nginx: src/http/modules/ngx_http_ssl

annotate src/http/modules/ngx_http_ssl_module.c @ 4873:dd74fd35ceb5

OCSP stapling: ssl_stapling_file support. Very basic version without any OCSP responder query code, assuming valid DER-encoded OCSP response is present in a ssl_stapling_file configured. Such file might be produced with openssl like this: openssl ocsp -issuer root.crt -cert domain.crt -respout domain.staple \ -url http://ocsp.example.com

author	Maxim Dounin <mdounin@mdounin.ru>
date	Mon, 01 Oct 2012 12:41:08 +0000
parents	7c3cca603438
children	386a06a22c40

rev	line source
441 da8c5707af39 nginx-0.1.0-2004-09-28-12:34:51 import; set copyright and remove unused files Igor Sysoev <igor@sysoev.ru> parents: 396 diff changeset	1
da8c5707af39 nginx-0.1.0-2004-09-28-12:34:51 import; set copyright and remove unused files Igor Sysoev <igor@sysoev.ru> parents: 396 diff changeset	2 /*
444 42d11f017717 nginx-0.1.0-2004-09-29-20:00:49 import; remove years from copyright Igor Sysoev <igor@sysoev.ru> parents: 441 diff changeset	3 * Copyright (C) Igor Sysoev
4412 d620f497c50f Copyright updated. Maxim Konovalov <maxim@nginx.com> parents: 4400 diff changeset	4 * Copyright (C) Nginx, Inc.
441 da8c5707af39 nginx-0.1.0-2004-09-28-12:34:51 import; set copyright and remove unused files Igor Sysoev <igor@sysoev.ru> parents: 396 diff changeset	5 */
da8c5707af39 nginx-0.1.0-2004-09-28-12:34:51 import; set copyright and remove unused files Igor Sysoev <igor@sysoev.ru> parents: 396 diff changeset	6
383 c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	7
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	8 #include <ngx_config.h>
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	9 #include <ngx_core.h>
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	10 #include <ngx_http.h>
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	11
573 58475592100c nginx-0.3.8-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 563 diff changeset	12
671 cec32b3753ac nginx-0.3.57-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 669 diff changeset	13 typedef ngx_int_t (ngx_ssl_variable_handler_pt)(ngx_connection_t c,
cec32b3753ac nginx-0.3.57-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 669 diff changeset	14 ngx_pool_t pool, ngx_str_t s);
611 3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	15
3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	16
3960 0832a6997227 ECDHE support Igor Sysoev <igor@sysoev.ru> parents: 3959 diff changeset	17 #define NGX_DEFAULT_CIPHERS "HIGH:!aNULL:!MD5"
0832a6997227 ECDHE support Igor Sysoev <igor@sysoev.ru> parents: 3959 diff changeset	18 #define NGX_DEFAULT_ECDH_CURVE "prime256v1"
383 c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	19
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	20
671 cec32b3753ac nginx-0.3.57-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 669 diff changeset	21 static ngx_int_t ngx_http_ssl_static_variable(ngx_http_request_t *r,
611 3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	22 ngx_http_variable_value_t *v, uintptr_t data);
671 cec32b3753ac nginx-0.3.57-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 669 diff changeset	23 static ngx_int_t ngx_http_ssl_variable(ngx_http_request_t *r,
647 95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	24 ngx_http_variable_value_t *v, uintptr_t data);
611 3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	25
3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	26 static ngx_int_t ngx_http_ssl_add_variables(ngx_conf_t *cf);
383 c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	27 static void ngx_http_ssl_create_srv_conf(ngx_conf_t cf);
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	28 static char ngx_http_ssl_merge_srv_conf(ngx_conf_t cf,
501 d4ea69372b94 nginx-0.1.25-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 485 diff changeset	29 void parent, void child);
383 c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	30
2224 109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	31 static char ngx_http_ssl_enable(ngx_conf_t cf, ngx_command_t *cmd,
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	32 void *conf);
973 e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	33 static char ngx_http_ssl_session_cache(ngx_conf_t cf, ngx_command_t *cmd,
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	34 void *conf);
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	35
383 c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	36
547 818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	37 static ngx_conf_bitmask_t ngx_http_ssl_protocols[] = {
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	38 { ngx_string("SSLv2"), NGX_SSL_SSLv2 },
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	39 { ngx_string("SSLv3"), NGX_SSL_SSLv3 },
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	40 { ngx_string("TLSv1"), NGX_SSL_TLSv1 },
4400 a0505851e70c Added support for TLSv1.1, TLSv1.2 in ssl_protocols directive. Maxim Dounin <mdounin@mdounin.ru> parents: 4273 diff changeset	41 { ngx_string("TLSv1.1"), NGX_SSL_TLSv1_1 },
a0505851e70c Added support for TLSv1.1, TLSv1.2 in ssl_protocols directive. Maxim Dounin <mdounin@mdounin.ru> parents: 4273 diff changeset	42 { ngx_string("TLSv1.2"), NGX_SSL_TLSv1_2 },
547 818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	43 { ngx_null_string, 0 }
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	44 };
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	45
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	46
2123 9697407e9ecb ) ssl_verify_client ask Igor Sysoev <igor@sysoev.ru>* parents: 2045 diff changeset	47 static ngx_conf_enum_t ngx_http_ssl_verify[] = {
9697407e9ecb ) ssl_verify_client ask Igor Sysoev <igor@sysoev.ru>* parents: 2045 diff changeset	48 { ngx_string("off"), 0 },
9697407e9ecb ) ssl_verify_client ask Igor Sysoev <igor@sysoev.ru>* parents: 2045 diff changeset	49 { ngx_string("on"), 1 },
2994 f33c48457d0c ) $ssl_client_verify Igor Sysoev <igor@sysoev.ru>* parents: 2912 diff changeset	50 { ngx_string("optional"), 2 },
2123 9697407e9ecb ) ssl_verify_client ask Igor Sysoev <igor@sysoev.ru>* parents: 2045 diff changeset	51 { ngx_null_string, 0 }
9697407e9ecb ) ssl_verify_client ask Igor Sysoev <igor@sysoev.ru>* parents: 2045 diff changeset	52 };
9697407e9ecb ) ssl_verify_client ask Igor Sysoev <igor@sysoev.ru>* parents: 2045 diff changeset	53
9697407e9ecb ) ssl_verify_client ask Igor Sysoev <igor@sysoev.ru>* parents: 2045 diff changeset	54
395 f8f0f1834266 nginx-0.0.7-2004-07-16-21:11:43 import Igor Sysoev <igor@sysoev.ru> parents: 394 diff changeset	55 static ngx_command_t ngx_http_ssl_commands[] = {
383 c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	56
393 5659d773cfa8 nginx-0.0.7-2004-07-15-20:35:51 import Igor Sysoev <igor@sysoev.ru> parents: 392 diff changeset	57 { ngx_string("ssl"),
599 869b6444d234 nginx-0.3.21-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 573 diff changeset	58 NGX_HTTP_MAIN_CONF\|NGX_HTTP_SRV_CONF\|NGX_CONF_FLAG,
2224 109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	59 ngx_http_ssl_enable,
383 c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	60 NGX_HTTP_SRV_CONF_OFFSET,
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	61 offsetof(ngx_http_ssl_srv_conf_t, enable),
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	62 NULL },
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	63
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	64 { ngx_string("ssl_certificate"),
599 869b6444d234 nginx-0.3.21-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 573 diff changeset	65 NGX_HTTP_MAIN_CONF\|NGX_HTTP_SRV_CONF\|NGX_CONF_TAKE1,
383 c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	66 ngx_conf_set_str_slot,
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	67 NGX_HTTP_SRV_CONF_OFFSET,
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	68 offsetof(ngx_http_ssl_srv_conf_t, certificate),
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	69 NULL },
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	70
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	71 { ngx_string("ssl_certificate_key"),
599 869b6444d234 nginx-0.3.21-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 573 diff changeset	72 NGX_HTTP_MAIN_CONF\|NGX_HTTP_SRV_CONF\|NGX_CONF_TAKE1,
383 c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	73 ngx_conf_set_str_slot,
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	74 NGX_HTTP_SRV_CONF_OFFSET,
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	75 offsetof(ngx_http_ssl_srv_conf_t, certificate_key),
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	76 NULL },
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	77
2044 f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	78 { ngx_string("ssl_dhparam"),
f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	79 NGX_HTTP_MAIN_CONF\|NGX_HTTP_SRV_CONF\|NGX_CONF_TAKE1,
f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	80 ngx_conf_set_str_slot,
f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	81 NGX_HTTP_SRV_CONF_OFFSET,
f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	82 offsetof(ngx_http_ssl_srv_conf_t, dhparam),
f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	83 NULL },
f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	84
3960 0832a6997227 ECDHE support Igor Sysoev <igor@sysoev.ru> parents: 3959 diff changeset	85 { ngx_string("ssl_ecdh_curve"),
0832a6997227 ECDHE support Igor Sysoev <igor@sysoev.ru> parents: 3959 diff changeset	86 NGX_HTTP_MAIN_CONF\|NGX_HTTP_SRV_CONF\|NGX_CONF_TAKE1,
0832a6997227 ECDHE support Igor Sysoev <igor@sysoev.ru> parents: 3959 diff changeset	87 ngx_conf_set_str_slot,
0832a6997227 ECDHE support Igor Sysoev <igor@sysoev.ru> parents: 3959 diff changeset	88 NGX_HTTP_SRV_CONF_OFFSET,
0832a6997227 ECDHE support Igor Sysoev <igor@sysoev.ru> parents: 3959 diff changeset	89 offsetof(ngx_http_ssl_srv_conf_t, ecdh_curve),
0832a6997227 ECDHE support Igor Sysoev <igor@sysoev.ru> parents: 3959 diff changeset	90 NULL },
0832a6997227 ECDHE support Igor Sysoev <igor@sysoev.ru> parents: 3959 diff changeset	91
547 818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	92 { ngx_string("ssl_protocols"),
563 9c2f3ed7a247 nginx-0.3.3-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 547 diff changeset	93 NGX_HTTP_MAIN_CONF\|NGX_HTTP_SRV_CONF\|NGX_CONF_1MORE,
547 818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	94 ngx_conf_set_bitmask_slot,
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	95 NGX_HTTP_SRV_CONF_OFFSET,
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	96 offsetof(ngx_http_ssl_srv_conf_t, protocols),
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	97 &ngx_http_ssl_protocols },
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	98
479 c52408583801 nginx-0.1.14-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 444 diff changeset	99 { ngx_string("ssl_ciphers"),
563 9c2f3ed7a247 nginx-0.3.3-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 547 diff changeset	100 NGX_HTTP_MAIN_CONF\|NGX_HTTP_SRV_CONF\|NGX_CONF_TAKE1,
479 c52408583801 nginx-0.1.14-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 444 diff changeset	101 ngx_conf_set_str_slot,
c52408583801 nginx-0.1.14-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 444 diff changeset	102 NGX_HTTP_SRV_CONF_OFFSET,
c52408583801 nginx-0.1.14-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 444 diff changeset	103 offsetof(ngx_http_ssl_srv_conf_t, ciphers),
c52408583801 nginx-0.1.14-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 444 diff changeset	104 NULL },
c52408583801 nginx-0.1.14-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 444 diff changeset	105
647 95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	106 { ngx_string("ssl_verify_client"),
4273 e444e8f6538b Fixed NGX_CONF_TAKE1/NGX_CONF_FLAG misuse. Sergey Budnevitch <sb@waeme.net> parents: 4234 diff changeset	107 NGX_HTTP_MAIN_CONF\|NGX_HTTP_SRV_CONF\|NGX_CONF_TAKE1,
2123 9697407e9ecb ) ssl_verify_client ask Igor Sysoev <igor@sysoev.ru>* parents: 2045 diff changeset	108 ngx_conf_set_enum_slot,
647 95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	109 NGX_HTTP_SRV_CONF_OFFSET,
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	110 offsetof(ngx_http_ssl_srv_conf_t, verify),
2123 9697407e9ecb ) ssl_verify_client ask Igor Sysoev <igor@sysoev.ru>* parents: 2045 diff changeset	111 &ngx_http_ssl_verify },
647 95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	112
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	113 { ngx_string("ssl_verify_depth"),
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	114 NGX_HTTP_MAIN_CONF\|NGX_HTTP_SRV_CONF\|NGX_CONF_1MORE,
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	115 ngx_conf_set_num_slot,
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	116 NGX_HTTP_SRV_CONF_OFFSET,
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	117 offsetof(ngx_http_ssl_srv_conf_t, verify_depth),
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	118 NULL },
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	119
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	120 { ngx_string("ssl_client_certificate"),
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	121 NGX_HTTP_MAIN_CONF\|NGX_HTTP_SRV_CONF\|NGX_CONF_TAKE1,
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	122 ngx_conf_set_str_slot,
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	123 NGX_HTTP_SRV_CONF_OFFSET,
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	124 offsetof(ngx_http_ssl_srv_conf_t, client_certificate),
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	125 NULL },
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	126
4872 7c3cca603438 OCSP stapling: ssl_trusted_certificate directive. Maxim Dounin <mdounin@mdounin.ru> parents: 4412 diff changeset	127 { ngx_string("ssl_trusted_certificate"),
7c3cca603438 OCSP stapling: ssl_trusted_certificate directive. Maxim Dounin <mdounin@mdounin.ru> parents: 4412 diff changeset	128 NGX_HTTP_MAIN_CONF\|NGX_HTTP_SRV_CONF\|NGX_CONF_TAKE1,
7c3cca603438 OCSP stapling: ssl_trusted_certificate directive. Maxim Dounin <mdounin@mdounin.ru> parents: 4412 diff changeset	129 ngx_conf_set_str_slot,
7c3cca603438 OCSP stapling: ssl_trusted_certificate directive. Maxim Dounin <mdounin@mdounin.ru> parents: 4412 diff changeset	130 NGX_HTTP_SRV_CONF_OFFSET,
7c3cca603438 OCSP stapling: ssl_trusted_certificate directive. Maxim Dounin <mdounin@mdounin.ru> parents: 4412 diff changeset	131 offsetof(ngx_http_ssl_srv_conf_t, trusted_certificate),
7c3cca603438 OCSP stapling: ssl_trusted_certificate directive. Maxim Dounin <mdounin@mdounin.ru> parents: 4412 diff changeset	132 NULL },
7c3cca603438 OCSP stapling: ssl_trusted_certificate directive. Maxim Dounin <mdounin@mdounin.ru> parents: 4412 diff changeset	133
547 818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	134 { ngx_string("ssl_prefer_server_ciphers"),
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	135 NGX_HTTP_MAIN_CONF\|NGX_HTTP_SRV_CONF\|NGX_CONF_FLAG,
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	136 ngx_conf_set_flag_slot,
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	137 NGX_HTTP_SRV_CONF_OFFSET,
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	138 offsetof(ngx_http_ssl_srv_conf_t, prefer_server_ciphers),
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	139 NULL },
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	140
973 e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	141 { ngx_string("ssl_session_cache"),
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	142 NGX_HTTP_MAIN_CONF\|NGX_HTTP_SRV_CONF\|NGX_CONF_TAKE12,
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	143 ngx_http_ssl_session_cache,
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	144 NGX_HTTP_SRV_CONF_OFFSET,
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	145 0,
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	146 NULL },
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	147
573 58475592100c nginx-0.3.8-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 563 diff changeset	148 { ngx_string("ssl_session_timeout"),
58475592100c nginx-0.3.8-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 563 diff changeset	149 NGX_HTTP_MAIN_CONF\|NGX_HTTP_SRV_CONF\|NGX_CONF_TAKE1,
58475592100c nginx-0.3.8-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 563 diff changeset	150 ngx_conf_set_sec_slot,
58475592100c nginx-0.3.8-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 563 diff changeset	151 NGX_HTTP_SRV_CONF_OFFSET,
58475592100c nginx-0.3.8-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 563 diff changeset	152 offsetof(ngx_http_ssl_srv_conf_t, session_timeout),
58475592100c nginx-0.3.8-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 563 diff changeset	153 NULL },
58475592100c nginx-0.3.8-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 563 diff changeset	154
2995 cc07d164f0dc ssl_crl Igor Sysoev <igor@sysoev.ru> parents: 2994 diff changeset	155 { ngx_string("ssl_crl"),
cc07d164f0dc ssl_crl Igor Sysoev <igor@sysoev.ru> parents: 2994 diff changeset	156 NGX_HTTP_MAIN_CONF\|NGX_HTTP_SRV_CONF\|NGX_CONF_TAKE1,
cc07d164f0dc ssl_crl Igor Sysoev <igor@sysoev.ru> parents: 2994 diff changeset	157 ngx_conf_set_str_slot,
cc07d164f0dc ssl_crl Igor Sysoev <igor@sysoev.ru> parents: 2994 diff changeset	158 NGX_HTTP_SRV_CONF_OFFSET,
cc07d164f0dc ssl_crl Igor Sysoev <igor@sysoev.ru> parents: 2994 diff changeset	159 offsetof(ngx_http_ssl_srv_conf_t, crl),
cc07d164f0dc ssl_crl Igor Sysoev <igor@sysoev.ru> parents: 2994 diff changeset	160 NULL },
cc07d164f0dc ssl_crl Igor Sysoev <igor@sysoev.ru> parents: 2994 diff changeset	161
4873 dd74fd35ceb5 OCSP stapling: ssl_stapling_file support. Maxim Dounin <mdounin@mdounin.ru> parents: 4872 diff changeset	162 { ngx_string("ssl_stapling"),
dd74fd35ceb5 OCSP stapling: ssl_stapling_file support. Maxim Dounin <mdounin@mdounin.ru> parents: 4872 diff changeset	163 NGX_HTTP_MAIN_CONF\|NGX_HTTP_SRV_CONF\|NGX_CONF_FLAG,
dd74fd35ceb5 OCSP stapling: ssl_stapling_file support. Maxim Dounin <mdounin@mdounin.ru> parents: 4872 diff changeset	164 ngx_conf_set_flag_slot,
dd74fd35ceb5 OCSP stapling: ssl_stapling_file support. Maxim Dounin <mdounin@mdounin.ru> parents: 4872 diff changeset	165 NGX_HTTP_SRV_CONF_OFFSET,
dd74fd35ceb5 OCSP stapling: ssl_stapling_file support. Maxim Dounin <mdounin@mdounin.ru> parents: 4872 diff changeset	166 offsetof(ngx_http_ssl_srv_conf_t, stapling),
dd74fd35ceb5 OCSP stapling: ssl_stapling_file support. Maxim Dounin <mdounin@mdounin.ru> parents: 4872 diff changeset	167 NULL },
dd74fd35ceb5 OCSP stapling: ssl_stapling_file support. Maxim Dounin <mdounin@mdounin.ru> parents: 4872 diff changeset	168
dd74fd35ceb5 OCSP stapling: ssl_stapling_file support. Maxim Dounin <mdounin@mdounin.ru> parents: 4872 diff changeset	169 { ngx_string("ssl_stapling_file"),
dd74fd35ceb5 OCSP stapling: ssl_stapling_file support. Maxim Dounin <mdounin@mdounin.ru> parents: 4872 diff changeset	170 NGX_HTTP_MAIN_CONF\|NGX_HTTP_SRV_CONF\|NGX_CONF_TAKE1,
dd74fd35ceb5 OCSP stapling: ssl_stapling_file support. Maxim Dounin <mdounin@mdounin.ru> parents: 4872 diff changeset	171 ngx_conf_set_str_slot,
dd74fd35ceb5 OCSP stapling: ssl_stapling_file support. Maxim Dounin <mdounin@mdounin.ru> parents: 4872 diff changeset	172 NGX_HTTP_SRV_CONF_OFFSET,
dd74fd35ceb5 OCSP stapling: ssl_stapling_file support. Maxim Dounin <mdounin@mdounin.ru> parents: 4872 diff changeset	173 offsetof(ngx_http_ssl_srv_conf_t, stapling_file),
dd74fd35ceb5 OCSP stapling: ssl_stapling_file support. Maxim Dounin <mdounin@mdounin.ru> parents: 4872 diff changeset	174 NULL },
dd74fd35ceb5 OCSP stapling: ssl_stapling_file support. Maxim Dounin <mdounin@mdounin.ru> parents: 4872 diff changeset	175
383 c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	176 ngx_null_command
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	177 };
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	178
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	179
395 f8f0f1834266 nginx-0.0.7-2004-07-16-21:11:43 import Igor Sysoev <igor@sysoev.ru> parents: 394 diff changeset	180 static ngx_http_module_t ngx_http_ssl_module_ctx = {
611 3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	181 ngx_http_ssl_add_variables, /* preconfiguration */
509 9b8c906f6e63 nginx-0.1.29-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 507 diff changeset	182 NULL, /* postconfiguration */
383 c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	183
541 b09ee85d0ac8 nginx-0.1.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 529 diff changeset	184 NULL, /* create main configuration */
b09ee85d0ac8 nginx-0.1.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 529 diff changeset	185 NULL, /* init main configuration */
383 c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	186
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	187 ngx_http_ssl_create_srv_conf, /* create server configuration */
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	188 ngx_http_ssl_merge_srv_conf, /* merge server configuration */
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	189
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	190 NULL, /* create location configuration */
485 4ebe09b07e30 nginx-0.1.17-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 479 diff changeset	191 NULL /* merge location configuration */
383 c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	192 };
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	193
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	194
395 f8f0f1834266 nginx-0.0.7-2004-07-16-21:11:43 import Igor Sysoev <igor@sysoev.ru> parents: 394 diff changeset	195 ngx_module_t ngx_http_ssl_module = {
509 9b8c906f6e63 nginx-0.1.29-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 507 diff changeset	196 NGX_MODULE_V1,
395 f8f0f1834266 nginx-0.0.7-2004-07-16-21:11:43 import Igor Sysoev <igor@sysoev.ru> parents: 394 diff changeset	197 &ngx_http_ssl_module_ctx, /* module context */
f8f0f1834266 nginx-0.0.7-2004-07-16-21:11:43 import Igor Sysoev <igor@sysoev.ru> parents: 394 diff changeset	198 ngx_http_ssl_commands, /* module directives */
383 c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	199 NGX_HTTP_MODULE, /* module type */
541 b09ee85d0ac8 nginx-0.1.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 529 diff changeset	200 NULL, /* init master */
393 5659d773cfa8 nginx-0.0.7-2004-07-15-20:35:51 import Igor Sysoev <igor@sysoev.ru> parents: 392 diff changeset	201 NULL, /* init module */
541 b09ee85d0ac8 nginx-0.1.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 529 diff changeset	202 NULL, /* init process */
b09ee85d0ac8 nginx-0.1.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 529 diff changeset	203 NULL, /* init thread */
b09ee85d0ac8 nginx-0.1.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 529 diff changeset	204 NULL, /* exit thread */
b09ee85d0ac8 nginx-0.1.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 529 diff changeset	205 NULL, /* exit process */
b09ee85d0ac8 nginx-0.1.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 529 diff changeset	206 NULL, /* exit master */
b09ee85d0ac8 nginx-0.1.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 529 diff changeset	207 NGX_MODULE_V1_PADDING
383 c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	208 };
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	209
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	210
611 3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	211 static ngx_http_variable_t ngx_http_ssl_vars[] = {
3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	212
671 cec32b3753ac nginx-0.3.57-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 669 diff changeset	213 { ngx_string("ssl_protocol"), NULL, ngx_http_ssl_static_variable,
1565 4c43e25d11ea fix English grammar Igor Sysoev <igor@sysoev.ru> parents: 1310 diff changeset	214 (uintptr_t) ngx_ssl_get_protocol, NGX_HTTP_VAR_CHANGEABLE, 0 },
611 3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	215
671 cec32b3753ac nginx-0.3.57-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 669 diff changeset	216 { ngx_string("ssl_cipher"), NULL, ngx_http_ssl_static_variable,
1565 4c43e25d11ea fix English grammar Igor Sysoev <igor@sysoev.ru> parents: 1310 diff changeset	217 (uintptr_t) ngx_ssl_get_cipher_name, NGX_HTTP_VAR_CHANGEABLE, 0 },
611 3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	218
3154 823f72db46c0 $ssl_session_id Igor Sysoev <igor@sysoev.ru> parents: 3140 diff changeset	219 { ngx_string("ssl_session_id"), NULL, ngx_http_ssl_variable,
823f72db46c0 $ssl_session_id Igor Sysoev <igor@sysoev.ru> parents: 3140 diff changeset	220 (uintptr_t) ngx_ssl_get_session_id, NGX_HTTP_VAR_CHANGEABLE, 0 },
823f72db46c0 $ssl_session_id Igor Sysoev <igor@sysoev.ru> parents: 3140 diff changeset	221
2045 2b11822b12d6 $ssl_client_cert Igor Sysoev <igor@sysoev.ru> parents: 2044 diff changeset	222 { ngx_string("ssl_client_cert"), NULL, ngx_http_ssl_variable,
2b11822b12d6 $ssl_client_cert Igor Sysoev <igor@sysoev.ru> parents: 2044 diff changeset	223 (uintptr_t) ngx_ssl_get_certificate, NGX_HTTP_VAR_CHANGEABLE, 0 },
2b11822b12d6 $ssl_client_cert Igor Sysoev <igor@sysoev.ru> parents: 2044 diff changeset	224
2123 9697407e9ecb ) ssl_verify_client ask Igor Sysoev <igor@sysoev.ru>* parents: 2045 diff changeset	225 { ngx_string("ssl_client_raw_cert"), NULL, ngx_http_ssl_variable,
9697407e9ecb ) ssl_verify_client ask Igor Sysoev <igor@sysoev.ru>* parents: 2045 diff changeset	226 (uintptr_t) ngx_ssl_get_raw_certificate,
9697407e9ecb ) ssl_verify_client ask Igor Sysoev <igor@sysoev.ru>* parents: 2045 diff changeset	227 NGX_HTTP_VAR_CHANGEABLE, 0 },
9697407e9ecb ) ssl_verify_client ask Igor Sysoev <igor@sysoev.ru>* parents: 2045 diff changeset	228
671 cec32b3753ac nginx-0.3.57-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 669 diff changeset	229 { ngx_string("ssl_client_s_dn"), NULL, ngx_http_ssl_variable,
1565 4c43e25d11ea fix English grammar Igor Sysoev <igor@sysoev.ru> parents: 1310 diff changeset	230 (uintptr_t) ngx_ssl_get_subject_dn, NGX_HTTP_VAR_CHANGEABLE, 0 },
647 95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	231
671 cec32b3753ac nginx-0.3.57-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 669 diff changeset	232 { ngx_string("ssl_client_i_dn"), NULL, ngx_http_ssl_variable,
1565 4c43e25d11ea fix English grammar Igor Sysoev <igor@sysoev.ru> parents: 1310 diff changeset	233 (uintptr_t) ngx_ssl_get_issuer_dn, NGX_HTTP_VAR_CHANGEABLE, 0 },
671 cec32b3753ac nginx-0.3.57-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 669 diff changeset	234
cec32b3753ac nginx-0.3.57-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 669 diff changeset	235 { ngx_string("ssl_client_serial"), NULL, ngx_http_ssl_variable,
1565 4c43e25d11ea fix English grammar Igor Sysoev <igor@sysoev.ru> parents: 1310 diff changeset	236 (uintptr_t) ngx_ssl_get_serial_number, NGX_HTTP_VAR_CHANGEABLE, 0 },
647 95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	237
2994 f33c48457d0c ) $ssl_client_verify Igor Sysoev <igor@sysoev.ru>* parents: 2912 diff changeset	238 { ngx_string("ssl_client_verify"), NULL, ngx_http_ssl_variable,
f33c48457d0c ) $ssl_client_verify Igor Sysoev <igor@sysoev.ru>* parents: 2912 diff changeset	239 (uintptr_t) ngx_ssl_get_client_verify, NGX_HTTP_VAR_CHANGEABLE, 0 },
f33c48457d0c ) $ssl_client_verify Igor Sysoev <igor@sysoev.ru>* parents: 2912 diff changeset	240
637 e60fe4cf1d4e nginx-0.3.40-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 611 diff changeset	241 { ngx_null_string, NULL, NULL, 0, 0, 0 }
611 3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	242 };
3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	243
3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	244
974 8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 973 diff changeset	245 static ngx_str_t ngx_http_ssl_sess_id_ctx = ngx_string("HTTP");
973 e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	246
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	247
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	248 static ngx_int_t
671 cec32b3753ac nginx-0.3.57-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 669 diff changeset	249 ngx_http_ssl_static_variable(ngx_http_request_t *r,
611 3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	250 ngx_http_variable_value_t *v, uintptr_t data)
3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	251 {
671 cec32b3753ac nginx-0.3.57-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 669 diff changeset	252 ngx_ssl_variable_handler_pt handler = (ngx_ssl_variable_handler_pt) data;
611 3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	253
1310 33d6c994a0b2 Sun Studio on sparc uses different bit order Igor Sysoev <igor@sysoev.ru> parents: 1219 diff changeset	254 size_t len;
33d6c994a0b2 Sun Studio on sparc uses different bit order Igor Sysoev <igor@sysoev.ru> parents: 1219 diff changeset	255 ngx_str_t s;
611 3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	256
3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	257 if (r->connection->ssl) {
3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	258
1310 33d6c994a0b2 Sun Studio on sparc uses different bit order Igor Sysoev <igor@sysoev.ru> parents: 1219 diff changeset	259 (void) handler(r->connection, NULL, &s);
33d6c994a0b2 Sun Studio on sparc uses different bit order Igor Sysoev <igor@sysoev.ru> parents: 1219 diff changeset	260
33d6c994a0b2 Sun Studio on sparc uses different bit order Igor Sysoev <igor@sysoev.ru> parents: 1219 diff changeset	261 v->data = s.data;
611 3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	262
671 cec32b3753ac nginx-0.3.57-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 669 diff changeset	263 for (len = 0; v->data[len]; len++) { /* void */ }
611 3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	264
3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	265 v->len = len;
3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	266 v->valid = 1;
1565 4c43e25d11ea fix English grammar Igor Sysoev <igor@sysoev.ru> parents: 1310 diff changeset	267 v->no_cacheable = 0;
611 3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	268 v->not_found = 0;
3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	269
3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	270 return NGX_OK;
3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	271 }
3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	272
3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	273 v->not_found = 1;
3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	274
3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	275 return NGX_OK;
3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	276 }
3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	277
3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	278
3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	279 static ngx_int_t
671 cec32b3753ac nginx-0.3.57-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 669 diff changeset	280 ngx_http_ssl_variable(ngx_http_request_t r, ngx_http_variable_value_t v,
647 95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	281 uintptr_t data)
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	282 {
671 cec32b3753ac nginx-0.3.57-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 669 diff changeset	283 ngx_ssl_variable_handler_pt handler = (ngx_ssl_variable_handler_pt) data;
647 95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	284
1310 33d6c994a0b2 Sun Studio on sparc uses different bit order Igor Sysoev <igor@sysoev.ru> parents: 1219 diff changeset	285 ngx_str_t s;
33d6c994a0b2 Sun Studio on sparc uses different bit order Igor Sysoev <igor@sysoev.ru> parents: 1219 diff changeset	286
647 95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	287 if (r->connection->ssl) {
1310 33d6c994a0b2 Sun Studio on sparc uses different bit order Igor Sysoev <igor@sysoev.ru> parents: 1219 diff changeset	288
33d6c994a0b2 Sun Studio on sparc uses different bit order Igor Sysoev <igor@sysoev.ru> parents: 1219 diff changeset	289 if (handler(r->connection, r->pool, &s) != NGX_OK) {
647 95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	290 return NGX_ERROR;
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	291 }
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	292
1310 33d6c994a0b2 Sun Studio on sparc uses different bit order Igor Sysoev <igor@sysoev.ru> parents: 1219 diff changeset	293 v->len = s.len;
33d6c994a0b2 Sun Studio on sparc uses different bit order Igor Sysoev <igor@sysoev.ru> parents: 1219 diff changeset	294 v->data = s.data;
33d6c994a0b2 Sun Studio on sparc uses different bit order Igor Sysoev <igor@sysoev.ru> parents: 1219 diff changeset	295
647 95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	296 if (v->len) {
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	297 v->valid = 1;
1565 4c43e25d11ea fix English grammar Igor Sysoev <igor@sysoev.ru> parents: 1310 diff changeset	298 v->no_cacheable = 0;
647 95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	299 v->not_found = 0;
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	300
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	301 return NGX_OK;
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	302 }
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	303 }
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	304
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	305 v->not_found = 1;
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	306
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	307 return NGX_OK;
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	308 }
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	309
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	310
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	311 static ngx_int_t
611 3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	312 ngx_http_ssl_add_variables(ngx_conf_t *cf)
3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	313 {
3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	314 ngx_http_variable_t var, v;
3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	315
3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	316 for (v = ngx_http_ssl_vars; v->name.len; v++) {
3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	317 var = ngx_http_add_variable(cf, &v->name, v->flags);
3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	318 if (var == NULL) {
3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	319 return NGX_ERROR;
3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	320 }
3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	321
637 e60fe4cf1d4e nginx-0.3.40-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 611 diff changeset	322 var->get_handler = v->get_handler;
611 3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	323 var->data = v->data;
3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	324 }
3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	325
3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	326 return NGX_OK;
3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	327 }
3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	328
3f8a2132b93d nginx-0.3.27-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 599 diff changeset	329
501 d4ea69372b94 nginx-0.1.25-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 485 diff changeset	330 static void *
d4ea69372b94 nginx-0.1.25-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 485 diff changeset	331 ngx_http_ssl_create_srv_conf(ngx_conf_t *cf)
383 c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	332 {
971 948acd940145 style fix: scf > sscf Igor Sysoev <igor@sysoev.ru> parents: 970 diff changeset	333 ngx_http_ssl_srv_conf_t *sscf;
383 c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	334
971 948acd940145 style fix: scf > sscf Igor Sysoev <igor@sysoev.ru> parents: 970 diff changeset	335 sscf = ngx_pcalloc(cf->pool, sizeof(ngx_http_ssl_srv_conf_t));
948acd940145 style fix: scf > sscf Igor Sysoev <igor@sysoev.ru> parents: 970 diff changeset	336 if (sscf == NULL) {
2912 c7d57b539248 return NULL instead of NGX_CONF_ERROR on a create conf failure Igor Sysoev <igor@sysoev.ru> parents: 2716 diff changeset	337 return NULL;
383 c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	338 }
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	339
479 c52408583801 nginx-0.1.14-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 444 diff changeset	340 /*
c52408583801 nginx-0.1.14-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 444 diff changeset	341 * set by ngx_pcalloc():
c52408583801 nginx-0.1.14-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 444 diff changeset	342 *
971 948acd940145 style fix: scf > sscf Igor Sysoev <igor@sysoev.ru> parents: 970 diff changeset	343 * sscf->protocols = 0;
2044 f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	344 * sscf->certificate = { 0, NULL };
f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	345 * sscf->certificate_key = { 0, NULL };
f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	346 * sscf->dhparam = { 0, NULL };
3960 0832a6997227 ECDHE support Igor Sysoev <igor@sysoev.ru> parents: 3959 diff changeset	347 * sscf->ecdh_curve = { 0, NULL };
2044 f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	348 * sscf->client_certificate = { 0, NULL };
4872 7c3cca603438 OCSP stapling: ssl_trusted_certificate directive. Maxim Dounin <mdounin@mdounin.ru> parents: 4412 diff changeset	349 * sscf->trusted_certificate = { 0, NULL };
2995 cc07d164f0dc ssl_crl Igor Sysoev <igor@sysoev.ru> parents: 2994 diff changeset	350 * sscf->crl = { 0, NULL };
3516 dd1570b6f237 ngx_str_set() and ngx_str_null() Igor Sysoev <igor@sysoev.ru> parents: 3209 diff changeset	351 * sscf->ciphers = { 0, NULL };
973 e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	352 * sscf->shm_zone = NULL;
4873 dd74fd35ceb5 OCSP stapling: ssl_stapling_file support. Maxim Dounin <mdounin@mdounin.ru> parents: 4872 diff changeset	353 * sscf->stapling_file = { 0, NULL };
479 c52408583801 nginx-0.1.14-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 444 diff changeset	354 */
c52408583801 nginx-0.1.14-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 444 diff changeset	355
971 948acd940145 style fix: scf > sscf Igor Sysoev <igor@sysoev.ru> parents: 970 diff changeset	356 sscf->enable = NGX_CONF_UNSET;
2123 9697407e9ecb ) ssl_verify_client ask Igor Sysoev <igor@sysoev.ru>* parents: 2045 diff changeset	357 sscf->prefer_server_ciphers = NGX_CONF_UNSET;
2710 218ee852de73 fix building by MSVC8 Igor Sysoev <igor@sysoev.ru> parents: 2224 diff changeset	358 sscf->verify = NGX_CONF_UNSET_UINT;
218ee852de73 fix building by MSVC8 Igor Sysoev <igor@sysoev.ru> parents: 2224 diff changeset	359 sscf->verify_depth = NGX_CONF_UNSET_UINT;
973 e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	360 sscf->builtin_session_cache = NGX_CONF_UNSET;
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	361 sscf->session_timeout = NGX_CONF_UNSET;
4873 dd74fd35ceb5 OCSP stapling: ssl_stapling_file support. Maxim Dounin <mdounin@mdounin.ru> parents: 4872 diff changeset	362 sscf->stapling = NGX_CONF_UNSET;
383 c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	363
971 948acd940145 style fix: scf > sscf Igor Sysoev <igor@sysoev.ru> parents: 970 diff changeset	364 return sscf;
383 c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	365 }
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	366
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	367
501 d4ea69372b94 nginx-0.1.25-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 485 diff changeset	368 static char *
d4ea69372b94 nginx-0.1.25-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 485 diff changeset	369 ngx_http_ssl_merge_srv_conf(ngx_conf_t cf, void parent, void *child)
383 c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	370 {
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	371 ngx_http_ssl_srv_conf_t *prev = parent;
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	372 ngx_http_ssl_srv_conf_t *conf = child;
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	373
563 9c2f3ed7a247 nginx-0.3.3-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 547 diff changeset	374 ngx_pool_cleanup_t *cln;
9c2f3ed7a247 nginx-0.3.3-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 547 diff changeset	375
4234 d5462eab1440 Fixed segfault on configuration testing with ssl (ticket #37). Maxim Dounin <mdounin@mdounin.ru> parents: 4153 diff changeset	376 if (conf->enable == NGX_CONF_UNSET) {
d5462eab1440 Fixed segfault on configuration testing with ssl (ticket #37). Maxim Dounin <mdounin@mdounin.ru> parents: 4153 diff changeset	377 if (prev->enable == NGX_CONF_UNSET) {
d5462eab1440 Fixed segfault on configuration testing with ssl (ticket #37). Maxim Dounin <mdounin@mdounin.ru> parents: 4153 diff changeset	378 conf->enable = 0;
d5462eab1440 Fixed segfault on configuration testing with ssl (ticket #37). Maxim Dounin <mdounin@mdounin.ru> parents: 4153 diff changeset	379
d5462eab1440 Fixed segfault on configuration testing with ssl (ticket #37). Maxim Dounin <mdounin@mdounin.ru> parents: 4153 diff changeset	380 } else {
d5462eab1440 Fixed segfault on configuration testing with ssl (ticket #37). Maxim Dounin <mdounin@mdounin.ru> parents: 4153 diff changeset	381 conf->enable = prev->enable;
d5462eab1440 Fixed segfault on configuration testing with ssl (ticket #37). Maxim Dounin <mdounin@mdounin.ru> parents: 4153 diff changeset	382 conf->file = prev->file;
d5462eab1440 Fixed segfault on configuration testing with ssl (ticket #37). Maxim Dounin <mdounin@mdounin.ru> parents: 4153 diff changeset	383 conf->line = prev->line;
d5462eab1440 Fixed segfault on configuration testing with ssl (ticket #37). Maxim Dounin <mdounin@mdounin.ru> parents: 4153 diff changeset	384 }
d5462eab1440 Fixed segfault on configuration testing with ssl (ticket #37). Maxim Dounin <mdounin@mdounin.ru> parents: 4153 diff changeset	385 }
383 c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	386
573 58475592100c nginx-0.3.8-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 563 diff changeset	387 ngx_conf_merge_value(conf->session_timeout,
58475592100c nginx-0.3.8-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 563 diff changeset	388 prev->session_timeout, 300);
58475592100c nginx-0.3.8-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 563 diff changeset	389
547 818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	390 ngx_conf_merge_value(conf->prefer_server_ciphers,
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	391 prev->prefer_server_ciphers, 0);
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	392
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	393 ngx_conf_merge_bitmask_value(conf->protocols, prev->protocols,
4400 a0505851e70c Added support for TLSv1.1, TLSv1.2 in ssl_protocols directive. Maxim Dounin <mdounin@mdounin.ru> parents: 4273 diff changeset	394 (NGX_CONF_BITMASK_SET\|NGX_SSL_SSLv3\|NGX_SSL_TLSv1
a0505851e70c Added support for TLSv1.1, TLSv1.2 in ssl_protocols directive. Maxim Dounin <mdounin@mdounin.ru> parents: 4273 diff changeset	395 \|NGX_SSL_TLSv1_1\|NGX_SSL_TLSv1_2));
547 818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	396
2123 9697407e9ecb ) ssl_verify_client ask Igor Sysoev <igor@sysoev.ru>* parents: 2045 diff changeset	397 ngx_conf_merge_uint_value(conf->verify, prev->verify, 0);
9697407e9ecb ) ssl_verify_client ask Igor Sysoev <igor@sysoev.ru>* parents: 2045 diff changeset	398 ngx_conf_merge_uint_value(conf->verify_depth, prev->verify_depth, 1);
647 95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	399
2224 109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	400 ngx_conf_merge_str_value(conf->certificate, prev->certificate, "");
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	401 ngx_conf_merge_str_value(conf->certificate_key, prev->certificate_key, "");
383 c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	402
2044 f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	403 ngx_conf_merge_str_value(conf->dhparam, prev->dhparam, "");
f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	404
647 95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	405 ngx_conf_merge_str_value(conf->client_certificate, prev->client_certificate,
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	406 "");
4872 7c3cca603438 OCSP stapling: ssl_trusted_certificate directive. Maxim Dounin <mdounin@mdounin.ru> parents: 4412 diff changeset	407 ngx_conf_merge_str_value(conf->trusted_certificate,
7c3cca603438 OCSP stapling: ssl_trusted_certificate directive. Maxim Dounin <mdounin@mdounin.ru> parents: 4412 diff changeset	408 prev->trusted_certificate, "");
2995 cc07d164f0dc ssl_crl Igor Sysoev <igor@sysoev.ru> parents: 2994 diff changeset	409 ngx_conf_merge_str_value(conf->crl, prev->crl, "");
647 95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	410
3960 0832a6997227 ECDHE support Igor Sysoev <igor@sysoev.ru> parents: 3959 diff changeset	411 ngx_conf_merge_str_value(conf->ecdh_curve, prev->ecdh_curve,
0832a6997227 ECDHE support Igor Sysoev <igor@sysoev.ru> parents: 3959 diff changeset	412 NGX_DEFAULT_ECDH_CURVE);
0832a6997227 ECDHE support Igor Sysoev <igor@sysoev.ru> parents: 3959 diff changeset	413
2124 e0b424b98f24 fix typo Igor Sysoev <igor@sysoev.ru> parents: 2123 diff changeset	414 ngx_conf_merge_str_value(conf->ciphers, prev->ciphers, NGX_DEFAULT_CIPHERS);
479 c52408583801 nginx-0.1.14-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 444 diff changeset	415
4873 dd74fd35ceb5 OCSP stapling: ssl_stapling_file support. Maxim Dounin <mdounin@mdounin.ru> parents: 4872 diff changeset	416 ngx_conf_merge_value(conf->stapling, prev->stapling, 0);
dd74fd35ceb5 OCSP stapling: ssl_stapling_file support. Maxim Dounin <mdounin@mdounin.ru> parents: 4872 diff changeset	417 ngx_conf_merge_str_value(conf->stapling_file, prev->stapling_file, "");
479 c52408583801 nginx-0.1.14-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 444 diff changeset	418
547 818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	419 conf->ssl.log = cf->log;
386 fa72605e7089 nginx-0.0.7-2004-07-12-01:03:47 import Igor Sysoev <igor@sysoev.ru> parents: 385 diff changeset	420
2224 109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	421 if (conf->enable) {
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	422
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	423 if (conf->certificate.len == 0) {
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	424 ngx_log_error(NGX_LOG_EMERG, cf->log, 0,
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	425 "no \"ssl_certificate\" is defined for "
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	426 "the \"ssl\" directive in %s:%ui",
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	427 conf->file, conf->line);
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	428 return NGX_CONF_ERROR;
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	429 }
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	430
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	431 if (conf->certificate_key.len == 0) {
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	432 ngx_log_error(NGX_LOG_EMERG, cf->log, 0,
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	433 "no \"ssl_certificate_key\" is defined for "
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	434 "the \"ssl\" directive in %s:%ui",
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	435 conf->file, conf->line);
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	436 return NGX_CONF_ERROR;
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	437 }
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	438
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	439 } else {
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	440
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	441 if (conf->certificate.len == 0) {
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	442 return NGX_CONF_OK;
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	443 }
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	444
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	445 if (conf->certificate_key.len == 0) {
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	446 ngx_log_error(NGX_LOG_EMERG, cf->log, 0,
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	447 "no \"ssl_certificate_key\" is defined "
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	448 "for certificate \"%V\"", &conf->certificate);
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	449 return NGX_CONF_ERROR;
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	450 }
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	451 }
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	452
969 065b39794fff ngx_ssl_get_server_conf() Igor Sysoev <igor@sysoev.ru> parents: 671 diff changeset	453 if (ngx_ssl_create(&conf->ssl, conf->protocols, conf) != NGX_OK) {
386 fa72605e7089 nginx-0.0.7-2004-07-12-01:03:47 import Igor Sysoev <igor@sysoev.ru> parents: 385 diff changeset	454 return NGX_CONF_ERROR;
fa72605e7089 nginx-0.0.7-2004-07-12-01:03:47 import Igor Sysoev <igor@sysoev.ru> parents: 385 diff changeset	455 }
fa72605e7089 nginx-0.0.7-2004-07-12-01:03:47 import Igor Sysoev <igor@sysoev.ru> parents: 385 diff changeset	456
1219 86c5c9288acc SNI support Igor Sysoev <igor@sysoev.ru> parents: 974 diff changeset	457 #ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
86c5c9288acc SNI support Igor Sysoev <igor@sysoev.ru> parents: 974 diff changeset	458
86c5c9288acc SNI support Igor Sysoev <igor@sysoev.ru> parents: 974 diff changeset	459 if (SSL_CTX_set_tlsext_servername_callback(conf->ssl.ctx,
86c5c9288acc SNI support Igor Sysoev <igor@sysoev.ru> parents: 974 diff changeset	460 ngx_http_ssl_servername)
86c5c9288acc SNI support Igor Sysoev <igor@sysoev.ru> parents: 974 diff changeset	461 == 0)
86c5c9288acc SNI support Igor Sysoev <igor@sysoev.ru> parents: 974 diff changeset	462 {
3140 ba9a8ba4207e ) issue warning instead of failure: this is too common case Igor Sysoev <igor@sysoev.ru>* parents: 2996 diff changeset	463 ngx_log_error(NGX_LOG_WARN, cf->log, 0,
3209 b82c623a607e fix typo Igor Sysoev <igor@sysoev.ru> parents: 3196 diff changeset	464 "nginx was built with SNI support, however, now it is linked "
3140 ba9a8ba4207e ) issue warning instead of failure: this is too common case Igor Sysoev <igor@sysoev.ru>* parents: 2996 diff changeset	465 "dynamically to an OpenSSL library which has no tlsext support, "
ba9a8ba4207e ) issue warning instead of failure: this is too common case Igor Sysoev <igor@sysoev.ru>* parents: 2996 diff changeset	466 "therefore SNI is not available");
1219 86c5c9288acc SNI support Igor Sysoev <igor@sysoev.ru> parents: 974 diff changeset	467 }
86c5c9288acc SNI support Igor Sysoev <igor@sysoev.ru> parents: 974 diff changeset	468
86c5c9288acc SNI support Igor Sysoev <igor@sysoev.ru> parents: 974 diff changeset	469 #endif
86c5c9288acc SNI support Igor Sysoev <igor@sysoev.ru> parents: 974 diff changeset	470
563 9c2f3ed7a247 nginx-0.3.3-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 547 diff changeset	471 cln = ngx_pool_cleanup_add(cf->pool, 0);
9c2f3ed7a247 nginx-0.3.3-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 547 diff changeset	472 if (cln == NULL) {
509 9b8c906f6e63 nginx-0.1.29-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 507 diff changeset	473 return NGX_CONF_ERROR;
9b8c906f6e63 nginx-0.1.29-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 507 diff changeset	474 }
9b8c906f6e63 nginx-0.1.29-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 507 diff changeset	475
563 9c2f3ed7a247 nginx-0.3.3-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 547 diff changeset	476 cln->handler = ngx_ssl_cleanup_ctx;
9c2f3ed7a247 nginx-0.3.3-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 547 diff changeset	477 cln->data = &conf->ssl;
9c2f3ed7a247 nginx-0.3.3-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 547 diff changeset	478
9c2f3ed7a247 nginx-0.3.3-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 547 diff changeset	479 if (ngx_ssl_certificate(cf, &conf->ssl, &conf->certificate,
970 35f98a8e275f style fix Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	480 &conf->certificate_key)
35f98a8e275f style fix Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	481 != NGX_OK)
529 e5d7d0334fdb nginx-0.1.39-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 509 diff changeset	482 {
386 fa72605e7089 nginx-0.0.7-2004-07-12-01:03:47 import Igor Sysoev <igor@sysoev.ru> parents: 385 diff changeset	483 return NGX_CONF_ERROR;
fa72605e7089 nginx-0.0.7-2004-07-12-01:03:47 import Igor Sysoev <igor@sysoev.ru> parents: 385 diff changeset	484 }
fa72605e7089 nginx-0.0.7-2004-07-12-01:03:47 import Igor Sysoev <igor@sysoev.ru> parents: 385 diff changeset	485
547 818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	486 if (SSL_CTX_set_cipher_list(conf->ssl.ctx,
563 9c2f3ed7a247 nginx-0.3.3-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 547 diff changeset	487 (const char *) conf->ciphers.data)
9c2f3ed7a247 nginx-0.3.3-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 547 diff changeset	488 == 0)
529 e5d7d0334fdb nginx-0.1.39-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 509 diff changeset	489 {
395 f8f0f1834266 nginx-0.0.7-2004-07-16-21:11:43 import Igor Sysoev <igor@sysoev.ru> parents: 394 diff changeset	490 ngx_ssl_error(NGX_LOG_EMERG, cf->log, 0,
547 818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	491 "SSL_CTX_set_cipher_list(\"%V\") failed",
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	492 &conf->ciphers);
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	493 }
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	494
647 95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	495 if (conf->verify) {
2123 9697407e9ecb ) ssl_verify_client ask Igor Sysoev <igor@sysoev.ru>* parents: 2045 diff changeset	496
9697407e9ecb ) ssl_verify_client ask Igor Sysoev <igor@sysoev.ru>* parents: 2045 diff changeset	497 if (conf->client_certificate.len == 0) {
9697407e9ecb ) ssl_verify_client ask Igor Sysoev <igor@sysoev.ru>* parents: 2045 diff changeset	498 ngx_log_error(NGX_LOG_EMERG, cf->log, 0,
9697407e9ecb ) ssl_verify_client ask Igor Sysoev <igor@sysoev.ru>* parents: 2045 diff changeset	499 "no ssl_client_certificate for ssl_client_verify");
9697407e9ecb ) ssl_verify_client ask Igor Sysoev <igor@sysoev.ru>* parents: 2045 diff changeset	500 return NGX_CONF_ERROR;
9697407e9ecb ) ssl_verify_client ask Igor Sysoev <igor@sysoev.ru>* parents: 2045 diff changeset	501 }
9697407e9ecb ) ssl_verify_client ask Igor Sysoev <igor@sysoev.ru>* parents: 2045 diff changeset	502
671 cec32b3753ac nginx-0.3.57-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 669 diff changeset	503 if (ngx_ssl_client_certificate(cf, &conf->ssl,
970 35f98a8e275f style fix Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	504 &conf->client_certificate,
35f98a8e275f style fix Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	505 conf->verify_depth)
671 cec32b3753ac nginx-0.3.57-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 669 diff changeset	506 != NGX_OK)
cec32b3753ac nginx-0.3.57-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 669 diff changeset	507 {
cec32b3753ac nginx-0.3.57-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 669 diff changeset	508 return NGX_CONF_ERROR;
647 95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	509 }
4872 7c3cca603438 OCSP stapling: ssl_trusted_certificate directive. Maxim Dounin <mdounin@mdounin.ru> parents: 4412 diff changeset	510 }
2995 cc07d164f0dc ssl_crl Igor Sysoev <igor@sysoev.ru> parents: 2994 diff changeset	511
4872 7c3cca603438 OCSP stapling: ssl_trusted_certificate directive. Maxim Dounin <mdounin@mdounin.ru> parents: 4412 diff changeset	512 if (ngx_ssl_trusted_certificate(cf, &conf->ssl,
7c3cca603438 OCSP stapling: ssl_trusted_certificate directive. Maxim Dounin <mdounin@mdounin.ru> parents: 4412 diff changeset	513 &conf->trusted_certificate,
7c3cca603438 OCSP stapling: ssl_trusted_certificate directive. Maxim Dounin <mdounin@mdounin.ru> parents: 4412 diff changeset	514 conf->verify_depth)
7c3cca603438 OCSP stapling: ssl_trusted_certificate directive. Maxim Dounin <mdounin@mdounin.ru> parents: 4412 diff changeset	515 != NGX_OK)
7c3cca603438 OCSP stapling: ssl_trusted_certificate directive. Maxim Dounin <mdounin@mdounin.ru> parents: 4412 diff changeset	516 {
7c3cca603438 OCSP stapling: ssl_trusted_certificate directive. Maxim Dounin <mdounin@mdounin.ru> parents: 4412 diff changeset	517 return NGX_CONF_ERROR;
7c3cca603438 OCSP stapling: ssl_trusted_certificate directive. Maxim Dounin <mdounin@mdounin.ru> parents: 4412 diff changeset	518 }
7c3cca603438 OCSP stapling: ssl_trusted_certificate directive. Maxim Dounin <mdounin@mdounin.ru> parents: 4412 diff changeset	519
7c3cca603438 OCSP stapling: ssl_trusted_certificate directive. Maxim Dounin <mdounin@mdounin.ru> parents: 4412 diff changeset	520 if (ngx_ssl_crl(cf, &conf->ssl, &conf->crl) != NGX_OK) {
7c3cca603438 OCSP stapling: ssl_trusted_certificate directive. Maxim Dounin <mdounin@mdounin.ru> parents: 4412 diff changeset	521 return NGX_CONF_ERROR;
647 95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	522 }
95d7da23ea53 nginx-0.3.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 637 diff changeset	523
547 818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	524 if (conf->prefer_server_ciphers) {
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	525 SSL_CTX_set_options(conf->ssl.ctx, SSL_OP_CIPHER_SERVER_PREFERENCE);
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	526 }
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	527
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	528 /* a temporary 512-bit RSA key is required for export versions of MSIE */
3959 b1f48fa31e6c MSIE export versions are rare now, so RSA 512 key is generated on demand Igor Sysoev <igor@sysoev.ru> parents: 3938 diff changeset	529 SSL_CTX_set_tmp_rsa_callback(conf->ssl.ctx, ngx_ssl_rsa512_key_callback);
386 fa72605e7089 nginx-0.0.7-2004-07-12-01:03:47 import Igor Sysoev <igor@sysoev.ru> parents: 385 diff changeset	530
2044 f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	531 if (ngx_ssl_dhparam(cf, &conf->ssl, &conf->dhparam) != NGX_OK) {
f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	532 return NGX_CONF_ERROR;
f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	533 }
f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	534
3960 0832a6997227 ECDHE support Igor Sysoev <igor@sysoev.ru> parents: 3959 diff changeset	535 if (ngx_ssl_ecdh_curve(cf, &conf->ssl, &conf->ecdh_curve) != NGX_OK) {
0832a6997227 ECDHE support Igor Sysoev <igor@sysoev.ru> parents: 3959 diff changeset	536 return NGX_CONF_ERROR;
0832a6997227 ECDHE support Igor Sysoev <igor@sysoev.ru> parents: 3959 diff changeset	537 }
0832a6997227 ECDHE support Igor Sysoev <igor@sysoev.ru> parents: 3959 diff changeset	538
973 e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	539 ngx_conf_merge_value(conf->builtin_session_cache,
2032 12b3ad3353f9 ssl_session_cache none Igor Sysoev <igor@sysoev.ru> parents: 1778 diff changeset	540 prev->builtin_session_cache, NGX_SSL_NONE_SCACHE);
973 e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	541
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	542 if (conf->shm_zone == NULL) {
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	543 conf->shm_zone = prev->shm_zone;
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	544 }
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	545
974 8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 973 diff changeset	546 if (ngx_ssl_session_cache(&conf->ssl, &ngx_http_ssl_sess_id_ctx,
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 973 diff changeset	547 conf->builtin_session_cache,
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 973 diff changeset	548 conf->shm_zone, conf->session_timeout)
8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 973 diff changeset	549 != NGX_OK)
973 e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	550 {
974 8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 973 diff changeset	551 return NGX_CONF_ERROR;
973 e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	552 }
573 58475592100c nginx-0.3.8-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 563 diff changeset	553
4873 dd74fd35ceb5 OCSP stapling: ssl_stapling_file support. Maxim Dounin <mdounin@mdounin.ru> parents: 4872 diff changeset	554 if (conf->stapling
dd74fd35ceb5 OCSP stapling: ssl_stapling_file support. Maxim Dounin <mdounin@mdounin.ru> parents: 4872 diff changeset	555 && ngx_ssl_stapling(cf, &conf->ssl, &conf->stapling_file) != NGX_OK)
dd74fd35ceb5 OCSP stapling: ssl_stapling_file support. Maxim Dounin <mdounin@mdounin.ru> parents: 4872 diff changeset	556 {
dd74fd35ceb5 OCSP stapling: ssl_stapling_file support. Maxim Dounin <mdounin@mdounin.ru> parents: 4872 diff changeset	557 return NGX_CONF_ERROR;
dd74fd35ceb5 OCSP stapling: ssl_stapling_file support. Maxim Dounin <mdounin@mdounin.ru> parents: 4872 diff changeset	558 }
dd74fd35ceb5 OCSP stapling: ssl_stapling_file support. Maxim Dounin <mdounin@mdounin.ru> parents: 4872 diff changeset	559
383 c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	560 return NGX_CONF_OK;
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	561 }
563 9c2f3ed7a247 nginx-0.3.3-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 547 diff changeset	562
9c2f3ed7a247 nginx-0.3.3-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 547 diff changeset	563
973 e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	564 static char *
2224 109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	565 ngx_http_ssl_enable(ngx_conf_t cf, ngx_command_t cmd, void *conf)
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	566 {
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	567 ngx_http_ssl_srv_conf_t *sscf = conf;
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	568
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	569 char *rv;
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	570
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	571 rv = ngx_conf_set_flag_slot(cf, cmd, conf);
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	572
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	573 if (rv != NGX_CONF_OK) {
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	574 return rv;
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	575 }
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	576
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	577 sscf->file = cf->conf_file->file.name.data;
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	578 sscf->line = cf->conf_file->line;
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	579
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	580 return NGX_CONF_OK;
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	581 }
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	582
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	583
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	584 static char *
973 e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	585 ngx_http_ssl_session_cache(ngx_conf_t cf, ngx_command_t cmd, void *conf)
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	586 {
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	587 ngx_http_ssl_srv_conf_t *sscf = conf;
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	588
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	589 size_t len;
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	590 ngx_str_t *value, name, size;
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	591 ngx_int_t n;
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	592 ngx_uint_t i, j;
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	593
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	594 value = cf->args->elts;
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	595
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	596 for (i = 1; i < cf->args->nelts; i++) {
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	597
1778 14510c3cc6cb ssl_session_cache off Igor Sysoev <igor@sysoev.ru> parents: 1565 diff changeset	598 if (ngx_strcmp(value[i].data, "off") == 0) {
14510c3cc6cb ssl_session_cache off Igor Sysoev <igor@sysoev.ru> parents: 1565 diff changeset	599 sscf->builtin_session_cache = NGX_SSL_NO_SCACHE;
14510c3cc6cb ssl_session_cache off Igor Sysoev <igor@sysoev.ru> parents: 1565 diff changeset	600 continue;
14510c3cc6cb ssl_session_cache off Igor Sysoev <igor@sysoev.ru> parents: 1565 diff changeset	601 }
14510c3cc6cb ssl_session_cache off Igor Sysoev <igor@sysoev.ru> parents: 1565 diff changeset	602
2032 12b3ad3353f9 ssl_session_cache none Igor Sysoev <igor@sysoev.ru> parents: 1778 diff changeset	603 if (ngx_strcmp(value[i].data, "none") == 0) {
12b3ad3353f9 ssl_session_cache none Igor Sysoev <igor@sysoev.ru> parents: 1778 diff changeset	604 sscf->builtin_session_cache = NGX_SSL_NONE_SCACHE;
12b3ad3353f9 ssl_session_cache none Igor Sysoev <igor@sysoev.ru> parents: 1778 diff changeset	605 continue;
12b3ad3353f9 ssl_session_cache none Igor Sysoev <igor@sysoev.ru> parents: 1778 diff changeset	606 }
12b3ad3353f9 ssl_session_cache none Igor Sysoev <igor@sysoev.ru> parents: 1778 diff changeset	607
973 e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	608 if (ngx_strcmp(value[i].data, "builtin") == 0) {
974 8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 973 diff changeset	609 sscf->builtin_session_cache = NGX_SSL_DFLT_BUILTIN_SCACHE;
973 e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	610 continue;
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	611 }
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	612
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	613 if (value[i].len > sizeof("builtin:") - 1
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	614 && ngx_strncmp(value[i].data, "builtin:", sizeof("builtin:") - 1)
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	615 == 0)
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	616 {
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	617 n = ngx_atoi(value[i].data + sizeof("builtin:") - 1,
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	618 value[i].len - (sizeof("builtin:") - 1));
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	619
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	620 if (n == NGX_ERROR) {
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	621 goto invalid;
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	622 }
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	623
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	624 sscf->builtin_session_cache = n;
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	625
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	626 continue;
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	627 }
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	628
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	629 if (value[i].len > sizeof("shared:") - 1
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	630 && ngx_strncmp(value[i].data, "shared:", sizeof("shared:") - 1)
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	631 == 0)
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	632 {
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	633 len = 0;
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	634
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	635 for (j = sizeof("shared:") - 1; j < value[i].len; j++) {
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	636 if (value[i].data[j] == ':') {
2716 d5896f6608e8 move zone name from ngx_shm_zone_t to ngx_shm_t to use Win32 shared memory Igor Sysoev <igor@sysoev.ru> parents: 2710 diff changeset	637 value[i].data[j] = '\0';
973 e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	638 break;
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	639 }
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	640
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	641 len++;
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	642 }
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	643
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	644 if (len == 0) {
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	645 goto invalid;
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	646 }
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	647
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	648 name.len = len;
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	649 name.data = value[i].data + sizeof("shared:") - 1;
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	650
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	651 size.len = value[i].len - j - 1;
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	652 size.data = name.data + len + 1;
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	653
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	654 n = ngx_parse_size(&size);
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	655
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	656 if (n == NGX_ERROR) {
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	657 goto invalid;
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	658 }
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	659
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	660 if (n < (ngx_int_t) (8 * ngx_pagesize)) {
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	661 ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
974 8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 973 diff changeset	662 "session cache \"%V\" is too small",
973 e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	663 &value[i]);
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	664
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	665 return NGX_CONF_ERROR;
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	666 }
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	667
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	668 sscf->shm_zone = ngx_shared_memory_add(cf, &name, n,
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	669 &ngx_http_ssl_module);
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	670 if (sscf->shm_zone == NULL) {
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	671 return NGX_CONF_ERROR;
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	672 }
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	673
4153 7de74ed694c8 Fix for "ssl_session_cache builtin" (broken since 1.1.1, r3993). Maxim Dounin <mdounin@mdounin.ru> parents: 3992 diff changeset	674 sscf->shm_zone->init = ngx_ssl_session_cache_init;
7de74ed694c8 Fix for "ssl_session_cache builtin" (broken since 1.1.1, r3993). Maxim Dounin <mdounin@mdounin.ru> parents: 3992 diff changeset	675
973 e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	676 continue;
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	677 }
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	678
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	679 goto invalid;
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	680 }
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	681
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	682 if (sscf->shm_zone && sscf->builtin_session_cache == NGX_CONF_UNSET) {
974 8dfb3aa75de2 move the session cache callbacks to the ngx_openssl_module Igor Sysoev <igor@sysoev.ru> parents: 973 diff changeset	683 sscf->builtin_session_cache = NGX_SSL_NO_BUILTIN_SCACHE;
973 e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	684 }
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	685
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	686 return NGX_CONF_OK;
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	687
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	688 invalid:
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	689
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	690 ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	691 "invalid session cache \"%V\"", &value[i]);
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	692
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	693 return NGX_CONF_ERROR;
e1ede83911ef ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 971 diff changeset	694 }

Mercurial > hg > nginx

annotate src/http/modules/ngx_http_ssl_module.c @ 4873:dd74fd35ceb5