Mercurial > hg > nginx
comparison src/event/ngx_event_openssl.c @ 8618:71b7453fb11f quic
Merged with the default branch.
author | Sergey Kandaurov <pluknet@nginx.com> |
---|---|
date | Thu, 29 Oct 2020 14:53:58 +0000 |
parents | 93be5658a250 59e1c73fe02b |
children | 279ad36f2f4b |
comparison
equal
deleted
inserted
replaced
8617:69dc750cf66f | 8618:71b7453fb11f |
---|---|
1469 return NGX_OK; | 1469 return NGX_OK; |
1470 } | 1470 } |
1471 | 1471 |
1472 | 1472 |
1473 ngx_int_t | 1473 ngx_int_t |
1474 ngx_ssl_conf_commands(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_array_t *commands) | |
1475 { | |
1476 if (commands == NULL) { | |
1477 return NGX_OK; | |
1478 } | |
1479 | |
1480 #ifdef SSL_CONF_FLAG_FILE | |
1481 { | |
1482 int type; | |
1483 u_char *key, *value; | |
1484 ngx_uint_t i; | |
1485 ngx_keyval_t *cmd; | |
1486 SSL_CONF_CTX *cctx; | |
1487 | |
1488 cctx = SSL_CONF_CTX_new(); | |
1489 if (cctx == NULL) { | |
1490 ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0, | |
1491 "SSL_CONF_CTX_new() failed"); | |
1492 return NGX_ERROR; | |
1493 } | |
1494 | |
1495 SSL_CONF_CTX_set_flags(cctx, SSL_CONF_FLAG_FILE); | |
1496 SSL_CONF_CTX_set_flags(cctx, SSL_CONF_FLAG_SERVER); | |
1497 SSL_CONF_CTX_set_flags(cctx, SSL_CONF_FLAG_CLIENT); | |
1498 SSL_CONF_CTX_set_flags(cctx, SSL_CONF_FLAG_CERTIFICATE); | |
1499 SSL_CONF_CTX_set_flags(cctx, SSL_CONF_FLAG_SHOW_ERRORS); | |
1500 | |
1501 SSL_CONF_CTX_set_ssl_ctx(cctx, ssl->ctx); | |
1502 | |
1503 cmd = commands->elts; | |
1504 for (i = 0; i < commands->nelts; i++) { | |
1505 | |
1506 key = cmd[i].key.data; | |
1507 type = SSL_CONF_cmd_value_type(cctx, (char *) key); | |
1508 | |
1509 if (type == SSL_CONF_TYPE_FILE || type == SSL_CONF_TYPE_DIR) { | |
1510 if (ngx_conf_full_name(cf->cycle, &cmd[i].value, 1) != NGX_OK) { | |
1511 SSL_CONF_CTX_free(cctx); | |
1512 return NGX_ERROR; | |
1513 } | |
1514 } | |
1515 | |
1516 value = cmd[i].value.data; | |
1517 | |
1518 if (SSL_CONF_cmd(cctx, (char *) key, (char *) value) <= 0) { | |
1519 ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0, | |
1520 "SSL_CONF_cmd(\"%s\", \"%s\") failed", key, value); | |
1521 SSL_CONF_CTX_free(cctx); | |
1522 return NGX_ERROR; | |
1523 } | |
1524 } | |
1525 | |
1526 if (SSL_CONF_CTX_finish(cctx) != 1) { | |
1527 ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0, | |
1528 "SSL_CONF_finish() failed"); | |
1529 SSL_CONF_CTX_free(cctx); | |
1530 return NGX_ERROR; | |
1531 } | |
1532 | |
1533 SSL_CONF_CTX_free(cctx); | |
1534 | |
1535 return NGX_OK; | |
1536 } | |
1537 #else | |
1538 ngx_log_error(NGX_LOG_EMERG, ssl->log, 0, | |
1539 "SSL_CONF_cmd() is not available on this platform"); | |
1540 return NGX_ERROR; | |
1541 #endif | |
1542 } | |
1543 | |
1544 | |
1545 ngx_int_t | |
1474 ngx_ssl_client_session_cache(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_uint_t enable) | 1546 ngx_ssl_client_session_cache(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_uint_t enable) |
1475 { | 1547 { |
1476 if (!enable) { | 1548 if (!enable) { |
1477 return NGX_OK; | 1549 return NGX_OK; |
1478 } | 1550 } |
1715 c->read->eof = 1; | 1787 c->read->eof = 1; |
1716 | 1788 |
1717 if (sslerr == SSL_ERROR_ZERO_RETURN || ERR_peek_error() == 0) { | 1789 if (sslerr == SSL_ERROR_ZERO_RETURN || ERR_peek_error() == 0) { |
1718 ngx_connection_error(c, err, | 1790 ngx_connection_error(c, err, |
1719 "peer closed connection in SSL handshake"); | 1791 "peer closed connection in SSL handshake"); |
1792 | |
1793 return NGX_ERROR; | |
1794 } | |
1795 | |
1796 if (c->ssl->handshake_rejected) { | |
1797 ngx_connection_error(c, err, "handshake rejected"); | |
1798 ERR_clear_error(); | |
1720 | 1799 |
1721 return NGX_ERROR; | 1800 return NGX_ERROR; |
1722 } | 1801 } |
1723 | 1802 |
1724 c->read->error = 1; | 1803 c->read->error = 1; |
3287 "EVP_DigestUpdate() failed"); | 3366 "EVP_DigestUpdate() failed"); |
3288 goto failed; | 3367 goto failed; |
3289 } | 3368 } |
3290 } | 3369 } |
3291 | 3370 |
3292 if (SSL_CTX_get_ex_data(ssl->ctx, ngx_ssl_certificate_index) == NULL) { | 3371 if (SSL_CTX_get_ex_data(ssl->ctx, ngx_ssl_certificate_index) == NULL |
3293 | 3372 && certificates != NULL) |
3373 { | |
3294 /* | 3374 /* |
3295 * If certificates are loaded dynamically, we use certificate | 3375 * If certificates are loaded dynamically, we use certificate |
3296 * names as specified in the configuration (with variables). | 3376 * names as specified in the configuration (with variables). |
3297 */ | 3377 */ |
3298 | 3378 |