Mercurial > hg > nginx
comparison src/event/ngx_event_openssl.c @ 3430:966f9cf9c7da stable-0.7
merge r3155, r3156, r3160, r969, r3191, r3197, r3358:
SSL fixes:
*) $ssl_session_id
*) allow "make clean" for OpenSSL, the bug was introduced in r2874
*) disable SSLv2 and use only strong ciphers by default
*) decrease SSL handshake error level to info
| author | Igor Sysoev <igor@sysoev.ru> |
|---|---|
| date | Mon, 01 Feb 2010 14:39:16 +0000 |
| parents | 305fe2aa9e49 |
| children | 90d746a95258 |
comparison
equal
deleted
inserted
replaced
| 3429:9ecd253fcc90 | 3430:966f9cf9c7da |
|---|---|
| 1311 if (n == SSL_R_DIGEST_CHECK_FAILED /* 149 */ | 1311 if (n == SSL_R_DIGEST_CHECK_FAILED /* 149 */ |
| 1312 || n == SSL_R_NO_CIPHERS_PASSED /* 182 */ | 1312 || n == SSL_R_NO_CIPHERS_PASSED /* 182 */ |
| 1313 || n == SSL_R_NO_SHARED_CIPHER /* 193 */ | 1313 || n == SSL_R_NO_SHARED_CIPHER /* 193 */ |
| 1314 || n == SSL_R_UNEXPECTED_MESSAGE /* 244 */ | 1314 || n == SSL_R_UNEXPECTED_MESSAGE /* 244 */ |
| 1315 || n == SSL_R_UNEXPECTED_RECORD /* 245 */ | 1315 || n == SSL_R_UNEXPECTED_RECORD /* 245 */ |
| 1316 || n == SSL_R_UNKNOWN_PROTOCOL /* 252 */ | |
| 1316 || n == SSL_R_WRONG_VERSION_NUMBER /* 267 */ | 1317 || n == SSL_R_WRONG_VERSION_NUMBER /* 267 */ |
| 1317 || n == SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC /* 281 */ | 1318 || n == SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC /* 281 */ |
| 1318 || n == 1000 /* SSL_R_SSLV3_ALERT_CLOSE_NOTIFY */ | 1319 || n == 1000 /* SSL_R_SSLV3_ALERT_CLOSE_NOTIFY */ |
| 1319 || n == SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE /* 1010 */ | 1320 || n == SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE /* 1010 */ |
| 1320 || n == SSL_R_SSLV3_ALERT_BAD_RECORD_MAC /* 1020 */ | 1321 || n == SSL_R_SSLV3_ALERT_BAD_RECORD_MAC /* 1020 */ |
| 1626 ngx_memcpy(id, sess->session_id, sess->session_id_length); | 1627 ngx_memcpy(id, sess->session_id, sess->session_id_length); |
| 1627 | 1628 |
| 1628 hash = ngx_crc32_short(sess->session_id, sess->session_id_length); | 1629 hash = ngx_crc32_short(sess->session_id, sess->session_id_length); |
| 1629 | 1630 |
| 1630 ngx_log_debug3(NGX_LOG_DEBUG_EVENT, c->log, 0, | 1631 ngx_log_debug3(NGX_LOG_DEBUG_EVENT, c->log, 0, |
| 1631 "http ssl new session: %08XD:%d:%d", | 1632 "ssl new session: %08XD:%d:%d", |
| 1632 hash, sess->session_id_length, len); | 1633 hash, sess->session_id_length, len); |
| 1633 | 1634 |
| 1634 sess_id->node.key = hash; | 1635 sess_id->node.key = hash; |
| 1635 sess_id->node.data = (u_char) sess->session_id_length; | 1636 sess_id->node.data = (u_char) sess->session_id_length; |
| 1636 sess_id->id = id; | 1637 sess_id->id = id; |
| 1689 | 1690 |
| 1690 hash = ngx_crc32_short(id, (size_t) len); | 1691 hash = ngx_crc32_short(id, (size_t) len); |
| 1691 *copy = 0; | 1692 *copy = 0; |
| 1692 | 1693 |
| 1693 ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0, | 1694 ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0, |
| 1694 "http ssl get session: %08XD:%d", hash, len); | 1695 "ssl get session: %08XD:%d", hash, len); |
| 1695 | 1696 |
| 1696 shm_zone = SSL_CTX_get_ex_data(SSL_get_SSL_CTX(ssl_conn), | 1697 shm_zone = SSL_CTX_get_ex_data(SSL_get_SSL_CTX(ssl_conn), |
| 1697 ngx_ssl_session_cache_index); | 1698 ngx_ssl_session_cache_index); |
| 1698 | 1699 |
| 1699 cache = shm_zone->data; | 1700 cache = shm_zone->data; |
| 1803 len = (size_t) sess->session_id_length; | 1804 len = (size_t) sess->session_id_length; |
| 1804 | 1805 |
| 1805 hash = ngx_crc32_short(id, len); | 1806 hash = ngx_crc32_short(id, len); |
| 1806 | 1807 |
| 1807 ngx_log_debug2(NGX_LOG_DEBUG_EVENT, ngx_cycle->log, 0, | 1808 ngx_log_debug2(NGX_LOG_DEBUG_EVENT, ngx_cycle->log, 0, |
| 1808 "http ssl remove session: %08XD:%uz", hash, len); | 1809 "ssl remove session: %08XD:%uz", hash, len); |
| 1809 | 1810 |
| 1810 shpool = (ngx_slab_pool_t *) shm_zone->shm.addr; | 1811 shpool = (ngx_slab_pool_t *) shm_zone->shm.addr; |
| 1811 | 1812 |
| 1812 ngx_shmtx_lock(&shpool->mutex); | 1813 ngx_shmtx_lock(&shpool->mutex); |
| 1813 | 1814 |
| 1967 return NGX_OK; | 1968 return NGX_OK; |
| 1968 } | 1969 } |
| 1969 | 1970 |
| 1970 | 1971 |
| 1971 ngx_int_t | 1972 ngx_int_t |
| 1973 ngx_ssl_get_session_id(ngx_connection_t *c, ngx_pool_t *pool, ngx_str_t *s) | |
| 1974 { | |
| 1975 int len; | |
| 1976 u_char *p, *buf; | |
| 1977 SSL_SESSION *sess; | |
| 1978 | |
| 1979 sess = SSL_get0_session(c->ssl->connection); | |
| 1980 | |
| 1981 len = i2d_SSL_SESSION(sess, NULL); | |
| 1982 | |
| 1983 buf = ngx_alloc(len, c->log); | |
| 1984 if (buf == NULL) { | |
| 1985 return NGX_ERROR; | |
| 1986 } | |
| 1987 | |
| 1988 s->len = 2 * len; | |
| 1989 s->data = ngx_pnalloc(pool, 2 * len); | |
| 1990 if (s->data == NULL) { | |
| 1991 ngx_free(buf); | |
| 1992 return NGX_ERROR; | |
| 1993 } | |
| 1994 | |
| 1995 p = buf; | |
| 1996 i2d_SSL_SESSION(sess, &p); | |
| 1997 | |
| 1998 ngx_hex_dump(s->data, buf, len); | |
| 1999 | |
| 2000 ngx_free(buf); | |
| 2001 | |
| 2002 return NGX_OK; | |
| 2003 } | |
| 2004 | |
| 2005 | |
| 2006 ngx_int_t | |
| 1972 ngx_ssl_get_raw_certificate(ngx_connection_t *c, ngx_pool_t *pool, ngx_str_t *s) | 2007 ngx_ssl_get_raw_certificate(ngx_connection_t *c, ngx_pool_t *pool, ngx_str_t *s) |
| 1973 { | 2008 { |
| 1974 size_t len; | 2009 size_t len; |
| 1975 BIO *bio; | 2010 BIO *bio; |
| 1976 X509 *cert; | 2011 X509 *cert; |