Mercurial > hg > nginx
comparison src/event/ngx_event_openssl.c @ 6261:97f102a13f33
SSL: preserve default server context in connection (ticket #235).
This context is needed for shared sessions cache to work in configurations
with multiple virtual servers sharing the same port. Unfortunately, OpenSSL
does not provide an API to access the session context, thus storing it
separately.
In collaboration with Vladimir Homutov.
| author | Maxim Dounin <mdounin@mdounin.ru> |
|---|---|
| date | Mon, 19 Oct 2015 21:22:38 +0300 |
| parents | 2f34ea503ac4 |
| children | d194cad6dd3a |
comparison
equal
deleted
inserted
replaced
| 6260:0e37389c0bd5 | 6261:97f102a13f33 |
|---|---|
| 1035 return NGX_ERROR; | 1035 return NGX_ERROR; |
| 1036 } | 1036 } |
| 1037 | 1037 |
| 1038 sc->buffer = ((flags & NGX_SSL_BUFFER) != 0); | 1038 sc->buffer = ((flags & NGX_SSL_BUFFER) != 0); |
| 1039 sc->buffer_size = ssl->buffer_size; | 1039 sc->buffer_size = ssl->buffer_size; |
| 1040 | |
| 1041 sc->session_ctx = ssl->ctx; | |
| 1040 | 1042 |
| 1041 sc->connection = SSL_new(ssl->ctx); | 1043 sc->connection = SSL_new(ssl->ctx); |
| 1042 | 1044 |
| 1043 if (sc->connection == NULL) { | 1045 if (sc->connection == NULL) { |
| 1044 ngx_ssl_error(NGX_LOG_ALERT, c->log, 0, "SSL_new() failed"); | 1046 ngx_ssl_error(NGX_LOG_ALERT, c->log, 0, "SSL_new() failed"); |
| 2303 p = buf; | 2305 p = buf; |
| 2304 i2d_SSL_SESSION(sess, &p); | 2306 i2d_SSL_SESSION(sess, &p); |
| 2305 | 2307 |
| 2306 c = ngx_ssl_get_connection(ssl_conn); | 2308 c = ngx_ssl_get_connection(ssl_conn); |
| 2307 | 2309 |
| 2308 ssl_ctx = SSL_get_SSL_CTX(ssl_conn); | 2310 ssl_ctx = c->ssl->session_ctx; |
| 2309 shm_zone = SSL_CTX_get_ex_data(ssl_ctx, ngx_ssl_session_cache_index); | 2311 shm_zone = SSL_CTX_get_ex_data(ssl_ctx, ngx_ssl_session_cache_index); |
| 2310 | 2312 |
| 2311 cache = shm_zone->data; | 2313 cache = shm_zone->data; |
| 2312 shpool = (ngx_slab_pool_t *) shm_zone->shm.addr; | 2314 shpool = (ngx_slab_pool_t *) shm_zone->shm.addr; |
| 2313 | 2315 |
| 2441 ngx_rbtree_node_t *node, *sentinel; | 2443 ngx_rbtree_node_t *node, *sentinel; |
| 2442 ngx_ssl_session_t *sess; | 2444 ngx_ssl_session_t *sess; |
| 2443 ngx_ssl_sess_id_t *sess_id; | 2445 ngx_ssl_sess_id_t *sess_id; |
| 2444 ngx_ssl_session_cache_t *cache; | 2446 ngx_ssl_session_cache_t *cache; |
| 2445 u_char buf[NGX_SSL_MAX_SESSION_SIZE]; | 2447 u_char buf[NGX_SSL_MAX_SESSION_SIZE]; |
| 2446 #if (NGX_DEBUG) | |
| 2447 ngx_connection_t *c; | 2448 ngx_connection_t *c; |
| 2448 #endif | |
| 2449 | 2449 |
| 2450 hash = ngx_crc32_short(id, (size_t) len); | 2450 hash = ngx_crc32_short(id, (size_t) len); |
| 2451 *copy = 0; | 2451 *copy = 0; |
| 2452 | 2452 |
| 2453 #if (NGX_DEBUG) | |
| 2454 c = ngx_ssl_get_connection(ssl_conn); | 2453 c = ngx_ssl_get_connection(ssl_conn); |
| 2455 | 2454 |
| 2456 ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0, | 2455 ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0, |
| 2457 "ssl get session: %08XD:%d", hash, len); | 2456 "ssl get session: %08XD:%d", hash, len); |
| 2458 #endif | 2457 |
| 2459 | 2458 shm_zone = SSL_CTX_get_ex_data(c->ssl->session_ctx, |
| 2460 shm_zone = SSL_CTX_get_ex_data(SSL_get_SSL_CTX(ssl_conn), | |
| 2461 ngx_ssl_session_cache_index); | 2459 ngx_ssl_session_cache_index); |
| 2462 | 2460 |
| 2463 cache = shm_zone->data; | 2461 cache = shm_zone->data; |
| 2464 | 2462 |
| 2465 sess = NULL; | 2463 sess = NULL; |
| 2834 HMAC_CTX *hctx, int enc) | 2832 HMAC_CTX *hctx, int enc) |
| 2835 { | 2833 { |
| 2836 SSL_CTX *ssl_ctx; | 2834 SSL_CTX *ssl_ctx; |
| 2837 ngx_uint_t i; | 2835 ngx_uint_t i; |
| 2838 ngx_array_t *keys; | 2836 ngx_array_t *keys; |
| 2837 ngx_connection_t *c; | |
| 2839 ngx_ssl_session_ticket_key_t *key; | 2838 ngx_ssl_session_ticket_key_t *key; |
| 2840 #if (NGX_DEBUG) | 2839 #if (NGX_DEBUG) |
| 2841 u_char buf[32]; | 2840 u_char buf[32]; |
| 2842 ngx_connection_t *c; | 2841 #endif |
| 2843 #endif | 2842 |
| 2844 | 2843 c = ngx_ssl_get_connection(ssl_conn); |
| 2845 ssl_ctx = SSL_get_SSL_CTX(ssl_conn); | 2844 ssl_ctx = c->ssl->session_ctx; |
| 2846 | 2845 |
| 2847 keys = SSL_CTX_get_ex_data(ssl_ctx, ngx_ssl_session_ticket_keys_index); | 2846 keys = SSL_CTX_get_ex_data(ssl_ctx, ngx_ssl_session_ticket_keys_index); |
| 2848 if (keys == NULL) { | 2847 if (keys == NULL) { |
| 2849 return -1; | 2848 return -1; |
| 2850 } | 2849 } |
| 2851 | 2850 |
| 2852 key = keys->elts; | 2851 key = keys->elts; |
| 2853 | |
| 2854 #if (NGX_DEBUG) | |
| 2855 c = ngx_ssl_get_connection(ssl_conn); | |
| 2856 #endif | |
| 2857 | 2852 |
| 2858 if (enc == 1) { | 2853 if (enc == 1) { |
| 2859 /* encrypt session ticket */ | 2854 /* encrypt session ticket */ |
| 2860 | 2855 |
| 2861 ngx_log_debug3(NGX_LOG_DEBUG_EVENT, c->log, 0, | 2856 ngx_log_debug3(NGX_LOG_DEBUG_EVENT, c->log, 0, |