Mercurial > hg > nginx

comparison src/stream/ngx_stream_ssl_module.c @ 6693:3908156a51fa

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Stream: phases.
author Roman Arutyunyan <arut@nginx.com>
date Thu, 15 Sep 2016 14:55:54 +0300
parents 85e7bcb37d6b
children ea93c7d8752a
comparison
equal deleted inserted replaced
6692:56fc55e32f23 6693:3908156a51fa
16 16
17 #define NGX_DEFAULT_CIPHERS "HIGH:!aNULL:!MD5" 17 #define NGX_DEFAULT_CIPHERS "HIGH:!aNULL:!MD5"
18 #define NGX_DEFAULT_ECDH_CURVE "auto" 18 #define NGX_DEFAULT_ECDH_CURVE "auto"
19 19
20 20
21 static ngx_int_t ngx_stream_ssl_handler(ngx_stream_session_t *s);
22 static ngx_int_t ngx_stream_ssl_init_connection(ngx_ssl_t *ssl,
23 ngx_connection_t *c);
24 static void ngx_stream_ssl_handshake_handler(ngx_connection_t *c);
21 static ngx_int_t ngx_stream_ssl_static_variable(ngx_stream_session_t *s, 25 static ngx_int_t ngx_stream_ssl_static_variable(ngx_stream_session_t *s,
22 ngx_stream_variable_value_t *v, uintptr_t data); 26 ngx_stream_variable_value_t *v, uintptr_t data);
23 static ngx_int_t ngx_stream_ssl_variable(ngx_stream_session_t *s, 27 static ngx_int_t ngx_stream_ssl_variable(ngx_stream_session_t *s,
24 ngx_stream_variable_value_t *v, uintptr_t data); 28 ngx_stream_variable_value_t *v, uintptr_t data);
25 29
30 34
31 static char *ngx_stream_ssl_password_file(ngx_conf_t *cf, ngx_command_t *cmd, 35 static char *ngx_stream_ssl_password_file(ngx_conf_t *cf, ngx_command_t *cmd,
32 void *conf); 36 void *conf);
33 static char *ngx_stream_ssl_session_cache(ngx_conf_t *cf, ngx_command_t *cmd, 37 static char *ngx_stream_ssl_session_cache(ngx_conf_t *cf, ngx_command_t *cmd,
34 void *conf); 38 void *conf);
39 static ngx_int_t ngx_stream_ssl_init(ngx_conf_t *cf);
35 40
36 41
37 static ngx_conf_bitmask_t ngx_stream_ssl_protocols[] = { 42 static ngx_conf_bitmask_t ngx_stream_ssl_protocols[] = {
38 { ngx_string("SSLv2"), NGX_SSL_SSLv2 }, 43 { ngx_string("SSLv2"), NGX_SSL_SSLv2 },
39 { ngx_string("SSLv3"), NGX_SSL_SSLv3 }, 44 { ngx_string("SSLv3"), NGX_SSL_SSLv3 },
141 }; 146 };
142 147
143 148
144 static ngx_stream_module_t ngx_stream_ssl_module_ctx = { 149 static ngx_stream_module_t ngx_stream_ssl_module_ctx = {
145 ngx_stream_ssl_add_variables, /* preconfiguration */ 150 ngx_stream_ssl_add_variables, /* preconfiguration */
146 NULL, /* postconfiguration */ 151 ngx_stream_ssl_init, /* postconfiguration */
147 152
148 NULL, /* create main configuration */ 153 NULL, /* create main configuration */
149 NULL, /* init main configuration */ 154 NULL, /* init main configuration */
150 155
151 ngx_stream_ssl_create_conf, /* create server configuration */ 156 ngx_stream_ssl_create_conf, /* create server configuration */
192 197
193 static ngx_str_t ngx_stream_ssl_sess_id_ctx = ngx_string("STREAM"); 198 static ngx_str_t ngx_stream_ssl_sess_id_ctx = ngx_string("STREAM");
194 199
195 200
196 static ngx_int_t 201 static ngx_int_t
202 ngx_stream_ssl_handler(ngx_stream_session_t *s)
203 {
204 ngx_connection_t *c;
205 ngx_stream_ssl_conf_t *sslcf;
206
207 c = s->connection;
208
209 sslcf = ngx_stream_get_module_srv_conf(s, ngx_stream_ssl_module);
210
211 if (s->ssl && c->ssl == NULL) {
212 c->log->action = "SSL handshaking";
213
214 if (sslcf->ssl.ctx == NULL) {
215 ngx_log_error(NGX_LOG_ERR, c->log, 0,
216 "no \"ssl_certificate\" is defined "
217 "in server listening on SSL port");
218 return NGX_ERROR;
219 }
220
221 return ngx_stream_ssl_init_connection(&sslcf->ssl, c);
222 }
223
224 return NGX_OK;
225 }
226
227
228 static ngx_int_t
229 ngx_stream_ssl_init_connection(ngx_ssl_t *ssl, ngx_connection_t *c)
230 {
231 ngx_int_t rc;
232 ngx_stream_session_t *s;
233 ngx_stream_ssl_conf_t *sslcf;
234
235 s = c->data;
236
237 if (ngx_ssl_create_connection(ssl, c, 0) == NGX_ERROR) {
238 return NGX_ERROR;
239 }
240
241 rc = ngx_ssl_handshake(c);
242
243 if (rc == NGX_ERROR) {
244 return NGX_ERROR;
245 }
246
247 if (rc == NGX_AGAIN) {
248 sslcf = ngx_stream_get_module_srv_conf(s, ngx_stream_ssl_module);
249
250 ngx_add_timer(c->read, sslcf->handshake_timeout);
251
252 c->ssl->handler = ngx_stream_ssl_handshake_handler;
253
254 return NGX_AGAIN;
255 }
256
257 /* rc == NGX_OK */
258
259 return NGX_OK;
260 }
261
262
263 static void
264 ngx_stream_ssl_handshake_handler(ngx_connection_t *c)
265 {
266 ngx_stream_session_t *s;
267
268 s = c->data;
269
270 if (!c->ssl->handshaked) {
271 ngx_stream_finalize_session(s, NGX_STREAM_INTERNAL_SERVER_ERROR);
272 return;
273 }
274
275 if (c->read->timer_set) {
276 ngx_del_timer(c->read);
277 }
278
279 ngx_stream_core_run_phases(s);
280 }
281
282
283 static ngx_int_t
197 ngx_stream_ssl_static_variable(ngx_stream_session_t *s, 284 ngx_stream_ssl_static_variable(ngx_stream_session_t *s,
198 ngx_stream_variable_value_t *v, uintptr_t data) 285 ngx_stream_variable_value_t *v, uintptr_t data)
199 { 286 {
200 ngx_ssl_variable_handler_pt handler = (ngx_ssl_variable_handler_pt) data; 287 ngx_ssl_variable_handler_pt handler = (ngx_ssl_variable_handler_pt) data;
201 288
563 ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, 650 ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
564 "invalid session cache \"%V\"", &value[i]); 651 "invalid session cache \"%V\"", &value[i]);
565 652
566 return NGX_CONF_ERROR; 653 return NGX_CONF_ERROR;
567 } 654 }
655
656
657 static ngx_int_t
658 ngx_stream_ssl_init(ngx_conf_t *cf)
659 {
660 ngx_stream_handler_pt *h;
661 ngx_stream_core_main_conf_t *cmcf;
662
663 cmcf = ngx_stream_conf_get_module_main_conf(cf, ngx_stream_core_module);
664
665 h = ngx_array_push(&cmcf->phases[NGX_STREAM_SSL_PHASE].handlers);
666 if (h == NULL) {
667 return NGX_ERROR;
668 }
669
670 *h = ngx_stream_ssl_handler;
671
672 return NGX_OK;
673 }