Mercurial > hg > nginx
comparison src/event/ngx_event_openssl.c @ 3430:966f9cf9c7da stable-0.7
merge r3155, r3156, r3160, r969, r3191, r3197, r3358:
SSL fixes:
*) $ssl_session_id
*) allow "make clean" for OpenSSL, the bug was introduced in r2874
*) disable SSLv2 and use only strong ciphers by default
*) decrease SSL handshake error level to info
author | Igor Sysoev <igor@sysoev.ru> |
---|---|
date | Mon, 01 Feb 2010 14:39:16 +0000 |
parents | 305fe2aa9e49 |
children | 90d746a95258 |
comparison
equal
deleted
inserted
replaced
3429:9ecd253fcc90 | 3430:966f9cf9c7da |
---|---|
1311 if (n == SSL_R_DIGEST_CHECK_FAILED /* 149 */ | 1311 if (n == SSL_R_DIGEST_CHECK_FAILED /* 149 */ |
1312 || n == SSL_R_NO_CIPHERS_PASSED /* 182 */ | 1312 || n == SSL_R_NO_CIPHERS_PASSED /* 182 */ |
1313 || n == SSL_R_NO_SHARED_CIPHER /* 193 */ | 1313 || n == SSL_R_NO_SHARED_CIPHER /* 193 */ |
1314 || n == SSL_R_UNEXPECTED_MESSAGE /* 244 */ | 1314 || n == SSL_R_UNEXPECTED_MESSAGE /* 244 */ |
1315 || n == SSL_R_UNEXPECTED_RECORD /* 245 */ | 1315 || n == SSL_R_UNEXPECTED_RECORD /* 245 */ |
1316 || n == SSL_R_UNKNOWN_PROTOCOL /* 252 */ | |
1316 || n == SSL_R_WRONG_VERSION_NUMBER /* 267 */ | 1317 || n == SSL_R_WRONG_VERSION_NUMBER /* 267 */ |
1317 || n == SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC /* 281 */ | 1318 || n == SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC /* 281 */ |
1318 || n == 1000 /* SSL_R_SSLV3_ALERT_CLOSE_NOTIFY */ | 1319 || n == 1000 /* SSL_R_SSLV3_ALERT_CLOSE_NOTIFY */ |
1319 || n == SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE /* 1010 */ | 1320 || n == SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE /* 1010 */ |
1320 || n == SSL_R_SSLV3_ALERT_BAD_RECORD_MAC /* 1020 */ | 1321 || n == SSL_R_SSLV3_ALERT_BAD_RECORD_MAC /* 1020 */ |
1626 ngx_memcpy(id, sess->session_id, sess->session_id_length); | 1627 ngx_memcpy(id, sess->session_id, sess->session_id_length); |
1627 | 1628 |
1628 hash = ngx_crc32_short(sess->session_id, sess->session_id_length); | 1629 hash = ngx_crc32_short(sess->session_id, sess->session_id_length); |
1629 | 1630 |
1630 ngx_log_debug3(NGX_LOG_DEBUG_EVENT, c->log, 0, | 1631 ngx_log_debug3(NGX_LOG_DEBUG_EVENT, c->log, 0, |
1631 "http ssl new session: %08XD:%d:%d", | 1632 "ssl new session: %08XD:%d:%d", |
1632 hash, sess->session_id_length, len); | 1633 hash, sess->session_id_length, len); |
1633 | 1634 |
1634 sess_id->node.key = hash; | 1635 sess_id->node.key = hash; |
1635 sess_id->node.data = (u_char) sess->session_id_length; | 1636 sess_id->node.data = (u_char) sess->session_id_length; |
1636 sess_id->id = id; | 1637 sess_id->id = id; |
1689 | 1690 |
1690 hash = ngx_crc32_short(id, (size_t) len); | 1691 hash = ngx_crc32_short(id, (size_t) len); |
1691 *copy = 0; | 1692 *copy = 0; |
1692 | 1693 |
1693 ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0, | 1694 ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0, |
1694 "http ssl get session: %08XD:%d", hash, len); | 1695 "ssl get session: %08XD:%d", hash, len); |
1695 | 1696 |
1696 shm_zone = SSL_CTX_get_ex_data(SSL_get_SSL_CTX(ssl_conn), | 1697 shm_zone = SSL_CTX_get_ex_data(SSL_get_SSL_CTX(ssl_conn), |
1697 ngx_ssl_session_cache_index); | 1698 ngx_ssl_session_cache_index); |
1698 | 1699 |
1699 cache = shm_zone->data; | 1700 cache = shm_zone->data; |
1803 len = (size_t) sess->session_id_length; | 1804 len = (size_t) sess->session_id_length; |
1804 | 1805 |
1805 hash = ngx_crc32_short(id, len); | 1806 hash = ngx_crc32_short(id, len); |
1806 | 1807 |
1807 ngx_log_debug2(NGX_LOG_DEBUG_EVENT, ngx_cycle->log, 0, | 1808 ngx_log_debug2(NGX_LOG_DEBUG_EVENT, ngx_cycle->log, 0, |
1808 "http ssl remove session: %08XD:%uz", hash, len); | 1809 "ssl remove session: %08XD:%uz", hash, len); |
1809 | 1810 |
1810 shpool = (ngx_slab_pool_t *) shm_zone->shm.addr; | 1811 shpool = (ngx_slab_pool_t *) shm_zone->shm.addr; |
1811 | 1812 |
1812 ngx_shmtx_lock(&shpool->mutex); | 1813 ngx_shmtx_lock(&shpool->mutex); |
1813 | 1814 |
1967 return NGX_OK; | 1968 return NGX_OK; |
1968 } | 1969 } |
1969 | 1970 |
1970 | 1971 |
1971 ngx_int_t | 1972 ngx_int_t |
1973 ngx_ssl_get_session_id(ngx_connection_t *c, ngx_pool_t *pool, ngx_str_t *s) | |
1974 { | |
1975 int len; | |
1976 u_char *p, *buf; | |
1977 SSL_SESSION *sess; | |
1978 | |
1979 sess = SSL_get0_session(c->ssl->connection); | |
1980 | |
1981 len = i2d_SSL_SESSION(sess, NULL); | |
1982 | |
1983 buf = ngx_alloc(len, c->log); | |
1984 if (buf == NULL) { | |
1985 return NGX_ERROR; | |
1986 } | |
1987 | |
1988 s->len = 2 * len; | |
1989 s->data = ngx_pnalloc(pool, 2 * len); | |
1990 if (s->data == NULL) { | |
1991 ngx_free(buf); | |
1992 return NGX_ERROR; | |
1993 } | |
1994 | |
1995 p = buf; | |
1996 i2d_SSL_SESSION(sess, &p); | |
1997 | |
1998 ngx_hex_dump(s->data, buf, len); | |
1999 | |
2000 ngx_free(buf); | |
2001 | |
2002 return NGX_OK; | |
2003 } | |
2004 | |
2005 | |
2006 ngx_int_t | |
1972 ngx_ssl_get_raw_certificate(ngx_connection_t *c, ngx_pool_t *pool, ngx_str_t *s) | 2007 ngx_ssl_get_raw_certificate(ngx_connection_t *c, ngx_pool_t *pool, ngx_str_t *s) |
1973 { | 2008 { |
1974 size_t len; | 2009 size_t len; |
1975 BIO *bio; | 2010 BIO *bio; |
1976 X509 *cert; | 2011 X509 *cert; |