Mercurial > hg > nginx
comparison src/event/ngx_event_openssl.c @ 6343:60ae75969588 stable-1.8
SSL: preserve default server context in connection (ticket #235).
This context is needed for shared sessions cache to work in configurations
with multiple virtual servers sharing the same port. Unfortunately, OpenSSL
does not provide an API to access the session context, thus storing it
separately.
In collaboration with Vladimir Homutov.
| author | Maxim Dounin <mdounin@mdounin.ru> |
|---|---|
| date | Mon, 19 Oct 2015 21:22:38 +0300 |
| parents | 4e3f87c02cb4 |
| children |
comparison
equal
deleted
inserted
replaced
| 6342:50169ef2f3fe | 6343:60ae75969588 |
|---|---|
| 1035 return NGX_ERROR; | 1035 return NGX_ERROR; |
| 1036 } | 1036 } |
| 1037 | 1037 |
| 1038 sc->buffer = ((flags & NGX_SSL_BUFFER) != 0); | 1038 sc->buffer = ((flags & NGX_SSL_BUFFER) != 0); |
| 1039 sc->buffer_size = ssl->buffer_size; | 1039 sc->buffer_size = ssl->buffer_size; |
| 1040 | |
| 1041 sc->session_ctx = ssl->ctx; | |
| 1040 | 1042 |
| 1041 sc->connection = SSL_new(ssl->ctx); | 1043 sc->connection = SSL_new(ssl->ctx); |
| 1042 | 1044 |
| 1043 if (sc->connection == NULL) { | 1045 if (sc->connection == NULL) { |
| 1044 ngx_ssl_error(NGX_LOG_ALERT, c->log, 0, "SSL_new() failed"); | 1046 ngx_ssl_error(NGX_LOG_ALERT, c->log, 0, "SSL_new() failed"); |
| 2301 p = buf; | 2303 p = buf; |
| 2302 i2d_SSL_SESSION(sess, &p); | 2304 i2d_SSL_SESSION(sess, &p); |
| 2303 | 2305 |
| 2304 c = ngx_ssl_get_connection(ssl_conn); | 2306 c = ngx_ssl_get_connection(ssl_conn); |
| 2305 | 2307 |
| 2306 ssl_ctx = SSL_get_SSL_CTX(ssl_conn); | 2308 ssl_ctx = c->ssl->session_ctx; |
| 2307 shm_zone = SSL_CTX_get_ex_data(ssl_ctx, ngx_ssl_session_cache_index); | 2309 shm_zone = SSL_CTX_get_ex_data(ssl_ctx, ngx_ssl_session_cache_index); |
| 2308 | 2310 |
| 2309 cache = shm_zone->data; | 2311 cache = shm_zone->data; |
| 2310 shpool = (ngx_slab_pool_t *) shm_zone->shm.addr; | 2312 shpool = (ngx_slab_pool_t *) shm_zone->shm.addr; |
| 2311 | 2313 |
| 2439 ngx_rbtree_node_t *node, *sentinel; | 2441 ngx_rbtree_node_t *node, *sentinel; |
| 2440 ngx_ssl_session_t *sess; | 2442 ngx_ssl_session_t *sess; |
| 2441 ngx_ssl_sess_id_t *sess_id; | 2443 ngx_ssl_sess_id_t *sess_id; |
| 2442 ngx_ssl_session_cache_t *cache; | 2444 ngx_ssl_session_cache_t *cache; |
| 2443 u_char buf[NGX_SSL_MAX_SESSION_SIZE]; | 2445 u_char buf[NGX_SSL_MAX_SESSION_SIZE]; |
| 2444 #if (NGX_DEBUG) | |
| 2445 ngx_connection_t *c; | 2446 ngx_connection_t *c; |
| 2446 #endif | |
| 2447 | 2447 |
| 2448 hash = ngx_crc32_short(id, (size_t) len); | 2448 hash = ngx_crc32_short(id, (size_t) len); |
| 2449 *copy = 0; | 2449 *copy = 0; |
| 2450 | 2450 |
| 2451 #if (NGX_DEBUG) | |
| 2452 c = ngx_ssl_get_connection(ssl_conn); | 2451 c = ngx_ssl_get_connection(ssl_conn); |
| 2453 | 2452 |
| 2454 ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0, | 2453 ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0, |
| 2455 "ssl get session: %08XD:%d", hash, len); | 2454 "ssl get session: %08XD:%d", hash, len); |
| 2456 #endif | 2455 |
| 2457 | 2456 shm_zone = SSL_CTX_get_ex_data(c->ssl->session_ctx, |
| 2458 shm_zone = SSL_CTX_get_ex_data(SSL_get_SSL_CTX(ssl_conn), | |
| 2459 ngx_ssl_session_cache_index); | 2457 ngx_ssl_session_cache_index); |
| 2460 | 2458 |
| 2461 cache = shm_zone->data; | 2459 cache = shm_zone->data; |
| 2462 | 2460 |
| 2463 sess = NULL; | 2461 sess = NULL; |
| 2832 HMAC_CTX *hctx, int enc) | 2830 HMAC_CTX *hctx, int enc) |
| 2833 { | 2831 { |
| 2834 SSL_CTX *ssl_ctx; | 2832 SSL_CTX *ssl_ctx; |
| 2835 ngx_uint_t i; | 2833 ngx_uint_t i; |
| 2836 ngx_array_t *keys; | 2834 ngx_array_t *keys; |
| 2835 ngx_connection_t *c; | |
| 2837 ngx_ssl_session_ticket_key_t *key; | 2836 ngx_ssl_session_ticket_key_t *key; |
| 2838 #if (NGX_DEBUG) | 2837 #if (NGX_DEBUG) |
| 2839 u_char buf[32]; | 2838 u_char buf[32]; |
| 2840 ngx_connection_t *c; | 2839 #endif |
| 2841 #endif | 2840 |
| 2842 | 2841 c = ngx_ssl_get_connection(ssl_conn); |
| 2843 ssl_ctx = SSL_get_SSL_CTX(ssl_conn); | 2842 ssl_ctx = c->ssl->session_ctx; |
| 2844 | 2843 |
| 2845 keys = SSL_CTX_get_ex_data(ssl_ctx, ngx_ssl_session_ticket_keys_index); | 2844 keys = SSL_CTX_get_ex_data(ssl_ctx, ngx_ssl_session_ticket_keys_index); |
| 2846 if (keys == NULL) { | 2845 if (keys == NULL) { |
| 2847 return -1; | 2846 return -1; |
| 2848 } | 2847 } |
| 2849 | 2848 |
| 2850 key = keys->elts; | 2849 key = keys->elts; |
| 2851 | |
| 2852 #if (NGX_DEBUG) | |
| 2853 c = ngx_ssl_get_connection(ssl_conn); | |
| 2854 #endif | |
| 2855 | 2850 |
| 2856 if (enc == 1) { | 2851 if (enc == 1) { |
| 2857 /* encrypt session ticket */ | 2852 /* encrypt session ticket */ |
| 2858 | 2853 |
| 2859 ngx_log_debug3(NGX_LOG_DEBUG_EVENT, c->log, 0, | 2854 ngx_log_debug3(NGX_LOG_DEBUG_EVENT, c->log, 0, |