Mercurial > hg > nginx
comparison src/http/modules/ngx_http_ssl_filter.c @ 393:5659d773cfa8
nginx-0.0.7-2004-07-15-20:35:51 import
author | Igor Sysoev <igor@sysoev.ru> |
---|---|
date | Thu, 15 Jul 2004 16:35:51 +0000 |
parents | d1222d46b3f9 |
children | e7a68e14ccd3 |
comparison
equal
deleted
inserted
replaced
392:d1222d46b3f9 | 393:5659d773cfa8 |
---|---|
1 | 1 |
2 #include <ngx_config.h> | 2 #include <ngx_config.h> |
3 #include <ngx_core.h> | 3 #include <ngx_core.h> |
4 #include <ngx_http.h> | 4 #include <ngx_http.h> |
5 | 5 |
6 /* STUB */ | |
7 #define NGX_SSL_ERROR -11 | |
8 | |
6 | 9 |
7 #define NGX_DEFLAUT_CERTIFICATE "cert.pem" | 10 #define NGX_DEFLAUT_CERTIFICATE "cert.pem" |
8 #define NGX_DEFLAUT_CERTIFICATE_KEY "cert.pem" | 11 #define NGX_DEFLAUT_CERTIFICATE_KEY "cert.pem" |
9 | |
10 | |
11 typedef struct { | |
12 ngx_flag_t enable; | |
13 ngx_str_t certificate; | |
14 ngx_str_t certificate_key; | |
15 | |
16 SSL_CTX *ssl_ctx; | |
17 } ngx_http_ssl_srv_conf_t; | |
18 | |
19 | |
20 typedef struct { | |
21 SSL *ssl; | |
22 } ngx_http_ssl_ctx_t; | |
23 | 12 |
24 | 13 |
25 static ngx_int_t ngx_http_ssl_create_ssl(ngx_http_request_t *r); | 14 static ngx_int_t ngx_http_ssl_create_ssl(ngx_http_request_t *r); |
26 static void ngx_http_ssl_error(ngx_uint_t level, ngx_log_t *log, int err, | 15 static void ngx_http_ssl_error(ngx_uint_t level, ngx_log_t *log, int err, |
27 char *fmt, ...); | 16 char *fmt, ...); |
28 static void *ngx_http_ssl_create_srv_conf(ngx_conf_t *cf); | 17 static void *ngx_http_ssl_create_srv_conf(ngx_conf_t *cf); |
29 static char *ngx_http_ssl_merge_srv_conf(ngx_conf_t *cf, | 18 static char *ngx_http_ssl_merge_srv_conf(ngx_conf_t *cf, |
30 void *parent, void *child); | 19 void *parent, void *child); |
31 static ngx_int_t ngx_http_ssl_filter_init(ngx_cycle_t *cycle); | 20 static ngx_int_t ngx_http_ssl_init_process(ngx_cycle_t *cycle); |
32 | 21 |
33 | 22 |
34 static ngx_command_t ngx_http_charset_filter_commands[] = { | 23 static ngx_command_t ngx_http_charset_filter_commands[] = { |
35 | 24 |
36 { ngx_string("ssl_"), | 25 { ngx_string("ssl"), |
37 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_FLAG, | 26 NGX_HTTP_SRV_CONF|NGX_CONF_FLAG, |
38 ngx_conf_set_flag_slot, | 27 ngx_conf_set_flag_slot, |
39 NGX_HTTP_SRV_CONF_OFFSET, | 28 NGX_HTTP_SRV_CONF_OFFSET, |
40 offsetof(ngx_http_ssl_srv_conf_t, enable), | 29 offsetof(ngx_http_ssl_srv_conf_t, enable), |
41 NULL }, | 30 NULL }, |
42 | 31 |
43 { ngx_string("ssl_certificate"), | 32 { ngx_string("ssl_certificate"), |
44 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_TAKE1, | 33 NGX_HTTP_SRV_CONF|NGX_CONF_TAKE1, |
45 ngx_conf_set_str_slot, | 34 ngx_conf_set_str_slot, |
46 NGX_HTTP_SRV_CONF_OFFSET, | 35 NGX_HTTP_SRV_CONF_OFFSET, |
47 offsetof(ngx_http_ssl_srv_conf_t, certificate), | 36 offsetof(ngx_http_ssl_srv_conf_t, certificate), |
48 NULL }, | 37 NULL }, |
49 | 38 |
50 { ngx_string("ssl_certificate_key"), | 39 { ngx_string("ssl_certificate_key"), |
51 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_TAKE1, | 40 NGX_HTTP_SRV_CONF|NGX_CONF_TAKE1, |
52 ngx_conf_set_str_slot, | 41 ngx_conf_set_str_slot, |
53 NGX_HTTP_SRV_CONF_OFFSET, | 42 NGX_HTTP_SRV_CONF_OFFSET, |
54 offsetof(ngx_http_ssl_srv_conf_t, certificate_key), | 43 offsetof(ngx_http_ssl_srv_conf_t, certificate_key), |
55 NULL }, | 44 NULL }, |
56 | 45 |
73 | 62 |
74 | 63 |
75 ngx_module_t ngx_http_ssl_filter_module = { | 64 ngx_module_t ngx_http_ssl_filter_module = { |
76 NGX_MODULE, | 65 NGX_MODULE, |
77 &ngx_http_ssl_filter_module_ctx, /* module context */ | 66 &ngx_http_ssl_filter_module_ctx, /* module context */ |
78 NULL, /* module directives */ | 67 ngx_http_charset_filter_commands, /* module directives */ |
79 NGX_HTTP_MODULE, /* module type */ | 68 NGX_HTTP_MODULE, /* module type */ |
80 ngx_http_ssl_filter_init, /* init module */ | 69 NULL, /* init module */ |
81 NULL /* init process */ | 70 ngx_http_ssl_init_process /* init process */ |
82 }; | 71 }; |
83 | 72 |
84 | 73 |
85 ngx_int_t ngx_http_ssl_read(ngx_http_request_t *r, u_char *buf, size_t size) | 74 ngx_int_t ngx_http_ssl_read(ngx_http_request_t *r, u_char *buf, size_t size) |
86 { | 75 { |
87 int n; | 76 int n; |
88 SSL *ssl; | 77 SSL *ssl; |
89 ngx_http_ssl_ctx_t *ctx; | |
90 ngx_http_log_ctx_t *log_ctx; | 78 ngx_http_log_ctx_t *log_ctx; |
91 | 79 |
92 if (r->connection->ssl == NULL) { | 80 if (r->connection->ssl == NULL) { |
93 if (ngx_http_ssl_create_ssl(r) == NGX_ERROR) { | 81 if (ngx_http_ssl_create_ssl(r) == NGX_ERROR) { |
94 return NGX_HTTP_INTERNAL_SERVER_ERROR; | 82 return NGX_HTTP_INTERNAL_SERVER_ERROR; |
332 ngx_http_ssl_srv_conf_t *prev = parent; | 320 ngx_http_ssl_srv_conf_t *prev = parent; |
333 ngx_http_ssl_srv_conf_t *conf = child; | 321 ngx_http_ssl_srv_conf_t *conf = child; |
334 | 322 |
335 ngx_conf_merge_value(conf->enable, prev->enable, 0); | 323 ngx_conf_merge_value(conf->enable, prev->enable, 0); |
336 | 324 |
325 if (conf->enable == 0) { | |
326 return NGX_CONF_OK; | |
327 } | |
328 | |
337 ngx_conf_merge_str_value(conf->certificate, prev->certificate, | 329 ngx_conf_merge_str_value(conf->certificate, prev->certificate, |
338 NGX_DEFLAUT_CERTIFICATE); | 330 NGX_DEFLAUT_CERTIFICATE); |
339 | 331 |
340 ngx_conf_merge_str_value(conf->certificate_key, prev->certificate_key, | 332 ngx_conf_merge_str_value(conf->certificate_key, prev->certificate_key, |
341 NGX_DEFLAUT_CERTIFICATE_KEY); | 333 NGX_DEFLAUT_CERTIFICATE_KEY); |
342 | |
343 /* STUB: where to move ??? */ | |
344 SSL_library_init(); | |
345 SSL_load_error_strings(); | |
346 | |
347 /* TODO: inherit ssl_ctx */ | |
348 | 334 |
349 /* TODO: configure methods */ | 335 /* TODO: configure methods */ |
350 | 336 |
351 conf->ssl_ctx = SSL_CTX_new(SSLv23_server_method()); | 337 conf->ssl_ctx = SSL_CTX_new(SSLv23_server_method()); |
352 | 338 |
356 } | 342 } |
357 | 343 |
358 if (SSL_CTX_use_certificate_file(conf->ssl_ctx, conf->certificate.data, | 344 if (SSL_CTX_use_certificate_file(conf->ssl_ctx, conf->certificate.data, |
359 SSL_FILETYPE_PEM) == 0) { | 345 SSL_FILETYPE_PEM) == 0) { |
360 ngx_http_ssl_error(NGX_LOG_EMERG, cf->log, 0, | 346 ngx_http_ssl_error(NGX_LOG_EMERG, cf->log, 0, |
361 "SSL_CTX_use_certificate_file() failed"); | 347 "SSL_CTX_use_certificate_file(\"%s\") failed", |
348 conf->certificate.data); | |
362 return NGX_CONF_ERROR; | 349 return NGX_CONF_ERROR; |
363 } | 350 } |
364 | 351 |
365 if (SSL_CTX_use_PrivateKey_file(conf->ssl_ctx, conf->certificate_key.data, | 352 if (SSL_CTX_use_PrivateKey_file(conf->ssl_ctx, conf->certificate_key.data, |
366 SSL_FILETYPE_PEM) == 0) { | 353 SSL_FILETYPE_PEM) == 0) { |
367 ngx_http_ssl_error(NGX_LOG_EMERG, cf->log, 0, | 354 ngx_http_ssl_error(NGX_LOG_EMERG, cf->log, 0, |
368 "SSL_CTX_use_PrivateKey_file() failed"); | 355 "SSL_CTX_use_PrivateKey_file(\"%s\") failed", |
356 conf->certificate_key.data); | |
369 return NGX_CONF_ERROR; | 357 return NGX_CONF_ERROR; |
370 } | 358 } |
371 | 359 |
372 return NGX_CONF_OK; | 360 return NGX_CONF_OK; |
373 } | 361 } |
374 | 362 |
375 | 363 |
376 static ngx_int_t ngx_http_ssl_filter_init(ngx_cycle_t *cycle) | 364 static ngx_int_t ngx_http_ssl_init_process(ngx_cycle_t *cycle) |
377 { | 365 { |
366 ngx_uint_t i; | |
367 ngx_http_ssl_srv_conf_t *sscf; | |
368 ngx_http_core_srv_conf_t **cscfp; | |
369 ngx_http_core_main_conf_t *cmcf; | |
370 | |
371 cmcf = ngx_http_cycle_get_module_main_conf(cycle, ngx_http_core_module); | |
372 | |
373 cscfp = cmcf->servers.elts; | |
374 | |
375 for (i = 0; i < cmcf->servers.nelts; i++) { | |
376 sscf = cscfp[i]->ctx->srv_conf[ngx_http_ssl_filter_module.ctx_index]; | |
377 | |
378 if (sscf->enable) { | |
379 cscfp[i]->recv = ngx_ssl_recv; | |
378 #if 0 | 380 #if 0 |
379 ngx_http_next_header_filter = ngx_http_top_header_filter; | 381 cscfp[i]->send_chain = ngx_ssl_send_chain; |
380 ngx_http_top_header_filter = ngx_http_ssl_header_filter; | |
381 | |
382 ngx_http_next_body_filter = ngx_http_top_body_filter; | |
383 ngx_http_top_body_filter = ngx_http_ssl_body_filter; | |
384 #endif | 382 #endif |
383 } | |
384 } | |
385 | 385 |
386 return NGX_OK; | 386 return NGX_OK; |
387 } | 387 } |