Mercurial > hg > nginx
comparison src/http/modules/ngx_http_ssl_module.c @ 5487:a297b7ad6f94
SSL: ssl_buffer_size directive.
| author | Maxim Dounin <mdounin@mdounin.ru> |
|---|---|
| date | Fri, 20 Dec 2013 16:18:25 +0400 |
| parents | 1356a3b96924 |
| children | d049b0ea00a3 |
comparison
equal
deleted
inserted
replaced
| 5486:741aa3fde496 | 5487:a297b7ad6f94 |
|---|---|
| 107 { ngx_string("ssl_ciphers"), | 107 { ngx_string("ssl_ciphers"), |
| 108 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_TAKE1, | 108 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_TAKE1, |
| 109 ngx_conf_set_str_slot, | 109 ngx_conf_set_str_slot, |
| 110 NGX_HTTP_SRV_CONF_OFFSET, | 110 NGX_HTTP_SRV_CONF_OFFSET, |
| 111 offsetof(ngx_http_ssl_srv_conf_t, ciphers), | 111 offsetof(ngx_http_ssl_srv_conf_t, ciphers), |
| 112 NULL }, | |
| 113 | |
| 114 { ngx_string("ssl_buffer_size"), | |
| 115 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_TAKE1, | |
| 116 ngx_conf_set_size_slot, | |
| 117 NGX_HTTP_SRV_CONF_OFFSET, | |
| 118 offsetof(ngx_http_ssl_srv_conf_t, buffer_size), | |
| 112 NULL }, | 119 NULL }, |
| 113 | 120 |
| 114 { ngx_string("ssl_verify_client"), | 121 { ngx_string("ssl_verify_client"), |
| 115 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_TAKE1, | 122 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_TAKE1, |
| 116 ngx_conf_set_enum_slot, | 123 ngx_conf_set_enum_slot, |
| 422 * sscf->stapling_responder = { 0, NULL }; | 429 * sscf->stapling_responder = { 0, NULL }; |
| 423 */ | 430 */ |
| 424 | 431 |
| 425 sscf->enable = NGX_CONF_UNSET; | 432 sscf->enable = NGX_CONF_UNSET; |
| 426 sscf->prefer_server_ciphers = NGX_CONF_UNSET; | 433 sscf->prefer_server_ciphers = NGX_CONF_UNSET; |
| 434 sscf->buffer_size = NGX_CONF_UNSET_SIZE; | |
| 427 sscf->verify = NGX_CONF_UNSET_UINT; | 435 sscf->verify = NGX_CONF_UNSET_UINT; |
| 428 sscf->verify_depth = NGX_CONF_UNSET_UINT; | 436 sscf->verify_depth = NGX_CONF_UNSET_UINT; |
| 429 sscf->builtin_session_cache = NGX_CONF_UNSET; | 437 sscf->builtin_session_cache = NGX_CONF_UNSET; |
| 430 sscf->session_timeout = NGX_CONF_UNSET; | 438 sscf->session_timeout = NGX_CONF_UNSET; |
| 431 sscf->session_ticket_keys = NGX_CONF_UNSET_PTR; | 439 sscf->session_ticket_keys = NGX_CONF_UNSET_PTR; |
| 462 prev->prefer_server_ciphers, 0); | 470 prev->prefer_server_ciphers, 0); |
| 463 | 471 |
| 464 ngx_conf_merge_bitmask_value(conf->protocols, prev->protocols, | 472 ngx_conf_merge_bitmask_value(conf->protocols, prev->protocols, |
| 465 (NGX_CONF_BITMASK_SET|NGX_SSL_SSLv3|NGX_SSL_TLSv1 | 473 (NGX_CONF_BITMASK_SET|NGX_SSL_SSLv3|NGX_SSL_TLSv1 |
| 466 |NGX_SSL_TLSv1_1|NGX_SSL_TLSv1_2)); | 474 |NGX_SSL_TLSv1_1|NGX_SSL_TLSv1_2)); |
| 475 | |
| 476 ngx_conf_merge_size_value(conf->buffer_size, prev->buffer_size, | |
| 477 NGX_SSL_BUFSIZE); | |
| 467 | 478 |
| 468 ngx_conf_merge_uint_value(conf->verify, prev->verify, 0); | 479 ngx_conf_merge_uint_value(conf->verify, prev->verify, 0); |
| 469 ngx_conf_merge_uint_value(conf->verify_depth, prev->verify_depth, 1); | 480 ngx_conf_merge_uint_value(conf->verify_depth, prev->verify_depth, 1); |
| 470 | 481 |
| 471 ngx_conf_merge_str_value(conf->certificate, prev->certificate, ""); | 482 ngx_conf_merge_str_value(conf->certificate, prev->certificate, ""); |
| 570 "SSL_CTX_set_cipher_list(\"%V\") failed", | 581 "SSL_CTX_set_cipher_list(\"%V\") failed", |
| 571 &conf->ciphers); | 582 &conf->ciphers); |
| 572 return NGX_CONF_ERROR; | 583 return NGX_CONF_ERROR; |
| 573 } | 584 } |
| 574 | 585 |
| 586 conf->ssl.buffer_size = conf->buffer_size; | |
| 587 | |
| 575 if (conf->verify) { | 588 if (conf->verify) { |
| 576 | 589 |
| 577 if (conf->client_certificate.len == 0 && conf->verify != 3) { | 590 if (conf->client_certificate.len == 0 && conf->verify != 3) { |
| 578 ngx_log_error(NGX_LOG_EMERG, cf->log, 0, | 591 ngx_log_error(NGX_LOG_EMERG, cf->log, 0, |
| 579 "no ssl_client_certificate for ssl_client_verify"); | 592 "no ssl_client_certificate for ssl_client_verify"); |