Mercurial > hg > nginx
comparison src/http/modules/ngx_http_ssl_module.c @ 5744:42114bf12da0
SSL: the "ssl_password_file" directive.
| author | Valentin Bartenev <vbart@nginx.com> |
|---|---|
| date | Mon, 16 Jun 2014 19:43:25 +0400 |
| parents | 5e892d40e5cc |
| children | a84267233877 |
comparison
equal
deleted
inserted
replaced
| 5743:dde2ae4701e1 | 5744:42114bf12da0 |
|---|---|
| 40 static void *ngx_http_ssl_create_srv_conf(ngx_conf_t *cf); | 40 static void *ngx_http_ssl_create_srv_conf(ngx_conf_t *cf); |
| 41 static char *ngx_http_ssl_merge_srv_conf(ngx_conf_t *cf, | 41 static char *ngx_http_ssl_merge_srv_conf(ngx_conf_t *cf, |
| 42 void *parent, void *child); | 42 void *parent, void *child); |
| 43 | 43 |
| 44 static char *ngx_http_ssl_enable(ngx_conf_t *cf, ngx_command_t *cmd, | 44 static char *ngx_http_ssl_enable(ngx_conf_t *cf, ngx_command_t *cmd, |
| 45 void *conf); | |
| 46 static char *ngx_http_ssl_password_file(ngx_conf_t *cf, ngx_command_t *cmd, | |
| 45 void *conf); | 47 void *conf); |
| 46 static char *ngx_http_ssl_session_cache(ngx_conf_t *cf, ngx_command_t *cmd, | 48 static char *ngx_http_ssl_session_cache(ngx_conf_t *cf, ngx_command_t *cmd, |
| 47 void *conf); | 49 void *conf); |
| 48 | 50 |
| 49 static ngx_int_t ngx_http_ssl_init(ngx_conf_t *cf); | 51 static ngx_int_t ngx_http_ssl_init(ngx_conf_t *cf); |
| 87 { ngx_string("ssl_certificate_key"), | 89 { ngx_string("ssl_certificate_key"), |
| 88 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_TAKE1, | 90 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_TAKE1, |
| 89 ngx_conf_set_str_slot, | 91 ngx_conf_set_str_slot, |
| 90 NGX_HTTP_SRV_CONF_OFFSET, | 92 NGX_HTTP_SRV_CONF_OFFSET, |
| 91 offsetof(ngx_http_ssl_srv_conf_t, certificate_key), | 93 offsetof(ngx_http_ssl_srv_conf_t, certificate_key), |
| 94 NULL }, | |
| 95 | |
| 96 { ngx_string("ssl_password_file"), | |
| 97 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_TAKE1, | |
| 98 ngx_http_ssl_password_file, | |
| 99 NGX_HTTP_SRV_CONF_OFFSET, | |
| 100 0, | |
| 92 NULL }, | 101 NULL }, |
| 93 | 102 |
| 94 { ngx_string("ssl_dhparam"), | 103 { ngx_string("ssl_dhparam"), |
| 95 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_TAKE1, | 104 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_TAKE1, |
| 96 ngx_conf_set_str_slot, | 105 ngx_conf_set_str_slot, |
| 512 sscf->enable = NGX_CONF_UNSET; | 521 sscf->enable = NGX_CONF_UNSET; |
| 513 sscf->prefer_server_ciphers = NGX_CONF_UNSET; | 522 sscf->prefer_server_ciphers = NGX_CONF_UNSET; |
| 514 sscf->buffer_size = NGX_CONF_UNSET_SIZE; | 523 sscf->buffer_size = NGX_CONF_UNSET_SIZE; |
| 515 sscf->verify = NGX_CONF_UNSET_UINT; | 524 sscf->verify = NGX_CONF_UNSET_UINT; |
| 516 sscf->verify_depth = NGX_CONF_UNSET_UINT; | 525 sscf->verify_depth = NGX_CONF_UNSET_UINT; |
| 526 sscf->passwords = NGX_CONF_UNSET_PTR; | |
| 517 sscf->builtin_session_cache = NGX_CONF_UNSET; | 527 sscf->builtin_session_cache = NGX_CONF_UNSET; |
| 518 sscf->session_timeout = NGX_CONF_UNSET; | 528 sscf->session_timeout = NGX_CONF_UNSET; |
| 519 sscf->session_tickets = NGX_CONF_UNSET; | 529 sscf->session_tickets = NGX_CONF_UNSET; |
| 520 sscf->session_ticket_keys = NGX_CONF_UNSET_PTR; | 530 sscf->session_ticket_keys = NGX_CONF_UNSET_PTR; |
| 521 sscf->stapling = NGX_CONF_UNSET; | 531 sscf->stapling = NGX_CONF_UNSET; |
| 560 ngx_conf_merge_uint_value(conf->verify, prev->verify, 0); | 570 ngx_conf_merge_uint_value(conf->verify, prev->verify, 0); |
| 561 ngx_conf_merge_uint_value(conf->verify_depth, prev->verify_depth, 1); | 571 ngx_conf_merge_uint_value(conf->verify_depth, prev->verify_depth, 1); |
| 562 | 572 |
| 563 ngx_conf_merge_str_value(conf->certificate, prev->certificate, ""); | 573 ngx_conf_merge_str_value(conf->certificate, prev->certificate, ""); |
| 564 ngx_conf_merge_str_value(conf->certificate_key, prev->certificate_key, ""); | 574 ngx_conf_merge_str_value(conf->certificate_key, prev->certificate_key, ""); |
| 575 | |
| 576 ngx_conf_merge_ptr_value(conf->passwords, prev->passwords, NULL); | |
| 565 | 577 |
| 566 ngx_conf_merge_str_value(conf->dhparam, prev->dhparam, ""); | 578 ngx_conf_merge_str_value(conf->dhparam, prev->dhparam, ""); |
| 567 | 579 |
| 568 ngx_conf_merge_str_value(conf->client_certificate, prev->client_certificate, | 580 ngx_conf_merge_str_value(conf->client_certificate, prev->client_certificate, |
| 569 ""); | 581 ""); |
| 650 | 662 |
| 651 cln->handler = ngx_ssl_cleanup_ctx; | 663 cln->handler = ngx_ssl_cleanup_ctx; |
| 652 cln->data = &conf->ssl; | 664 cln->data = &conf->ssl; |
| 653 | 665 |
| 654 if (ngx_ssl_certificate(cf, &conf->ssl, &conf->certificate, | 666 if (ngx_ssl_certificate(cf, &conf->ssl, &conf->certificate, |
| 655 &conf->certificate_key) | 667 &conf->certificate_key, conf->passwords) |
| 656 != NGX_OK) | 668 != NGX_OK) |
| 657 { | 669 { |
| 658 return NGX_CONF_ERROR; | 670 return NGX_CONF_ERROR; |
| 659 } | 671 } |
| 660 | 672 |
| 780 return NGX_CONF_OK; | 792 return NGX_CONF_OK; |
| 781 } | 793 } |
| 782 | 794 |
| 783 | 795 |
| 784 static char * | 796 static char * |
| 797 ngx_http_ssl_password_file(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) | |
| 798 { | |
| 799 ngx_http_ssl_srv_conf_t *sscf = conf; | |
| 800 | |
| 801 ngx_str_t *value; | |
| 802 | |
| 803 if (sscf->passwords != NGX_CONF_UNSET_PTR) { | |
| 804 return "is duplicate"; | |
| 805 } | |
| 806 | |
| 807 value = cf->args->elts; | |
| 808 | |
| 809 sscf->passwords = ngx_ssl_read_password_file(cf, &value[1]); | |
| 810 | |
| 811 if (sscf->passwords == NULL) { | |
| 812 return NGX_CONF_ERROR; | |
| 813 } | |
| 814 | |
| 815 return NGX_CONF_OK; | |
| 816 } | |
| 817 | |
| 818 | |
| 819 static char * | |
| 785 ngx_http_ssl_session_cache(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) | 820 ngx_http_ssl_session_cache(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) |
| 786 { | 821 { |
| 787 ngx_http_ssl_srv_conf_t *sscf = conf; | 822 ngx_http_ssl_srv_conf_t *sscf = conf; |
| 788 | 823 |
| 789 size_t len; | 824 size_t len; |