Mercurial > hg > nginx
comparison src/http/modules/ngx_http_ssl_module.c @ 3960:0832a6997227
ECDHE support
patch by Adrian Kotelba
| author | Igor Sysoev <igor@sysoev.ru> |
|---|---|
| date | Wed, 20 Jul 2011 15:42:40 +0000 |
| parents | b1f48fa31e6c |
| children | a1dd9dc754ab |
comparison
equal
deleted
inserted
replaced
| 3959:b1f48fa31e6c | 3960:0832a6997227 |
|---|---|
| 11 | 11 |
| 12 typedef ngx_int_t (*ngx_ssl_variable_handler_pt)(ngx_connection_t *c, | 12 typedef ngx_int_t (*ngx_ssl_variable_handler_pt)(ngx_connection_t *c, |
| 13 ngx_pool_t *pool, ngx_str_t *s); | 13 ngx_pool_t *pool, ngx_str_t *s); |
| 14 | 14 |
| 15 | 15 |
| 16 #define NGX_DEFAULT_CIPHERS "HIGH:!aNULL:!MD5" | 16 #define NGX_DEFAULT_CIPHERS "HIGH:!aNULL:!MD5" |
| 17 #define NGX_DEFAULT_ECDH_CURVE "prime256v1" | |
| 17 | 18 |
| 18 | 19 |
| 19 static ngx_int_t ngx_http_ssl_static_variable(ngx_http_request_t *r, | 20 static ngx_int_t ngx_http_ssl_static_variable(ngx_http_request_t *r, |
| 20 ngx_http_variable_value_t *v, uintptr_t data); | 21 ngx_http_variable_value_t *v, uintptr_t data); |
| 21 static ngx_int_t ngx_http_ssl_variable(ngx_http_request_t *r, | 22 static ngx_int_t ngx_http_ssl_variable(ngx_http_request_t *r, |
| 74 { ngx_string("ssl_dhparam"), | 75 { ngx_string("ssl_dhparam"), |
| 75 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_TAKE1, | 76 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_TAKE1, |
| 76 ngx_conf_set_str_slot, | 77 ngx_conf_set_str_slot, |
| 77 NGX_HTTP_SRV_CONF_OFFSET, | 78 NGX_HTTP_SRV_CONF_OFFSET, |
| 78 offsetof(ngx_http_ssl_srv_conf_t, dhparam), | 79 offsetof(ngx_http_ssl_srv_conf_t, dhparam), |
| 80 NULL }, | |
| 81 | |
| 82 { ngx_string("ssl_ecdh_curve"), | |
| 83 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_TAKE1, | |
| 84 ngx_conf_set_str_slot, | |
| 85 NGX_HTTP_SRV_CONF_OFFSET, | |
| 86 offsetof(ngx_http_ssl_srv_conf_t, ecdh_curve), | |
| 79 NULL }, | 87 NULL }, |
| 80 | 88 |
| 81 { ngx_string("ssl_protocols"), | 89 { ngx_string("ssl_protocols"), |
| 82 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_1MORE, | 90 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_1MORE, |
| 83 ngx_conf_set_bitmask_slot, | 91 ngx_conf_set_bitmask_slot, |
| 310 * | 318 * |
| 311 * sscf->protocols = 0; | 319 * sscf->protocols = 0; |
| 312 * sscf->certificate = { 0, NULL }; | 320 * sscf->certificate = { 0, NULL }; |
| 313 * sscf->certificate_key = { 0, NULL }; | 321 * sscf->certificate_key = { 0, NULL }; |
| 314 * sscf->dhparam = { 0, NULL }; | 322 * sscf->dhparam = { 0, NULL }; |
| 323 * sscf->ecdh_curve = { 0, NULL }; | |
| 315 * sscf->client_certificate = { 0, NULL }; | 324 * sscf->client_certificate = { 0, NULL }; |
| 316 * sscf->crl = { 0, NULL }; | 325 * sscf->crl = { 0, NULL }; |
| 317 * sscf->ciphers = { 0, NULL }; | 326 * sscf->ciphers = { 0, NULL }; |
| 318 * sscf->shm_zone = NULL; | 327 * sscf->shm_zone = NULL; |
| 319 */ | 328 */ |
| 357 ngx_conf_merge_str_value(conf->dhparam, prev->dhparam, ""); | 366 ngx_conf_merge_str_value(conf->dhparam, prev->dhparam, ""); |
| 358 | 367 |
| 359 ngx_conf_merge_str_value(conf->client_certificate, prev->client_certificate, | 368 ngx_conf_merge_str_value(conf->client_certificate, prev->client_certificate, |
| 360 ""); | 369 ""); |
| 361 ngx_conf_merge_str_value(conf->crl, prev->crl, ""); | 370 ngx_conf_merge_str_value(conf->crl, prev->crl, ""); |
| 371 | |
| 372 ngx_conf_merge_str_value(conf->ecdh_curve, prev->ecdh_curve, | |
| 373 NGX_DEFAULT_ECDH_CURVE); | |
| 362 | 374 |
| 363 ngx_conf_merge_str_value(conf->ciphers, prev->ciphers, NGX_DEFAULT_CIPHERS); | 375 ngx_conf_merge_str_value(conf->ciphers, prev->ciphers, NGX_DEFAULT_CIPHERS); |
| 364 | 376 |
| 365 | 377 |
| 366 conf->ssl.log = cf->log; | 378 conf->ssl.log = cf->log; |
| 469 | 481 |
| 470 if (ngx_ssl_dhparam(cf, &conf->ssl, &conf->dhparam) != NGX_OK) { | 482 if (ngx_ssl_dhparam(cf, &conf->ssl, &conf->dhparam) != NGX_OK) { |
| 471 return NGX_CONF_ERROR; | 483 return NGX_CONF_ERROR; |
| 472 } | 484 } |
| 473 | 485 |
| 486 if (ngx_ssl_ecdh_curve(cf, &conf->ssl, &conf->ecdh_curve) != NGX_OK) { | |
| 487 return NGX_CONF_ERROR; | |
| 488 } | |
| 489 | |
| 474 ngx_conf_merge_value(conf->builtin_session_cache, | 490 ngx_conf_merge_value(conf->builtin_session_cache, |
| 475 prev->builtin_session_cache, NGX_SSL_NONE_SCACHE); | 491 prev->builtin_session_cache, NGX_SSL_NONE_SCACHE); |
| 476 | 492 |
| 477 if (conf->shm_zone == NULL) { | 493 if (conf->shm_zone == NULL) { |
| 478 conf->shm_zone = prev->shm_zone; | 494 conf->shm_zone = prev->shm_zone; |