Mercurial > hg > nginx
comparison src/http/modules/ngx_http_ssl_module.c @ 5744:42114bf12da0
SSL: the "ssl_password_file" directive.
author | Valentin Bartenev <vbart@nginx.com> |
---|---|
date | Mon, 16 Jun 2014 19:43:25 +0400 |
parents | 5e892d40e5cc |
children | a84267233877 |
comparison
equal
deleted
inserted
replaced
5743:dde2ae4701e1 | 5744:42114bf12da0 |
---|---|
40 static void *ngx_http_ssl_create_srv_conf(ngx_conf_t *cf); | 40 static void *ngx_http_ssl_create_srv_conf(ngx_conf_t *cf); |
41 static char *ngx_http_ssl_merge_srv_conf(ngx_conf_t *cf, | 41 static char *ngx_http_ssl_merge_srv_conf(ngx_conf_t *cf, |
42 void *parent, void *child); | 42 void *parent, void *child); |
43 | 43 |
44 static char *ngx_http_ssl_enable(ngx_conf_t *cf, ngx_command_t *cmd, | 44 static char *ngx_http_ssl_enable(ngx_conf_t *cf, ngx_command_t *cmd, |
45 void *conf); | |
46 static char *ngx_http_ssl_password_file(ngx_conf_t *cf, ngx_command_t *cmd, | |
45 void *conf); | 47 void *conf); |
46 static char *ngx_http_ssl_session_cache(ngx_conf_t *cf, ngx_command_t *cmd, | 48 static char *ngx_http_ssl_session_cache(ngx_conf_t *cf, ngx_command_t *cmd, |
47 void *conf); | 49 void *conf); |
48 | 50 |
49 static ngx_int_t ngx_http_ssl_init(ngx_conf_t *cf); | 51 static ngx_int_t ngx_http_ssl_init(ngx_conf_t *cf); |
87 { ngx_string("ssl_certificate_key"), | 89 { ngx_string("ssl_certificate_key"), |
88 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_TAKE1, | 90 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_TAKE1, |
89 ngx_conf_set_str_slot, | 91 ngx_conf_set_str_slot, |
90 NGX_HTTP_SRV_CONF_OFFSET, | 92 NGX_HTTP_SRV_CONF_OFFSET, |
91 offsetof(ngx_http_ssl_srv_conf_t, certificate_key), | 93 offsetof(ngx_http_ssl_srv_conf_t, certificate_key), |
94 NULL }, | |
95 | |
96 { ngx_string("ssl_password_file"), | |
97 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_TAKE1, | |
98 ngx_http_ssl_password_file, | |
99 NGX_HTTP_SRV_CONF_OFFSET, | |
100 0, | |
92 NULL }, | 101 NULL }, |
93 | 102 |
94 { ngx_string("ssl_dhparam"), | 103 { ngx_string("ssl_dhparam"), |
95 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_TAKE1, | 104 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_TAKE1, |
96 ngx_conf_set_str_slot, | 105 ngx_conf_set_str_slot, |
512 sscf->enable = NGX_CONF_UNSET; | 521 sscf->enable = NGX_CONF_UNSET; |
513 sscf->prefer_server_ciphers = NGX_CONF_UNSET; | 522 sscf->prefer_server_ciphers = NGX_CONF_UNSET; |
514 sscf->buffer_size = NGX_CONF_UNSET_SIZE; | 523 sscf->buffer_size = NGX_CONF_UNSET_SIZE; |
515 sscf->verify = NGX_CONF_UNSET_UINT; | 524 sscf->verify = NGX_CONF_UNSET_UINT; |
516 sscf->verify_depth = NGX_CONF_UNSET_UINT; | 525 sscf->verify_depth = NGX_CONF_UNSET_UINT; |
526 sscf->passwords = NGX_CONF_UNSET_PTR; | |
517 sscf->builtin_session_cache = NGX_CONF_UNSET; | 527 sscf->builtin_session_cache = NGX_CONF_UNSET; |
518 sscf->session_timeout = NGX_CONF_UNSET; | 528 sscf->session_timeout = NGX_CONF_UNSET; |
519 sscf->session_tickets = NGX_CONF_UNSET; | 529 sscf->session_tickets = NGX_CONF_UNSET; |
520 sscf->session_ticket_keys = NGX_CONF_UNSET_PTR; | 530 sscf->session_ticket_keys = NGX_CONF_UNSET_PTR; |
521 sscf->stapling = NGX_CONF_UNSET; | 531 sscf->stapling = NGX_CONF_UNSET; |
560 ngx_conf_merge_uint_value(conf->verify, prev->verify, 0); | 570 ngx_conf_merge_uint_value(conf->verify, prev->verify, 0); |
561 ngx_conf_merge_uint_value(conf->verify_depth, prev->verify_depth, 1); | 571 ngx_conf_merge_uint_value(conf->verify_depth, prev->verify_depth, 1); |
562 | 572 |
563 ngx_conf_merge_str_value(conf->certificate, prev->certificate, ""); | 573 ngx_conf_merge_str_value(conf->certificate, prev->certificate, ""); |
564 ngx_conf_merge_str_value(conf->certificate_key, prev->certificate_key, ""); | 574 ngx_conf_merge_str_value(conf->certificate_key, prev->certificate_key, ""); |
575 | |
576 ngx_conf_merge_ptr_value(conf->passwords, prev->passwords, NULL); | |
565 | 577 |
566 ngx_conf_merge_str_value(conf->dhparam, prev->dhparam, ""); | 578 ngx_conf_merge_str_value(conf->dhparam, prev->dhparam, ""); |
567 | 579 |
568 ngx_conf_merge_str_value(conf->client_certificate, prev->client_certificate, | 580 ngx_conf_merge_str_value(conf->client_certificate, prev->client_certificate, |
569 ""); | 581 ""); |
650 | 662 |
651 cln->handler = ngx_ssl_cleanup_ctx; | 663 cln->handler = ngx_ssl_cleanup_ctx; |
652 cln->data = &conf->ssl; | 664 cln->data = &conf->ssl; |
653 | 665 |
654 if (ngx_ssl_certificate(cf, &conf->ssl, &conf->certificate, | 666 if (ngx_ssl_certificate(cf, &conf->ssl, &conf->certificate, |
655 &conf->certificate_key) | 667 &conf->certificate_key, conf->passwords) |
656 != NGX_OK) | 668 != NGX_OK) |
657 { | 669 { |
658 return NGX_CONF_ERROR; | 670 return NGX_CONF_ERROR; |
659 } | 671 } |
660 | 672 |
780 return NGX_CONF_OK; | 792 return NGX_CONF_OK; |
781 } | 793 } |
782 | 794 |
783 | 795 |
784 static char * | 796 static char * |
797 ngx_http_ssl_password_file(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) | |
798 { | |
799 ngx_http_ssl_srv_conf_t *sscf = conf; | |
800 | |
801 ngx_str_t *value; | |
802 | |
803 if (sscf->passwords != NGX_CONF_UNSET_PTR) { | |
804 return "is duplicate"; | |
805 } | |
806 | |
807 value = cf->args->elts; | |
808 | |
809 sscf->passwords = ngx_ssl_read_password_file(cf, &value[1]); | |
810 | |
811 if (sscf->passwords == NULL) { | |
812 return NGX_CONF_ERROR; | |
813 } | |
814 | |
815 return NGX_CONF_OK; | |
816 } | |
817 | |
818 | |
819 static char * | |
785 ngx_http_ssl_session_cache(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) | 820 ngx_http_ssl_session_cache(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) |
786 { | 821 { |
787 ngx_http_ssl_srv_conf_t *sscf = conf; | 822 ngx_http_ssl_srv_conf_t *sscf = conf; |
788 | 823 |
789 size_t len; | 824 size_t len; |