
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	1102
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	1103 len++;
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	1104 }
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	1105
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	1106 if (len == 0) {
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	1107 goto invalid;
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	1108 }
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	1109
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	1110 name.len = len;
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	1111 name.data = value[i].data + sizeof("shared:") - 1;
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	1112
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	1113 size.len = value[i].len - j - 1;
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	1114 size.data = name.data + len + 1;
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	1115
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	1116 n = ngx_parse_size(&size);
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	1117
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	1118 if (n == NGX_ERROR) {
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	1119 goto invalid;
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	1120 }
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	1121
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	1122 if (n < (ngx_int_t) (8 * ngx_pagesize)) {
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	1123 ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
974 8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 973 diff changeset	1124 "session cache \"%V\" is too small",
973 e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	1125 &value[i]);
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	1126
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	1127 return NGX_CONF_ERROR;
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	1128 }
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	1129
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	1130 sscf->shm_zone = ngx_shared_memory_add(cf, &name, n,
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	1131 &ngx_http_ssl_module);
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	1132 if (sscf->shm_zone == NULL) {
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	1133 return NGX_CONF_ERROR;
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	1134 }
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	1135
4153 7de74ed694c8 Fix for "ssl_session_cache builtin" (broken since 1.1.1, r3993). Maxim Dounin <mdounin@mdounin.ru> parents: 3992 diff changeset	1136 sscf->shm_zone->init = ngx_ssl_session_cache_init;
7de74ed694c8 Fix for "ssl_session_cache builtin" (broken since 1.1.1, r3993). Maxim Dounin <mdounin@mdounin.ru> parents: 3992 diff changeset	1137
973 e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	1138 continue;
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	1139 }
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	1140
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	1141 goto invalid;
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	1142 }
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	1143
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	1144 if (sscf->shm_zone && sscf->builtin_session_cache == NGX_CONF_UNSET) {
974 8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 973 diff changeset	1145 sscf->builtin_session_cache = NGX_SSL_NO_BUILTIN_SCACHE;
973 e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	1146 }
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	1147
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	1148 return NGX_CONF_OK;
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	1149
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	1150 invalid:
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	1151
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	1152 ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	1153 "invalid session cache \"%V\"", &value[i]);
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	1154
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	1155 return NGX_CONF_ERROR;
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	1156 }
4875 386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4873 diff changeset	1157
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4873 diff changeset	1158
7654 b56f725dd4bb OCSP: certificate status cache. Roman Arutyunyan <arut@nginx.com> parents: 7653 diff changeset	1159 static char *
b56f725dd4bb OCSP: certificate status cache. Roman Arutyunyan <arut@nginx.com> parents: 7653 diff changeset	1160 ngx_http_ssl_ocsp_cache(ngx_conf_t cf, ngx_command_t cmd, void *conf)
b56f725dd4bb OCSP: certificate status cache. Roman Arutyunyan <arut@nginx.com> parents: 7653 diff changeset	1161 {
b56f725dd4bb OCSP: certificate status cache. Roman Arutyunyan <arut@nginx.com> parents: 7653 diff changeset	1162 ngx_http_ssl_srv_conf_t *sscf = conf;
b56f725dd4bb OCSP: certificate status cache. Roman Arutyunyan <arut@nginx.com> parents: 7653 diff changeset	1163
b56f725dd4bb OCSP: certificate status cache. Roman Arutyunyan <arut@nginx.com> parents: 7653 diff changeset	1164 size_t len;
b56f725dd4bb OCSP: certificate status cache. Roman Arutyunyan <arut@nginx.com> parents: 7653 diff changeset	1165 ngx_int_t n;
b56f725dd4bb OCSP: certificate status cache. Roman Arutyunyan <arut@nginx.com> parents: 7653 diff changeset	1166 ngx_str_t *value, name, size;
b56f725dd4bb OCSP: certificate status cache. Roman Arutyunyan <arut@nginx.com> parents: 7653 diff changeset	1167 ngx_uint_t j;
b56f725dd4bb OCSP: certificate status cache. Roman Arutyunyan <arut@nginx.com> parents: 7653 diff changeset	1168
b56f725dd4bb OCSP: certificate status cache. Roman Arutyunyan <arut@nginx.com> parents: 7653 diff changeset	1169 if (sscf->ocsp_cache_zone != NGX_CONF_UNSET_PTR) {
b56f725dd4bb OCSP: certificate status cache. Roman Arutyunyan <arut@nginx.com> parents: 7653 diff changeset	1170 return "is duplicate";
b56f725dd4bb OCSP: certificate status cache. Roman Arutyunyan <arut@nginx.com> parents: 7653 diff changeset	1171 }
b56f725dd4bb OCSP: certificate status cache. Roman Arutyunyan <arut@nginx.com> parents: 7653 diff changeset	1172
b56f725dd4bb OCSP: certificate status cache. Roman Arutyunyan <arut@nginx.com> parents: 7653 diff changeset	1173 value = cf->args->elts;
b56f725dd4bb OCSP: certificate status cache. Roman Arutyunyan <arut@nginx.com> parents: 7653 diff changeset	1174
b56f725dd4bb OCSP: certificate status cache. Roman Arutyunyan <arut@nginx.com> parents: 7653 diff changeset	1175 if (ngx_strcmp(value[1].data, "off") == 0) {
b56f725dd4bb OCSP: certificate status cache. Roman Arutyunyan <arut@nginx.com> parents: 7653 diff changeset	1176 sscf->ocsp_cache_zone = NULL;
b56f725dd4bb OCSP: certificate status cache. Roman Arutyunyan <arut@nginx.com> parents: 7653 diff changeset	1177 return NGX_CONF_OK;
b56f725dd4bb OCSP: certificate status cache. Roman Arutyunyan <arut@nginx.com> parents: 7653 diff changeset	1178 }
b56f725dd4bb OCSP: certificate status cache. Roman Arutyunyan <arut@nginx.com> parents: 7653 diff changeset	1179
b56f725dd4bb OCSP: certificate status cache. Roman Arutyunyan <arut@nginx.com> parents: 7653 diff changeset	1180 if (value[1].len <= sizeof("shared:") - 1
b56f725dd4bb OCSP: certificate status cache. Roman Arutyunyan <arut@nginx.com> parents: 7653 diff changeset	1181 \|\| ngx_strncmp(value[1].data, "shared:", sizeof("shared:") - 1) != 0)
b56f725dd4bb OCSP: certificate status cache. Roman Arutyunyan <arut@nginx.com> parents: 7653 diff changeset	1182 {
b56f725dd4bb OCSP: certificate status cache. Roman Arutyunyan <arut@nginx.com> parents: 7653 diff changeset	1183 goto invalid;
b56f725dd4bb OCSP: certificate status cache. Roman Arutyunyan <arut@nginx.com> parents: 7653 diff changeset	1184 }
b56f725dd4bb OCSP: certificate status cache. Roman Arutyunyan <arut@nginx.com> parents: 7653 diff changeset	1185
b56f725dd4bb OCSP: certificate status cache. Roman Arutyunyan <arut@nginx.com> parents: 7653 diff changeset	1186 len = 0;
b56f725dd4bb OCSP: certificate status cache. Roman Arutyunyan <arut@nginx.com> parents: 7653 diff changeset	1187
b56f725dd4bb OCSP: certificate status cache. Roman Arutyunyan <arut@nginx.com> parents: 7653 diff changeset	1188 for (j = sizeof("shared:") - 1; j < value[1].len; j++) {
b56f725dd4bb OCSP: certificate status cache. Roman Arutyunyan <arut@nginx.com> parents: 7653 diff changeset	1189 if (value[1].data[j] == ':') {
b56f725dd4bb OCSP: certificate status cache. Roman Arutyunyan <arut@nginx.com> parents: 7653 diff changeset	1190 break;
b56f725dd4bb OCSP: certificate status cache. Roman Arutyunyan <arut@nginx.com> parents: 7653 diff changeset	1191 }
b56f725dd4bb OCSP: certificate status cache. Roman Arutyunyan <arut@nginx.com> parents: 7653 diff changeset	1192
b56f725dd4bb OCSP: certificate status cache. Roman Arutyunyan <arut@nginx.com> parents: 7653 diff changeset	1193 len++;
b56f725dd4bb OCSP: certificate status cache. Roman Arutyunyan <arut@nginx.com> parents: 7653 diff changeset	1194 }
b56f725dd4bb OCSP: certificate status cache. Roman Arutyunyan <arut@nginx.com> parents: 7653 diff changeset	1195
b56f725dd4bb OCSP: certificate status cache. Roman Arutyunyan <arut@nginx.com> parents: 7653 diff changeset	1196 if (len == 0) {
b56f725dd4bb OCSP: certificate status cache. Roman Arutyunyan <arut@nginx.com> parents: 7653 diff changeset	1197 goto invalid;
b56f725dd4bb OCSP: certificate status cache. Roman Arutyunyan <arut@nginx.com> parents: 7653 diff changeset	1198 }
b56f725dd4bb OCSP: certificate status cache. Roman Arutyunyan <arut@nginx.com> parents: 7653 diff changeset	1199
b56f725dd4bb OCSP: certificate status cache. Roman Arutyunyan <arut@nginx.com> parents: 7653 diff changeset	1200 name.len = len;
b56f725dd4bb OCSP: certificate status cache. Roman Arutyunyan <arut@nginx.com> parents: 7653 diff changeset	1201 name.data = value[1].data + sizeof("shared:") - 1;
b56f725dd4bb OCSP: certificate status cache. Roman Arutyunyan <arut@nginx.com> parents: 7653 diff changeset	1202
b56f725dd4bb OCSP: certificate status cache. Roman Arutyunyan <arut@nginx.com> parents: 7653 diff changeset	1203 size.len = value[1].len - j - 1;
b56f725dd4bb OCSP: certificate status cache. Roman Arutyunyan <arut@nginx.com> parents: 7653 diff changeset	1204 size.data = name.data + len + 1;
b56f725dd4bb OCSP: certificate status cache. Roman Arutyunyan <arut@nginx.com> parents: 7653 diff changeset	1205
b56f725dd4bb OCSP: certificate status cache. Roman Arutyunyan <arut@nginx.com> parents: 7653 diff changeset	1206 n = ngx_parse_size(&size);
b56f725dd4bb OCSP: certificate status cache. Roman Arutyunyan <arut@nginx.com> parents: 7653 diff changeset	1207
b56f725dd4bb OCSP: certificate status cache. Roman Arutyunyan <arut@nginx.com> parents: 7653 diff changeset	1208 if (n == NGX_ERROR) {
b56f725dd4bb OCSP: certificate status cache. Roman Arutyunyan <arut@nginx.com> parents: 7653 diff changeset	1209 goto invalid;
b56f725dd4bb OCSP: certificate status cache. Roman Arutyunyan <arut@nginx.com> parents: 7653 diff changeset	1210 }
b56f725dd4bb OCSP: certificate status cache. Roman Arutyunyan <arut@nginx.com> parents: 7653 diff changeset	1211
b56f725dd4bb OCSP: certificate status cache. Roman Arutyunyan <arut@nginx.com> parents: 7653 diff changeset	1212 if (n < (ngx_int_t) (8 * ngx_pagesize)) {
b56f725dd4bb OCSP: certificate status cache. Roman Arutyunyan <arut@nginx.com> parents: 7653 diff changeset	1213 ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
b56f725dd4bb OCSP: certificate status cache. Roman Arutyunyan <arut@nginx.com> parents: 7653 diff changeset	1214 "OCSP cache \"%V\" is too small", &value[1]);
b56f725dd4bb OCSP: certificate status cache. Roman Arutyunyan <arut@nginx.com> parents: 7653 diff changeset	1215
b56f725dd4bb OCSP: certificate status cache. Roman Arutyunyan <arut@nginx.com> parents: 7653 diff changeset	1216 return NGX_CONF_ERROR;
b56f725dd4bb OCSP: certificate status cache. Roman Arutyunyan <arut@nginx.com> parents: 7653 diff changeset	1217 }
b56f725dd4bb OCSP: certificate status cache. Roman Arutyunyan <arut@nginx.com> parents: 7653 diff changeset	1218
b56f725dd4bb OCSP: certificate status cache. Roman Arutyunyan <arut@nginx.com> parents: 7653 diff changeset	1219 sscf->ocsp_cache_zone = ngx_shared_memory_add(cf, &name, n,
b56f725dd4bb OCSP: certificate status cache. Roman Arutyunyan <arut@nginx.com> parents: 7653 diff changeset	1220 &ngx_http_ssl_module_ctx);
b56f725dd4bb OCSP: certificate status cache. Roman Arutyunyan <arut@nginx.com> parents: 7653 diff changeset	1221 if (sscf->ocsp_cache_zone == NULL) {
b56f725dd4bb OCSP: certificate status cache. Roman Arutyunyan <arut@nginx.com> parents: 7653 diff changeset	1222 return NGX_CONF_ERROR;
b56f725dd4bb OCSP: certificate status cache. Roman Arutyunyan <arut@nginx.com> parents: 7653 diff changeset	1223 }
b56f725dd4bb OCSP: certificate status cache. Roman Arutyunyan <arut@nginx.com> parents: 7653 diff changeset	1224
b56f725dd4bb OCSP: certificate status cache. Roman Arutyunyan <arut@nginx.com> parents: 7653 diff changeset	1225 sscf->ocsp_cache_zone->init = ngx_ssl_ocsp_cache_init;
b56f725dd4bb OCSP: certificate status cache. Roman Arutyunyan <arut@nginx.com> parents: 7653 diff changeset	1226
b56f725dd4bb OCSP: certificate status cache. Roman Arutyunyan <arut@nginx.com> parents: 7653 diff changeset	1227 return NGX_CONF_OK;
b56f725dd4bb OCSP: certificate status cache. Roman Arutyunyan <arut@nginx.com> parents: 7653 diff changeset	1228
b56f725dd4bb OCSP: certificate status cache. Roman Arutyunyan <arut@nginx.com> parents: 7653 diff changeset	1229 invalid:
b56f725dd4bb OCSP: certificate status cache. Roman Arutyunyan <arut@nginx.com> parents: 7653 diff changeset	1230
b56f725dd4bb OCSP: certificate status cache. Roman Arutyunyan <arut@nginx.com> parents: 7653 diff changeset	1231 ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
b56f725dd4bb OCSP: certificate status cache. Roman Arutyunyan <arut@nginx.com> parents: 7653 diff changeset	1232 "invalid OCSP cache \"%V\"", &value[1]);
b56f725dd4bb OCSP: certificate status cache. Roman Arutyunyan <arut@nginx.com> parents: 7653 diff changeset	1233
b56f725dd4bb OCSP: certificate status cache. Roman Arutyunyan <arut@nginx.com> parents: 7653 diff changeset	1234 return NGX_CONF_ERROR;
b56f725dd4bb OCSP: certificate status cache. Roman Arutyunyan <arut@nginx.com> parents: 7653 diff changeset	1235 }
b56f725dd4bb OCSP: certificate status cache. Roman Arutyunyan <arut@nginx.com> parents: 7653 diff changeset	1236
b56f725dd4bb OCSP: certificate status cache. Roman Arutyunyan <arut@nginx.com> parents: 7653 diff changeset	1237
4875 386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4873 diff changeset	1238 static ngx_int_t
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4873 diff changeset	1239 ngx_http_ssl_init(ngx_conf_t *cf)
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4873 diff changeset	1240 {
7269 7f955d3b9a0d SSL: detect "listen ... ssl" without certificates (ticket #178). Maxim Dounin <mdounin@mdounin.ru> parents: 7091 diff changeset	1241 ngx_uint_t a, p, s;
7f955d3b9a0d SSL: detect "listen ... ssl" without certificates (ticket #178). Maxim Dounin <mdounin@mdounin.ru> parents: 7091 diff changeset	1242 ngx_http_conf_addr_t *addr;
7f955d3b9a0d SSL: detect "listen ... ssl" without certificates (ticket #178). Maxim Dounin <mdounin@mdounin.ru> parents: 7091 diff changeset	1243 ngx_http_conf_port_t *port;
4875 386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4873 diff changeset	1244 ngx_http_ssl_srv_conf_t *sscf;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4873 diff changeset	1245 ngx_http_core_loc_conf_t *clcf;
7269 7f955d3b9a0d SSL: detect "listen ... ssl" without certificates (ticket #178). Maxim Dounin <mdounin@mdounin.ru> parents: 7091 diff changeset	1246 ngx_http_core_srv_conf_t *cscfp, cscf;
4875 386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4873 diff changeset	1247 ngx_http_core_main_conf_t *cmcf;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4873 diff changeset	1248
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4873 diff changeset	1249 cmcf = ngx_http_conf_get_module_main_conf(cf, ngx_http_core_module);
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4873 diff changeset	1250 cscfp = cmcf->servers.elts;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4873 diff changeset	1251
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4873 diff changeset	1252 for (s = 0; s < cmcf->servers.nelts; s++) {
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4873 diff changeset	1253
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4873 diff changeset	1254 sscf = cscfp[s]->ctx->srv_conf[ngx_http_ssl_module.ctx_index];
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4873 diff changeset	1255
7653 8409f9df6219 SSL: client certificate validation with OCSP (ticket #1534). Roman Arutyunyan <arut@nginx.com> parents: 7567 diff changeset	1256 if (sscf->ssl.ctx == NULL) {
4875 386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4873 diff changeset	1257 continue;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4873 diff changeset	1258 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4873 diff changeset	1259
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4873 diff changeset	1260 clcf = cscfp[s]->ctx->loc_conf[ngx_http_core_module.ctx_index];
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4873 diff changeset	1261
7653 8409f9df6219 SSL: client certificate validation with OCSP (ticket #1534). Roman Arutyunyan <arut@nginx.com> parents: 7567 diff changeset	1262 if (sscf->stapling) {
8409f9df6219 SSL: client certificate validation with OCSP (ticket #1534). Roman Arutyunyan <arut@nginx.com> parents: 7567 diff changeset	1263 if (ngx_ssl_stapling_resolver(cf, &sscf->ssl, clcf->resolver,
8409f9df6219 SSL: client certificate validation with OCSP (ticket #1534). Roman Arutyunyan <arut@nginx.com> parents: 7567 diff changeset	1264 clcf->resolver_timeout)
8409f9df6219 SSL: client certificate validation with OCSP (ticket #1534). Roman Arutyunyan <arut@nginx.com> parents: 7567 diff changeset	1265 != NGX_OK)
8409f9df6219 SSL: client certificate validation with OCSP (ticket #1534). Roman Arutyunyan <arut@nginx.com> parents: 7567 diff changeset	1266 {
8409f9df6219 SSL: client certificate validation with OCSP (ticket #1534). Roman Arutyunyan <arut@nginx.com> parents: 7567 diff changeset	1267 return NGX_ERROR;
8409f9df6219 SSL: client certificate validation with OCSP (ticket #1534). Roman Arutyunyan <arut@nginx.com> parents: 7567 diff changeset	1268 }
8409f9df6219 SSL: client certificate validation with OCSP (ticket #1534). Roman Arutyunyan <arut@nginx.com> parents: 7567 diff changeset	1269 }
8409f9df6219 SSL: client certificate validation with OCSP (ticket #1534). Roman Arutyunyan <arut@nginx.com> parents: 7567 diff changeset	1270
8409f9df6219 SSL: client certificate validation with OCSP (ticket #1534). Roman Arutyunyan <arut@nginx.com> parents: 7567 diff changeset	1271 if (sscf->ocsp) {
8409f9df6219 SSL: client certificate validation with OCSP (ticket #1534). Roman Arutyunyan <arut@nginx.com> parents: 7567 diff changeset	1272 if (ngx_ssl_ocsp_resolver(cf, &sscf->ssl, clcf->resolver,
4875 386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4873 diff changeset	1273 clcf->resolver_timeout)
7653 8409f9df6219 SSL: client certificate validation with OCSP (ticket #1534). Roman Arutyunyan <arut@nginx.com> parents: 7567 diff changeset	1274 != NGX_OK)
8409f9df6219 SSL: client certificate validation with OCSP (ticket #1534). Roman Arutyunyan <arut@nginx.com> parents: 7567 diff changeset	1275 {
8409f9df6219 SSL: client certificate validation with OCSP (ticket #1534). Roman Arutyunyan <arut@nginx.com> parents: 7567 diff changeset	1276 return NGX_ERROR;
8409f9df6219 SSL: client certificate validation with OCSP (ticket #1534). Roman Arutyunyan <arut@nginx.com> parents: 7567 diff changeset	1277 }
4875 386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4873 diff changeset	1278 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4873 diff changeset	1279 }
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4873 diff changeset	1280
7269 7f955d3b9a0d SSL: detect "listen ... ssl" without certificates (ticket #178). Maxim Dounin <mdounin@mdounin.ru> parents: 7091 diff changeset	1281 if (cmcf->ports == NULL) {
7f955d3b9a0d SSL: detect "listen ... ssl" without certificates (ticket #178). Maxim Dounin <mdounin@mdounin.ru> parents: 7091 diff changeset	1282 return NGX_OK;
7f955d3b9a0d SSL: detect "listen ... ssl" without certificates (ticket #178). Maxim Dounin <mdounin@mdounin.ru> parents: 7091 diff changeset	1283 }
7f955d3b9a0d SSL: detect "listen ... ssl" without certificates (ticket #178). Maxim Dounin <mdounin@mdounin.ru> parents: 7091 diff changeset	1284
7f955d3b9a0d SSL: detect "listen ... ssl" without certificates (ticket #178). Maxim Dounin <mdounin@mdounin.ru> parents: 7091 diff changeset	1285 port = cmcf->ports->elts;
7f955d3b9a0d SSL: detect "listen ... ssl" without certificates (ticket #178). Maxim Dounin <mdounin@mdounin.ru> parents: 7091 diff changeset	1286 for (p = 0; p < cmcf->ports->nelts; p++) {
7f955d3b9a0d SSL: detect "listen ... ssl" without certificates (ticket #178). Maxim Dounin <mdounin@mdounin.ru> parents: 7091 diff changeset	1287
7f955d3b9a0d SSL: detect "listen ... ssl" without certificates (ticket #178). Maxim Dounin <mdounin@mdounin.ru> parents: 7091 diff changeset	1288 addr = port[p].addrs.elts;
7f955d3b9a0d SSL: detect "listen ... ssl" without certificates (ticket #178). Maxim Dounin <mdounin@mdounin.ru> parents: 7091 diff changeset	1289 for (a = 0; a < port[p].addrs.nelts; a++) {
7f955d3b9a0d SSL: detect "listen ... ssl" without certificates (ticket #178). Maxim Dounin <mdounin@mdounin.ru> parents: 7091 diff changeset	1290
7f955d3b9a0d SSL: detect "listen ... ssl" without certificates (ticket #178). Maxim Dounin <mdounin@mdounin.ru> parents: 7091 diff changeset	1291 if (!addr[a].opt.ssl) {
7f955d3b9a0d SSL: detect "listen ... ssl" without certificates (ticket #178). Maxim Dounin <mdounin@mdounin.ru> parents: 7091 diff changeset	1292 continue;
7f955d3b9a0d SSL: detect "listen ... ssl" without certificates (ticket #178). Maxim Dounin <mdounin@mdounin.ru> parents: 7091 diff changeset	1293 }
7f955d3b9a0d SSL: detect "listen ... ssl" without certificates (ticket #178). Maxim Dounin <mdounin@mdounin.ru> parents: 7091 diff changeset	1294
7f955d3b9a0d SSL: detect "listen ... ssl" without certificates (ticket #178). Maxim Dounin <mdounin@mdounin.ru> parents: 7091 diff changeset	1295 cscf = addr[a].default_server;
7f955d3b9a0d SSL: detect "listen ... ssl" without certificates (ticket #178). Maxim Dounin <mdounin@mdounin.ru> parents: 7091 diff changeset	1296 sscf = cscf->ctx->srv_conf[ngx_http_ssl_module.ctx_index];
7f955d3b9a0d SSL: detect "listen ... ssl" without certificates (ticket #178). Maxim Dounin <mdounin@mdounin.ru> parents: 7091 diff changeset	1297
7f955d3b9a0d SSL: detect "listen ... ssl" without certificates (ticket #178). Maxim Dounin <mdounin@mdounin.ru> parents: 7091 diff changeset	1298 if (sscf->certificates == NULL) {
7f955d3b9a0d SSL: detect "listen ... ssl" without certificates (ticket #178). Maxim Dounin <mdounin@mdounin.ru> parents: 7091 diff changeset	1299 ngx_log_error(NGX_LOG_EMERG, cf->log, 0,
7f955d3b9a0d SSL: detect "listen ... ssl" without certificates (ticket #178). Maxim Dounin <mdounin@mdounin.ru> parents: 7091 diff changeset	1300 "no \"ssl_certificate\" is defined for "
7f955d3b9a0d SSL: detect "listen ... ssl" without certificates (ticket #178). Maxim Dounin <mdounin@mdounin.ru> parents: 7091 diff changeset	1301 "the \"listen ... ssl\" directive in %s:%ui",
7f955d3b9a0d SSL: detect "listen ... ssl" without certificates (ticket #178). Maxim Dounin <mdounin@mdounin.ru> parents: 7091 diff changeset	1302 cscf->file_name, cscf->line);
7f955d3b9a0d SSL: detect "listen ... ssl" without certificates (ticket #178). Maxim Dounin <mdounin@mdounin.ru> parents: 7091 diff changeset	1303 return NGX_ERROR;
7f955d3b9a0d SSL: detect "listen ... ssl" without certificates (ticket #178). Maxim Dounin <mdounin@mdounin.ru> parents: 7091 diff changeset	1304 }
7f955d3b9a0d SSL: detect "listen ... ssl" without certificates (ticket #178). Maxim Dounin <mdounin@mdounin.ru> parents: 7091 diff changeset	1305 }
7f955d3b9a0d SSL: detect "listen ... ssl" without certificates (ticket #178). Maxim Dounin <mdounin@mdounin.ru> parents: 7091 diff changeset	1306 }
7f955d3b9a0d SSL: detect "listen ... ssl" without certificates (ticket #178). Maxim Dounin <mdounin@mdounin.ru> parents: 7091 diff changeset	1307
4875 386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4873 diff changeset	1308 return NGX_OK;
386a06a22c40 OCSP stapling: loading OCSP responses. Maxim Dounin <mdounin@mdounin.ru> parents: 4873 diff changeset	1309 }

Mercurial > hg > nginx

annotate src/http/modules/ngx_http_ssl_module.c @ 7676:d225b70d38b6