Mercurial > hg > nginx

comparison src/http/ngx_http_request.c @ 5088:ac31fcecb464

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
SNI: ignore captures in server_name regexes when matching by SNI. This change helps to decouple ngx_http_ssl_servername() from the request object. Note: now we close connection in case of error during server name lookup for request. Previously, we did so only for HTTP/0.9 requests.
author Valentin Bartenev <vbart@nginx.com>
date Wed, 27 Feb 2013 17:06:52 +0000
parents 66e0f9adbc8c
children 903f2a5d86a5
comparison
equal deleted inserted replaced
5087:66e0f9adbc8c 5088:ac31fcecb464
32 32
33 static ngx_int_t ngx_http_process_request_header(ngx_http_request_t *r); 33 static ngx_int_t ngx_http_process_request_header(ngx_http_request_t *r);
34 static void ngx_http_process_request(ngx_http_request_t *r); 34 static void ngx_http_process_request(ngx_http_request_t *r);
35 static ngx_int_t ngx_http_validate_host(ngx_str_t *host, ngx_pool_t *pool, 35 static ngx_int_t ngx_http_validate_host(ngx_str_t *host, ngx_pool_t *pool,
36 ngx_uint_t alloc); 36 ngx_uint_t alloc);
37 static ngx_int_t ngx_http_find_virtual_server(ngx_http_request_t *r, 37 static ngx_int_t ngx_http_set_virtual_server(ngx_http_request_t *r,
38 u_char *host, size_t len); 38 ngx_str_t *host);
39 static ngx_int_t ngx_http_find_virtual_server(ngx_connection_t *c,
40 ngx_http_virtual_names_t *virtual_names, ngx_str_t *host,
41 ngx_http_request_t *r, ngx_http_core_srv_conf_t **cscfp);
39 42
40 static void ngx_http_request_handler(ngx_event_t *ev); 43 static void ngx_http_request_handler(ngx_event_t *ev);
41 static void ngx_http_terminate_request(ngx_http_request_t *r, ngx_int_t rc); 44 static void ngx_http_terminate_request(ngx_http_request_t *r, ngx_int_t rc);
42 static void ngx_http_terminate_handler(ngx_http_request_t *r); 45 static void ngx_http_terminate_handler(ngx_http_request_t *r);
43 static void ngx_http_finalize_connection(ngx_http_request_t *r); 46 static void ngx_http_finalize_connection(ngx_http_request_t *r);
641 #ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME 644 #ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
642 645
643 int 646 int
644 ngx_http_ssl_servername(ngx_ssl_conn_t *ssl_conn, int *ad, void *arg) 647 ngx_http_ssl_servername(ngx_ssl_conn_t *ssl_conn, int *ad, void *arg)
645 { 648 {
646 ngx_str_t host; 649 ngx_str_t host;
647 const char *servername; 650 const char *servername;
648 ngx_connection_t *c; 651 ngx_connection_t *c;
649 ngx_http_request_t *r; 652 ngx_http_request_t *r;
650 ngx_http_ssl_srv_conf_t *sscf; 653 ngx_http_connection_t *hc;
654 ngx_http_ssl_srv_conf_t *sscf;
655 ngx_http_core_loc_conf_t *clcf;
656 ngx_http_core_srv_conf_t *cscf;
651 657
652 servername = SSL_get_servername(ssl_conn, TLSEXT_NAMETYPE_host_name); 658 servername = SSL_get_servername(ssl_conn, TLSEXT_NAMETYPE_host_name);
653 659
654 if (servername == NULL) { 660 if (servername == NULL) {
655 return SSL_TLSEXT_ERR_NOACK; 661 return SSL_TLSEXT_ERR_NOACK;
672 678
673 if (ngx_http_validate_host(&host, r->pool, 1) != NGX_OK) { 679 if (ngx_http_validate_host(&host, r->pool, 1) != NGX_OK) {
674 return SSL_TLSEXT_ERR_NOACK; 680 return SSL_TLSEXT_ERR_NOACK;
675 } 681 }
676 682
677 if (ngx_http_find_virtual_server(r, host.data, host.len) != NGX_OK) { 683 hc = r->http_connection;
684
685 if (ngx_http_find_virtual_server(c, hc->addr_conf->virtual_names, &host,
686 NULL, &cscf)
687 != NGX_OK)
688 {
678 return SSL_TLSEXT_ERR_NOACK; 689 return SSL_TLSEXT_ERR_NOACK;
679 } 690 }
691
692 r->srv_conf = cscf->ctx->srv_conf;
693 r->loc_conf = cscf->ctx->loc_conf;
694
695 clcf = ngx_http_get_module_loc_conf(r, ngx_http_core_module);
696
697 ngx_http_set_connection_log(c, clcf->error_log);
680 698
681 sscf = ngx_http_get_module_srv_conf(r, ngx_http_ssl_module); 699 sscf = ngx_http_get_module_srv_conf(r, ngx_http_ssl_module);
682 700
683 if (sscf->ssl.ctx) { 701 if (sscf->ssl.ctx) {
684 SSL_set_SSL_CTX(ssl_conn, sscf->ssl.ctx); 702 SSL_set_SSL_CTX(ssl_conn, sscf->ssl.ctx);
901 r->headers_in.server = host; 919 r->headers_in.server = host;
902 } 920 }
903 921
904 if (r->http_version < NGX_HTTP_VERSION_10) { 922 if (r->http_version < NGX_HTTP_VERSION_10) {
905 923
906 if (ngx_http_find_virtual_server(r, r->headers_in.server.data, 924 if (ngx_http_set_virtual_server(r, &r->headers_in.server)
907 r->headers_in.server.len)
908 == NGX_ERROR) 925 == NGX_ERROR)
909 { 926 {
910 ngx_http_close_request(r, NGX_HTTP_INTERNAL_SERVER_ERROR);
911 return; 927 return;
912 } 928 }
913 929
914 ngx_http_process_request(r); 930 ngx_http_process_request(r);
915 return; 931 return;
1549 1565
1550 1566
1551 static ngx_int_t 1567 static ngx_int_t
1552 ngx_http_process_request_header(ngx_http_request_t *r) 1568 ngx_http_process_request_header(ngx_http_request_t *r)
1553 { 1569 {
1554 if (ngx_http_find_virtual_server(r, r->headers_in.server.data, 1570 if (ngx_http_set_virtual_server(r, &r->headers_in.server) == NGX_ERROR) {
1555 r->headers_in.server.len)
1556 == NGX_ERROR)
1557 {
1558 ngx_http_finalize_request(r, NGX_HTTP_INTERNAL_SERVER_ERROR);
1559 return NGX_ERROR; 1571 return NGX_ERROR;
1560 } 1572 }
1561 1573
1562 if (r->headers_in.host == NULL && r->http_version > NGX_HTTP_VERSION_10) { 1574 if (r->headers_in.host == NULL && r->http_version > NGX_HTTP_VERSION_10) {
1563 ngx_log_error(NGX_LOG_INFO, r->connection->log, 0, 1575 ngx_log_error(NGX_LOG_INFO, r->connection->log, 0,
1791 return NGX_OK; 1803 return NGX_OK;
1792 } 1804 }
1793 1805
1794 1806
1795 static ngx_int_t 1807 static ngx_int_t
1796 ngx_http_find_virtual_server(ngx_http_request_t *r, u_char *host, size_t len) 1808 ngx_http_set_virtual_server(ngx_http_request_t *r, ngx_str_t *host)
1797 { 1809 {
1810 ngx_int_t rc;
1811 ngx_http_connection_t *hc;
1798 ngx_http_core_loc_conf_t *clcf; 1812 ngx_http_core_loc_conf_t *clcf;
1799 ngx_http_core_srv_conf_t *cscf; 1813 ngx_http_core_srv_conf_t *cscf;
1800 ngx_http_virtual_names_t *virtual_names; 1814
1801 1815 hc = r->http_connection;
1802 virtual_names = r->http_connection->addr_conf->virtual_names; 1816
1817 rc = ngx_http_find_virtual_server(r->connection,
1818 hc->addr_conf->virtual_names,
1819 host, r, &cscf);
1820
1821 if (rc == NGX_ERROR) {
1822 ngx_http_close_request(r, NGX_HTTP_INTERNAL_SERVER_ERROR);
1823 return NGX_ERROR;
1824 }
1825
1826 if (rc == NGX_DECLINED) {
1827 return NGX_OK;
1828 }
1829
1830 r->srv_conf = cscf->ctx->srv_conf;
1831 r->loc_conf = cscf->ctx->loc_conf;
1832
1833 clcf = ngx_http_get_module_loc_conf(r, ngx_http_core_module);
1834
1835 ngx_http_set_connection_log(r->connection, clcf->error_log);
1836
1837 return NGX_OK;
1838 }
1839
1840
1841 static ngx_int_t
1842 ngx_http_find_virtual_server(ngx_connection_t *c,
1843 ngx_http_virtual_names_t *virtual_names, ngx_str_t *host,
1844 ngx_http_request_t *r, ngx_http_core_srv_conf_t **cscfp)
1845 {
1846 ngx_http_core_srv_conf_t *cscf;
1803 1847
1804 if (virtual_names == NULL) { 1848 if (virtual_names == NULL) {
1805 return NGX_DECLINED; 1849 return NGX_DECLINED;
1806 } 1850 }
1807 1851
1808 cscf = ngx_hash_find_combined(&virtual_names->names, 1852 cscf = ngx_hash_find_combined(&virtual_names->names,
1809 ngx_hash_key(host, len), host, len); 1853 ngx_hash_key(host->data, host->len),
1854 host->data, host->len);
1810 1855
1811 if (cscf) { 1856 if (cscf) {
1812 goto found; 1857 *cscfp = cscf;
1858 return NGX_OK;
1813 } 1859 }
1814 1860
1815 #if (NGX_PCRE) 1861 #if (NGX_PCRE)
1816 1862
1817 if (len && virtual_names->nregex) { 1863 if (host->len && virtual_names->nregex) {
1818 ngx_int_t n; 1864 ngx_int_t n;
1819 ngx_uint_t i; 1865 ngx_uint_t i;
1820 ngx_str_t name;
1821 ngx_http_server_name_t *sn; 1866 ngx_http_server_name_t *sn;
1822 1867
1823 name.len = len;
1824 name.data = host;
1825
1826 sn = virtual_names->regex; 1868 sn = virtual_names->regex;
1827 1869
1870 #ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
1871
1872 if (r == NULL) {
1873 for (i = 0; i < virtual_names->nregex; i++) {
1874
1875 n = ngx_regex_exec(sn[i].regex->regex, host, NULL, 0);
1876
1877 if (n == NGX_REGEX_NO_MATCHED) {
1878 continue;
1879 }
1880
1881 if (n >= 0) {
1882 *cscfp = sn[i].server;
1883 return NGX_OK;
1884 }
1885
1886 ngx_log_error(NGX_LOG_ALERT, c->log, 0,
1887 ngx_regex_exec_n " failed: %i "
1888 "on \"%V\" using \"%V\"",
1889 n, host, &sn[i].regex->name);
1890
1891 return NGX_ERROR;
1892 }
1893
1894 return NGX_DECLINED;
1895 }
1896
1897 #endif /* SSL_CTRL_SET_TLSEXT_HOSTNAME */
1898
1828 for (i = 0; i < virtual_names->nregex; i++) { 1899 for (i = 0; i < virtual_names->nregex; i++) {
1829 1900
1830 n = ngx_http_regex_exec(r, sn[i].regex, &name); 1901 n = ngx_http_regex_exec(r, sn[i].regex, host);
1831
1832 if (n == NGX_OK) {
1833 cscf = sn[i].server;
1834 goto found;
1835 }
1836 1902
1837 if (n == NGX_DECLINED) { 1903 if (n == NGX_DECLINED) {
1838 continue; 1904 continue;
1839 } 1905 }
1840 1906
1907 if (n == NGX_OK) {
1908 *cscfp = sn[i].server;
1909 return NGX_OK;
1910 }
1911
1841 return NGX_ERROR; 1912 return NGX_ERROR;
1842 } 1913 }
1843 } 1914 }
1844 1915
1845 #endif 1916 #endif /* NGX_PCRE */
1846 1917
1847 return NGX_DECLINED; 1918 return NGX_DECLINED;
1848
1849 found:
1850
1851 r->srv_conf = cscf->ctx->srv_conf;
1852 r->loc_conf = cscf->ctx->loc_conf;
1853
1854 clcf = ngx_http_get_module_loc_conf(r, ngx_http_core_module);
1855
1856 ngx_http_set_connection_log(r->connection, clcf->error_log);
1857
1858 return NGX_OK;
1859 } 1919 }
1860 1920
1861 1921
1862 static void 1922 static void
1863 ngx_http_request_handler(ngx_event_t *ev) 1923 ngx_http_request_handler(ngx_event_t *ev)