Mercurial > hg > nginx

comparison src/http/modules/ngx_http_ssl_filter.c @ 393:5659d773cfa8

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
nginx-0.0.7-2004-07-15-20:35:51 import
author Igor Sysoev <igor@sysoev.ru>
date Thu, 15 Jul 2004 16:35:51 +0000
parents d1222d46b3f9
children e7a68e14ccd3
comparison
equal deleted inserted replaced
392:d1222d46b3f9 393:5659d773cfa8
1 1
2 #include <ngx_config.h> 2 #include <ngx_config.h>
3 #include <ngx_core.h> 3 #include <ngx_core.h>
4 #include <ngx_http.h> 4 #include <ngx_http.h>
5 5
6 /* STUB */
7 #define NGX_SSL_ERROR -11
8
6 9
7 #define NGX_DEFLAUT_CERTIFICATE "cert.pem" 10 #define NGX_DEFLAUT_CERTIFICATE "cert.pem"
8 #define NGX_DEFLAUT_CERTIFICATE_KEY "cert.pem" 11 #define NGX_DEFLAUT_CERTIFICATE_KEY "cert.pem"
9
10
11 typedef struct {
12 ngx_flag_t enable;
13 ngx_str_t certificate;
14 ngx_str_t certificate_key;
15
16 SSL_CTX *ssl_ctx;
17 } ngx_http_ssl_srv_conf_t;
18
19
20 typedef struct {
21 SSL *ssl;
22 } ngx_http_ssl_ctx_t;
23 12
24 13
25 static ngx_int_t ngx_http_ssl_create_ssl(ngx_http_request_t *r); 14 static ngx_int_t ngx_http_ssl_create_ssl(ngx_http_request_t *r);
26 static void ngx_http_ssl_error(ngx_uint_t level, ngx_log_t *log, int err, 15 static void ngx_http_ssl_error(ngx_uint_t level, ngx_log_t *log, int err,
27 char *fmt, ...); 16 char *fmt, ...);
28 static void *ngx_http_ssl_create_srv_conf(ngx_conf_t *cf); 17 static void *ngx_http_ssl_create_srv_conf(ngx_conf_t *cf);
29 static char *ngx_http_ssl_merge_srv_conf(ngx_conf_t *cf, 18 static char *ngx_http_ssl_merge_srv_conf(ngx_conf_t *cf,
30 void *parent, void *child); 19 void *parent, void *child);
31 static ngx_int_t ngx_http_ssl_filter_init(ngx_cycle_t *cycle); 20 static ngx_int_t ngx_http_ssl_init_process(ngx_cycle_t *cycle);
32 21
33 22
34 static ngx_command_t ngx_http_charset_filter_commands[] = { 23 static ngx_command_t ngx_http_charset_filter_commands[] = {
35 24
36 { ngx_string("ssl_"), 25 { ngx_string("ssl"),
37 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_FLAG, 26 NGX_HTTP_SRV_CONF|NGX_CONF_FLAG,
38 ngx_conf_set_flag_slot, 27 ngx_conf_set_flag_slot,
39 NGX_HTTP_SRV_CONF_OFFSET, 28 NGX_HTTP_SRV_CONF_OFFSET,
40 offsetof(ngx_http_ssl_srv_conf_t, enable), 29 offsetof(ngx_http_ssl_srv_conf_t, enable),
41 NULL }, 30 NULL },
42 31
43 { ngx_string("ssl_certificate"), 32 { ngx_string("ssl_certificate"),
44 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_TAKE1, 33 NGX_HTTP_SRV_CONF|NGX_CONF_TAKE1,
45 ngx_conf_set_str_slot, 34 ngx_conf_set_str_slot,
46 NGX_HTTP_SRV_CONF_OFFSET, 35 NGX_HTTP_SRV_CONF_OFFSET,
47 offsetof(ngx_http_ssl_srv_conf_t, certificate), 36 offsetof(ngx_http_ssl_srv_conf_t, certificate),
48 NULL }, 37 NULL },
49 38
50 { ngx_string("ssl_certificate_key"), 39 { ngx_string("ssl_certificate_key"),
51 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_TAKE1, 40 NGX_HTTP_SRV_CONF|NGX_CONF_TAKE1,
52 ngx_conf_set_str_slot, 41 ngx_conf_set_str_slot,
53 NGX_HTTP_SRV_CONF_OFFSET, 42 NGX_HTTP_SRV_CONF_OFFSET,
54 offsetof(ngx_http_ssl_srv_conf_t, certificate_key), 43 offsetof(ngx_http_ssl_srv_conf_t, certificate_key),
55 NULL }, 44 NULL },
56 45
73 62
74 63
75 ngx_module_t ngx_http_ssl_filter_module = { 64 ngx_module_t ngx_http_ssl_filter_module = {
76 NGX_MODULE, 65 NGX_MODULE,
77 &ngx_http_ssl_filter_module_ctx, /* module context */ 66 &ngx_http_ssl_filter_module_ctx, /* module context */
78 NULL, /* module directives */ 67 ngx_http_charset_filter_commands, /* module directives */
79 NGX_HTTP_MODULE, /* module type */ 68 NGX_HTTP_MODULE, /* module type */
80 ngx_http_ssl_filter_init, /* init module */ 69 NULL, /* init module */
81 NULL /* init process */ 70 ngx_http_ssl_init_process /* init process */
82 }; 71 };
83 72
84 73
85 ngx_int_t ngx_http_ssl_read(ngx_http_request_t *r, u_char *buf, size_t size) 74 ngx_int_t ngx_http_ssl_read(ngx_http_request_t *r, u_char *buf, size_t size)
86 { 75 {
87 int n; 76 int n;
88 SSL *ssl; 77 SSL *ssl;
89 ngx_http_ssl_ctx_t *ctx;
90 ngx_http_log_ctx_t *log_ctx; 78 ngx_http_log_ctx_t *log_ctx;
91 79
92 if (r->connection->ssl == NULL) { 80 if (r->connection->ssl == NULL) {
93 if (ngx_http_ssl_create_ssl(r) == NGX_ERROR) { 81 if (ngx_http_ssl_create_ssl(r) == NGX_ERROR) {
94 return NGX_HTTP_INTERNAL_SERVER_ERROR; 82 return NGX_HTTP_INTERNAL_SERVER_ERROR;
332 ngx_http_ssl_srv_conf_t *prev = parent; 320 ngx_http_ssl_srv_conf_t *prev = parent;
333 ngx_http_ssl_srv_conf_t *conf = child; 321 ngx_http_ssl_srv_conf_t *conf = child;
334 322
335 ngx_conf_merge_value(conf->enable, prev->enable, 0); 323 ngx_conf_merge_value(conf->enable, prev->enable, 0);
336 324
325 if (conf->enable == 0) {
326 return NGX_CONF_OK;
327 }
328
337 ngx_conf_merge_str_value(conf->certificate, prev->certificate, 329 ngx_conf_merge_str_value(conf->certificate, prev->certificate,
338 NGX_DEFLAUT_CERTIFICATE); 330 NGX_DEFLAUT_CERTIFICATE);
339 331
340 ngx_conf_merge_str_value(conf->certificate_key, prev->certificate_key, 332 ngx_conf_merge_str_value(conf->certificate_key, prev->certificate_key,
341 NGX_DEFLAUT_CERTIFICATE_KEY); 333 NGX_DEFLAUT_CERTIFICATE_KEY);
342
343 /* STUB: where to move ??? */
344 SSL_library_init();
345 SSL_load_error_strings();
346
347 /* TODO: inherit ssl_ctx */
348 334
349 /* TODO: configure methods */ 335 /* TODO: configure methods */
350 336
351 conf->ssl_ctx = SSL_CTX_new(SSLv23_server_method()); 337 conf->ssl_ctx = SSL_CTX_new(SSLv23_server_method());
352 338
356 } 342 }
357 343
358 if (SSL_CTX_use_certificate_file(conf->ssl_ctx, conf->certificate.data, 344 if (SSL_CTX_use_certificate_file(conf->ssl_ctx, conf->certificate.data,
359 SSL_FILETYPE_PEM) == 0) { 345 SSL_FILETYPE_PEM) == 0) {
360 ngx_http_ssl_error(NGX_LOG_EMERG, cf->log, 0, 346 ngx_http_ssl_error(NGX_LOG_EMERG, cf->log, 0,
361 "SSL_CTX_use_certificate_file() failed"); 347 "SSL_CTX_use_certificate_file(\"%s\") failed",
348 conf->certificate.data);
362 return NGX_CONF_ERROR; 349 return NGX_CONF_ERROR;
363 } 350 }
364 351
365 if (SSL_CTX_use_PrivateKey_file(conf->ssl_ctx, conf->certificate_key.data, 352 if (SSL_CTX_use_PrivateKey_file(conf->ssl_ctx, conf->certificate_key.data,
366 SSL_FILETYPE_PEM) == 0) { 353 SSL_FILETYPE_PEM) == 0) {
367 ngx_http_ssl_error(NGX_LOG_EMERG, cf->log, 0, 354 ngx_http_ssl_error(NGX_LOG_EMERG, cf->log, 0,
368 "SSL_CTX_use_PrivateKey_file() failed"); 355 "SSL_CTX_use_PrivateKey_file(\"%s\") failed",
356 conf->certificate_key.data);
369 return NGX_CONF_ERROR; 357 return NGX_CONF_ERROR;
370 } 358 }
371 359
372 return NGX_CONF_OK; 360 return NGX_CONF_OK;
373 } 361 }
374 362
375 363
376 static ngx_int_t ngx_http_ssl_filter_init(ngx_cycle_t *cycle) 364 static ngx_int_t ngx_http_ssl_init_process(ngx_cycle_t *cycle)
377 { 365 {
366 ngx_uint_t i;
367 ngx_http_ssl_srv_conf_t *sscf;
368 ngx_http_core_srv_conf_t **cscfp;
369 ngx_http_core_main_conf_t *cmcf;
370
371 cmcf = ngx_http_cycle_get_module_main_conf(cycle, ngx_http_core_module);
372
373 cscfp = cmcf->servers.elts;
374
375 for (i = 0; i < cmcf->servers.nelts; i++) {
376 sscf = cscfp[i]->ctx->srv_conf[ngx_http_ssl_filter_module.ctx_index];
377
378 if (sscf->enable) {
379 cscfp[i]->recv = ngx_ssl_recv;
378 #if 0 380 #if 0
379 ngx_http_next_header_filter = ngx_http_top_header_filter; 381 cscfp[i]->send_chain = ngx_ssl_send_chain;
380 ngx_http_top_header_filter = ngx_http_ssl_header_filter;
381
382 ngx_http_next_body_filter = ngx_http_top_body_filter;
383 ngx_http_top_body_filter = ngx_http_ssl_body_filter;
384 #endif 382 #endif
383 }
384 }
385 385
386 return NGX_OK; 386 return NGX_OK;
387 } 387 }