Mercurial > hg > nginx

annotate src/http/modules/ngx_http_ssl_module.c @ 973:e1ede83911ef

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
ssl_session_cache
author Igor Sysoev <igor@sysoev.ru>
date Tue, 02 Jan 2007 23:55:05 +0000
parents 948acd940145
children 8dfb3aa75de2
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
441
da8c5707af39 nginx-0.1.0-2004-09-28-12:34:51 import; set copyright and remove unused files
Igor Sysoev <igor@sysoev.ru>
parents: 396
diff changeset
1
da8c5707af39 nginx-0.1.0-2004-09-28-12:34:51 import; set copyright and remove unused files
Igor Sysoev <igor@sysoev.ru>
parents: 396
diff changeset
2 /*
444
42d11f017717 nginx-0.1.0-2004-09-29-20:00:49 import; remove years from copyright
Igor Sysoev <igor@sysoev.ru>
parents: 441
diff changeset
3 * Copyright (C) Igor Sysoev
441
da8c5707af39 nginx-0.1.0-2004-09-28-12:34:51 import; set copyright and remove unused files
Igor Sysoev <igor@sysoev.ru>
parents: 396
diff changeset
4 */
da8c5707af39 nginx-0.1.0-2004-09-28-12:34:51 import; set copyright and remove unused files
Igor Sysoev <igor@sysoev.ru>
parents: 396
diff changeset
5
383
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
6
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
7 #include <ngx_config.h>
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
8 #include <ngx_core.h>
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
9 #include <ngx_http.h>
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
10
573
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 563
diff changeset
11
671
cec32b3753ac nginx-0.3.57-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 669
diff changeset
12 typedef ngx_int_t (*ngx_ssl_variable_handler_pt)(ngx_connection_t *c,
cec32b3753ac nginx-0.3.57-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 669
diff changeset
13 ngx_pool_t *pool, ngx_str_t *s);
611
3f8a2132b93d nginx-0.3.27-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 599
diff changeset
14
3f8a2132b93d nginx-0.3.27-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 599
diff changeset
15
383
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
16 #define NGX_DEFLAUT_CERTIFICATE "cert.pem"
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
17 #define NGX_DEFLAUT_CERTIFICATE_KEY "cert.pem"
547
818fbd4750b9 nginx-0.2.2-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 543
diff changeset
18 #define NGX_DEFLAUT_CIPHERS "ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP"
383
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
19
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
20
973
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
21 #define NGX_HTTP_SSL_MAX_SESSION_SIZE \
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
22 (4096 - offsetof(ngx_http_ssl_cached_sess_t, asn1))
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
23
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
24
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
25 #define NGX_HTTP_SSL_DFLT_BUILTIN_SCACHE -2
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
26 #define NGX_HTTP_SSL_NO_BUILTIN_SCACHE -3
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
27
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
28
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
29 static void ngx_http_ssl_expire_sessions(ngx_http_ssl_sesssion_cache_t *cache,
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
30 ngx_slab_pool_t *shpool, ngx_uint_t expire);
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
31
671
cec32b3753ac nginx-0.3.57-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 669
diff changeset
32 static ngx_int_t ngx_http_ssl_static_variable(ngx_http_request_t *r,
611
3f8a2132b93d nginx-0.3.27-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 599
diff changeset
33 ngx_http_variable_value_t *v, uintptr_t data);
671
cec32b3753ac nginx-0.3.57-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 669
diff changeset
34 static ngx_int_t ngx_http_ssl_variable(ngx_http_request_t *r,
647
95d7da23ea53 nginx-0.3.45-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 637
diff changeset
35 ngx_http_variable_value_t *v, uintptr_t data);
611
3f8a2132b93d nginx-0.3.27-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 599
diff changeset
36
3f8a2132b93d nginx-0.3.27-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 599
diff changeset
37 static ngx_int_t ngx_http_ssl_add_variables(ngx_conf_t *cf);
383
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
38 static void *ngx_http_ssl_create_srv_conf(ngx_conf_t *cf);
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
39 static char *ngx_http_ssl_merge_srv_conf(ngx_conf_t *cf,
501
d4ea69372b94 nginx-0.1.25-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 485
diff changeset
40 void *parent, void *child);
383
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
41
973
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
42 static char *ngx_http_ssl_session_cache(ngx_conf_t *cf, ngx_command_t *cmd,
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
43 void *conf);
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
44
563
9c2f3ed7a247 nginx-0.3.3-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 547
diff changeset
45 #if !defined (SSL_OP_CIPHER_SERVER_PREFERENCE)
9c2f3ed7a247 nginx-0.3.3-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 547
diff changeset
46
9c2f3ed7a247 nginx-0.3.3-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 547
diff changeset
47 static char *ngx_http_ssl_nosupported(ngx_conf_t *cf, ngx_command_t *cmd,
9c2f3ed7a247 nginx-0.3.3-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 547
diff changeset
48 void *conf);
9c2f3ed7a247 nginx-0.3.3-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 547
diff changeset
49
9c2f3ed7a247 nginx-0.3.3-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 547
diff changeset
50 static char ngx_http_ssl_openssl097[] = "OpenSSL 0.9.7 and higher";
9c2f3ed7a247 nginx-0.3.3-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 547
diff changeset
51
9c2f3ed7a247 nginx-0.3.3-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 547
diff changeset
52 #endif
9c2f3ed7a247 nginx-0.3.3-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 547
diff changeset
53
383
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
54
547
818fbd4750b9 nginx-0.2.2-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 543
diff changeset
55 static ngx_conf_bitmask_t ngx_http_ssl_protocols[] = {
818fbd4750b9 nginx-0.2.2-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 543
diff changeset
56 { ngx_string("SSLv2"), NGX_SSL_SSLv2 },
818fbd4750b9 nginx-0.2.2-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 543
diff changeset
57 { ngx_string("SSLv3"), NGX_SSL_SSLv3 },
818fbd4750b9 nginx-0.2.2-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 543
diff changeset
58 { ngx_string("TLSv1"), NGX_SSL_TLSv1 },
818fbd4750b9 nginx-0.2.2-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 543
diff changeset
59 { ngx_null_string, 0 }
818fbd4750b9 nginx-0.2.2-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 543
diff changeset
60 };
818fbd4750b9 nginx-0.2.2-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 543
diff changeset
61
818fbd4750b9 nginx-0.2.2-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 543
diff changeset
62
395
f8f0f1834266 nginx-0.0.7-2004-07-16-21:11:43 import
Igor Sysoev <igor@sysoev.ru>
parents: 394
diff changeset
63 static ngx_command_t ngx_http_ssl_commands[] = {
383
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
64
393
5659d773cfa8 nginx-0.0.7-2004-07-15-20:35:51 import
Igor Sysoev <igor@sysoev.ru>
parents: 392
diff changeset
65 { ngx_string("ssl"),
599
869b6444d234 nginx-0.3.21-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 573
diff changeset
66 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_FLAG,
383
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
67 ngx_conf_set_flag_slot,
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
68 NGX_HTTP_SRV_CONF_OFFSET,
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
69 offsetof(ngx_http_ssl_srv_conf_t, enable),
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
70 NULL },
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
71
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
72 { ngx_string("ssl_certificate"),
599
869b6444d234 nginx-0.3.21-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 573
diff changeset
73 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_TAKE1,
383
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
74 ngx_conf_set_str_slot,
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
75 NGX_HTTP_SRV_CONF_OFFSET,
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
76 offsetof(ngx_http_ssl_srv_conf_t, certificate),
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
77 NULL },
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
78
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
79 { ngx_string("ssl_certificate_key"),
599
869b6444d234 nginx-0.3.21-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 573
diff changeset
80 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_TAKE1,
383
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
81 ngx_conf_set_str_slot,
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
82 NGX_HTTP_SRV_CONF_OFFSET,
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
83 offsetof(ngx_http_ssl_srv_conf_t, certificate_key),
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
84 NULL },
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
85
547
818fbd4750b9 nginx-0.2.2-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 543
diff changeset
86 { ngx_string("ssl_protocols"),
563
9c2f3ed7a247 nginx-0.3.3-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 547
diff changeset
87 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_1MORE,
547
818fbd4750b9 nginx-0.2.2-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 543
diff changeset
88 ngx_conf_set_bitmask_slot,
818fbd4750b9 nginx-0.2.2-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 543
diff changeset
89 NGX_HTTP_SRV_CONF_OFFSET,
818fbd4750b9 nginx-0.2.2-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 543
diff changeset
90 offsetof(ngx_http_ssl_srv_conf_t, protocols),
818fbd4750b9 nginx-0.2.2-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 543
diff changeset
91 &ngx_http_ssl_protocols },
818fbd4750b9 nginx-0.2.2-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 543
diff changeset
92
479
c52408583801 nginx-0.1.14-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 444
diff changeset
93 { ngx_string("ssl_ciphers"),
563
9c2f3ed7a247 nginx-0.3.3-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 547
diff changeset
94 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_TAKE1,
479
c52408583801 nginx-0.1.14-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 444
diff changeset
95 ngx_conf_set_str_slot,
c52408583801 nginx-0.1.14-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 444
diff changeset
96 NGX_HTTP_SRV_CONF_OFFSET,
c52408583801 nginx-0.1.14-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 444
diff changeset
97 offsetof(ngx_http_ssl_srv_conf_t, ciphers),
c52408583801 nginx-0.1.14-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 444
diff changeset
98 NULL },
c52408583801 nginx-0.1.14-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 444
diff changeset
99
647
95d7da23ea53 nginx-0.3.45-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 637
diff changeset
100 { ngx_string("ssl_verify_client"),
667
63a820b0bc6c nginx-0.3.55-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 647
diff changeset
101 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_FLAG,
647
95d7da23ea53 nginx-0.3.45-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 637
diff changeset
102 ngx_conf_set_flag_slot,
95d7da23ea53 nginx-0.3.45-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 637
diff changeset
103 NGX_HTTP_SRV_CONF_OFFSET,
95d7da23ea53 nginx-0.3.45-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 637
diff changeset
104 offsetof(ngx_http_ssl_srv_conf_t, verify),
95d7da23ea53 nginx-0.3.45-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 637
diff changeset
105 NULL },
95d7da23ea53 nginx-0.3.45-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 637
diff changeset
106
95d7da23ea53 nginx-0.3.45-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 637
diff changeset
107 { ngx_string("ssl_verify_depth"),
95d7da23ea53 nginx-0.3.45-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 637
diff changeset
108 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_1MORE,
95d7da23ea53 nginx-0.3.45-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 637
diff changeset
109 ngx_conf_set_num_slot,
95d7da23ea53 nginx-0.3.45-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 637
diff changeset
110 NGX_HTTP_SRV_CONF_OFFSET,
95d7da23ea53 nginx-0.3.45-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 637
diff changeset
111 offsetof(ngx_http_ssl_srv_conf_t, verify_depth),
95d7da23ea53 nginx-0.3.45-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 637
diff changeset
112 NULL },
95d7da23ea53 nginx-0.3.45-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 637
diff changeset
113
95d7da23ea53 nginx-0.3.45-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 637
diff changeset
114 { ngx_string("ssl_client_certificate"),
95d7da23ea53 nginx-0.3.45-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 637
diff changeset
115 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_TAKE1,
95d7da23ea53 nginx-0.3.45-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 637
diff changeset
116 ngx_conf_set_str_slot,
95d7da23ea53 nginx-0.3.45-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 637
diff changeset
117 NGX_HTTP_SRV_CONF_OFFSET,
95d7da23ea53 nginx-0.3.45-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 637
diff changeset
118 offsetof(ngx_http_ssl_srv_conf_t, client_certificate),
95d7da23ea53 nginx-0.3.45-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 637
diff changeset
119 NULL },
95d7da23ea53 nginx-0.3.45-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 637
diff changeset
120
547
818fbd4750b9 nginx-0.2.2-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 543
diff changeset
121 { ngx_string("ssl_prefer_server_ciphers"),
818fbd4750b9 nginx-0.2.2-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 543
diff changeset
122 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_FLAG,
563
9c2f3ed7a247 nginx-0.3.3-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 547
diff changeset
123 #ifdef SSL_OP_CIPHER_SERVER_PREFERENCE
547
818fbd4750b9 nginx-0.2.2-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 543
diff changeset
124 ngx_conf_set_flag_slot,
818fbd4750b9 nginx-0.2.2-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 543
diff changeset
125 NGX_HTTP_SRV_CONF_OFFSET,
818fbd4750b9 nginx-0.2.2-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 543
diff changeset
126 offsetof(ngx_http_ssl_srv_conf_t, prefer_server_ciphers),
818fbd4750b9 nginx-0.2.2-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 543
diff changeset
127 NULL },
563
9c2f3ed7a247 nginx-0.3.3-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 547
diff changeset
128 #else
9c2f3ed7a247 nginx-0.3.3-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 547
diff changeset
129 ngx_http_ssl_nosupported, 0, 0, ngx_http_ssl_openssl097 },
9c2f3ed7a247 nginx-0.3.3-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 547
diff changeset
130 #endif
547
818fbd4750b9 nginx-0.2.2-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 543
diff changeset
131
973
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
132 { ngx_string("ssl_session_cache"),
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
133 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_TAKE12,
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
134 ngx_http_ssl_session_cache,
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
135 NGX_HTTP_SRV_CONF_OFFSET,
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
136 0,
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
137 NULL },
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
138
573
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 563
diff changeset
139 { ngx_string("ssl_session_timeout"),
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 563
diff changeset
140 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_TAKE1,
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 563
diff changeset
141 ngx_conf_set_sec_slot,
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 563
diff changeset
142 NGX_HTTP_SRV_CONF_OFFSET,
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 563
diff changeset
143 offsetof(ngx_http_ssl_srv_conf_t, session_timeout),
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 563
diff changeset
144 NULL },
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 563
diff changeset
145
383
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
146 ngx_null_command
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
147 };
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
148
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
149
395
f8f0f1834266 nginx-0.0.7-2004-07-16-21:11:43 import
Igor Sysoev <igor@sysoev.ru>
parents: 394
diff changeset
150 static ngx_http_module_t ngx_http_ssl_module_ctx = {
611
3f8a2132b93d nginx-0.3.27-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 599
diff changeset
151 ngx_http_ssl_add_variables, /* preconfiguration */
509
9b8c906f6e63 nginx-0.1.29-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 507
diff changeset
152 NULL, /* postconfiguration */
383
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
153
541
b09ee85d0ac8 nginx-0.1.45-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 529
diff changeset
154 NULL, /* create main configuration */
b09ee85d0ac8 nginx-0.1.45-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 529
diff changeset
155 NULL, /* init main configuration */
383
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
156
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
157 ngx_http_ssl_create_srv_conf, /* create server configuration */
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
158 ngx_http_ssl_merge_srv_conf, /* merge server configuration */
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
159
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
160 NULL, /* create location configuration */
485
4ebe09b07e30 nginx-0.1.17-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 479
diff changeset
161 NULL /* merge location configuration */
383
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
162 };
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
163
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
164
395
f8f0f1834266 nginx-0.0.7-2004-07-16-21:11:43 import
Igor Sysoev <igor@sysoev.ru>
parents: 394
diff changeset
165 ngx_module_t ngx_http_ssl_module = {
509
9b8c906f6e63 nginx-0.1.29-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 507
diff changeset
166 NGX_MODULE_V1,
395
f8f0f1834266 nginx-0.0.7-2004-07-16-21:11:43 import
Igor Sysoev <igor@sysoev.ru>
parents: 394
diff changeset
167 &ngx_http_ssl_module_ctx, /* module context */
f8f0f1834266 nginx-0.0.7-2004-07-16-21:11:43 import
Igor Sysoev <igor@sysoev.ru>
parents: 394
diff changeset
168 ngx_http_ssl_commands, /* module directives */
383
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
169 NGX_HTTP_MODULE, /* module type */
541
b09ee85d0ac8 nginx-0.1.45-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 529
diff changeset
170 NULL, /* init master */
393
5659d773cfa8 nginx-0.0.7-2004-07-15-20:35:51 import
Igor Sysoev <igor@sysoev.ru>
parents: 392
diff changeset
171 NULL, /* init module */
541
b09ee85d0ac8 nginx-0.1.45-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 529
diff changeset
172 NULL, /* init process */
b09ee85d0ac8 nginx-0.1.45-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 529
diff changeset
173 NULL, /* init thread */
b09ee85d0ac8 nginx-0.1.45-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 529
diff changeset
174 NULL, /* exit thread */
b09ee85d0ac8 nginx-0.1.45-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 529
diff changeset
175 NULL, /* exit process */
b09ee85d0ac8 nginx-0.1.45-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 529
diff changeset
176 NULL, /* exit master */
b09ee85d0ac8 nginx-0.1.45-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 529
diff changeset
177 NGX_MODULE_V1_PADDING
383
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
178 };
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
179
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
180
611
3f8a2132b93d nginx-0.3.27-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 599
diff changeset
181 static ngx_http_variable_t ngx_http_ssl_vars[] = {
3f8a2132b93d nginx-0.3.27-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 599
diff changeset
182
671
cec32b3753ac nginx-0.3.57-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 669
diff changeset
183 { ngx_string("ssl_protocol"), NULL, ngx_http_ssl_static_variable,
611
3f8a2132b93d nginx-0.3.27-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 599
diff changeset
184 (uintptr_t) ngx_ssl_get_protocol, NGX_HTTP_VAR_CHANGABLE, 0 },
3f8a2132b93d nginx-0.3.27-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 599
diff changeset
185
671
cec32b3753ac nginx-0.3.57-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 669
diff changeset
186 { ngx_string("ssl_cipher"), NULL, ngx_http_ssl_static_variable,
611
3f8a2132b93d nginx-0.3.27-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 599
diff changeset
187 (uintptr_t) ngx_ssl_get_cipher_name, NGX_HTTP_VAR_CHANGABLE, 0 },
3f8a2132b93d nginx-0.3.27-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 599
diff changeset
188
671
cec32b3753ac nginx-0.3.57-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 669
diff changeset
189 { ngx_string("ssl_client_s_dn"), NULL, ngx_http_ssl_variable,
cec32b3753ac nginx-0.3.57-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 669
diff changeset
190 (uintptr_t) ngx_ssl_get_subject_dn, NGX_HTTP_VAR_CHANGABLE, 0 },
647
95d7da23ea53 nginx-0.3.45-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 637
diff changeset
191
671
cec32b3753ac nginx-0.3.57-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 669
diff changeset
192 { ngx_string("ssl_client_i_dn"), NULL, ngx_http_ssl_variable,
cec32b3753ac nginx-0.3.57-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 669
diff changeset
193 (uintptr_t) ngx_ssl_get_issuer_dn, NGX_HTTP_VAR_CHANGABLE, 0 },
cec32b3753ac nginx-0.3.57-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 669
diff changeset
194
cec32b3753ac nginx-0.3.57-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 669
diff changeset
195 { ngx_string("ssl_client_serial"), NULL, ngx_http_ssl_variable,
cec32b3753ac nginx-0.3.57-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 669
diff changeset
196 (uintptr_t) ngx_ssl_get_serial_number, NGX_HTTP_VAR_CHANGABLE, 0 },
647
95d7da23ea53 nginx-0.3.45-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 637
diff changeset
197
637
e60fe4cf1d4e nginx-0.3.40-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 611
diff changeset
198 { ngx_null_string, NULL, NULL, 0, 0, 0 }
611
3f8a2132b93d nginx-0.3.27-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 599
diff changeset
199 };
3f8a2132b93d nginx-0.3.27-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 599
diff changeset
200
3f8a2132b93d nginx-0.3.27-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 599
diff changeset
201
543
511a89da35ad nginx-0.2.0-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 541
diff changeset
202 static u_char ngx_http_session_id_ctx[] = "HTTP";
511a89da35ad nginx-0.2.0-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 541
diff changeset
203
511a89da35ad nginx-0.2.0-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 541
diff changeset
204
611
3f8a2132b93d nginx-0.3.27-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 599
diff changeset
205 static ngx_int_t
973
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
206 ngx_http_ssl_session_cache_init(ngx_shm_zone_t *shm_zone)
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
207 {
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
208 ngx_slab_pool_t *shpool;
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
209 ngx_rbtree_node_t *sentinel;
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
210 ngx_http_ssl_sesssion_cache_t *cache;
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
211
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
212 shpool = (ngx_slab_pool_t *) shm_zone->shm.addr;
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
213
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
214 cache = ngx_slab_alloc(shpool, sizeof(ngx_http_ssl_sesssion_cache_t));
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
215 if (cache == NULL) {
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
216 return NGX_ERROR;
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
217 }
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
218
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
219 cache->session_cache_head.prev = NULL;
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
220 cache->session_cache_head.next = &cache->session_cache_tail;
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
221
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
222 cache->session_cache_tail.prev = &cache->session_cache_head;
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
223 cache->session_cache_tail.next = NULL;
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
224
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
225 cache->session_rbtree = ngx_slab_alloc(shpool, sizeof(ngx_rbtree_t));
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
226 if (cache->session_rbtree == NULL) {
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
227 return NGX_ERROR;
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
228 }
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
229
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
230 sentinel = ngx_slab_alloc(shpool, sizeof(ngx_rbtree_node_t));
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
231 if (sentinel == NULL) {
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
232 return NGX_ERROR;
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
233 }
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
234
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
235 ngx_rbtree_sentinel_init(sentinel);
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
236
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
237 cache->session_rbtree->root = sentinel;
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
238 cache->session_rbtree->sentinel = sentinel;
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
239 cache->session_rbtree->insert = ngx_rbtree_insert_value;
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
240
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
241 shm_zone->data = cache;
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
242
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
243 return NGX_OK;
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
244 }
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
245
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
246
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
247 /*
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
248 * OpenSSL's i2d_SSL_SESSION() and d2i_SSL_SESSION are slow,
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
249 * so they are outside the code locked by shared pool mutex
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
250 */
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
251
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
252 static int
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
253 ngx_http_ssl_new_session(ngx_ssl_conn_t *ssl_conn, ngx_ssl_session_t *sess)
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
254 {
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
255 int len;
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
256 u_char *p, *id;
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
257 uint32_t hash;
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
258 ngx_time_t *tp;
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
259 ngx_slab_pool_t *shpool;
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
260 ngx_connection_t *c;
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
261 ngx_http_request_t *r;
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
262 ngx_http_ssl_sess_id_t *sess_id;
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
263 ngx_http_ssl_srv_conf_t *sscf;
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
264 ngx_http_ssl_cached_sess_t *cached_sess;
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
265 ngx_http_ssl_sesssion_cache_t *cache;
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
266 u_char buf[NGX_HTTP_SSL_MAX_SESSION_SIZE];
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
267
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
268 len = i2d_SSL_SESSION(sess, NULL);
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
269
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
270 /* do not cache too big session */
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
271
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
272 if (len > (int) NGX_HTTP_SSL_MAX_SESSION_SIZE) {
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
273 return 0;
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
274 }
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
275
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
276 c = ngx_ssl_get_connection(ssl_conn);
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
277 r = c->data;
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
278
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
279 p = buf;
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
280 i2d_SSL_SESSION(sess, &p);
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
281
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
282 sscf = ngx_http_get_module_srv_conf(r, ngx_http_ssl_module);
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
283
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
284 cache = sscf->shm_zone->data;
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
285 shpool = (ngx_slab_pool_t *) sscf->shm_zone->shm.addr;
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
286
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
287 ngx_shmtx_lock(&shpool->mutex);
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
288
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
289 /* drop one or two expired sessions */
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
290 ngx_http_ssl_expire_sessions(cache, shpool, 1);
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
291
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
292 cached_sess = ngx_slab_alloc_locked(shpool,
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
293 offsetof(ngx_http_ssl_cached_sess_t, asn1) + len);
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
294
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
295 if (cached_sess == NULL) {
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
296
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
297 /* drop the oldest non-expired session and try once more */
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
298
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
299 ngx_http_ssl_expire_sessions(cache, shpool, 0);
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
300
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
301 cached_sess = ngx_slab_alloc_locked(shpool,
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
302 offsetof(ngx_http_ssl_cached_sess_t, asn1) + len);
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
303
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
304 if (cached_sess == NULL) {
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
305 id = NULL;
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
306 goto failed;
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
307 }
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
308 }
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
309
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
310 id = ngx_slab_alloc_locked(shpool, sess->session_id_length);
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
311 if (id == NULL) {
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
312 goto failed;
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
313 }
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
314
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
315 sess_id = ngx_slab_alloc_locked(shpool, sizeof(ngx_http_ssl_sess_id_t));
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
316 if (sess_id == NULL) {
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
317 goto failed;
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
318 }
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
319
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
320 ngx_memcpy(&cached_sess->asn1[0], buf, len);
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
321
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
322 ngx_memcpy(id, sess->session_id, sess->session_id_length);
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
323
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
324 hash = ngx_crc32_short(sess->session_id, sess->session_id_length);
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
325
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
326 ngx_log_debug3(NGX_LOG_DEBUG_HTTP, c->log, 0,
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
327 "http ssl new session: %08XD:%d:%d",
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
328 hash, sess->session_id_length, len);
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
329
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
330 sess_id->node.key = hash;
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
331 sess_id->node.data = (u_char) sess->session_id_length;
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
332 sess_id->id = id;
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
333 sess_id->len = len;
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
334 sess_id->session = cached_sess;
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
335
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
336 tp = ngx_timeofday();
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
337
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
338 cached_sess->expire = tp->sec + sscf->session_timeout;
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
339 cached_sess->sess_id = sess_id;
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
340
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
341 cached_sess->next = cache->session_cache_head.next;
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
342 cached_sess->next->prev = cached_sess;
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
343 cached_sess->prev = &cache->session_cache_head;
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
344 cache->session_cache_head.next = cached_sess;
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
345
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
346 ngx_rbtree_insert(cache->session_rbtree, &sess_id->node);
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
347
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
348 ngx_shmtx_unlock(&shpool->mutex);
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
349
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
350 return 0;
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
351
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
352 failed:
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
353
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
354 if (cached_sess) {
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
355 ngx_slab_free_locked(shpool, cached_sess);
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
356 }
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
357
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
358 if (id) {
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
359 ngx_slab_free_locked(shpool, id);
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
360 }
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
361
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
362 ngx_shmtx_unlock(&shpool->mutex);
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
363
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
364 ngx_log_error(NGX_LOG_ALERT, c->log, 0,
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
365 "could not add new SSL session to the session cache");
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
366
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
367 return 0;
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
368 }
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
369
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
370
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
371 static ngx_ssl_session_t *
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
372 ngx_http_ssl_get_session(ngx_ssl_conn_t *ssl_conn, u_char *id, int len,
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
373 int *copy)
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
374 {
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
375 #if OPENSSL_VERSION_NUMBER >= 0x00908000
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
376 const
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
377 #endif
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
378 u_char *p;
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
379 uint32_t hash;
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
380 ngx_time_t *tp;
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
381 ngx_slab_pool_t *shpool;
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
382 ngx_connection_t *c;
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
383 ngx_rbtree_node_t *node, *sentinel;
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
384 ngx_ssl_session_t *sess;
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
385 ngx_http_request_t *r;
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
386 ngx_http_ssl_sess_id_t *sess_id;
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
387 ngx_http_ssl_srv_conf_t *sscf;
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
388 ngx_http_ssl_cached_sess_t *cached_sess;
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
389 ngx_http_ssl_sesssion_cache_t *cache;
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
390 u_char buf[NGX_HTTP_SSL_MAX_SESSION_SIZE];
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
391
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
392 c = ngx_ssl_get_connection(ssl_conn);
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
393 r = c->data;
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
394
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
395 sscf = ngx_http_get_module_srv_conf(r, ngx_http_ssl_module);
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
396
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
397 hash = ngx_crc32_short(id, len);
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
398 *copy = 0;
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
399
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
400 ngx_log_debug2(NGX_LOG_DEBUG_HTTP, c->log, 0,
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
401 "http ssl get session: %08XD:%d", hash, len);
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
402
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
403 cache = sscf->shm_zone->data;
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
404
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
405 if (cache->session_rbtree == NULL) {
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
406 return NULL;
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
407 }
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
408
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
409 sess = NULL;
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
410
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
411 shpool = (ngx_slab_pool_t *) sscf->shm_zone->shm.addr;
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
412
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
413 ngx_shmtx_lock(&shpool->mutex);
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
414
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
415 node = cache->session_rbtree->root;
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
416 sentinel = cache->session_rbtree->sentinel;
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
417
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
418 while (node != sentinel) {
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
419
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
420 if (hash < node->key) {
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
421 node = node->left;
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
422 continue;
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
423 }
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
424
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
425 if (hash > node->key) {
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
426 node = node->right;
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
427 continue;
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
428 }
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
429
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
430 if (hash == node->key && (u_char) len == node->data) {
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
431 sess_id = (ngx_http_ssl_sess_id_t *) node;
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
432
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
433 if (ngx_strncmp(id, sess_id->id, len) == 0) {
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
434
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
435 cached_sess = sess_id->session;
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
436
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
437 tp = ngx_timeofday();
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
438
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
439 if (cached_sess->expire > tp->sec) {
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
440 ngx_memcpy(buf, &cached_sess->asn1[0], sess_id->len);
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
441
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
442 ngx_shmtx_unlock(&shpool->mutex);
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
443
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
444 p = buf;
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
445 sess = d2i_SSL_SESSION(NULL, &p, sess_id->len);
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
446
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
447 return sess;
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
448 }
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
449
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
450 cached_sess->next->prev = cached_sess->prev;
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
451 cached_sess->prev->next = cached_sess->next;
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
452
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
453 ngx_rbtree_delete(cache->session_rbtree, node);
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
454
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
455 ngx_slab_free_locked(shpool, cached_sess);
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
456 ngx_slab_free_locked(shpool, sess_id->id);
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
457 ngx_slab_free_locked(shpool, sess_id);
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
458
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
459 sess = NULL;
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
460
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
461 break;
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
462 }
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
463 }
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
464
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
465 node = node->right;
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
466 }
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
467
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
468 ngx_shmtx_unlock(&shpool->mutex);
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
469
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
470 return sess;
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
471 }
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
472
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
473
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
474 static void
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
475 ngx_http_ssl_remove_session(SSL_CTX *ssl, ngx_ssl_session_t *sess)
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
476 {
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
477 u_char *id, len;
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
478 uint32_t hash;
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
479 ngx_slab_pool_t *shpool;
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
480 ngx_rbtree_node_t *node, *sentinel;
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
481 ngx_http_ssl_sess_id_t *sess_id;
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
482 ngx_http_ssl_srv_conf_t *sscf;
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
483 ngx_http_ssl_cached_sess_t *cached_sess;
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
484 ngx_http_ssl_sesssion_cache_t *cache;
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
485
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
486 sscf = ngx_ssl_get_server_conf(ssl);
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
487
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
488 cache = sscf->shm_zone->data;
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
489
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
490 id = sess->session_id;
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
491 len = (u_char) sess->session_id_length;
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
492
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
493 hash = ngx_crc32_short(id, (size_t) len);
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
494
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
495 ngx_log_debug2(NGX_LOG_DEBUG_HTTP, ngx_cycle->log, 0,
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
496 "http ssl remove session: %08XD:%d", hash, len);
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
497
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
498 shpool = (ngx_slab_pool_t *) sscf->shm_zone->shm.addr;
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
499
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
500 ngx_shmtx_lock(&shpool->mutex);
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
501
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
502 node = cache->session_rbtree->root;
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
503 sentinel = cache->session_rbtree->sentinel;
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
504
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
505 while (node != sentinel) {
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
506
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
507 if (hash < node->key) {
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
508 node = node->left;
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
509 continue;
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
510 }
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
511
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
512 if (hash > node->key) {
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
513 node = node->right;
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
514 continue;
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
515 }
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
516
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
517 if (hash == node->key && len == node->data) {
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
518 sess_id = (ngx_http_ssl_sess_id_t *) node;
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
519
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
520 if (ngx_strncmp(id, sess_id->id, (size_t) len) == 0) {
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
521
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
522 cached_sess = sess_id->session;
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
523
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
524 cached_sess->next->prev = cached_sess->prev;
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
525 cached_sess->prev->next = cached_sess->next;
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
526
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
527 ngx_rbtree_delete(cache->session_rbtree, node);
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
528
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
529 ngx_slab_free_locked(shpool, cached_sess);
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
530 ngx_slab_free_locked(shpool, sess_id->id);
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
531 ngx_slab_free_locked(shpool, sess_id);
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
532
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
533 break;
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
534 }
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
535 }
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
536
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
537 node = node->right;
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
538 }
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
539
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
540 ngx_shmtx_unlock(&shpool->mutex);
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
541 }
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
542
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
543
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
544 static void
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
545 ngx_http_ssl_expire_sessions(ngx_http_ssl_sesssion_cache_t *cache,
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
546 ngx_slab_pool_t *shpool, ngx_uint_t n)
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
547 {
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
548 ngx_time_t *tp;
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
549 ngx_http_ssl_sess_id_t *sess_id;
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
550 ngx_http_ssl_cached_sess_t *sess;
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
551
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
552 tp = ngx_timeofday();
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
553
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
554 while (n < 3) {
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
555
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
556 sess = cache->session_cache_tail.prev;
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
557
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
558 if (sess == &cache->session_cache_head) {
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
559 return;
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
560 }
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
561
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
562 if (n++ != 0 && sess->expire > tp->sec) {
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
563 break;
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
564 }
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
565
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
566 sess->next->prev = sess->prev;
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
567 sess->prev->next = sess->next;
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
568
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
569 sess_id = sess->sess_id;
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
570
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
571 ngx_rbtree_delete(cache->session_rbtree, &sess_id->node);
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
572
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
573 ngx_log_debug1(NGX_LOG_DEBUG_HTTP, ngx_cycle->log, 0,
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
574 "expire session: %08Xi", sess_id->node.key);
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
575
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
576 ngx_slab_free_locked(shpool, sess);
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
577 ngx_slab_free_locked(shpool, sess_id->id);
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
578 ngx_slab_free_locked(shpool, sess_id);
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
579 }
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
580 }
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
581
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
582
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
583 static ngx_int_t
671
cec32b3753ac nginx-0.3.57-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 669
diff changeset
584 ngx_http_ssl_static_variable(ngx_http_request_t *r,
611
3f8a2132b93d nginx-0.3.27-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 599
diff changeset
585 ngx_http_variable_value_t *v, uintptr_t data)
3f8a2132b93d nginx-0.3.27-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 599
diff changeset
586 {
671
cec32b3753ac nginx-0.3.57-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 669
diff changeset
587 ngx_ssl_variable_handler_pt handler = (ngx_ssl_variable_handler_pt) data;
611
3f8a2132b93d nginx-0.3.27-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 599
diff changeset
588
671
cec32b3753ac nginx-0.3.57-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 669
diff changeset
589 size_t len;
611
3f8a2132b93d nginx-0.3.27-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 599
diff changeset
590
3f8a2132b93d nginx-0.3.27-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 599
diff changeset
591 if (r->connection->ssl) {
3f8a2132b93d nginx-0.3.27-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 599
diff changeset
592
671
cec32b3753ac nginx-0.3.57-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 669
diff changeset
593 (void) handler(r->connection, NULL, (ngx_str_t *) v);
611
3f8a2132b93d nginx-0.3.27-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 599
diff changeset
594
671
cec32b3753ac nginx-0.3.57-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 669
diff changeset
595 for (len = 0; v->data[len]; len++) { /* void */ }
611
3f8a2132b93d nginx-0.3.27-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 599
diff changeset
596
3f8a2132b93d nginx-0.3.27-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 599
diff changeset
597 v->len = len;
3f8a2132b93d nginx-0.3.27-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 599
diff changeset
598 v->valid = 1;
3f8a2132b93d nginx-0.3.27-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 599
diff changeset
599 v->no_cachable = 0;
3f8a2132b93d nginx-0.3.27-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 599
diff changeset
600 v->not_found = 0;
3f8a2132b93d nginx-0.3.27-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 599
diff changeset
601
3f8a2132b93d nginx-0.3.27-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 599
diff changeset
602 return NGX_OK;
3f8a2132b93d nginx-0.3.27-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 599
diff changeset
603 }
3f8a2132b93d nginx-0.3.27-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 599
diff changeset
604
3f8a2132b93d nginx-0.3.27-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 599
diff changeset
605 v->not_found = 1;
3f8a2132b93d nginx-0.3.27-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 599
diff changeset
606
3f8a2132b93d nginx-0.3.27-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 599
diff changeset
607 return NGX_OK;
3f8a2132b93d nginx-0.3.27-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 599
diff changeset
608 }
3f8a2132b93d nginx-0.3.27-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 599
diff changeset
609
3f8a2132b93d nginx-0.3.27-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 599
diff changeset
610
3f8a2132b93d nginx-0.3.27-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 599
diff changeset
611 static ngx_int_t
671
cec32b3753ac nginx-0.3.57-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 669
diff changeset
612 ngx_http_ssl_variable(ngx_http_request_t *r, ngx_http_variable_value_t *v,
647
95d7da23ea53 nginx-0.3.45-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 637
diff changeset
613 uintptr_t data)
95d7da23ea53 nginx-0.3.45-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 637
diff changeset
614 {
671
cec32b3753ac nginx-0.3.57-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 669
diff changeset
615 ngx_ssl_variable_handler_pt handler = (ngx_ssl_variable_handler_pt) data;
647
95d7da23ea53 nginx-0.3.45-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 637
diff changeset
616
95d7da23ea53 nginx-0.3.45-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 637
diff changeset
617 if (r->connection->ssl) {
671
cec32b3753ac nginx-0.3.57-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 669
diff changeset
618 if (handler(r->connection, r->pool, (ngx_str_t *) v) != NGX_OK) {
647
95d7da23ea53 nginx-0.3.45-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 637
diff changeset
619 return NGX_ERROR;
95d7da23ea53 nginx-0.3.45-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 637
diff changeset
620 }
95d7da23ea53 nginx-0.3.45-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 637
diff changeset
621
95d7da23ea53 nginx-0.3.45-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 637
diff changeset
622 if (v->len) {
95d7da23ea53 nginx-0.3.45-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 637
diff changeset
623 v->valid = 1;
95d7da23ea53 nginx-0.3.45-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 637
diff changeset
624 v->no_cachable = 0;
95d7da23ea53 nginx-0.3.45-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 637
diff changeset
625 v->not_found = 0;
95d7da23ea53 nginx-0.3.45-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 637
diff changeset
626
95d7da23ea53 nginx-0.3.45-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 637
diff changeset
627 return NGX_OK;
95d7da23ea53 nginx-0.3.45-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 637
diff changeset
628 }
95d7da23ea53 nginx-0.3.45-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 637
diff changeset
629 }
95d7da23ea53 nginx-0.3.45-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 637
diff changeset
630
95d7da23ea53 nginx-0.3.45-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 637
diff changeset
631 v->not_found = 1;
95d7da23ea53 nginx-0.3.45-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 637
diff changeset
632
95d7da23ea53 nginx-0.3.45-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 637
diff changeset
633 return NGX_OK;
95d7da23ea53 nginx-0.3.45-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 637
diff changeset
634 }
95d7da23ea53 nginx-0.3.45-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 637
diff changeset
635
95d7da23ea53 nginx-0.3.45-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 637
diff changeset
636
95d7da23ea53 nginx-0.3.45-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 637
diff changeset
637 static ngx_int_t
611
3f8a2132b93d nginx-0.3.27-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 599
diff changeset
638 ngx_http_ssl_add_variables(ngx_conf_t *cf)
3f8a2132b93d nginx-0.3.27-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 599
diff changeset
639 {
3f8a2132b93d nginx-0.3.27-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 599
diff changeset
640 ngx_http_variable_t *var, *v;
3f8a2132b93d nginx-0.3.27-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 599
diff changeset
641
3f8a2132b93d nginx-0.3.27-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 599
diff changeset
642 for (v = ngx_http_ssl_vars; v->name.len; v++) {
3f8a2132b93d nginx-0.3.27-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 599
diff changeset
643 var = ngx_http_add_variable(cf, &v->name, v->flags);
3f8a2132b93d nginx-0.3.27-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 599
diff changeset
644 if (var == NULL) {
3f8a2132b93d nginx-0.3.27-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 599
diff changeset
645 return NGX_ERROR;
3f8a2132b93d nginx-0.3.27-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 599
diff changeset
646 }
3f8a2132b93d nginx-0.3.27-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 599
diff changeset
647
637
e60fe4cf1d4e nginx-0.3.40-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 611
diff changeset
648 var->get_handler = v->get_handler;
611
3f8a2132b93d nginx-0.3.27-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 599
diff changeset
649 var->data = v->data;
3f8a2132b93d nginx-0.3.27-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 599
diff changeset
650 }
3f8a2132b93d nginx-0.3.27-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 599
diff changeset
651
3f8a2132b93d nginx-0.3.27-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 599
diff changeset
652 return NGX_OK;
3f8a2132b93d nginx-0.3.27-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 599
diff changeset
653 }
3f8a2132b93d nginx-0.3.27-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 599
diff changeset
654
3f8a2132b93d nginx-0.3.27-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 599
diff changeset
655
501
d4ea69372b94 nginx-0.1.25-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 485
diff changeset
656 static void *
d4ea69372b94 nginx-0.1.25-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 485
diff changeset
657 ngx_http_ssl_create_srv_conf(ngx_conf_t *cf)
383
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
658 {
971
948acd940145 style fix: scf > sscf
Igor Sysoev <igor@sysoev.ru>
parents: 970
diff changeset
659 ngx_http_ssl_srv_conf_t *sscf;
383
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
660
971
948acd940145 style fix: scf > sscf
Igor Sysoev <igor@sysoev.ru>
parents: 970
diff changeset
661 sscf = ngx_pcalloc(cf->pool, sizeof(ngx_http_ssl_srv_conf_t));
948acd940145 style fix: scf > sscf
Igor Sysoev <igor@sysoev.ru>
parents: 970
diff changeset
662 if (sscf == NULL) {
383
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
663 return NGX_CONF_ERROR;
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
664 }
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
665
479
c52408583801 nginx-0.1.14-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 444
diff changeset
666 /*
c52408583801 nginx-0.1.14-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 444
diff changeset
667 * set by ngx_pcalloc():
c52408583801 nginx-0.1.14-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 444
diff changeset
668 *
971
948acd940145 style fix: scf > sscf
Igor Sysoev <igor@sysoev.ru>
parents: 970
diff changeset
669 * sscf->protocols = 0;
948acd940145 style fix: scf > sscf
Igor Sysoev <igor@sysoev.ru>
parents: 970
diff changeset
670 * sscf->certificate.len = 0;
948acd940145 style fix: scf > sscf
Igor Sysoev <igor@sysoev.ru>
parents: 970
diff changeset
671 * sscf->certificate.data = NULL;
948acd940145 style fix: scf > sscf
Igor Sysoev <igor@sysoev.ru>
parents: 970
diff changeset
672 * sscf->certificate_key.len = 0;
948acd940145 style fix: scf > sscf
Igor Sysoev <igor@sysoev.ru>
parents: 970
diff changeset
673 * sscf->certificate_key.data = NULL;
948acd940145 style fix: scf > sscf
Igor Sysoev <igor@sysoev.ru>
parents: 970
diff changeset
674 * sscf->client_certificate.len = 0;
948acd940145 style fix: scf > sscf
Igor Sysoev <igor@sysoev.ru>
parents: 970
diff changeset
675 * sscf->client_certificate.data = NULL;
948acd940145 style fix: scf > sscf
Igor Sysoev <igor@sysoev.ru>
parents: 970
diff changeset
676 * sscf->ciphers.len = 0;
948acd940145 style fix: scf > sscf
Igor Sysoev <igor@sysoev.ru>
parents: 970
diff changeset
677 * sscf->ciphers.data = NULL;
973
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
678 * sscf->shm_zone = NULL;
479
c52408583801 nginx-0.1.14-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 444
diff changeset
679 */
c52408583801 nginx-0.1.14-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 444
diff changeset
680
971
948acd940145 style fix: scf > sscf
Igor Sysoev <igor@sysoev.ru>
parents: 970
diff changeset
681 sscf->enable = NGX_CONF_UNSET;
948acd940145 style fix: scf > sscf
Igor Sysoev <igor@sysoev.ru>
parents: 970
diff changeset
682 sscf->verify = NGX_CONF_UNSET;
948acd940145 style fix: scf > sscf
Igor Sysoev <igor@sysoev.ru>
parents: 970
diff changeset
683 sscf->verify_depth = NGX_CONF_UNSET;
948acd940145 style fix: scf > sscf
Igor Sysoev <igor@sysoev.ru>
parents: 970
diff changeset
684 sscf->prefer_server_ciphers = NGX_CONF_UNSET;
973
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
685 sscf->builtin_session_cache = NGX_CONF_UNSET;
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
686 sscf->session_timeout = NGX_CONF_UNSET;
383
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
687
971
948acd940145 style fix: scf > sscf
Igor Sysoev <igor@sysoev.ru>
parents: 970
diff changeset
688 return sscf;
383
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
689 }
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
690
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
691
501
d4ea69372b94 nginx-0.1.25-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 485
diff changeset
692 static char *
d4ea69372b94 nginx-0.1.25-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 485
diff changeset
693 ngx_http_ssl_merge_srv_conf(ngx_conf_t *cf, void *parent, void *child)
383
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
694 {
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
695 ngx_http_ssl_srv_conf_t *prev = parent;
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
696 ngx_http_ssl_srv_conf_t *conf = child;
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
697
973
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
698 long cache_mode;
563
9c2f3ed7a247 nginx-0.3.3-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 547
diff changeset
699 ngx_pool_cleanup_t *cln;
9c2f3ed7a247 nginx-0.3.3-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 547
diff changeset
700
383
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
701 ngx_conf_merge_value(conf->enable, prev->enable, 0);
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
702
393
5659d773cfa8 nginx-0.0.7-2004-07-15-20:35:51 import
Igor Sysoev <igor@sysoev.ru>
parents: 392
diff changeset
703 if (conf->enable == 0) {
5659d773cfa8 nginx-0.0.7-2004-07-15-20:35:51 import
Igor Sysoev <igor@sysoev.ru>
parents: 392
diff changeset
704 return NGX_CONF_OK;
5659d773cfa8 nginx-0.0.7-2004-07-15-20:35:51 import
Igor Sysoev <igor@sysoev.ru>
parents: 392
diff changeset
705 }
5659d773cfa8 nginx-0.0.7-2004-07-15-20:35:51 import
Igor Sysoev <igor@sysoev.ru>
parents: 392
diff changeset
706
573
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 563
diff changeset
707 ngx_conf_merge_value(conf->session_timeout,
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 563
diff changeset
708 prev->session_timeout, 300);
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 563
diff changeset
709
547
818fbd4750b9 nginx-0.2.2-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 543
diff changeset
710 ngx_conf_merge_value(conf->prefer_server_ciphers,
818fbd4750b9 nginx-0.2.2-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 543
diff changeset
711 prev->prefer_server_ciphers, 0);
818fbd4750b9 nginx-0.2.2-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 543
diff changeset
712
818fbd4750b9 nginx-0.2.2-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 543
diff changeset
713 ngx_conf_merge_bitmask_value(conf->protocols, prev->protocols,
818fbd4750b9 nginx-0.2.2-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 543
diff changeset
714 (NGX_CONF_BITMASK_SET
818fbd4750b9 nginx-0.2.2-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 543
diff changeset
715 |NGX_SSL_SSLv2|NGX_SSL_SSLv3|NGX_SSL_TLSv1));
818fbd4750b9 nginx-0.2.2-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 543
diff changeset
716
647
95d7da23ea53 nginx-0.3.45-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 637
diff changeset
717 ngx_conf_merge_value(conf->verify, prev->verify, 0);
95d7da23ea53 nginx-0.3.45-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 637
diff changeset
718 ngx_conf_merge_value(conf->verify_depth, prev->verify_depth, 1);
95d7da23ea53 nginx-0.3.45-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 637
diff changeset
719
383
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
720 ngx_conf_merge_str_value(conf->certificate, prev->certificate,
547
818fbd4750b9 nginx-0.2.2-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 543
diff changeset
721 NGX_DEFLAUT_CERTIFICATE);
383
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
722
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
723 ngx_conf_merge_str_value(conf->certificate_key, prev->certificate_key,
547
818fbd4750b9 nginx-0.2.2-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 543
diff changeset
724 NGX_DEFLAUT_CERTIFICATE_KEY);
383
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
725
647
95d7da23ea53 nginx-0.3.45-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 637
diff changeset
726 ngx_conf_merge_str_value(conf->client_certificate, prev->client_certificate,
95d7da23ea53 nginx-0.3.45-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 637
diff changeset
727 "");
95d7da23ea53 nginx-0.3.45-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 637
diff changeset
728
547
818fbd4750b9 nginx-0.2.2-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 543
diff changeset
729 ngx_conf_merge_str_value(conf->ciphers, prev->ciphers, NGX_DEFLAUT_CIPHERS);
479
c52408583801 nginx-0.1.14-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 444
diff changeset
730
c52408583801 nginx-0.1.14-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 444
diff changeset
731
547
818fbd4750b9 nginx-0.2.2-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 543
diff changeset
732 conf->ssl.log = cf->log;
386
fa72605e7089 nginx-0.0.7-2004-07-12-01:03:47 import
Igor Sysoev <igor@sysoev.ru>
parents: 385
diff changeset
733
969
065b39794fff ngx_ssl_get_server_conf()
Igor Sysoev <igor@sysoev.ru>
parents: 671
diff changeset
734 if (ngx_ssl_create(&conf->ssl, conf->protocols, conf) != NGX_OK) {
386
fa72605e7089 nginx-0.0.7-2004-07-12-01:03:47 import
Igor Sysoev <igor@sysoev.ru>
parents: 385
diff changeset
735 return NGX_CONF_ERROR;
fa72605e7089 nginx-0.0.7-2004-07-12-01:03:47 import
Igor Sysoev <igor@sysoev.ru>
parents: 385
diff changeset
736 }
fa72605e7089 nginx-0.0.7-2004-07-12-01:03:47 import
Igor Sysoev <igor@sysoev.ru>
parents: 385
diff changeset
737
563
9c2f3ed7a247 nginx-0.3.3-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 547
diff changeset
738 cln = ngx_pool_cleanup_add(cf->pool, 0);
9c2f3ed7a247 nginx-0.3.3-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 547
diff changeset
739 if (cln == NULL) {
509
9b8c906f6e63 nginx-0.1.29-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 507
diff changeset
740 return NGX_CONF_ERROR;
9b8c906f6e63 nginx-0.1.29-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 507
diff changeset
741 }
9b8c906f6e63 nginx-0.1.29-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 507
diff changeset
742
563
9c2f3ed7a247 nginx-0.3.3-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 547
diff changeset
743 cln->handler = ngx_ssl_cleanup_ctx;
9c2f3ed7a247 nginx-0.3.3-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 547
diff changeset
744 cln->data = &conf->ssl;
9c2f3ed7a247 nginx-0.3.3-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 547
diff changeset
745
9c2f3ed7a247 nginx-0.3.3-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 547
diff changeset
746 if (ngx_ssl_certificate(cf, &conf->ssl, &conf->certificate,
970
35f98a8e275f style fix
Igor Sysoev <igor@sysoev.ru>
parents: 969
diff changeset
747 &conf->certificate_key)
35f98a8e275f style fix
Igor Sysoev <igor@sysoev.ru>
parents: 969
diff changeset
748 != NGX_OK)
529
e5d7d0334fdb nginx-0.1.39-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 509
diff changeset
749 {
386
fa72605e7089 nginx-0.0.7-2004-07-12-01:03:47 import
Igor Sysoev <igor@sysoev.ru>
parents: 385
diff changeset
750 return NGX_CONF_ERROR;
fa72605e7089 nginx-0.0.7-2004-07-12-01:03:47 import
Igor Sysoev <igor@sysoev.ru>
parents: 385
diff changeset
751 }
fa72605e7089 nginx-0.0.7-2004-07-12-01:03:47 import
Igor Sysoev <igor@sysoev.ru>
parents: 385
diff changeset
752
547
818fbd4750b9 nginx-0.2.2-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 543
diff changeset
753 if (SSL_CTX_set_cipher_list(conf->ssl.ctx,
563
9c2f3ed7a247 nginx-0.3.3-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 547
diff changeset
754 (const char *) conf->ciphers.data)
9c2f3ed7a247 nginx-0.3.3-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 547
diff changeset
755 == 0)
529
e5d7d0334fdb nginx-0.1.39-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 509
diff changeset
756 {
395
f8f0f1834266 nginx-0.0.7-2004-07-16-21:11:43 import
Igor Sysoev <igor@sysoev.ru>
parents: 394
diff changeset
757 ngx_ssl_error(NGX_LOG_EMERG, cf->log, 0,
547
818fbd4750b9 nginx-0.2.2-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 543
diff changeset
758 "SSL_CTX_set_cipher_list(\"%V\") failed",
818fbd4750b9 nginx-0.2.2-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 543
diff changeset
759 &conf->ciphers);
818fbd4750b9 nginx-0.2.2-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 543
diff changeset
760 }
818fbd4750b9 nginx-0.2.2-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 543
diff changeset
761
647
95d7da23ea53 nginx-0.3.45-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 637
diff changeset
762 if (conf->verify) {
671
cec32b3753ac nginx-0.3.57-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 669
diff changeset
763 if (ngx_ssl_client_certificate(cf, &conf->ssl,
970
35f98a8e275f style fix
Igor Sysoev <igor@sysoev.ru>
parents: 969
diff changeset
764 &conf->client_certificate,
35f98a8e275f style fix
Igor Sysoev <igor@sysoev.ru>
parents: 969
diff changeset
765 conf->verify_depth)
671
cec32b3753ac nginx-0.3.57-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 669
diff changeset
766 != NGX_OK)
cec32b3753ac nginx-0.3.57-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 669
diff changeset
767 {
cec32b3753ac nginx-0.3.57-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 669
diff changeset
768 return NGX_CONF_ERROR;
647
95d7da23ea53 nginx-0.3.45-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 637
diff changeset
769 }
95d7da23ea53 nginx-0.3.45-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 637
diff changeset
770 }
95d7da23ea53 nginx-0.3.45-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 637
diff changeset
771
563
9c2f3ed7a247 nginx-0.3.3-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 547
diff changeset
772 #ifdef SSL_OP_CIPHER_SERVER_PREFERENCE
9c2f3ed7a247 nginx-0.3.3-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 547
diff changeset
773
547
818fbd4750b9 nginx-0.2.2-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 543
diff changeset
774 if (conf->prefer_server_ciphers) {
818fbd4750b9 nginx-0.2.2-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 543
diff changeset
775 SSL_CTX_set_options(conf->ssl.ctx, SSL_OP_CIPHER_SERVER_PREFERENCE);
818fbd4750b9 nginx-0.2.2-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 543
diff changeset
776 }
818fbd4750b9 nginx-0.2.2-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 543
diff changeset
777
563
9c2f3ed7a247 nginx-0.3.3-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 547
diff changeset
778 #endif
9c2f3ed7a247 nginx-0.3.3-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 547
diff changeset
779
547
818fbd4750b9 nginx-0.2.2-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 543
diff changeset
780 /* a temporary 512-bit RSA key is required for export versions of MSIE */
818fbd4750b9 nginx-0.2.2-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 543
diff changeset
781 if (ngx_ssl_generate_rsa512_key(&conf->ssl) != NGX_OK) {
386
fa72605e7089 nginx-0.0.7-2004-07-12-01:03:47 import
Igor Sysoev <igor@sysoev.ru>
parents: 385
diff changeset
782 return NGX_CONF_ERROR;
fa72605e7089 nginx-0.0.7-2004-07-12-01:03:47 import
Igor Sysoev <igor@sysoev.ru>
parents: 385
diff changeset
783 }
fa72605e7089 nginx-0.0.7-2004-07-12-01:03:47 import
Igor Sysoev <igor@sysoev.ru>
parents: 385
diff changeset
784
973
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
785 ngx_conf_merge_value(conf->builtin_session_cache,
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
786 prev->builtin_session_cache,
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
787 NGX_HTTP_SSL_DFLT_BUILTIN_SCACHE);
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
788
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
789 if (conf->shm_zone == NULL) {
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
790 conf->shm_zone = prev->shm_zone;
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
791 }
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
792
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
793 cache_mode = SSL_SESS_CACHE_SERVER;
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
794
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
795 if (conf->shm_zone
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
796 && conf->builtin_session_cache == NGX_HTTP_SSL_NO_BUILTIN_SCACHE)
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
797 {
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
798 cache_mode |= SSL_SESS_CACHE_NO_INTERNAL;
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
799 }
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
800
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
801 SSL_CTX_set_session_cache_mode(conf->ssl.ctx, cache_mode);
543
511a89da35ad nginx-0.2.0-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 541
diff changeset
802
547
818fbd4750b9 nginx-0.2.2-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 543
diff changeset
803 SSL_CTX_set_session_id_context(conf->ssl.ctx, ngx_http_session_id_ctx,
543
511a89da35ad nginx-0.2.0-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 541
diff changeset
804 sizeof(ngx_http_session_id_ctx) - 1);
541
b09ee85d0ac8 nginx-0.1.45-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 529
diff changeset
805
973
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
806 if (conf->builtin_session_cache != NGX_HTTP_SSL_NO_BUILTIN_SCACHE) {
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
807
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
808 if (conf->builtin_session_cache != NGX_HTTP_SSL_DFLT_BUILTIN_SCACHE) {
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
809 SSL_CTX_sess_set_cache_size(conf->ssl.ctx,
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
810 conf->builtin_session_cache);
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
811 }
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
812
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
813 SSL_CTX_set_timeout(conf->ssl.ctx, conf->session_timeout);
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
814 }
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
815
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
816 if (conf->shm_zone) {
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
817 SSL_CTX_sess_set_new_cb(conf->ssl.ctx, ngx_http_ssl_new_session);
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
818 SSL_CTX_sess_set_get_cb(conf->ssl.ctx, ngx_http_ssl_get_session);
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
819 SSL_CTX_sess_set_remove_cb(conf->ssl.ctx, ngx_http_ssl_remove_session);
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
820 }
573
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 563
diff changeset
821
383
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
822 return NGX_CONF_OK;
c05876036128 nginx-0.0.7-2004-07-08-19:17:47 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
823 }
563
9c2f3ed7a247 nginx-0.3.3-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 547
diff changeset
824
9c2f3ed7a247 nginx-0.3.3-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 547
diff changeset
825
973
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
826 static char *
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
827 ngx_http_ssl_session_cache(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
828 {
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
829 ngx_http_ssl_srv_conf_t *sscf = conf;
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
830
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
831 size_t len;
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
832 ngx_str_t *value, name, size;
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
833 ngx_int_t n;
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
834 ngx_uint_t i, j;
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
835
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
836 value = cf->args->elts;
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
837
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
838 for (i = 1; i < cf->args->nelts; i++) {
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
839
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
840 if (ngx_strcmp(value[i].data, "builtin") == 0) {
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
841 sscf->builtin_session_cache = NGX_HTTP_SSL_DFLT_BUILTIN_SCACHE;
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
842 continue;
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
843 }
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
844
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
845 if (value[i].len > sizeof("builtin:") - 1
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
846 && ngx_strncmp(value[i].data, "builtin:", sizeof("builtin:") - 1)
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
847 == 0)
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
848 {
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
849 n = ngx_atoi(value[i].data + sizeof("builtin:") - 1,
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
850 value[i].len - (sizeof("builtin:") - 1));
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
851
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
852 if (n == NGX_ERROR) {
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
853 goto invalid;
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
854 }
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
855
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
856 sscf->builtin_session_cache = n;
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
857
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
858 continue;
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
859 }
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
860
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
861 if (value[i].len > sizeof("shared:") - 1
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
862 && ngx_strncmp(value[i].data, "shared:", sizeof("shared:") - 1)
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
863 == 0)
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
864 {
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
865 len = 0;
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
866
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
867 for (j = sizeof("shared:") - 1; j < value[i].len; j++) {
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
868 if (value[i].data[j] == ':') {
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
869 break;
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
870 }
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
871
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
872 len++;
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
873 }
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
874
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
875 if (len == 0) {
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
876 goto invalid;
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
877 }
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
878
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
879 name.len = len;
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
880 name.data = value[i].data + sizeof("shared:") - 1;
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
881
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
882 size.len = value[i].len - j - 1;
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
883 size.data = name.data + len + 1;
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
884
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
885 n = ngx_parse_size(&size);
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
886
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
887 if (n == NGX_ERROR) {
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
888 goto invalid;
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
889 }
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
890
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
891 if (n < (ngx_int_t) (8 * ngx_pagesize)) {
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
892 ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
893 "session cache \"%V\" to small",
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
894 &value[i]);
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
895
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
896 return NGX_CONF_ERROR;
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
897 }
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
898
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
899 sscf->shm_zone = ngx_shared_memory_add(cf, &name, n,
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
900 &ngx_http_ssl_module);
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
901 if (sscf->shm_zone == NULL) {
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
902 return NGX_CONF_ERROR;
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
903 }
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
904
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
905 sscf->shm_zone->init = ngx_http_ssl_session_cache_init;
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
906
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
907 continue;
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
908 }
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
909
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
910 goto invalid;
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
911 }
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
912
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
913 if (sscf->shm_zone && sscf->builtin_session_cache == NGX_CONF_UNSET) {
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
914 sscf->builtin_session_cache = NGX_HTTP_SSL_NO_BUILTIN_SCACHE;
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
915 }
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
916
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
917 return NGX_CONF_OK;
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
918
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
919 invalid:
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
920
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
921 ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
922 "invalid session cache \"%V\"", &value[i]);
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
923
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
924 return NGX_CONF_ERROR;
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
925 }
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
926
e1ede83911ef ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 971
diff changeset
927
563
9c2f3ed7a247 nginx-0.3.3-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 547
diff changeset
928 #if !defined (SSL_OP_CIPHER_SERVER_PREFERENCE)
9c2f3ed7a247 nginx-0.3.3-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 547
diff changeset
929
9c2f3ed7a247 nginx-0.3.3-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 547
diff changeset
930 static char *
9c2f3ed7a247 nginx-0.3.3-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 547
diff changeset
931 ngx_http_ssl_nosupported(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
9c2f3ed7a247 nginx-0.3.3-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 547
diff changeset
932 {
9c2f3ed7a247 nginx-0.3.3-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 547
diff changeset
933 ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
9c2f3ed7a247 nginx-0.3.3-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 547
diff changeset
934 "\"%V\" directive is available only in %s,",
9c2f3ed7a247 nginx-0.3.3-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 547
diff changeset
935 &cmd->name, cmd->post);
9c2f3ed7a247 nginx-0.3.3-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 547
diff changeset
936
9c2f3ed7a247 nginx-0.3.3-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 547
diff changeset
937 return NGX_CONF_ERROR;
9c2f3ed7a247 nginx-0.3.3-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 547
diff changeset
938 }
9c2f3ed7a247 nginx-0.3.3-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 547
diff changeset
939
9c2f3ed7a247 nginx-0.3.3-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 547
diff changeset
940 #endif