Mercurial > hg > nginx

annotate src/event/ngx_event_openssl.h @ 7660:d33e17499088

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Version bump.
author Maxim Dounin <mdounin@mdounin.ru>
date Tue, 26 May 2020 22:03:00 +0300
parents b56f725dd4bb
children 3bff3f397c05 7995cd199b52
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
441
da8c5707af39 nginx-0.1.0-2004-09-28-12:34:51 import; set copyright and remove unused files
Igor Sysoev <igor@sysoev.ru>
parents: 397
diff changeset
1
da8c5707af39 nginx-0.1.0-2004-09-28-12:34:51 import; set copyright and remove unused files
Igor Sysoev <igor@sysoev.ru>
parents: 397
diff changeset
2 /*
444
42d11f017717 nginx-0.1.0-2004-09-29-20:00:49 import; remove years from copyright
Igor Sysoev <igor@sysoev.ru>
parents: 441
diff changeset
3 * Copyright (C) Igor Sysoev
4412
d620f497c50f Copyright updated.
Maxim Konovalov <maxim@nginx.com>
parents: 4400
diff changeset
4 * Copyright (C) Nginx, Inc.
441
da8c5707af39 nginx-0.1.0-2004-09-28-12:34:51 import; set copyright and remove unused files
Igor Sysoev <igor@sysoev.ru>
parents: 397
diff changeset
5 */
da8c5707af39 nginx-0.1.0-2004-09-28-12:34:51 import; set copyright and remove unused files
Igor Sysoev <igor@sysoev.ru>
parents: 397
diff changeset
6
da8c5707af39 nginx-0.1.0-2004-09-28-12:34:51 import; set copyright and remove unused files
Igor Sysoev <igor@sysoev.ru>
parents: 397
diff changeset
7
393
5659d773cfa8 nginx-0.0.7-2004-07-15-20:35:51 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
8 #ifndef _NGX_EVENT_OPENSSL_H_INCLUDED_
5659d773cfa8 nginx-0.0.7-2004-07-15-20:35:51 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
9 #define _NGX_EVENT_OPENSSL_H_INCLUDED_
5659d773cfa8 nginx-0.0.7-2004-07-15-20:35:51 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
10
5659d773cfa8 nginx-0.0.7-2004-07-15-20:35:51 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
11
5659d773cfa8 nginx-0.0.7-2004-07-15-20:35:51 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
12 #include <ngx_config.h>
5659d773cfa8 nginx-0.0.7-2004-07-15-20:35:51 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
13 #include <ngx_core.h>
5659d773cfa8 nginx-0.0.7-2004-07-15-20:35:51 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
14
5659d773cfa8 nginx-0.0.7-2004-07-15-20:35:51 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
15 #include <openssl/ssl.h>
5659d773cfa8 nginx-0.0.7-2004-07-15-20:35:51 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
16 #include <openssl/err.h>
5753
febce92c82f6 SSL: include correct OpenSSL headers.
Piotr Sikora <piotr@cloudflare.com>
parents: 5744
diff changeset
17 #include <openssl/bn.h>
968
1b60ecc8cdb7 OPENSSL_config()
Igor Sysoev <igor@sysoev.ru>
parents: 671
diff changeset
18 #include <openssl/conf.h>
5753
febce92c82f6 SSL: include correct OpenSSL headers.
Piotr Sikora <piotr@cloudflare.com>
parents: 5744
diff changeset
19 #include <openssl/crypto.h>
febce92c82f6 SSL: include correct OpenSSL headers.
Piotr Sikora <piotr@cloudflare.com>
parents: 5744
diff changeset
20 #include <openssl/dh.h>
5777
4d092aa2f463 SSL: fix build with OPENSSL_NO_ENGINE and/or OPENSSL_NO_OCSP.
Piotr Sikora <piotr@cloudflare.com>
parents: 5753
diff changeset
21 #ifndef OPENSSL_NO_ENGINE
541
b09ee85d0ac8 nginx-0.1.45-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 539
diff changeset
22 #include <openssl/engine.h>
5777
4d092aa2f463 SSL: fix build with OPENSSL_NO_ENGINE and/or OPENSSL_NO_OCSP.
Piotr Sikora <piotr@cloudflare.com>
parents: 5753
diff changeset
23 #endif
3464
7f99ce2247f9 add OpenSSL_add_all_algorithms(), this fixes the error
Igor Sysoev <igor@sysoev.ru>
parents: 3300
diff changeset
24 #include <openssl/evp.h>
7132
8076ba459f05 SSL: include <openssl/hmac.h>.
Alessandro Ghedini <alessandro@ghedini.me>
parents: 7091
diff changeset
25 #include <openssl/hmac.h>
5777
4d092aa2f463 SSL: fix build with OPENSSL_NO_ENGINE and/or OPENSSL_NO_OCSP.
Piotr Sikora <piotr@cloudflare.com>
parents: 5753
diff changeset
26 #ifndef OPENSSL_NO_OCSP
4873
dd74fd35ceb5 OCSP stapling: ssl_stapling_file support.
Maxim Dounin <mdounin@mdounin.ru>
parents: 4872
diff changeset
27 #include <openssl/ocsp.h>
5777
4d092aa2f463 SSL: fix build with OPENSSL_NO_ENGINE and/or OPENSSL_NO_OCSP.
Piotr Sikora <piotr@cloudflare.com>
parents: 5753
diff changeset
28 #endif
5753
febce92c82f6 SSL: include correct OpenSSL headers.
Piotr Sikora <piotr@cloudflare.com>
parents: 5744
diff changeset
29 #include <openssl/rand.h>
febce92c82f6 SSL: include correct OpenSSL headers.
Piotr Sikora <piotr@cloudflare.com>
parents: 5744
diff changeset
30 #include <openssl/rsa.h>
febce92c82f6 SSL: include correct OpenSSL headers.
Piotr Sikora <piotr@cloudflare.com>
parents: 5744
diff changeset
31 #include <openssl/x509.h>
febce92c82f6 SSL: include correct OpenSSL headers.
Piotr Sikora <piotr@cloudflare.com>
parents: 5744
diff changeset
32 #include <openssl/x509v3.h>
541
b09ee85d0ac8 nginx-0.1.45-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 539
diff changeset
33
547
818fbd4750b9 nginx-0.2.2-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 543
diff changeset
34 #define NGX_SSL_NAME "OpenSSL"
818fbd4750b9 nginx-0.2.2-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 543
diff changeset
35
818fbd4750b9 nginx-0.2.2-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 543
diff changeset
36
6485
382fc7069e3a SSL: reasonable version for LibreSSL.
Maxim Dounin <mdounin@mdounin.ru>
parents: 6261
diff changeset
37 #if (defined LIBRESSL_VERSION_NUMBER && OPENSSL_VERSION_NUMBER == 0x20000000L)
382fc7069e3a SSL: reasonable version for LibreSSL.
Maxim Dounin <mdounin@mdounin.ru>
parents: 6261
diff changeset
38 #undef OPENSSL_VERSION_NUMBER
7337
cab37803ebb3 SSL: fixed build with LibreSSL 2.8.0 (ticket #1605).
Maxim Dounin <mdounin@mdounin.ru>
parents: 7333
diff changeset
39 #if (LIBRESSL_VERSION_NUMBER >= 0x2080000fL)
cab37803ebb3 SSL: fixed build with LibreSSL 2.8.0 (ticket #1605).
Maxim Dounin <mdounin@mdounin.ru>
parents: 7333
diff changeset
40 #define OPENSSL_VERSION_NUMBER 0x1010000fL
cab37803ebb3 SSL: fixed build with LibreSSL 2.8.0 (ticket #1605).
Maxim Dounin <mdounin@mdounin.ru>
parents: 7333
diff changeset
41 #else
6485
382fc7069e3a SSL: reasonable version for LibreSSL.
Maxim Dounin <mdounin@mdounin.ru>
parents: 6261
diff changeset
42 #define OPENSSL_VERSION_NUMBER 0x1000107fL
382fc7069e3a SSL: reasonable version for LibreSSL.
Maxim Dounin <mdounin@mdounin.ru>
parents: 6261
diff changeset
43 #endif
7337
cab37803ebb3 SSL: fixed build with LibreSSL 2.8.0 (ticket #1605).
Maxim Dounin <mdounin@mdounin.ru>
parents: 7333
diff changeset
44 #endif
6485
382fc7069e3a SSL: reasonable version for LibreSSL.
Maxim Dounin <mdounin@mdounin.ru>
parents: 6261
diff changeset
45
382fc7069e3a SSL: reasonable version for LibreSSL.
Maxim Dounin <mdounin@mdounin.ru>
parents: 6261
diff changeset
46
6492
3b77efe05b92 SSL: SSLeay_version() is deprecated in OpenSSL 1.1.0.
Maxim Dounin <mdounin@mdounin.ru>
parents: 6485
diff changeset
47 #if (OPENSSL_VERSION_NUMBER >= 0x10100001L)
3b77efe05b92 SSL: SSLeay_version() is deprecated in OpenSSL 1.1.0.
Maxim Dounin <mdounin@mdounin.ru>
parents: 6485
diff changeset
48
3b77efe05b92 SSL: SSLeay_version() is deprecated in OpenSSL 1.1.0.
Maxim Dounin <mdounin@mdounin.ru>
parents: 6485
diff changeset
49 #define ngx_ssl_version() OpenSSL_version(OPENSSL_VERSION)
3b77efe05b92 SSL: SSLeay_version() is deprecated in OpenSSL 1.1.0.
Maxim Dounin <mdounin@mdounin.ru>
parents: 6485
diff changeset
50
3b77efe05b92 SSL: SSLeay_version() is deprecated in OpenSSL 1.1.0.
Maxim Dounin <mdounin@mdounin.ru>
parents: 6485
diff changeset
51 #else
3b77efe05b92 SSL: SSLeay_version() is deprecated in OpenSSL 1.1.0.
Maxim Dounin <mdounin@mdounin.ru>
parents: 6485
diff changeset
52
3b77efe05b92 SSL: SSLeay_version() is deprecated in OpenSSL 1.1.0.
Maxim Dounin <mdounin@mdounin.ru>
parents: 6485
diff changeset
53 #define ngx_ssl_version() SSLeay_version(SSLEAY_VERSION)
3b77efe05b92 SSL: SSLeay_version() is deprecated in OpenSSL 1.1.0.
Maxim Dounin <mdounin@mdounin.ru>
parents: 6485
diff changeset
54
3b77efe05b92 SSL: SSLeay_version() is deprecated in OpenSSL 1.1.0.
Maxim Dounin <mdounin@mdounin.ru>
parents: 6485
diff changeset
55 #endif
3b77efe05b92 SSL: SSLeay_version() is deprecated in OpenSSL 1.1.0.
Maxim Dounin <mdounin@mdounin.ru>
parents: 6485
diff changeset
56
3b77efe05b92 SSL: SSLeay_version() is deprecated in OpenSSL 1.1.0.
Maxim Dounin <mdounin@mdounin.ru>
parents: 6485
diff changeset
57
671
cec32b3753ac nginx-0.3.57-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 647
diff changeset
58 #define ngx_ssl_session_t SSL_SESSION
cec32b3753ac nginx-0.3.57-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 647
diff changeset
59 #define ngx_ssl_conn_t SSL
cec32b3753ac nginx-0.3.57-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 647
diff changeset
60
cec32b3753ac nginx-0.3.57-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 647
diff changeset
61
6982
ac9b1df5b246 SSL: disabled renegotiation detection in client mode.
Sergey Kandaurov <pluknet@nginx.com>
parents: 6981
diff changeset
62 #if (OPENSSL_VERSION_NUMBER < 0x10002000L)
ac9b1df5b246 SSL: disabled renegotiation detection in client mode.
Sergey Kandaurov <pluknet@nginx.com>
parents: 6981
diff changeset
63 #define SSL_is_server(s) (s)->server
ac9b1df5b246 SSL: disabled renegotiation detection in client mode.
Sergey Kandaurov <pluknet@nginx.com>
parents: 6981
diff changeset
64 #endif
ac9b1df5b246 SSL: disabled renegotiation detection in client mode.
Sergey Kandaurov <pluknet@nginx.com>
parents: 6981
diff changeset
65
ac9b1df5b246 SSL: disabled renegotiation detection in client mode.
Sergey Kandaurov <pluknet@nginx.com>
parents: 6981
diff changeset
66
7653
8409f9df6219 SSL: client certificate validation with OCSP (ticket #1534).
Roman Arutyunyan <arut@nginx.com>
parents: 7612
diff changeset
67 typedef struct ngx_ssl_ocsp_s ngx_ssl_ocsp_t;
8409f9df6219 SSL: client certificate validation with OCSP (ticket #1534).
Roman Arutyunyan <arut@nginx.com>
parents: 7612
diff changeset
68
8409f9df6219 SSL: client certificate validation with OCSP (ticket #1534).
Roman Arutyunyan <arut@nginx.com>
parents: 7612
diff changeset
69
6735
e38e9c50a40e Modules compatibility: compatibility with NGX_HTTP_SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents: 6591
diff changeset
70 struct ngx_ssl_s {
547
818fbd4750b9 nginx-0.2.2-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 543
diff changeset
71 SSL_CTX *ctx;
818fbd4750b9 nginx-0.2.2-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 543
diff changeset
72 ngx_log_t *log;
5487
a297b7ad6f94 SSL: ssl_buffer_size directive.
Maxim Dounin <mdounin@mdounin.ru>
parents: 5425
diff changeset
73 size_t buffer_size;
6735
e38e9c50a40e Modules compatibility: compatibility with NGX_HTTP_SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents: 6591
diff changeset
74 };
541
b09ee85d0ac8 nginx-0.1.45-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 539
diff changeset
75
393
5659d773cfa8 nginx-0.0.7-2004-07-15-20:35:51 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
76
6735
e38e9c50a40e Modules compatibility: compatibility with NGX_HTTP_SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents: 6591
diff changeset
77 struct ngx_ssl_connection_s {
671
cec32b3753ac nginx-0.3.57-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 647
diff changeset
78 ngx_ssl_conn_t *connection;
6261
97f102a13f33 SSL: preserve default server context in connection (ticket #235).
Maxim Dounin <mdounin@mdounin.ru>
parents: 5882
diff changeset
79 SSL_CTX *session_ctx;
647
95d7da23ea53 nginx-0.3.45-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 611
diff changeset
80
547
818fbd4750b9 nginx-0.2.2-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 543
diff changeset
81 ngx_int_t last;
818fbd4750b9 nginx-0.2.2-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 543
diff changeset
82 ngx_buf_t *buf;
5487
a297b7ad6f94 SSL: ssl_buffer_size directive.
Maxim Dounin <mdounin@mdounin.ru>
parents: 5425
diff changeset
83 size_t buffer_size;
547
818fbd4750b9 nginx-0.2.2-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 543
diff changeset
84
818fbd4750b9 nginx-0.2.2-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 543
diff changeset
85 ngx_connection_handler_pt handler;
396
6f3b20c1ac50 nginx-0.0.7-2004-07-18-23:11:20 import
Igor Sysoev <igor@sysoev.ru>
parents: 395
diff changeset
86
7320
696df3ac27ac SSL: save sessions for upstream peers using a callback function.
Sergey Kandaurov <pluknet@nginx.com>
parents: 7132
diff changeset
87 ngx_ssl_session_t *session;
696df3ac27ac SSL: save sessions for upstream peers using a callback function.
Sergey Kandaurov <pluknet@nginx.com>
parents: 7132
diff changeset
88 ngx_connection_handler_pt save_session;
696df3ac27ac SSL: save sessions for upstream peers using a callback function.
Sergey Kandaurov <pluknet@nginx.com>
parents: 7132
diff changeset
89
547
818fbd4750b9 nginx-0.2.2-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 543
diff changeset
90 ngx_event_handler_pt saved_read_handler;
818fbd4750b9 nginx-0.2.2-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 543
diff changeset
91 ngx_event_handler_pt saved_write_handler;
479
c52408583801 nginx-0.1.14-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 473
diff changeset
92
7653
8409f9df6219 SSL: client certificate validation with OCSP (ticket #1534).
Roman Arutyunyan <arut@nginx.com>
parents: 7612
diff changeset
93 ngx_ssl_ocsp_t *ocsp;
8409f9df6219 SSL: client certificate validation with OCSP (ticket #1534).
Roman Arutyunyan <arut@nginx.com>
parents: 7612
diff changeset
94
7357
548a63b354a2 SSL: support for TLSv1.3 early data with OpenSSL.
Sergey Kandaurov <pluknet@nginx.com>
parents: 7337
diff changeset
95 u_char early_buf;
548a63b354a2 SSL: support for TLSv1.3 early data with OpenSSL.
Sergey Kandaurov <pluknet@nginx.com>
parents: 7337
diff changeset
96
547
818fbd4750b9 nginx-0.2.2-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 543
diff changeset
97 unsigned handshaked:1;
3300
5a08dfb8d763 disable SSL renegotiation (CVE-2009-3555)
Igor Sysoev <igor@sysoev.ru>
parents: 3154
diff changeset
98 unsigned renegotiation:1;
547
818fbd4750b9 nginx-0.2.2-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 543
diff changeset
99 unsigned buffer:1;
818fbd4750b9 nginx-0.2.2-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 543
diff changeset
100 unsigned no_wait_shutdown:1;
818fbd4750b9 nginx-0.2.2-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 543
diff changeset
101 unsigned no_send_shutdown:1;
5395
a720f0b0e083 SSL: adjust buffer used by OpenSSL during handshake (ticket #413).
Maxim Dounin <mdounin@mdounin.ru>
parents: 5223
diff changeset
102 unsigned handshake_buffer_set:1;
7357
548a63b354a2 SSL: support for TLSv1.3 early data with OpenSSL.
Sergey Kandaurov <pluknet@nginx.com>
parents: 7337
diff changeset
103 unsigned try_early_data:1;
548a63b354a2 SSL: support for TLSv1.3 early data with OpenSSL.
Sergey Kandaurov <pluknet@nginx.com>
parents: 7337
diff changeset
104 unsigned in_early:1;
7653
8409f9df6219 SSL: client certificate validation with OCSP (ticket #1534).
Roman Arutyunyan <arut@nginx.com>
parents: 7612
diff changeset
105 unsigned in_ocsp:1;
7357
548a63b354a2 SSL: support for TLSv1.3 early data with OpenSSL.
Sergey Kandaurov <pluknet@nginx.com>
parents: 7337
diff changeset
106 unsigned early_preread:1;
7431
294162223c7c SSL: avoid reading on pending SSL_write_early_data().
Sergey Kandaurov <pluknet@nginx.com>
parents: 7357
diff changeset
107 unsigned write_blocked:1;
6735
e38e9c50a40e Modules compatibility: compatibility with NGX_HTTP_SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents: 6591
diff changeset
108 };
395
f8f0f1834266 nginx-0.0.7-2004-07-16-21:11:43 import
Igor Sysoev <igor@sysoev.ru>
parents: 394
diff changeset
109
f8f0f1834266 nginx-0.0.7-2004-07-16-21:11:43 import
Igor Sysoev <igor@sysoev.ru>
parents: 394
diff changeset
110
2032
12b3ad3353f9 ssl_session_cache none
Igor Sysoev <igor@sysoev.ru>
parents: 1924
diff changeset
111 #define NGX_SSL_NO_SCACHE -2
12b3ad3353f9 ssl_session_cache none
Igor Sysoev <igor@sysoev.ru>
parents: 1924
diff changeset
112 #define NGX_SSL_NONE_SCACHE -3
12b3ad3353f9 ssl_session_cache none
Igor Sysoev <igor@sysoev.ru>
parents: 1924
diff changeset
113 #define NGX_SSL_NO_BUILTIN_SCACHE -4
12b3ad3353f9 ssl_session_cache none
Igor Sysoev <igor@sysoev.ru>
parents: 1924
diff changeset
114 #define NGX_SSL_DFLT_BUILTIN_SCACHE -5
974
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents: 969
diff changeset
115
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents: 969
diff changeset
116
1778
14510c3cc6cb ssl_session_cache off
Igor Sysoev <igor@sysoev.ru>
parents: 1760
diff changeset
117 #define NGX_SSL_MAX_SESSION_SIZE 4096
974
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents: 969
diff changeset
118
1014
5ffd76a9ccf3 optimize the SSL session cache allocations
Igor Sysoev <igor@sysoev.ru>
parents: 974
diff changeset
119 typedef struct ngx_ssl_sess_id_s ngx_ssl_sess_id_t;
974
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents: 969
diff changeset
120
1014
5ffd76a9ccf3 optimize the SSL session cache allocations
Igor Sysoev <igor@sysoev.ru>
parents: 974
diff changeset
121 struct ngx_ssl_sess_id_s {
974
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents: 969
diff changeset
122 ngx_rbtree_node_t node;
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents: 969
diff changeset
123 u_char *id;
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents: 969
diff changeset
124 size_t len;
1014
5ffd76a9ccf3 optimize the SSL session cache allocations
Igor Sysoev <igor@sysoev.ru>
parents: 974
diff changeset
125 u_char *session;
1760
49429f5b2d94 use ngx_queue.h
Igor Sysoev <igor@sysoev.ru>
parents: 1759
diff changeset
126 ngx_queue_t queue;
974
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents: 969
diff changeset
127 time_t expire;
1017
ee25c79bea34 optimize the SSL session cache allocations on 64-bit platforms
Igor Sysoev <igor@sysoev.ru>
parents: 1014
diff changeset
128 #if (NGX_PTR_SIZE == 8)
ee25c79bea34 optimize the SSL session cache allocations on 64-bit platforms
Igor Sysoev <igor@sysoev.ru>
parents: 1014
diff changeset
129 void *stub;
ee25c79bea34 optimize the SSL session cache allocations on 64-bit platforms
Igor Sysoev <igor@sysoev.ru>
parents: 1014
diff changeset
130 u_char sess_id[32];
ee25c79bea34 optimize the SSL session cache allocations on 64-bit platforms
Igor Sysoev <igor@sysoev.ru>
parents: 1014
diff changeset
131 #endif
974
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents: 969
diff changeset
132 };
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents: 969
diff changeset
133
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents: 969
diff changeset
134
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents: 969
diff changeset
135 typedef struct {
1759
89234cfbf810 embed session_rbtree and sentinel inside ngx_ssl_session_cache_t
Igor Sysoev <igor@sysoev.ru>
parents: 1017
diff changeset
136 ngx_rbtree_t session_rbtree;
89234cfbf810 embed session_rbtree and sentinel inside ngx_ssl_session_cache_t
Igor Sysoev <igor@sysoev.ru>
parents: 1017
diff changeset
137 ngx_rbtree_node_t sentinel;
1760
49429f5b2d94 use ngx_queue.h
Igor Sysoev <igor@sysoev.ru>
parents: 1759
diff changeset
138 ngx_queue_t expire_queue;
974
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents: 969
diff changeset
139 } ngx_ssl_session_cache_t;
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents: 969
diff changeset
140
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents: 969
diff changeset
141
5425
1356a3b96924 SSL: added ability to set keys used for Session Tickets (RFC5077).
Piotr Sikora <piotr@cloudflare.com>
parents: 5395
diff changeset
142 #ifdef SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB
1356a3b96924 SSL: added ability to set keys used for Session Tickets (RFC5077).
Piotr Sikora <piotr@cloudflare.com>
parents: 5395
diff changeset
143
1356a3b96924 SSL: added ability to set keys used for Session Tickets (RFC5077).
Piotr Sikora <piotr@cloudflare.com>
parents: 5395
diff changeset
144 typedef struct {
6854
75e7d55214bd SSL: support AES256 encryption of tickets.
Maxim Dounin <mdounin@mdounin.ru>
parents: 6817
diff changeset
145 size_t size;
5425
1356a3b96924 SSL: added ability to set keys used for Session Tickets (RFC5077).
Piotr Sikora <piotr@cloudflare.com>
parents: 5395
diff changeset
146 u_char name[16];
6854
75e7d55214bd SSL: support AES256 encryption of tickets.
Maxim Dounin <mdounin@mdounin.ru>
parents: 6817
diff changeset
147 u_char hmac_key[32];
75e7d55214bd SSL: support AES256 encryption of tickets.
Maxim Dounin <mdounin@mdounin.ru>
parents: 6817
diff changeset
148 u_char aes_key[32];
5425
1356a3b96924 SSL: added ability to set keys used for Session Tickets (RFC5077).
Piotr Sikora <piotr@cloudflare.com>
parents: 5395
diff changeset
149 } ngx_ssl_session_ticket_key_t;
1356a3b96924 SSL: added ability to set keys used for Session Tickets (RFC5077).
Piotr Sikora <piotr@cloudflare.com>
parents: 5395
diff changeset
150
1356a3b96924 SSL: added ability to set keys used for Session Tickets (RFC5077).
Piotr Sikora <piotr@cloudflare.com>
parents: 5395
diff changeset
151 #endif
1356a3b96924 SSL: added ability to set keys used for Session Tickets (RFC5077).
Piotr Sikora <piotr@cloudflare.com>
parents: 5395
diff changeset
152
974
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents: 969
diff changeset
153
4400
a0505851e70c Added support for TLSv1.1, TLSv1.2 in ssl_protocols directive.
Maxim Dounin <mdounin@mdounin.ru>
parents: 3992
diff changeset
154 #define NGX_SSL_SSLv2 0x0002
a0505851e70c Added support for TLSv1.1, TLSv1.2 in ssl_protocols directive.
Maxim Dounin <mdounin@mdounin.ru>
parents: 3992
diff changeset
155 #define NGX_SSL_SSLv3 0x0004
a0505851e70c Added support for TLSv1.1, TLSv1.2 in ssl_protocols directive.
Maxim Dounin <mdounin@mdounin.ru>
parents: 3992
diff changeset
156 #define NGX_SSL_TLSv1 0x0008
a0505851e70c Added support for TLSv1.1, TLSv1.2 in ssl_protocols directive.
Maxim Dounin <mdounin@mdounin.ru>
parents: 3992
diff changeset
157 #define NGX_SSL_TLSv1_1 0x0010
a0505851e70c Added support for TLSv1.1, TLSv1.2 in ssl_protocols directive.
Maxim Dounin <mdounin@mdounin.ru>
parents: 3992
diff changeset
158 #define NGX_SSL_TLSv1_2 0x0020
6981
08dc60979133 SSL: added support for TLSv1.3 in ssl_protocols directive.
Sergey Kandaurov <pluknet@nginx.com>
parents: 6854
diff changeset
159 #define NGX_SSL_TLSv1_3 0x0040
393
5659d773cfa8 nginx-0.0.7-2004-07-15-20:35:51 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
160
5659d773cfa8 nginx-0.0.7-2004-07-15-20:35:51 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
161
547
818fbd4750b9 nginx-0.2.2-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 543
diff changeset
162 #define NGX_SSL_BUFFER 1
577
4d9ea73a627a nginx-0.3.10-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 563
diff changeset
163 #define NGX_SSL_CLIENT 2
395
f8f0f1834266 nginx-0.0.7-2004-07-16-21:11:43 import
Igor Sysoev <igor@sysoev.ru>
parents: 394
diff changeset
164
547
818fbd4750b9 nginx-0.2.2-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 543
diff changeset
165 #define NGX_SSL_BUFSIZE 16384
393
5659d773cfa8 nginx-0.0.7-2004-07-15-20:35:51 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
166
5659d773cfa8 nginx-0.0.7-2004-07-15-20:35:51 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
167
5659d773cfa8 nginx-0.0.7-2004-07-15-20:35:51 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
168 ngx_int_t ngx_ssl_init(ngx_log_t *log);
969
065b39794fff ngx_ssl_get_server_conf()
Igor Sysoev <igor@sysoev.ru>
parents: 968
diff changeset
169 ngx_int_t ngx_ssl_create(ngx_ssl_t *ssl, ngx_uint_t protocols, void *data);
7461
a68799465b19 SSL: loading of connection-specific certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents: 7431
diff changeset
170
6550
51e1f047d15d SSL: support for multiple certificates (ticket #814).
Maxim Dounin <mdounin@mdounin.ru>
parents: 6548
diff changeset
171 ngx_int_t ngx_ssl_certificates(ngx_conf_t *cf, ngx_ssl_t *ssl,
51e1f047d15d SSL: support for multiple certificates (ticket #814).
Maxim Dounin <mdounin@mdounin.ru>
parents: 6548
diff changeset
172 ngx_array_t *certs, ngx_array_t *keys, ngx_array_t *passwords);
563
9c2f3ed7a247 nginx-0.3.3-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 547
diff changeset
173 ngx_int_t ngx_ssl_certificate(ngx_conf_t *cf, ngx_ssl_t *ssl,
5744
42114bf12da0 SSL: the "ssl_password_file" directive.
Valentin Bartenev <vbart@nginx.com>
parents: 5700
diff changeset
174 ngx_str_t *cert, ngx_str_t *key, ngx_array_t *passwords);
7461
a68799465b19 SSL: loading of connection-specific certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents: 7431
diff changeset
175 ngx_int_t ngx_ssl_connection_certificate(ngx_connection_t *c, ngx_pool_t *pool,
a68799465b19 SSL: loading of connection-specific certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents: 7431
diff changeset
176 ngx_str_t *cert, ngx_str_t *key, ngx_array_t *passwords);
a68799465b19 SSL: loading of connection-specific certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents: 7431
diff changeset
177
6591
04d8d1f85649 SSL: ngx_ssl_ciphers() to set list of ciphers.
Tim Taubert <tim@timtaubert.de>
parents: 6550
diff changeset
178 ngx_int_t ngx_ssl_ciphers(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *ciphers,
04d8d1f85649 SSL: ngx_ssl_ciphers() to set list of ciphers.
Tim Taubert <tim@timtaubert.de>
parents: 6550
diff changeset
179 ngx_uint_t prefer_server_ciphers);
647
95d7da23ea53 nginx-0.3.45-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 611
diff changeset
180 ngx_int_t ngx_ssl_client_certificate(ngx_conf_t *cf, ngx_ssl_t *ssl,
671
cec32b3753ac nginx-0.3.57-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 647
diff changeset
181 ngx_str_t *cert, ngx_int_t depth);
4872
7c3cca603438 OCSP stapling: ssl_trusted_certificate directive.
Maxim Dounin <mdounin@mdounin.ru>
parents: 4412
diff changeset
182 ngx_int_t ngx_ssl_trusted_certificate(ngx_conf_t *cf, ngx_ssl_t *ssl,
7c3cca603438 OCSP stapling: ssl_trusted_certificate directive.
Maxim Dounin <mdounin@mdounin.ru>
parents: 4412
diff changeset
183 ngx_str_t *cert, ngx_int_t depth);
2995
cc07d164f0dc ssl_crl
Igor Sysoev <igor@sysoev.ru>
parents: 2994
diff changeset
184 ngx_int_t ngx_ssl_crl(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *crl);
4875
386a06a22c40 OCSP stapling: loading OCSP responses.
Maxim Dounin <mdounin@mdounin.ru>
parents: 4873
diff changeset
185 ngx_int_t ngx_ssl_stapling(ngx_conf_t *cf, ngx_ssl_t *ssl,
4879
4a804fd04e6c OCSP stapling: ssl_stapling_verify directive.
Maxim Dounin <mdounin@mdounin.ru>
parents: 4875
diff changeset
186 ngx_str_t *file, ngx_str_t *responder, ngx_uint_t verify);
4875
386a06a22c40 OCSP stapling: loading OCSP responses.
Maxim Dounin <mdounin@mdounin.ru>
parents: 4873
diff changeset
187 ngx_int_t ngx_ssl_stapling_resolver(ngx_conf_t *cf, ngx_ssl_t *ssl,
386a06a22c40 OCSP stapling: loading OCSP responses.
Maxim Dounin <mdounin@mdounin.ru>
parents: 4873
diff changeset
188 ngx_resolver_t *resolver, ngx_msec_t resolver_timeout);
7653
8409f9df6219 SSL: client certificate validation with OCSP (ticket #1534).
Roman Arutyunyan <arut@nginx.com>
parents: 7612
diff changeset
189 ngx_int_t ngx_ssl_ocsp(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *responder,
7654
b56f725dd4bb OCSP: certificate status cache.
Roman Arutyunyan <arut@nginx.com>
parents: 7653
diff changeset
190 ngx_uint_t depth, ngx_shm_zone_t *shm_zone);
7653
8409f9df6219 SSL: client certificate validation with OCSP (ticket #1534).
Roman Arutyunyan <arut@nginx.com>
parents: 7612
diff changeset
191 ngx_int_t ngx_ssl_ocsp_resolver(ngx_conf_t *cf, ngx_ssl_t *ssl,
8409f9df6219 SSL: client certificate validation with OCSP (ticket #1534).
Roman Arutyunyan <arut@nginx.com>
parents: 7612
diff changeset
192 ngx_resolver_t *resolver, ngx_msec_t resolver_timeout);
8409f9df6219 SSL: client certificate validation with OCSP (ticket #1534).
Roman Arutyunyan <arut@nginx.com>
parents: 7612
diff changeset
193 ngx_int_t ngx_ssl_ocsp_validate(ngx_connection_t *c);
8409f9df6219 SSL: client certificate validation with OCSP (ticket #1534).
Roman Arutyunyan <arut@nginx.com>
parents: 7612
diff changeset
194 ngx_int_t ngx_ssl_ocsp_get_status(ngx_connection_t *c, const char **s);
8409f9df6219 SSL: client certificate validation with OCSP (ticket #1534).
Roman Arutyunyan <arut@nginx.com>
parents: 7612
diff changeset
195 void ngx_ssl_ocsp_cleanup(ngx_connection_t *c);
7654
b56f725dd4bb OCSP: certificate status cache.
Roman Arutyunyan <arut@nginx.com>
parents: 7653
diff changeset
196 ngx_int_t ngx_ssl_ocsp_cache_init(ngx_shm_zone_t *shm_zone, void *data);
5223
71d85de7b53b Style: replace SSL *ssl with ngx_ssl_conn_t *ssl_conn.
Piotr Sikora <piotr@cloudflare.com>
parents: 4884
diff changeset
197 RSA *ngx_ssl_rsa512_key_callback(ngx_ssl_conn_t *ssl_conn, int is_export,
71d85de7b53b Style: replace SSL *ssl with ngx_ssl_conn_t *ssl_conn.
Piotr Sikora <piotr@cloudflare.com>
parents: 4884
diff changeset
198 int key_length);
5744
42114bf12da0 SSL: the "ssl_password_file" directive.
Valentin Bartenev <vbart@nginx.com>
parents: 5700
diff changeset
199 ngx_array_t *ngx_ssl_read_password_file(ngx_conf_t *cf, ngx_str_t *file);
7463
180df83473a4 SSL: passwords support for dynamic certificate loading.
Maxim Dounin <mdounin@mdounin.ru>
parents: 7461
diff changeset
200 ngx_array_t *ngx_ssl_preserve_passwords(ngx_conf_t *cf,
180df83473a4 SSL: passwords support for dynamic certificate loading.
Maxim Dounin <mdounin@mdounin.ru>
parents: 7461
diff changeset
201 ngx_array_t *passwords);
2044
f45cec1cd270 DH parameters, ssl_dhparam
Igor Sysoev <igor@sysoev.ru>
parents: 2032
diff changeset
202 ngx_int_t ngx_ssl_dhparam(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *file);
3960
0832a6997227 ECDHE support
Igor Sysoev <igor@sysoev.ru>
parents: 3959
diff changeset
203 ngx_int_t ngx_ssl_ecdh_curve(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *name);
7333
ba971deb4b44 SSL: support for TLSv1.3 early data with BoringSSL.
Maxim Dounin <mdounin@mdounin.ru>
parents: 7320
diff changeset
204 ngx_int_t ngx_ssl_early_data(ngx_conf_t *cf, ngx_ssl_t *ssl,
ba971deb4b44 SSL: support for TLSv1.3 early data with BoringSSL.
Maxim Dounin <mdounin@mdounin.ru>
parents: 7320
diff changeset
205 ngx_uint_t enable);
7320
696df3ac27ac SSL: save sessions for upstream peers using a callback function.
Sergey Kandaurov <pluknet@nginx.com>
parents: 7132
diff changeset
206 ngx_int_t ngx_ssl_client_session_cache(ngx_conf_t *cf, ngx_ssl_t *ssl,
696df3ac27ac SSL: save sessions for upstream peers using a callback function.
Sergey Kandaurov <pluknet@nginx.com>
parents: 7132
diff changeset
207 ngx_uint_t enable);
974
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents: 969
diff changeset
208 ngx_int_t ngx_ssl_session_cache(ngx_ssl_t *ssl, ngx_str_t *sess_ctx,
7465
6708bec13757 SSL: adjusted session id context with dynamic certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents: 7463
diff changeset
209 ngx_array_t *certificates, ssize_t builtin_session_cache,
6708bec13757 SSL: adjusted session id context with dynamic certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents: 7463
diff changeset
210 ngx_shm_zone_t *shm_zone, time_t timeout);
5425
1356a3b96924 SSL: added ability to set keys used for Session Tickets (RFC5077).
Piotr Sikora <piotr@cloudflare.com>
parents: 5395
diff changeset
211 ngx_int_t ngx_ssl_session_ticket_keys(ngx_conf_t *cf, ngx_ssl_t *ssl,
1356a3b96924 SSL: added ability to set keys used for Session Tickets (RFC5077).
Piotr Sikora <piotr@cloudflare.com>
parents: 5395
diff changeset
212 ngx_array_t *paths);
3992
a1dd9dc754ab A new fix for the case when ssl_session_cache defined, but ssl is not
Igor Sysoev <igor@sysoev.ru>
parents: 3960
diff changeset
213 ngx_int_t ngx_ssl_session_cache_init(ngx_shm_zone_t *shm_zone, void *data);
547
818fbd4750b9 nginx-0.2.2-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 543
diff changeset
214 ngx_int_t ngx_ssl_create_connection(ngx_ssl_t *ssl, ngx_connection_t *c,
543
511a89da35ad nginx-0.2.0-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 541
diff changeset
215 ngx_uint_t flags);
577
4d9ea73a627a nginx-0.3.10-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 563
diff changeset
216
1924
291689a7e5dc invalidate SSL session if there is no valid client certificate
Igor Sysoev <igor@sysoev.ru>
parents: 1779
diff changeset
217 void ngx_ssl_remove_cached_session(SSL_CTX *ssl, ngx_ssl_session_t *sess);
577
4d9ea73a627a nginx-0.3.10-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 563
diff changeset
218 ngx_int_t ngx_ssl_set_session(ngx_connection_t *c, ngx_ssl_session_t *session);
7320
696df3ac27ac SSL: save sessions for upstream peers using a callback function.
Sergey Kandaurov <pluknet@nginx.com>
parents: 7132
diff changeset
219 ngx_ssl_session_t *ngx_ssl_get_session(ngx_connection_t *c);
696df3ac27ac SSL: save sessions for upstream peers using a callback function.
Sergey Kandaurov <pluknet@nginx.com>
parents: 7132
diff changeset
220 ngx_ssl_session_t *ngx_ssl_get0_session(ngx_connection_t *c);
611
3f8a2132b93d nginx-0.3.27-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 583
diff changeset
221 #define ngx_ssl_free_session SSL_SESSION_free
969
065b39794fff ngx_ssl_get_server_conf()
Igor Sysoev <igor@sysoev.ru>
parents: 968
diff changeset
222 #define ngx_ssl_get_connection(ssl_conn) \
065b39794fff ngx_ssl_get_server_conf()
Igor Sysoev <igor@sysoev.ru>
parents: 968
diff changeset
223 SSL_get_ex_data(ssl_conn, ngx_ssl_connection_index)
065b39794fff ngx_ssl_get_server_conf()
Igor Sysoev <igor@sysoev.ru>
parents: 968
diff changeset
224 #define ngx_ssl_get_server_conf(ssl_ctx) \
065b39794fff ngx_ssl_get_server_conf()
Igor Sysoev <igor@sysoev.ru>
parents: 968
diff changeset
225 SSL_CTX_get_ex_data(ssl_ctx, ngx_ssl_server_conf_index)
611
3f8a2132b93d nginx-0.3.27-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 583
diff changeset
226
4884
e406c997470a SSL: the "ssl_verify_client" directive parameter "optional_no_ca".
Maxim Dounin <mdounin@mdounin.ru>
parents: 4879
diff changeset
227 #define ngx_ssl_verify_error_optional(n) \
e406c997470a SSL: the "ssl_verify_client" directive parameter "optional_no_ca".
Maxim Dounin <mdounin@mdounin.ru>
parents: 4879
diff changeset
228 (n == X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT \
e406c997470a SSL: the "ssl_verify_client" directive parameter "optional_no_ca".
Maxim Dounin <mdounin@mdounin.ru>
parents: 4879
diff changeset
229 || n == X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN \
e406c997470a SSL: the "ssl_verify_client" directive parameter "optional_no_ca".
Maxim Dounin <mdounin@mdounin.ru>
parents: 4879
diff changeset
230 || n == X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY \
e406c997470a SSL: the "ssl_verify_client" directive parameter "optional_no_ca".
Maxim Dounin <mdounin@mdounin.ru>
parents: 4879
diff changeset
231 || n == X509_V_ERR_CERT_UNTRUSTED \
e406c997470a SSL: the "ssl_verify_client" directive parameter "optional_no_ca".
Maxim Dounin <mdounin@mdounin.ru>
parents: 4879
diff changeset
232 || n == X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE)
e406c997470a SSL: the "ssl_verify_client" directive parameter "optional_no_ca".
Maxim Dounin <mdounin@mdounin.ru>
parents: 4879
diff changeset
233
5661
060c2e692b96 Upstream: proxy_ssl_verify and friends.
Maxim Dounin <mdounin@mdounin.ru>
parents: 5658
diff changeset
234 ngx_int_t ngx_ssl_check_host(ngx_connection_t *c, ngx_str_t *name);
060c2e692b96 Upstream: proxy_ssl_verify and friends.
Maxim Dounin <mdounin@mdounin.ru>
parents: 5658
diff changeset
235
611
3f8a2132b93d nginx-0.3.27-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 583
diff changeset
236
671
cec32b3753ac nginx-0.3.57-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 647
diff changeset
237 ngx_int_t ngx_ssl_get_protocol(ngx_connection_t *c, ngx_pool_t *pool,
cec32b3753ac nginx-0.3.57-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 647
diff changeset
238 ngx_str_t *s);
cec32b3753ac nginx-0.3.57-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 647
diff changeset
239 ngx_int_t ngx_ssl_get_cipher_name(ngx_connection_t *c, ngx_pool_t *pool,
cec32b3753ac nginx-0.3.57-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 647
diff changeset
240 ngx_str_t *s);
6816
ea93c7d8752a SSL: $ssl_ciphers (ticket #870).
Maxim Dounin <mdounin@mdounin.ru>
parents: 6815
diff changeset
241 ngx_int_t ngx_ssl_get_ciphers(ngx_connection_t *c, ngx_pool_t *pool,
ea93c7d8752a SSL: $ssl_ciphers (ticket #870).
Maxim Dounin <mdounin@mdounin.ru>
parents: 6815
diff changeset
242 ngx_str_t *s);
6817
e75e854657ba SSL: $ssl_curves (ticket #1088).
Maxim Dounin <mdounin@mdounin.ru>
parents: 6816
diff changeset
243 ngx_int_t ngx_ssl_get_curves(ngx_connection_t *c, ngx_pool_t *pool,
e75e854657ba SSL: $ssl_curves (ticket #1088).
Maxim Dounin <mdounin@mdounin.ru>
parents: 6816
diff changeset
244 ngx_str_t *s);
3154
823f72db46c0 $ssl_session_id
Igor Sysoev <igor@sysoev.ru>
parents: 2996
diff changeset
245 ngx_int_t ngx_ssl_get_session_id(ngx_connection_t *c, ngx_pool_t *pool,
823f72db46c0 $ssl_session_id
Igor Sysoev <igor@sysoev.ru>
parents: 2996
diff changeset
246 ngx_str_t *s);
5573
7c05f6590753 SSL: the $ssl_session_reused variable.
Maxim Dounin <mdounin@mdounin.ru>
parents: 5487
diff changeset
247 ngx_int_t ngx_ssl_get_session_reused(ngx_connection_t *c, ngx_pool_t *pool,
7c05f6590753 SSL: the $ssl_session_reused variable.
Maxim Dounin <mdounin@mdounin.ru>
parents: 5487
diff changeset
248 ngx_str_t *s);
7333
ba971deb4b44 SSL: support for TLSv1.3 early data with BoringSSL.
Maxim Dounin <mdounin@mdounin.ru>
parents: 7320
diff changeset
249 ngx_int_t ngx_ssl_get_early_data(ngx_connection_t *c, ngx_pool_t *pool,
ba971deb4b44 SSL: support for TLSv1.3 early data with BoringSSL.
Maxim Dounin <mdounin@mdounin.ru>
parents: 7320
diff changeset
250 ngx_str_t *s);
5658
94ae92776441 SSL: $ssl_server_name variable.
Maxim Dounin <mdounin@mdounin.ru>
parents: 5573
diff changeset
251 ngx_int_t ngx_ssl_get_server_name(ngx_connection_t *c, ngx_pool_t *pool,
94ae92776441 SSL: $ssl_server_name variable.
Maxim Dounin <mdounin@mdounin.ru>
parents: 5573
diff changeset
252 ngx_str_t *s);
2123
9697407e9ecb *) ssl_verify_client ask
Igor Sysoev <igor@sysoev.ru>
parents: 2045
diff changeset
253 ngx_int_t ngx_ssl_get_raw_certificate(ngx_connection_t *c, ngx_pool_t *pool,
9697407e9ecb *) ssl_verify_client ask
Igor Sysoev <igor@sysoev.ru>
parents: 2045
diff changeset
254 ngx_str_t *s);
2045
2b11822b12d6 $ssl_client_cert
Igor Sysoev <igor@sysoev.ru>
parents: 2044
diff changeset
255 ngx_int_t ngx_ssl_get_certificate(ngx_connection_t *c, ngx_pool_t *pool,
2b11822b12d6 $ssl_client_cert
Igor Sysoev <igor@sysoev.ru>
parents: 2044
diff changeset
256 ngx_str_t *s);
7091
82f0b8dcca27 SSL: the $ssl_client_escaped_cert variable (ticket #857).
Maxim Dounin <mdounin@mdounin.ru>
parents: 6982
diff changeset
257 ngx_int_t ngx_ssl_get_escaped_certificate(ngx_connection_t *c, ngx_pool_t *pool,
82f0b8dcca27 SSL: the $ssl_client_escaped_cert variable (ticket #857).
Maxim Dounin <mdounin@mdounin.ru>
parents: 6982
diff changeset
258 ngx_str_t *s);
647
95d7da23ea53 nginx-0.3.45-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 611
diff changeset
259 ngx_int_t ngx_ssl_get_subject_dn(ngx_connection_t *c, ngx_pool_t *pool,
95d7da23ea53 nginx-0.3.45-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 611
diff changeset
260 ngx_str_t *s);
95d7da23ea53 nginx-0.3.45-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 611
diff changeset
261 ngx_int_t ngx_ssl_get_issuer_dn(ngx_connection_t *c, ngx_pool_t *pool,
95d7da23ea53 nginx-0.3.45-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 611
diff changeset
262 ngx_str_t *s);
6780
56d6bfe6b609 SSL: RFC2253 compliant $ssl_client_s_dn and $ssl_client_i_dn.
Dmitry Volyntsev <xeioex@nginx.com>
parents: 6735
diff changeset
263 ngx_int_t ngx_ssl_get_subject_dn_legacy(ngx_connection_t *c, ngx_pool_t *pool,
56d6bfe6b609 SSL: RFC2253 compliant $ssl_client_s_dn and $ssl_client_i_dn.
Dmitry Volyntsev <xeioex@nginx.com>
parents: 6735
diff changeset
264 ngx_str_t *s);
56d6bfe6b609 SSL: RFC2253 compliant $ssl_client_s_dn and $ssl_client_i_dn.
Dmitry Volyntsev <xeioex@nginx.com>
parents: 6735
diff changeset
265 ngx_int_t ngx_ssl_get_issuer_dn_legacy(ngx_connection_t *c, ngx_pool_t *pool,
56d6bfe6b609 SSL: RFC2253 compliant $ssl_client_s_dn and $ssl_client_i_dn.
Dmitry Volyntsev <xeioex@nginx.com>
parents: 6735
diff changeset
266 ngx_str_t *s);
671
cec32b3753ac nginx-0.3.57-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 647
diff changeset
267 ngx_int_t ngx_ssl_get_serial_number(ngx_connection_t *c, ngx_pool_t *pool,
cec32b3753ac nginx-0.3.57-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 647
diff changeset
268 ngx_str_t *s);
5700
5e892d40e5cc SSL: $ssl_client_fingerprint variable.
Sergey Budnevitch <sb@waeme.net>
parents: 5661
diff changeset
269 ngx_int_t ngx_ssl_get_fingerprint(ngx_connection_t *c, ngx_pool_t *pool,
5e892d40e5cc SSL: $ssl_client_fingerprint variable.
Sergey Budnevitch <sb@waeme.net>
parents: 5661
diff changeset
270 ngx_str_t *s);
2994
f33c48457d0c *) $ssl_client_verify
Igor Sysoev <igor@sysoev.ru>
parents: 2123
diff changeset
271 ngx_int_t ngx_ssl_get_client_verify(ngx_connection_t *c, ngx_pool_t *pool,
f33c48457d0c *) $ssl_client_verify
Igor Sysoev <igor@sysoev.ru>
parents: 2123
diff changeset
272 ngx_str_t *s);
6815
2d15fff64e3c SSL: $ssl_client_v_start, $ssl_client_v_end, $ssl_client_v_remain.
Maxim Dounin <mdounin@mdounin.ru>
parents: 6812
diff changeset
273 ngx_int_t ngx_ssl_get_client_v_start(ngx_connection_t *c, ngx_pool_t *pool,
2d15fff64e3c SSL: $ssl_client_v_start, $ssl_client_v_end, $ssl_client_v_remain.
Maxim Dounin <mdounin@mdounin.ru>
parents: 6812
diff changeset
274 ngx_str_t *s);
2d15fff64e3c SSL: $ssl_client_v_start, $ssl_client_v_end, $ssl_client_v_remain.
Maxim Dounin <mdounin@mdounin.ru>
parents: 6812
diff changeset
275 ngx_int_t ngx_ssl_get_client_v_end(ngx_connection_t *c, ngx_pool_t *pool,
2d15fff64e3c SSL: $ssl_client_v_start, $ssl_client_v_end, $ssl_client_v_remain.
Maxim Dounin <mdounin@mdounin.ru>
parents: 6812
diff changeset
276 ngx_str_t *s);
2d15fff64e3c SSL: $ssl_client_v_start, $ssl_client_v_end, $ssl_client_v_remain.
Maxim Dounin <mdounin@mdounin.ru>
parents: 6812
diff changeset
277 ngx_int_t ngx_ssl_get_client_v_remain(ngx_connection_t *c, ngx_pool_t *pool,
2d15fff64e3c SSL: $ssl_client_v_start, $ssl_client_v_end, $ssl_client_v_remain.
Maxim Dounin <mdounin@mdounin.ru>
parents: 6812
diff changeset
278 ngx_str_t *s);
671
cec32b3753ac nginx-0.3.57-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 647
diff changeset
279
647
95d7da23ea53 nginx-0.3.45-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 611
diff changeset
280
547
818fbd4750b9 nginx-0.2.2-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 543
diff changeset
281 ngx_int_t ngx_ssl_handshake(ngx_connection_t *c);
469
2ff194b74f1e nginx-0.1.9-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 444
diff changeset
282 ssize_t ngx_ssl_recv(ngx_connection_t *c, u_char *buf, size_t size);
539
371c1cee100d nginx-0.1.44-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 509
diff changeset
283 ssize_t ngx_ssl_write(ngx_connection_t *c, u_char *data, size_t size);
5882
ec81934727a1 Core: added limit to recv_chain().
Roman Arutyunyan <arut@nginx.com>
parents: 5777
diff changeset
284 ssize_t ngx_ssl_recv_chain(ngx_connection_t *c, ngx_chain_t *cl, off_t limit);
394
e7a68e14ccd3 nginx-0.0.7-2004-07-16-10:33:35 import
Igor Sysoev <igor@sysoev.ru>
parents: 393
diff changeset
285 ngx_chain_t *ngx_ssl_send_chain(ngx_connection_t *c, ngx_chain_t *in,
489
45a460f82aec nginx-0.1.19-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 479
diff changeset
286 off_t limit);
1779
06014cfdb5b1 create ssl buffer on demand and free it before keep-alive
Igor Sysoev <igor@sysoev.ru>
parents: 1778
diff changeset
287 void ngx_ssl_free_buffer(ngx_connection_t *c);
394
e7a68e14ccd3 nginx-0.0.7-2004-07-16-10:33:35 import
Igor Sysoev <igor@sysoev.ru>
parents: 393
diff changeset
288 ngx_int_t ngx_ssl_shutdown(ngx_connection_t *c);
583
4e296b7d25bf nginx-0.3.13-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 577
diff changeset
289 void ngx_cdecl ngx_ssl_error(ngx_uint_t level, ngx_log_t *log, ngx_err_t err,
489
45a460f82aec nginx-0.1.19-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 479
diff changeset
290 char *fmt, ...);
509
9b8c906f6e63 nginx-0.1.29-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 489
diff changeset
291 void ngx_ssl_cleanup_ctx(void *data);
393
5659d773cfa8 nginx-0.0.7-2004-07-15-20:35:51 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
292
5659d773cfa8 nginx-0.0.7-2004-07-15-20:35:51 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
293
969
065b39794fff ngx_ssl_get_server_conf()
Igor Sysoev <igor@sysoev.ru>
parents: 968
diff changeset
294 extern int ngx_ssl_connection_index;
065b39794fff ngx_ssl_get_server_conf()
Igor Sysoev <igor@sysoev.ru>
parents: 968
diff changeset
295 extern int ngx_ssl_server_conf_index;
974
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module
Igor Sysoev <igor@sysoev.ru>
parents: 969
diff changeset
296 extern int ngx_ssl_session_cache_index;
5425
1356a3b96924 SSL: added ability to set keys used for Session Tickets (RFC5077).
Piotr Sikora <piotr@cloudflare.com>
parents: 5395
diff changeset
297 extern int ngx_ssl_session_ticket_keys_index;
7653
8409f9df6219 SSL: client certificate validation with OCSP (ticket #1534).
Roman Arutyunyan <arut@nginx.com>
parents: 7612
diff changeset
298 extern int ngx_ssl_ocsp_index;
4875
386a06a22c40 OCSP stapling: loading OCSP responses.
Maxim Dounin <mdounin@mdounin.ru>
parents: 4873
diff changeset
299 extern int ngx_ssl_certificate_index;
6548
8a34e92d8ab5 SSL: made it possible to iterate though all certificates.
Maxim Dounin <mdounin@mdounin.ru>
parents: 6492
diff changeset
300 extern int ngx_ssl_next_certificate_index;
6812
a7ec59df0c4d OCSP stapling: added certificate name to warnings.
Maxim Dounin <mdounin@mdounin.ru>
parents: 6780
diff changeset
301 extern int ngx_ssl_certificate_name_index;
4875
386a06a22c40 OCSP stapling: loading OCSP responses.
Maxim Dounin <mdounin@mdounin.ru>
parents: 4873
diff changeset
302 extern int ngx_ssl_stapling_index;
671
cec32b3753ac nginx-0.3.57-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 647
diff changeset
303
cec32b3753ac nginx-0.3.57-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 647
diff changeset
304
393
5659d773cfa8 nginx-0.0.7-2004-07-15-20:35:51 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
305 #endif /* _NGX_EVENT_OPENSSL_H_INCLUDED_ */