Mercurial > hg > nginx
comparison src/stream/ngx_stream_ssl_module.c @ 6693:3908156a51fa
Stream: phases.
author | Roman Arutyunyan <arut@nginx.com> |
---|---|
date | Thu, 15 Sep 2016 14:55:54 +0300 |
parents | 85e7bcb37d6b |
children | ea93c7d8752a |
comparison
equal
deleted
inserted
replaced
6692:56fc55e32f23 | 6693:3908156a51fa |
---|---|
16 | 16 |
17 #define NGX_DEFAULT_CIPHERS "HIGH:!aNULL:!MD5" | 17 #define NGX_DEFAULT_CIPHERS "HIGH:!aNULL:!MD5" |
18 #define NGX_DEFAULT_ECDH_CURVE "auto" | 18 #define NGX_DEFAULT_ECDH_CURVE "auto" |
19 | 19 |
20 | 20 |
21 static ngx_int_t ngx_stream_ssl_handler(ngx_stream_session_t *s); | |
22 static ngx_int_t ngx_stream_ssl_init_connection(ngx_ssl_t *ssl, | |
23 ngx_connection_t *c); | |
24 static void ngx_stream_ssl_handshake_handler(ngx_connection_t *c); | |
21 static ngx_int_t ngx_stream_ssl_static_variable(ngx_stream_session_t *s, | 25 static ngx_int_t ngx_stream_ssl_static_variable(ngx_stream_session_t *s, |
22 ngx_stream_variable_value_t *v, uintptr_t data); | 26 ngx_stream_variable_value_t *v, uintptr_t data); |
23 static ngx_int_t ngx_stream_ssl_variable(ngx_stream_session_t *s, | 27 static ngx_int_t ngx_stream_ssl_variable(ngx_stream_session_t *s, |
24 ngx_stream_variable_value_t *v, uintptr_t data); | 28 ngx_stream_variable_value_t *v, uintptr_t data); |
25 | 29 |
30 | 34 |
31 static char *ngx_stream_ssl_password_file(ngx_conf_t *cf, ngx_command_t *cmd, | 35 static char *ngx_stream_ssl_password_file(ngx_conf_t *cf, ngx_command_t *cmd, |
32 void *conf); | 36 void *conf); |
33 static char *ngx_stream_ssl_session_cache(ngx_conf_t *cf, ngx_command_t *cmd, | 37 static char *ngx_stream_ssl_session_cache(ngx_conf_t *cf, ngx_command_t *cmd, |
34 void *conf); | 38 void *conf); |
39 static ngx_int_t ngx_stream_ssl_init(ngx_conf_t *cf); | |
35 | 40 |
36 | 41 |
37 static ngx_conf_bitmask_t ngx_stream_ssl_protocols[] = { | 42 static ngx_conf_bitmask_t ngx_stream_ssl_protocols[] = { |
38 { ngx_string("SSLv2"), NGX_SSL_SSLv2 }, | 43 { ngx_string("SSLv2"), NGX_SSL_SSLv2 }, |
39 { ngx_string("SSLv3"), NGX_SSL_SSLv3 }, | 44 { ngx_string("SSLv3"), NGX_SSL_SSLv3 }, |
141 }; | 146 }; |
142 | 147 |
143 | 148 |
144 static ngx_stream_module_t ngx_stream_ssl_module_ctx = { | 149 static ngx_stream_module_t ngx_stream_ssl_module_ctx = { |
145 ngx_stream_ssl_add_variables, /* preconfiguration */ | 150 ngx_stream_ssl_add_variables, /* preconfiguration */ |
146 NULL, /* postconfiguration */ | 151 ngx_stream_ssl_init, /* postconfiguration */ |
147 | 152 |
148 NULL, /* create main configuration */ | 153 NULL, /* create main configuration */ |
149 NULL, /* init main configuration */ | 154 NULL, /* init main configuration */ |
150 | 155 |
151 ngx_stream_ssl_create_conf, /* create server configuration */ | 156 ngx_stream_ssl_create_conf, /* create server configuration */ |
192 | 197 |
193 static ngx_str_t ngx_stream_ssl_sess_id_ctx = ngx_string("STREAM"); | 198 static ngx_str_t ngx_stream_ssl_sess_id_ctx = ngx_string("STREAM"); |
194 | 199 |
195 | 200 |
196 static ngx_int_t | 201 static ngx_int_t |
202 ngx_stream_ssl_handler(ngx_stream_session_t *s) | |
203 { | |
204 ngx_connection_t *c; | |
205 ngx_stream_ssl_conf_t *sslcf; | |
206 | |
207 c = s->connection; | |
208 | |
209 sslcf = ngx_stream_get_module_srv_conf(s, ngx_stream_ssl_module); | |
210 | |
211 if (s->ssl && c->ssl == NULL) { | |
212 c->log->action = "SSL handshaking"; | |
213 | |
214 if (sslcf->ssl.ctx == NULL) { | |
215 ngx_log_error(NGX_LOG_ERR, c->log, 0, | |
216 "no \"ssl_certificate\" is defined " | |
217 "in server listening on SSL port"); | |
218 return NGX_ERROR; | |
219 } | |
220 | |
221 return ngx_stream_ssl_init_connection(&sslcf->ssl, c); | |
222 } | |
223 | |
224 return NGX_OK; | |
225 } | |
226 | |
227 | |
228 static ngx_int_t | |
229 ngx_stream_ssl_init_connection(ngx_ssl_t *ssl, ngx_connection_t *c) | |
230 { | |
231 ngx_int_t rc; | |
232 ngx_stream_session_t *s; | |
233 ngx_stream_ssl_conf_t *sslcf; | |
234 | |
235 s = c->data; | |
236 | |
237 if (ngx_ssl_create_connection(ssl, c, 0) == NGX_ERROR) { | |
238 return NGX_ERROR; | |
239 } | |
240 | |
241 rc = ngx_ssl_handshake(c); | |
242 | |
243 if (rc == NGX_ERROR) { | |
244 return NGX_ERROR; | |
245 } | |
246 | |
247 if (rc == NGX_AGAIN) { | |
248 sslcf = ngx_stream_get_module_srv_conf(s, ngx_stream_ssl_module); | |
249 | |
250 ngx_add_timer(c->read, sslcf->handshake_timeout); | |
251 | |
252 c->ssl->handler = ngx_stream_ssl_handshake_handler; | |
253 | |
254 return NGX_AGAIN; | |
255 } | |
256 | |
257 /* rc == NGX_OK */ | |
258 | |
259 return NGX_OK; | |
260 } | |
261 | |
262 | |
263 static void | |
264 ngx_stream_ssl_handshake_handler(ngx_connection_t *c) | |
265 { | |
266 ngx_stream_session_t *s; | |
267 | |
268 s = c->data; | |
269 | |
270 if (!c->ssl->handshaked) { | |
271 ngx_stream_finalize_session(s, NGX_STREAM_INTERNAL_SERVER_ERROR); | |
272 return; | |
273 } | |
274 | |
275 if (c->read->timer_set) { | |
276 ngx_del_timer(c->read); | |
277 } | |
278 | |
279 ngx_stream_core_run_phases(s); | |
280 } | |
281 | |
282 | |
283 static ngx_int_t | |
197 ngx_stream_ssl_static_variable(ngx_stream_session_t *s, | 284 ngx_stream_ssl_static_variable(ngx_stream_session_t *s, |
198 ngx_stream_variable_value_t *v, uintptr_t data) | 285 ngx_stream_variable_value_t *v, uintptr_t data) |
199 { | 286 { |
200 ngx_ssl_variable_handler_pt handler = (ngx_ssl_variable_handler_pt) data; | 287 ngx_ssl_variable_handler_pt handler = (ngx_ssl_variable_handler_pt) data; |
201 | 288 |
563 ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, | 650 ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, |
564 "invalid session cache \"%V\"", &value[i]); | 651 "invalid session cache \"%V\"", &value[i]); |
565 | 652 |
566 return NGX_CONF_ERROR; | 653 return NGX_CONF_ERROR; |
567 } | 654 } |
655 | |
656 | |
657 static ngx_int_t | |
658 ngx_stream_ssl_init(ngx_conf_t *cf) | |
659 { | |
660 ngx_stream_handler_pt *h; | |
661 ngx_stream_core_main_conf_t *cmcf; | |
662 | |
663 cmcf = ngx_stream_conf_get_module_main_conf(cf, ngx_stream_core_module); | |
664 | |
665 h = ngx_array_push(&cmcf->phases[NGX_STREAM_SSL_PHASE].handlers); | |
666 if (h == NULL) { | |
667 return NGX_ERROR; | |
668 } | |
669 | |
670 *h = ngx_stream_ssl_handler; | |
671 | |
672 return NGX_OK; | |
673 } |