Mercurial > hg > nginx

comparison src/event/ngx_event_openssl.c @ 8618:71b7453fb11f quic

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Merged with the default branch.
author Sergey Kandaurov <pluknet@nginx.com>
date Thu, 29 Oct 2020 14:53:58 +0000
parents 93be5658a250 59e1c73fe02b
children 279ad36f2f4b
comparison
equal deleted inserted replaced
8617:69dc750cf66f 8618:71b7453fb11f
1469 return NGX_OK; 1469 return NGX_OK;
1470 } 1470 }
1471 1471
1472 1472
1473 ngx_int_t 1473 ngx_int_t
1474 ngx_ssl_conf_commands(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_array_t *commands)
1475 {
1476 if (commands == NULL) {
1477 return NGX_OK;
1478 }
1479
1480 #ifdef SSL_CONF_FLAG_FILE
1481 {
1482 int type;
1483 u_char *key, *value;
1484 ngx_uint_t i;
1485 ngx_keyval_t *cmd;
1486 SSL_CONF_CTX *cctx;
1487
1488 cctx = SSL_CONF_CTX_new();
1489 if (cctx == NULL) {
1490 ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0,
1491 "SSL_CONF_CTX_new() failed");
1492 return NGX_ERROR;
1493 }
1494
1495 SSL_CONF_CTX_set_flags(cctx, SSL_CONF_FLAG_FILE);
1496 SSL_CONF_CTX_set_flags(cctx, SSL_CONF_FLAG_SERVER);
1497 SSL_CONF_CTX_set_flags(cctx, SSL_CONF_FLAG_CLIENT);
1498 SSL_CONF_CTX_set_flags(cctx, SSL_CONF_FLAG_CERTIFICATE);
1499 SSL_CONF_CTX_set_flags(cctx, SSL_CONF_FLAG_SHOW_ERRORS);
1500
1501 SSL_CONF_CTX_set_ssl_ctx(cctx, ssl->ctx);
1502
1503 cmd = commands->elts;
1504 for (i = 0; i < commands->nelts; i++) {
1505
1506 key = cmd[i].key.data;
1507 type = SSL_CONF_cmd_value_type(cctx, (char *) key);
1508
1509 if (type == SSL_CONF_TYPE_FILE || type == SSL_CONF_TYPE_DIR) {
1510 if (ngx_conf_full_name(cf->cycle, &cmd[i].value, 1) != NGX_OK) {
1511 SSL_CONF_CTX_free(cctx);
1512 return NGX_ERROR;
1513 }
1514 }
1515
1516 value = cmd[i].value.data;
1517
1518 if (SSL_CONF_cmd(cctx, (char *) key, (char *) value) <= 0) {
1519 ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0,
1520 "SSL_CONF_cmd(\"%s\", \"%s\") failed", key, value);
1521 SSL_CONF_CTX_free(cctx);
1522 return NGX_ERROR;
1523 }
1524 }
1525
1526 if (SSL_CONF_CTX_finish(cctx) != 1) {
1527 ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0,
1528 "SSL_CONF_finish() failed");
1529 SSL_CONF_CTX_free(cctx);
1530 return NGX_ERROR;
1531 }
1532
1533 SSL_CONF_CTX_free(cctx);
1534
1535 return NGX_OK;
1536 }
1537 #else
1538 ngx_log_error(NGX_LOG_EMERG, ssl->log, 0,
1539 "SSL_CONF_cmd() is not available on this platform");
1540 return NGX_ERROR;
1541 #endif
1542 }
1543
1544
1545 ngx_int_t
1474 ngx_ssl_client_session_cache(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_uint_t enable) 1546 ngx_ssl_client_session_cache(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_uint_t enable)
1475 { 1547 {
1476 if (!enable) { 1548 if (!enable) {
1477 return NGX_OK; 1549 return NGX_OK;
1478 } 1550 }
1715 c->read->eof = 1; 1787 c->read->eof = 1;
1716 1788
1717 if (sslerr == SSL_ERROR_ZERO_RETURN || ERR_peek_error() == 0) { 1789 if (sslerr == SSL_ERROR_ZERO_RETURN || ERR_peek_error() == 0) {
1718 ngx_connection_error(c, err, 1790 ngx_connection_error(c, err,
1719 "peer closed connection in SSL handshake"); 1791 "peer closed connection in SSL handshake");
1792
1793 return NGX_ERROR;
1794 }
1795
1796 if (c->ssl->handshake_rejected) {
1797 ngx_connection_error(c, err, "handshake rejected");
1798 ERR_clear_error();
1720 1799
1721 return NGX_ERROR; 1800 return NGX_ERROR;
1722 } 1801 }
1723 1802
1724 c->read->error = 1; 1803 c->read->error = 1;
3287 "EVP_DigestUpdate() failed"); 3366 "EVP_DigestUpdate() failed");
3288 goto failed; 3367 goto failed;
3289 } 3368 }
3290 } 3369 }
3291 3370
3292 if (SSL_CTX_get_ex_data(ssl->ctx, ngx_ssl_certificate_index) == NULL) { 3371 if (SSL_CTX_get_ex_data(ssl->ctx, ngx_ssl_certificate_index) == NULL
3293 3372 && certificates != NULL)
3373 {
3294 /* 3374 /*
3295 * If certificates are loaded dynamically, we use certificate 3375 * If certificates are loaded dynamically, we use certificate
3296 * names as specified in the configuration (with variables). 3376 * names as specified in the configuration (with variables).
3297 */ 3377 */
3298 3378