Mercurial > hg > nginx
comparison src/event/ngx_event_openssl.c @ 5756:5b7276408565
SSL: stop accessing SSL_SESSION's fields directly.
SSL_SESSION struct is internal part of the OpenSSL library and it's fields
should be accessed via API (when exposed), not directly.
The unfortunate side-effect of this change is that we're losing reference
count that used to be printed at the debug log level, but this seems to be
an acceptable trade-off.
Almost fixes build with -DOPENSSL_NO_SSL_INTERN.
Signed-off-by: Piotr Sikora <piotr@cloudflare.com>
author | Piotr Sikora <piotr@cloudflare.com> |
---|---|
date | Sun, 06 Jul 2014 16:41:14 -0700 |
parents | 8df08465fcfd |
children | 4b668378ad8b |
comparison
equal
deleted
inserted
replaced
5755:8df08465fcfd | 5756:5b7276408565 |
---|---|
2076 | 2076 |
2077 static int | 2077 static int |
2078 ngx_ssl_new_session(ngx_ssl_conn_t *ssl_conn, ngx_ssl_session_t *sess) | 2078 ngx_ssl_new_session(ngx_ssl_conn_t *ssl_conn, ngx_ssl_session_t *sess) |
2079 { | 2079 { |
2080 int len; | 2080 int len; |
2081 u_char *p, *id, *cached_sess; | 2081 u_char *p, *id, *cached_sess, *session_id; |
2082 uint32_t hash; | 2082 uint32_t hash; |
2083 SSL_CTX *ssl_ctx; | 2083 SSL_CTX *ssl_ctx; |
2084 unsigned int session_id_length; | |
2084 ngx_shm_zone_t *shm_zone; | 2085 ngx_shm_zone_t *shm_zone; |
2085 ngx_connection_t *c; | 2086 ngx_connection_t *c; |
2086 ngx_slab_pool_t *shpool; | 2087 ngx_slab_pool_t *shpool; |
2087 ngx_ssl_sess_id_t *sess_id; | 2088 ngx_ssl_sess_id_t *sess_id; |
2088 ngx_ssl_session_cache_t *cache; | 2089 ngx_ssl_session_cache_t *cache; |
2141 if (sess_id == NULL) { | 2142 if (sess_id == NULL) { |
2142 goto failed; | 2143 goto failed; |
2143 } | 2144 } |
2144 } | 2145 } |
2145 | 2146 |
2147 #if OPENSSL_VERSION_NUMBER >= 0x0090800fL | |
2148 | |
2149 session_id = (u_char *) SSL_SESSION_get_id(sess, &session_id_length); | |
2150 | |
2151 #else | |
2152 | |
2153 session_id = sess->session_id; | |
2154 session_id_length = sess->session_id_length; | |
2155 | |
2156 #endif | |
2157 | |
2146 #if (NGX_PTR_SIZE == 8) | 2158 #if (NGX_PTR_SIZE == 8) |
2147 | 2159 |
2148 id = sess_id->sess_id; | 2160 id = sess_id->sess_id; |
2149 | 2161 |
2150 #else | 2162 #else |
2151 | 2163 |
2152 id = ngx_slab_alloc_locked(shpool, sess->session_id_length); | 2164 id = ngx_slab_alloc_locked(shpool, session_id_length); |
2153 | 2165 |
2154 if (id == NULL) { | 2166 if (id == NULL) { |
2155 | 2167 |
2156 /* drop the oldest non-expired session and try once more */ | 2168 /* drop the oldest non-expired session and try once more */ |
2157 | 2169 |
2158 ngx_ssl_expire_sessions(cache, shpool, 0); | 2170 ngx_ssl_expire_sessions(cache, shpool, 0); |
2159 | 2171 |
2160 id = ngx_slab_alloc_locked(shpool, sess->session_id_length); | 2172 id = ngx_slab_alloc_locked(shpool, session_id_length); |
2161 | 2173 |
2162 if (id == NULL) { | 2174 if (id == NULL) { |
2163 goto failed; | 2175 goto failed; |
2164 } | 2176 } |
2165 } | 2177 } |
2166 | 2178 |
2167 #endif | 2179 #endif |
2168 | 2180 |
2169 ngx_memcpy(cached_sess, buf, len); | 2181 ngx_memcpy(cached_sess, buf, len); |
2170 | 2182 |
2171 ngx_memcpy(id, sess->session_id, sess->session_id_length); | 2183 ngx_memcpy(id, session_id, session_id_length); |
2172 | 2184 |
2173 hash = ngx_crc32_short(sess->session_id, sess->session_id_length); | 2185 hash = ngx_crc32_short(session_id, session_id_length); |
2174 | 2186 |
2175 ngx_log_debug3(NGX_LOG_DEBUG_EVENT, c->log, 0, | 2187 ngx_log_debug3(NGX_LOG_DEBUG_EVENT, c->log, 0, |
2176 "ssl new session: %08XD:%d:%d", | 2188 "ssl new session: %08XD:%ud:%d", |
2177 hash, sess->session_id_length, len); | 2189 hash, session_id_length, len); |
2178 | 2190 |
2179 sess_id->node.key = hash; | 2191 sess_id->node.key = hash; |
2180 sess_id->node.data = (u_char) sess->session_id_length; | 2192 sess_id->node.data = (u_char) session_id_length; |
2181 sess_id->id = id; | 2193 sess_id->id = id; |
2182 sess_id->len = len; | 2194 sess_id->len = len; |
2183 sess_id->session = cached_sess; | 2195 sess_id->session = cached_sess; |
2184 | 2196 |
2185 sess_id->expire = ngx_time() + SSL_CTX_get_timeout(ssl_ctx); | 2197 sess_id->expire = ngx_time() + SSL_CTX_get_timeout(ssl_ctx); |
2323 | 2335 |
2324 | 2336 |
2325 static void | 2337 static void |
2326 ngx_ssl_remove_session(SSL_CTX *ssl, ngx_ssl_session_t *sess) | 2338 ngx_ssl_remove_session(SSL_CTX *ssl, ngx_ssl_session_t *sess) |
2327 { | 2339 { |
2328 size_t len; | |
2329 u_char *id; | 2340 u_char *id; |
2330 uint32_t hash; | 2341 uint32_t hash; |
2331 ngx_int_t rc; | 2342 ngx_int_t rc; |
2343 unsigned int len; | |
2332 ngx_shm_zone_t *shm_zone; | 2344 ngx_shm_zone_t *shm_zone; |
2333 ngx_slab_pool_t *shpool; | 2345 ngx_slab_pool_t *shpool; |
2334 ngx_rbtree_node_t *node, *sentinel; | 2346 ngx_rbtree_node_t *node, *sentinel; |
2335 ngx_ssl_sess_id_t *sess_id; | 2347 ngx_ssl_sess_id_t *sess_id; |
2336 ngx_ssl_session_cache_t *cache; | 2348 ngx_ssl_session_cache_t *cache; |
2341 return; | 2353 return; |
2342 } | 2354 } |
2343 | 2355 |
2344 cache = shm_zone->data; | 2356 cache = shm_zone->data; |
2345 | 2357 |
2358 #if OPENSSL_VERSION_NUMBER >= 0x0090800fL | |
2359 | |
2360 id = (u_char *) SSL_SESSION_get_id(sess, &len); | |
2361 | |
2362 #else | |
2363 | |
2346 id = sess->session_id; | 2364 id = sess->session_id; |
2347 len = (size_t) sess->session_id_length; | 2365 len = sess->session_id_length; |
2366 | |
2367 #endif | |
2348 | 2368 |
2349 hash = ngx_crc32_short(id, len); | 2369 hash = ngx_crc32_short(id, len); |
2350 | 2370 |
2351 ngx_log_debug2(NGX_LOG_DEBUG_EVENT, ngx_cycle->log, 0, | 2371 ngx_log_debug2(NGX_LOG_DEBUG_EVENT, ngx_cycle->log, 0, |
2352 "ssl remove session: %08XD:%uz", hash, len); | 2372 "ssl remove session: %08XD:%ud", hash, len); |
2353 | 2373 |
2354 shpool = (ngx_slab_pool_t *) shm_zone->shm.addr; | 2374 shpool = (ngx_slab_pool_t *) shm_zone->shm.addr; |
2355 | 2375 |
2356 ngx_shmtx_lock(&shpool->mutex); | 2376 ngx_shmtx_lock(&shpool->mutex); |
2357 | 2377 |
2889 | 2909 |
2890 | 2910 |
2891 ngx_int_t | 2911 ngx_int_t |
2892 ngx_ssl_get_session_id(ngx_connection_t *c, ngx_pool_t *pool, ngx_str_t *s) | 2912 ngx_ssl_get_session_id(ngx_connection_t *c, ngx_pool_t *pool, ngx_str_t *s) |
2893 { | 2913 { |
2894 int len; | 2914 u_char *buf; |
2895 u_char *buf; | 2915 SSL_SESSION *sess; |
2896 SSL_SESSION *sess; | 2916 unsigned int len; |
2897 | 2917 |
2898 sess = SSL_get0_session(c->ssl->connection); | 2918 sess = SSL_get0_session(c->ssl->connection); |
2899 if (sess == NULL) { | 2919 if (sess == NULL) { |
2900 s->len = 0; | 2920 s->len = 0; |
2901 return NGX_OK; | 2921 return NGX_OK; |
2902 } | 2922 } |
2903 | 2923 |
2924 #if OPENSSL_VERSION_NUMBER >= 0x0090800fL | |
2925 | |
2926 buf = (u_char *) SSL_SESSION_get_id(sess, &len); | |
2927 | |
2928 #else | |
2929 | |
2904 buf = sess->session_id; | 2930 buf = sess->session_id; |
2905 len = sess->session_id_length; | 2931 len = sess->session_id_length; |
2932 | |
2933 #endif | |
2906 | 2934 |
2907 s->len = 2 * len; | 2935 s->len = 2 * len; |
2908 s->data = ngx_pnalloc(pool, 2 * len); | 2936 s->data = ngx_pnalloc(pool, 2 * len); |
2909 if (s->data == NULL) { | 2937 if (s->data == NULL) { |
2910 return NGX_ERROR; | 2938 return NGX_ERROR; |