Mercurial > hg > nginx
comparison src/event/ngx_event_openssl.c @ 7509:b99cbafd51da
SSL: removed OpenSSL 0.9.7 compatibility.
author | Sergey Kandaurov <pluknet@nginx.com> |
---|---|
date | Mon, 11 Apr 2016 15:46:36 +0300 |
parents | 65074e13f171 |
children | 2432a687e789 |
comparison
equal
deleted
inserted
replaced
7508:c30a20e06c21 | 7509:b99cbafd51da |
---|---|
162 | 162 |
163 OpenSSL_add_all_algorithms(); | 163 OpenSSL_add_all_algorithms(); |
164 | 164 |
165 #endif | 165 #endif |
166 | 166 |
167 #if OPENSSL_VERSION_NUMBER >= 0x0090800fL | |
168 #ifndef SSL_OP_NO_COMPRESSION | 167 #ifndef SSL_OP_NO_COMPRESSION |
169 { | 168 { |
170 /* | 169 /* |
171 * Disable gzip compression in OpenSSL prior to 1.0.0 version, | 170 * Disable gzip compression in OpenSSL prior to 1.0.0 version, |
172 * this saves about 522K per connection. | 171 * this saves about 522K per connection. |
180 while (n--) { | 179 while (n--) { |
181 (void) sk_SSL_COMP_pop(ssl_comp_methods); | 180 (void) sk_SSL_COMP_pop(ssl_comp_methods); |
182 } | 181 } |
183 } | 182 } |
184 #endif | 183 #endif |
185 #endif | |
186 | 184 |
187 ngx_ssl_connection_index = SSL_get_ex_new_index(0, NULL, NULL, NULL, NULL); | 185 ngx_ssl_connection_index = SSL_get_ex_new_index(0, NULL, NULL, NULL, NULL); |
188 | 186 |
189 if (ngx_ssl_connection_index == -1) { | 187 if (ngx_ssl_connection_index == -1) { |
190 ngx_ssl_error(NGX_LOG_ALERT, log, 0, "SSL_get_ex_new_index() failed"); | 188 ngx_ssl_error(NGX_LOG_ALERT, log, 0, "SSL_get_ex_new_index() failed"); |
901 if (list == NULL) { | 899 if (list == NULL) { |
902 ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0, | 900 ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0, |
903 "SSL_load_client_CA_file(\"%s\") failed", cert->data); | 901 "SSL_load_client_CA_file(\"%s\") failed", cert->data); |
904 return NGX_ERROR; | 902 return NGX_ERROR; |
905 } | 903 } |
906 | |
907 /* | |
908 * before 0.9.7h and 0.9.8 SSL_load_client_CA_file() | |
909 * always leaved an error in the error queue | |
910 */ | |
911 | |
912 ERR_clear_error(); | |
913 | 904 |
914 SSL_CTX_set_client_CA_list(ssl->ctx, list); | 905 SSL_CTX_set_client_CA_list(ssl->ctx, list); |
915 | 906 |
916 return NGX_OK; | 907 return NGX_OK; |
917 } | 908 } |
1074 * to write side of the connection by comparing rbio and wbio. | 1065 * to write side of the connection by comparing rbio and wbio. |
1075 * If they are different, we assume that it's due to buffering | 1066 * If they are different, we assume that it's due to buffering |
1076 * added to wbio, and set buffer size. | 1067 * added to wbio, and set buffer size. |
1077 */ | 1068 */ |
1078 | 1069 |
1079 rbio = SSL_get_rbio((ngx_ssl_conn_t *) ssl_conn); | 1070 rbio = SSL_get_rbio(ssl_conn); |
1080 wbio = SSL_get_wbio((ngx_ssl_conn_t *) ssl_conn); | 1071 wbio = SSL_get_wbio(ssl_conn); |
1081 | 1072 |
1082 if (rbio != wbio) { | 1073 if (rbio != wbio) { |
1083 (void) BIO_set_write_buffer_size(wbio, NGX_SSL_BUFSIZE); | 1074 (void) BIO_set_write_buffer_size(wbio, NGX_SSL_BUFSIZE); |
1084 c->ssl->handshake_buffer_set = 1; | 1075 c->ssl->handshake_buffer_set = 1; |
1085 } | 1076 } |
1358 | 1349 |
1359 | 1350 |
1360 ngx_int_t | 1351 ngx_int_t |
1361 ngx_ssl_ecdh_curve(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *name) | 1352 ngx_ssl_ecdh_curve(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *name) |
1362 { | 1353 { |
1363 #if OPENSSL_VERSION_NUMBER >= 0x0090800fL | |
1364 #ifndef OPENSSL_NO_ECDH | 1354 #ifndef OPENSSL_NO_ECDH |
1365 | 1355 |
1366 /* | 1356 /* |
1367 * Elliptic-Curve Diffie-Hellman parameters are either "named curves" | 1357 * Elliptic-Curve Diffie-Hellman parameters are either "named curves" |
1368 * from RFC 4492 section 5.1.1, or explicitly described curves over | 1358 * from RFC 4492 section 5.1.1, or explicitly described curves over |
1431 SSL_CTX_set_options(ssl->ctx, SSL_OP_SINGLE_ECDH_USE); | 1421 SSL_CTX_set_options(ssl->ctx, SSL_OP_SINGLE_ECDH_USE); |
1432 | 1422 |
1433 SSL_CTX_set_tmp_ecdh(ssl->ctx, ecdh); | 1423 SSL_CTX_set_tmp_ecdh(ssl->ctx, ecdh); |
1434 | 1424 |
1435 EC_KEY_free(ecdh); | 1425 EC_KEY_free(ecdh); |
1436 #endif | |
1437 #endif | 1426 #endif |
1438 #endif | 1427 #endif |
1439 | 1428 |
1440 return NGX_OK; | 1429 return NGX_OK; |
1441 } | 1430 } |
3362 if (sess_id == NULL) { | 3351 if (sess_id == NULL) { |
3363 goto failed; | 3352 goto failed; |
3364 } | 3353 } |
3365 } | 3354 } |
3366 | 3355 |
3367 #if OPENSSL_VERSION_NUMBER >= 0x0090800fL | |
3368 | |
3369 session_id = (u_char *) SSL_SESSION_get_id(sess, &session_id_length); | 3356 session_id = (u_char *) SSL_SESSION_get_id(sess, &session_id_length); |
3370 | |
3371 #else | |
3372 | |
3373 session_id = sess->session_id; | |
3374 session_id_length = sess->session_id_length; | |
3375 | |
3376 #endif | |
3377 | 3357 |
3378 #if (NGX_PTR_SIZE == 8) | 3358 #if (NGX_PTR_SIZE == 8) |
3379 | 3359 |
3380 id = sess_id->sess_id; | 3360 id = sess_id->sess_id; |
3381 | 3361 |
3448 #if OPENSSL_VERSION_NUMBER >= 0x10100003L | 3428 #if OPENSSL_VERSION_NUMBER >= 0x10100003L |
3449 const | 3429 const |
3450 #endif | 3430 #endif |
3451 u_char *id, int len, int *copy) | 3431 u_char *id, int len, int *copy) |
3452 { | 3432 { |
3453 #if OPENSSL_VERSION_NUMBER >= 0x0090707fL | |
3454 const | |
3455 #endif | |
3456 u_char *p; | |
3457 size_t slen; | 3433 size_t slen; |
3458 uint32_t hash; | 3434 uint32_t hash; |
3459 ngx_int_t rc; | 3435 ngx_int_t rc; |
3436 const u_char *p; | |
3460 ngx_shm_zone_t *shm_zone; | 3437 ngx_shm_zone_t *shm_zone; |
3461 ngx_slab_pool_t *shpool; | 3438 ngx_slab_pool_t *shpool; |
3462 ngx_rbtree_node_t *node, *sentinel; | 3439 ngx_rbtree_node_t *node, *sentinel; |
3463 ngx_ssl_session_t *sess; | 3440 ngx_ssl_session_t *sess; |
3464 ngx_ssl_sess_id_t *sess_id; | 3441 ngx_ssl_sess_id_t *sess_id; |
3576 return; | 3553 return; |
3577 } | 3554 } |
3578 | 3555 |
3579 cache = shm_zone->data; | 3556 cache = shm_zone->data; |
3580 | 3557 |
3581 #if OPENSSL_VERSION_NUMBER >= 0x0090800fL | |
3582 | |
3583 id = (u_char *) SSL_SESSION_get_id(sess, &len); | 3558 id = (u_char *) SSL_SESSION_get_id(sess, &len); |
3584 | |
3585 #else | |
3586 | |
3587 id = sess->session_id; | |
3588 len = sess->session_id_length; | |
3589 | |
3590 #endif | |
3591 | 3559 |
3592 hash = ngx_crc32_short(id, len); | 3560 hash = ngx_crc32_short(id, len); |
3593 | 3561 |
3594 ngx_log_debug2(NGX_LOG_DEBUG_EVENT, ngx_cycle->log, 0, | 3562 ngx_log_debug2(NGX_LOG_DEBUG_EVENT, ngx_cycle->log, 0, |
3595 "ssl remove session: %08XD:%ud", hash, len); | 3563 "ssl remove session: %08XD:%ud", hash, len); |
4385 if (sess == NULL) { | 4353 if (sess == NULL) { |
4386 s->len = 0; | 4354 s->len = 0; |
4387 return NGX_OK; | 4355 return NGX_OK; |
4388 } | 4356 } |
4389 | 4357 |
4390 #if OPENSSL_VERSION_NUMBER >= 0x0090800fL | |
4391 | |
4392 buf = (u_char *) SSL_SESSION_get_id(sess, &len); | 4358 buf = (u_char *) SSL_SESSION_get_id(sess, &len); |
4393 | |
4394 #else | |
4395 | |
4396 buf = sess->session_id; | |
4397 len = sess->session_id_length; | |
4398 | |
4399 #endif | |
4400 | 4359 |
4401 s->len = 2 * len; | 4360 s->len = 2 * len; |
4402 s->data = ngx_pnalloc(pool, 2 * len); | 4361 s->data = ngx_pnalloc(pool, 2 * len); |
4403 if (s->data == NULL) { | 4362 if (s->data == NULL) { |
4404 return NGX_ERROR; | 4363 return NGX_ERROR; |