Mercurial > hg > nginx
comparison src/http/ngx_http_request.c @ 5088:ac31fcecb464
SNI: ignore captures in server_name regexes when matching by SNI.
This change helps to decouple ngx_http_ssl_servername() from the request
object.
Note: now we close connection in case of error during server name lookup
for request. Previously, we did so only for HTTP/0.9 requests.
author | Valentin Bartenev <vbart@nginx.com> |
---|---|
date | Wed, 27 Feb 2013 17:06:52 +0000 |
parents | 66e0f9adbc8c |
children | 903f2a5d86a5 |
comparison
equal
deleted
inserted
replaced
5087:66e0f9adbc8c | 5088:ac31fcecb464 |
---|---|
32 | 32 |
33 static ngx_int_t ngx_http_process_request_header(ngx_http_request_t *r); | 33 static ngx_int_t ngx_http_process_request_header(ngx_http_request_t *r); |
34 static void ngx_http_process_request(ngx_http_request_t *r); | 34 static void ngx_http_process_request(ngx_http_request_t *r); |
35 static ngx_int_t ngx_http_validate_host(ngx_str_t *host, ngx_pool_t *pool, | 35 static ngx_int_t ngx_http_validate_host(ngx_str_t *host, ngx_pool_t *pool, |
36 ngx_uint_t alloc); | 36 ngx_uint_t alloc); |
37 static ngx_int_t ngx_http_find_virtual_server(ngx_http_request_t *r, | 37 static ngx_int_t ngx_http_set_virtual_server(ngx_http_request_t *r, |
38 u_char *host, size_t len); | 38 ngx_str_t *host); |
39 static ngx_int_t ngx_http_find_virtual_server(ngx_connection_t *c, | |
40 ngx_http_virtual_names_t *virtual_names, ngx_str_t *host, | |
41 ngx_http_request_t *r, ngx_http_core_srv_conf_t **cscfp); | |
39 | 42 |
40 static void ngx_http_request_handler(ngx_event_t *ev); | 43 static void ngx_http_request_handler(ngx_event_t *ev); |
41 static void ngx_http_terminate_request(ngx_http_request_t *r, ngx_int_t rc); | 44 static void ngx_http_terminate_request(ngx_http_request_t *r, ngx_int_t rc); |
42 static void ngx_http_terminate_handler(ngx_http_request_t *r); | 45 static void ngx_http_terminate_handler(ngx_http_request_t *r); |
43 static void ngx_http_finalize_connection(ngx_http_request_t *r); | 46 static void ngx_http_finalize_connection(ngx_http_request_t *r); |
641 #ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME | 644 #ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME |
642 | 645 |
643 int | 646 int |
644 ngx_http_ssl_servername(ngx_ssl_conn_t *ssl_conn, int *ad, void *arg) | 647 ngx_http_ssl_servername(ngx_ssl_conn_t *ssl_conn, int *ad, void *arg) |
645 { | 648 { |
646 ngx_str_t host; | 649 ngx_str_t host; |
647 const char *servername; | 650 const char *servername; |
648 ngx_connection_t *c; | 651 ngx_connection_t *c; |
649 ngx_http_request_t *r; | 652 ngx_http_request_t *r; |
650 ngx_http_ssl_srv_conf_t *sscf; | 653 ngx_http_connection_t *hc; |
654 ngx_http_ssl_srv_conf_t *sscf; | |
655 ngx_http_core_loc_conf_t *clcf; | |
656 ngx_http_core_srv_conf_t *cscf; | |
651 | 657 |
652 servername = SSL_get_servername(ssl_conn, TLSEXT_NAMETYPE_host_name); | 658 servername = SSL_get_servername(ssl_conn, TLSEXT_NAMETYPE_host_name); |
653 | 659 |
654 if (servername == NULL) { | 660 if (servername == NULL) { |
655 return SSL_TLSEXT_ERR_NOACK; | 661 return SSL_TLSEXT_ERR_NOACK; |
672 | 678 |
673 if (ngx_http_validate_host(&host, r->pool, 1) != NGX_OK) { | 679 if (ngx_http_validate_host(&host, r->pool, 1) != NGX_OK) { |
674 return SSL_TLSEXT_ERR_NOACK; | 680 return SSL_TLSEXT_ERR_NOACK; |
675 } | 681 } |
676 | 682 |
677 if (ngx_http_find_virtual_server(r, host.data, host.len) != NGX_OK) { | 683 hc = r->http_connection; |
684 | |
685 if (ngx_http_find_virtual_server(c, hc->addr_conf->virtual_names, &host, | |
686 NULL, &cscf) | |
687 != NGX_OK) | |
688 { | |
678 return SSL_TLSEXT_ERR_NOACK; | 689 return SSL_TLSEXT_ERR_NOACK; |
679 } | 690 } |
691 | |
692 r->srv_conf = cscf->ctx->srv_conf; | |
693 r->loc_conf = cscf->ctx->loc_conf; | |
694 | |
695 clcf = ngx_http_get_module_loc_conf(r, ngx_http_core_module); | |
696 | |
697 ngx_http_set_connection_log(c, clcf->error_log); | |
680 | 698 |
681 sscf = ngx_http_get_module_srv_conf(r, ngx_http_ssl_module); | 699 sscf = ngx_http_get_module_srv_conf(r, ngx_http_ssl_module); |
682 | 700 |
683 if (sscf->ssl.ctx) { | 701 if (sscf->ssl.ctx) { |
684 SSL_set_SSL_CTX(ssl_conn, sscf->ssl.ctx); | 702 SSL_set_SSL_CTX(ssl_conn, sscf->ssl.ctx); |
901 r->headers_in.server = host; | 919 r->headers_in.server = host; |
902 } | 920 } |
903 | 921 |
904 if (r->http_version < NGX_HTTP_VERSION_10) { | 922 if (r->http_version < NGX_HTTP_VERSION_10) { |
905 | 923 |
906 if (ngx_http_find_virtual_server(r, r->headers_in.server.data, | 924 if (ngx_http_set_virtual_server(r, &r->headers_in.server) |
907 r->headers_in.server.len) | |
908 == NGX_ERROR) | 925 == NGX_ERROR) |
909 { | 926 { |
910 ngx_http_close_request(r, NGX_HTTP_INTERNAL_SERVER_ERROR); | |
911 return; | 927 return; |
912 } | 928 } |
913 | 929 |
914 ngx_http_process_request(r); | 930 ngx_http_process_request(r); |
915 return; | 931 return; |
1549 | 1565 |
1550 | 1566 |
1551 static ngx_int_t | 1567 static ngx_int_t |
1552 ngx_http_process_request_header(ngx_http_request_t *r) | 1568 ngx_http_process_request_header(ngx_http_request_t *r) |
1553 { | 1569 { |
1554 if (ngx_http_find_virtual_server(r, r->headers_in.server.data, | 1570 if (ngx_http_set_virtual_server(r, &r->headers_in.server) == NGX_ERROR) { |
1555 r->headers_in.server.len) | |
1556 == NGX_ERROR) | |
1557 { | |
1558 ngx_http_finalize_request(r, NGX_HTTP_INTERNAL_SERVER_ERROR); | |
1559 return NGX_ERROR; | 1571 return NGX_ERROR; |
1560 } | 1572 } |
1561 | 1573 |
1562 if (r->headers_in.host == NULL && r->http_version > NGX_HTTP_VERSION_10) { | 1574 if (r->headers_in.host == NULL && r->http_version > NGX_HTTP_VERSION_10) { |
1563 ngx_log_error(NGX_LOG_INFO, r->connection->log, 0, | 1575 ngx_log_error(NGX_LOG_INFO, r->connection->log, 0, |
1791 return NGX_OK; | 1803 return NGX_OK; |
1792 } | 1804 } |
1793 | 1805 |
1794 | 1806 |
1795 static ngx_int_t | 1807 static ngx_int_t |
1796 ngx_http_find_virtual_server(ngx_http_request_t *r, u_char *host, size_t len) | 1808 ngx_http_set_virtual_server(ngx_http_request_t *r, ngx_str_t *host) |
1797 { | 1809 { |
1810 ngx_int_t rc; | |
1811 ngx_http_connection_t *hc; | |
1798 ngx_http_core_loc_conf_t *clcf; | 1812 ngx_http_core_loc_conf_t *clcf; |
1799 ngx_http_core_srv_conf_t *cscf; | 1813 ngx_http_core_srv_conf_t *cscf; |
1800 ngx_http_virtual_names_t *virtual_names; | 1814 |
1801 | 1815 hc = r->http_connection; |
1802 virtual_names = r->http_connection->addr_conf->virtual_names; | 1816 |
1817 rc = ngx_http_find_virtual_server(r->connection, | |
1818 hc->addr_conf->virtual_names, | |
1819 host, r, &cscf); | |
1820 | |
1821 if (rc == NGX_ERROR) { | |
1822 ngx_http_close_request(r, NGX_HTTP_INTERNAL_SERVER_ERROR); | |
1823 return NGX_ERROR; | |
1824 } | |
1825 | |
1826 if (rc == NGX_DECLINED) { | |
1827 return NGX_OK; | |
1828 } | |
1829 | |
1830 r->srv_conf = cscf->ctx->srv_conf; | |
1831 r->loc_conf = cscf->ctx->loc_conf; | |
1832 | |
1833 clcf = ngx_http_get_module_loc_conf(r, ngx_http_core_module); | |
1834 | |
1835 ngx_http_set_connection_log(r->connection, clcf->error_log); | |
1836 | |
1837 return NGX_OK; | |
1838 } | |
1839 | |
1840 | |
1841 static ngx_int_t | |
1842 ngx_http_find_virtual_server(ngx_connection_t *c, | |
1843 ngx_http_virtual_names_t *virtual_names, ngx_str_t *host, | |
1844 ngx_http_request_t *r, ngx_http_core_srv_conf_t **cscfp) | |
1845 { | |
1846 ngx_http_core_srv_conf_t *cscf; | |
1803 | 1847 |
1804 if (virtual_names == NULL) { | 1848 if (virtual_names == NULL) { |
1805 return NGX_DECLINED; | 1849 return NGX_DECLINED; |
1806 } | 1850 } |
1807 | 1851 |
1808 cscf = ngx_hash_find_combined(&virtual_names->names, | 1852 cscf = ngx_hash_find_combined(&virtual_names->names, |
1809 ngx_hash_key(host, len), host, len); | 1853 ngx_hash_key(host->data, host->len), |
1854 host->data, host->len); | |
1810 | 1855 |
1811 if (cscf) { | 1856 if (cscf) { |
1812 goto found; | 1857 *cscfp = cscf; |
1858 return NGX_OK; | |
1813 } | 1859 } |
1814 | 1860 |
1815 #if (NGX_PCRE) | 1861 #if (NGX_PCRE) |
1816 | 1862 |
1817 if (len && virtual_names->nregex) { | 1863 if (host->len && virtual_names->nregex) { |
1818 ngx_int_t n; | 1864 ngx_int_t n; |
1819 ngx_uint_t i; | 1865 ngx_uint_t i; |
1820 ngx_str_t name; | |
1821 ngx_http_server_name_t *sn; | 1866 ngx_http_server_name_t *sn; |
1822 | 1867 |
1823 name.len = len; | |
1824 name.data = host; | |
1825 | |
1826 sn = virtual_names->regex; | 1868 sn = virtual_names->regex; |
1827 | 1869 |
1870 #ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME | |
1871 | |
1872 if (r == NULL) { | |
1873 for (i = 0; i < virtual_names->nregex; i++) { | |
1874 | |
1875 n = ngx_regex_exec(sn[i].regex->regex, host, NULL, 0); | |
1876 | |
1877 if (n == NGX_REGEX_NO_MATCHED) { | |
1878 continue; | |
1879 } | |
1880 | |
1881 if (n >= 0) { | |
1882 *cscfp = sn[i].server; | |
1883 return NGX_OK; | |
1884 } | |
1885 | |
1886 ngx_log_error(NGX_LOG_ALERT, c->log, 0, | |
1887 ngx_regex_exec_n " failed: %i " | |
1888 "on \"%V\" using \"%V\"", | |
1889 n, host, &sn[i].regex->name); | |
1890 | |
1891 return NGX_ERROR; | |
1892 } | |
1893 | |
1894 return NGX_DECLINED; | |
1895 } | |
1896 | |
1897 #endif /* SSL_CTRL_SET_TLSEXT_HOSTNAME */ | |
1898 | |
1828 for (i = 0; i < virtual_names->nregex; i++) { | 1899 for (i = 0; i < virtual_names->nregex; i++) { |
1829 | 1900 |
1830 n = ngx_http_regex_exec(r, sn[i].regex, &name); | 1901 n = ngx_http_regex_exec(r, sn[i].regex, host); |
1831 | |
1832 if (n == NGX_OK) { | |
1833 cscf = sn[i].server; | |
1834 goto found; | |
1835 } | |
1836 | 1902 |
1837 if (n == NGX_DECLINED) { | 1903 if (n == NGX_DECLINED) { |
1838 continue; | 1904 continue; |
1839 } | 1905 } |
1840 | 1906 |
1907 if (n == NGX_OK) { | |
1908 *cscfp = sn[i].server; | |
1909 return NGX_OK; | |
1910 } | |
1911 | |
1841 return NGX_ERROR; | 1912 return NGX_ERROR; |
1842 } | 1913 } |
1843 } | 1914 } |
1844 | 1915 |
1845 #endif | 1916 #endif /* NGX_PCRE */ |
1846 | 1917 |
1847 return NGX_DECLINED; | 1918 return NGX_DECLINED; |
1848 | |
1849 found: | |
1850 | |
1851 r->srv_conf = cscf->ctx->srv_conf; | |
1852 r->loc_conf = cscf->ctx->loc_conf; | |
1853 | |
1854 clcf = ngx_http_get_module_loc_conf(r, ngx_http_core_module); | |
1855 | |
1856 ngx_http_set_connection_log(r->connection, clcf->error_log); | |
1857 | |
1858 return NGX_OK; | |
1859 } | 1919 } |
1860 | 1920 |
1861 | 1921 |
1862 static void | 1922 static void |
1863 ngx_http_request_handler(ngx_event_t *ev) | 1923 ngx_http_request_handler(ngx_event_t *ev) |