Mercurial > hg > nginx
comparison src/event/ngx_event_openssl.c @ 2504:9e9a985d956a
load SSL engine before certificates,
otherwise RSA keys will use built-in RSA methods
author | Igor Sysoev <igor@sysoev.ru> |
---|---|
date | Mon, 16 Feb 2009 13:37:58 +0000 |
parents | 722b5aff05ae |
children | a6d6d762c554 |
comparison
equal
deleted
inserted
replaced
2503:7b0711452b34 | 2504:9e9a985d956a |
---|---|
8 #include <ngx_core.h> | 8 #include <ngx_core.h> |
9 #include <ngx_event.h> | 9 #include <ngx_event.h> |
10 | 10 |
11 | 11 |
12 typedef struct { | 12 typedef struct { |
13 ngx_str_t engine; | 13 ngx_uint_t engine; /* unsigned engine:1; */ |
14 } ngx_openssl_conf_t; | 14 } ngx_openssl_conf_t; |
15 | 15 |
16 | 16 |
17 static int ngx_http_ssl_verify_callback(int ok, X509_STORE_CTX *x509_store); | 17 static int ngx_http_ssl_verify_callback(int ok, X509_STORE_CTX *x509_store); |
18 static void ngx_ssl_handshake_handler(ngx_event_t *ev); | 18 static void ngx_ssl_handshake_handler(ngx_event_t *ev); |
35 ngx_slab_pool_t *shpool, ngx_uint_t n); | 35 ngx_slab_pool_t *shpool, ngx_uint_t n); |
36 static void ngx_ssl_session_rbtree_insert_value(ngx_rbtree_node_t *temp, | 36 static void ngx_ssl_session_rbtree_insert_value(ngx_rbtree_node_t *temp, |
37 ngx_rbtree_node_t *node, ngx_rbtree_node_t *sentinel); | 37 ngx_rbtree_node_t *node, ngx_rbtree_node_t *sentinel); |
38 | 38 |
39 static void *ngx_openssl_create_conf(ngx_cycle_t *cycle); | 39 static void *ngx_openssl_create_conf(ngx_cycle_t *cycle); |
40 static char *ngx_openssl_init_conf(ngx_cycle_t *cycle, void *conf); | 40 static char *ngx_openssl_engine(ngx_conf_t *cf, ngx_command_t *cmd, void *conf); |
41 static void ngx_openssl_exit(ngx_cycle_t *cycle); | 41 static void ngx_openssl_exit(ngx_cycle_t *cycle); |
42 | |
43 #if !(NGX_SSL_ENGINE) | |
44 static char *ngx_openssl_noengine(ngx_conf_t *cf, ngx_command_t *cmd, | |
45 void *conf); | |
46 #endif | |
47 | 42 |
48 | 43 |
49 static ngx_command_t ngx_openssl_commands[] = { | 44 static ngx_command_t ngx_openssl_commands[] = { |
50 | 45 |
51 { ngx_string("ssl_engine"), | 46 { ngx_string("ssl_engine"), |
52 NGX_MAIN_CONF|NGX_DIRECT_CONF|NGX_CONF_TAKE1, | 47 NGX_MAIN_CONF|NGX_DIRECT_CONF|NGX_CONF_TAKE1, |
53 #if (NGX_SSL_ENGINE) | 48 ngx_openssl_engine, |
54 ngx_conf_set_str_slot, | |
55 #else | |
56 ngx_openssl_noengine, | |
57 #endif | |
58 0, | 49 0, |
59 offsetof(ngx_openssl_conf_t, engine), | 50 0, |
60 NULL }, | 51 NULL }, |
61 | 52 |
62 ngx_null_command | 53 ngx_null_command |
63 }; | 54 }; |
64 | 55 |
65 | 56 |
66 static ngx_core_module_t ngx_openssl_module_ctx = { | 57 static ngx_core_module_t ngx_openssl_module_ctx = { |
67 ngx_string("openssl"), | 58 ngx_string("openssl"), |
68 ngx_openssl_create_conf, | 59 ngx_openssl_create_conf, |
69 ngx_openssl_init_conf | 60 NULL |
70 }; | 61 }; |
71 | 62 |
72 | 63 |
73 ngx_module_t ngx_openssl_module = { | 64 ngx_module_t ngx_openssl_module = { |
74 NGX_MODULE_V1, | 65 NGX_MODULE_V1, |
2111 } | 2102 } |
2112 | 2103 |
2113 /* | 2104 /* |
2114 * set by ngx_pcalloc(): | 2105 * set by ngx_pcalloc(): |
2115 * | 2106 * |
2116 * oscf->engine.len = 0; | 2107 * oscf->engine = 0; |
2117 * oscf->engine.data = NULL; | |
2118 */ | 2108 */ |
2119 | 2109 |
2120 return oscf; | 2110 return oscf; |
2121 } | 2111 } |
2122 | 2112 |
2123 | 2113 |
2124 static char * | 2114 static char * |
2125 ngx_openssl_init_conf(ngx_cycle_t *cycle, void *conf) | 2115 ngx_openssl_engine(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) |
2126 { | 2116 { |
2127 #if (NGX_SSL_ENGINE) | 2117 #if (NGX_SSL_ENGINE) |
2128 ngx_openssl_conf_t *oscf = conf; | 2118 ngx_openssl_conf_t *oscf = conf; |
2129 | 2119 |
2130 ENGINE *engine; | 2120 ENGINE *engine; |
2131 | 2121 ngx_str_t *value; |
2132 if (oscf->engine.len == 0) { | 2122 |
2133 return NGX_CONF_OK; | 2123 if (oscf->engine) { |
2134 } | 2124 return "is duplicate"; |
2135 | 2125 } |
2136 engine = ENGINE_by_id((const char *) oscf->engine.data); | 2126 |
2127 oscf->engine = 1; | |
2128 | |
2129 value = cf->args->elts; | |
2130 | |
2131 engine = ENGINE_by_id((const char *) value[1].data); | |
2137 | 2132 |
2138 if (engine == NULL) { | 2133 if (engine == NULL) { |
2139 ngx_ssl_error(NGX_LOG_WARN, cycle->log, 0, | 2134 ngx_ssl_error(NGX_LOG_WARN, cf->log, 0, |
2140 "ENGINE_by_id(\"%V\") failed", &oscf->engine); | 2135 "ENGINE_by_id(\"%V\") failed", &value[1]); |
2141 return NGX_CONF_ERROR; | 2136 return NGX_CONF_ERROR; |
2142 } | 2137 } |
2143 | 2138 |
2144 if (ENGINE_set_default(engine, ENGINE_METHOD_ALL) == 0) { | 2139 if (ENGINE_set_default(engine, ENGINE_METHOD_ALL) == 0) { |
2145 ngx_ssl_error(NGX_LOG_WARN, cycle->log, 0, | 2140 ngx_ssl_error(NGX_LOG_WARN, cf->log, 0, |
2146 "ENGINE_set_default(\"%V\", ENGINE_METHOD_ALL) failed", | 2141 "ENGINE_set_default(\"%V\", ENGINE_METHOD_ALL) failed", |
2147 &oscf->engine); | 2142 &value[1]); |
2143 | |
2144 ENGINE_free(engine); | |
2145 | |
2148 return NGX_CONF_ERROR; | 2146 return NGX_CONF_ERROR; |
2149 } | 2147 } |
2150 | 2148 |
2151 ENGINE_free(engine); | 2149 ENGINE_free(engine); |
2152 | 2150 |
2153 #endif | |
2154 | |
2155 return NGX_CONF_OK; | 2151 return NGX_CONF_OK; |
2156 } | 2152 |
2157 | 2153 #else |
2158 | 2154 |
2159 #if !(NGX_SSL_ENGINE) | |
2160 | |
2161 static char * | |
2162 ngx_openssl_noengine(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) | |
2163 { | |
2164 ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, | 2155 ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, |
2165 "\"ssl_engine\" directive is available only in " | 2156 "\"ssl_engine\" directive is available only in " |
2166 "OpenSSL 0.9.7 and higher,"); | 2157 "OpenSSL 0.9.7 and higher,"); |
2167 | 2158 |
2168 return NGX_CONF_ERROR; | 2159 return NGX_CONF_ERROR; |
2169 } | |
2170 | 2160 |
2171 #endif | 2161 #endif |
2162 } | |
2172 | 2163 |
2173 | 2164 |
2174 static void | 2165 static void |
2175 ngx_openssl_exit(ngx_cycle_t *cycle) | 2166 ngx_openssl_exit(ngx_cycle_t *cycle) |
2176 { | 2167 { |