Mercurial > hg > nginx
comparison src/http/ngx_http_request.c @ 7462:be2af41d3620
SSL: variables support in ssl_certificate and ssl_certificate_key.
To evaluate variables, a request is created in the certificate callback,
and then freed. To do this without side effects on the stub_status
counters and connection state, an additional function was introduced,
ngx_http_alloc_request().
Only works with OpenSSL 1.0.2+, since there is no SSL_CTX_set_cert_cb()
in older versions.
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Mon, 25 Feb 2019 16:42:05 +0300 |
parents | 0f0c75caa038 |
children | 180df83473a4 |
comparison
equal
deleted
inserted
replaced
7461:a68799465b19 | 7462:be2af41d3620 |
---|---|
9 #include <ngx_core.h> | 9 #include <ngx_core.h> |
10 #include <ngx_http.h> | 10 #include <ngx_http.h> |
11 | 11 |
12 | 12 |
13 static void ngx_http_wait_request_handler(ngx_event_t *ev); | 13 static void ngx_http_wait_request_handler(ngx_event_t *ev); |
14 static ngx_http_request_t *ngx_http_alloc_request(ngx_connection_t *c); | |
14 static void ngx_http_process_request_line(ngx_event_t *rev); | 15 static void ngx_http_process_request_line(ngx_event_t *rev); |
15 static void ngx_http_process_request_headers(ngx_event_t *rev); | 16 static void ngx_http_process_request_headers(ngx_event_t *rev); |
16 static ssize_t ngx_http_read_request_header(ngx_http_request_t *r); | 17 static ssize_t ngx_http_read_request_header(ngx_http_request_t *r); |
17 static ngx_int_t ngx_http_alloc_large_header_buffer(ngx_http_request_t *r, | 18 static ngx_int_t ngx_http_alloc_large_header_buffer(ngx_http_request_t *r, |
18 ngx_uint_t request_line); | 19 ngx_uint_t request_line); |
501 | 502 |
502 | 503 |
503 ngx_http_request_t * | 504 ngx_http_request_t * |
504 ngx_http_create_request(ngx_connection_t *c) | 505 ngx_http_create_request(ngx_connection_t *c) |
505 { | 506 { |
507 ngx_http_request_t *r; | |
508 ngx_http_log_ctx_t *ctx; | |
509 ngx_http_core_loc_conf_t *clcf; | |
510 | |
511 r = ngx_http_alloc_request(c); | |
512 if (r == NULL) { | |
513 return NULL; | |
514 } | |
515 | |
516 c->requests++; | |
517 | |
518 clcf = ngx_http_get_module_loc_conf(r, ngx_http_core_module); | |
519 | |
520 ngx_set_connection_log(c, clcf->error_log); | |
521 | |
522 ctx = c->log->data; | |
523 ctx->request = r; | |
524 ctx->current_request = r; | |
525 | |
526 #if (NGX_STAT_STUB) | |
527 (void) ngx_atomic_fetch_add(ngx_stat_reading, 1); | |
528 r->stat_reading = 1; | |
529 (void) ngx_atomic_fetch_add(ngx_stat_requests, 1); | |
530 #endif | |
531 | |
532 return r; | |
533 } | |
534 | |
535 | |
536 static ngx_http_request_t * | |
537 ngx_http_alloc_request(ngx_connection_t *c) | |
538 { | |
506 ngx_pool_t *pool; | 539 ngx_pool_t *pool; |
507 ngx_time_t *tp; | 540 ngx_time_t *tp; |
508 ngx_http_request_t *r; | 541 ngx_http_request_t *r; |
509 ngx_http_log_ctx_t *ctx; | |
510 ngx_http_connection_t *hc; | 542 ngx_http_connection_t *hc; |
511 ngx_http_core_srv_conf_t *cscf; | 543 ngx_http_core_srv_conf_t *cscf; |
512 ngx_http_core_loc_conf_t *clcf; | |
513 ngx_http_core_main_conf_t *cmcf; | 544 ngx_http_core_main_conf_t *cmcf; |
514 | |
515 c->requests++; | |
516 | 545 |
517 hc = c->data; | 546 hc = c->data; |
518 | 547 |
519 cscf = ngx_http_get_module_srv_conf(hc->conf_ctx, ngx_http_core_module); | 548 cscf = ngx_http_get_module_srv_conf(hc->conf_ctx, ngx_http_core_module); |
520 | 549 |
538 r->main_conf = hc->conf_ctx->main_conf; | 567 r->main_conf = hc->conf_ctx->main_conf; |
539 r->srv_conf = hc->conf_ctx->srv_conf; | 568 r->srv_conf = hc->conf_ctx->srv_conf; |
540 r->loc_conf = hc->conf_ctx->loc_conf; | 569 r->loc_conf = hc->conf_ctx->loc_conf; |
541 | 570 |
542 r->read_event_handler = ngx_http_block_reading; | 571 r->read_event_handler = ngx_http_block_reading; |
543 | |
544 clcf = ngx_http_get_module_loc_conf(r, ngx_http_core_module); | |
545 | |
546 ngx_set_connection_log(r->connection, clcf->error_log); | |
547 | 572 |
548 r->header_in = hc->busy ? hc->busy->buf : c->buffer; | 573 r->header_in = hc->busy ? hc->busy->buf : c->buffer; |
549 | 574 |
550 if (ngx_list_init(&r->headers_out.headers, r->pool, 20, | 575 if (ngx_list_init(&r->headers_out.headers, r->pool, 20, |
551 sizeof(ngx_table_elt_t)) | 576 sizeof(ngx_table_elt_t)) |
602 r->uri_changes = NGX_HTTP_MAX_URI_CHANGES + 1; | 627 r->uri_changes = NGX_HTTP_MAX_URI_CHANGES + 1; |
603 r->subrequests = NGX_HTTP_MAX_SUBREQUESTS + 1; | 628 r->subrequests = NGX_HTTP_MAX_SUBREQUESTS + 1; |
604 | 629 |
605 r->http_state = NGX_HTTP_READING_REQUEST_STATE; | 630 r->http_state = NGX_HTTP_READING_REQUEST_STATE; |
606 | 631 |
607 ctx = c->log->data; | |
608 ctx->request = r; | |
609 ctx->current_request = r; | |
610 r->log_handler = ngx_http_log_error_handler; | 632 r->log_handler = ngx_http_log_error_handler; |
611 | |
612 #if (NGX_STAT_STUB) | |
613 (void) ngx_atomic_fetch_add(ngx_stat_reading, 1); | |
614 r->stat_reading = 1; | |
615 (void) ngx_atomic_fetch_add(ngx_stat_requests, 1); | |
616 #endif | |
617 | 633 |
618 return r; | 634 return r; |
619 } | 635 } |
620 | 636 |
621 | 637 |
925 SSL_set_options(ssl_conn, SSL_OP_NO_RENEGOTIATION); | 941 SSL_set_options(ssl_conn, SSL_OP_NO_RENEGOTIATION); |
926 #endif | 942 #endif |
927 } | 943 } |
928 | 944 |
929 return SSL_TLSEXT_ERR_OK; | 945 return SSL_TLSEXT_ERR_OK; |
946 } | |
947 | |
948 #endif | |
949 | |
950 | |
951 #ifdef SSL_R_CERT_CB_ERROR | |
952 | |
953 int | |
954 ngx_http_ssl_certificate(ngx_ssl_conn_t *ssl_conn, void *arg) | |
955 { | |
956 ngx_str_t cert, key; | |
957 ngx_uint_t i, nelts; | |
958 ngx_connection_t *c; | |
959 ngx_http_request_t *r; | |
960 ngx_http_ssl_srv_conf_t *sscf; | |
961 ngx_http_complex_value_t *certs, *keys; | |
962 | |
963 c = ngx_ssl_get_connection(ssl_conn); | |
964 | |
965 if (c->ssl->handshaked) { | |
966 return 0; | |
967 } | |
968 | |
969 r = ngx_http_alloc_request(c); | |
970 if (r == NULL) { | |
971 return 0; | |
972 } | |
973 | |
974 r->logged = 1; | |
975 | |
976 sscf = ngx_http_get_module_srv_conf(r, ngx_http_ssl_module); | |
977 | |
978 nelts = sscf->certificate_values->nelts; | |
979 certs = sscf->certificate_values->elts; | |
980 keys = sscf->certificate_key_values->elts; | |
981 | |
982 for (i = 0; i < nelts; i++) { | |
983 | |
984 if (ngx_http_complex_value(r, &certs[i], &cert) != NGX_OK) { | |
985 goto failed; | |
986 } | |
987 | |
988 ngx_log_debug1(NGX_LOG_DEBUG_HTTP, c->log, 0, | |
989 "ssl cert: \"%s\"", cert.data); | |
990 | |
991 if (ngx_http_complex_value(r, &keys[i], &key) != NGX_OK) { | |
992 goto failed; | |
993 } | |
994 | |
995 ngx_log_debug1(NGX_LOG_DEBUG_HTTP, c->log, 0, | |
996 "ssl key: \"%s\"", key.data); | |
997 | |
998 if (ngx_ssl_connection_certificate(c, r->pool, &cert, &key, NULL) | |
999 != NGX_OK) | |
1000 { | |
1001 goto failed; | |
1002 } | |
1003 } | |
1004 | |
1005 ngx_http_free_request(r, 0); | |
1006 c->destroyed = 0; | |
1007 return 1; | |
1008 | |
1009 failed: | |
1010 | |
1011 ngx_http_free_request(r, 0); | |
1012 c->destroyed = 0; | |
1013 return 0; | |
930 } | 1014 } |
931 | 1015 |
932 #endif | 1016 #endif |
933 | 1017 |
934 #endif | 1018 #endif |
3512 | 3596 |
3513 if (rc > 0 && (r->headers_out.status == 0 || r->connection->sent == 0)) { | 3597 if (rc > 0 && (r->headers_out.status == 0 || r->connection->sent == 0)) { |
3514 r->headers_out.status = rc; | 3598 r->headers_out.status = rc; |
3515 } | 3599 } |
3516 | 3600 |
3517 log->action = "logging request"; | 3601 if (!r->logged) { |
3518 | 3602 log->action = "logging request"; |
3519 ngx_http_log_request(r); | 3603 |
3604 ngx_http_log_request(r); | |
3605 } | |
3520 | 3606 |
3521 log->action = "closing request"; | 3607 log->action = "closing request"; |
3522 | 3608 |
3523 if (r->connection->timedout) { | 3609 if (r->connection->timedout) { |
3524 clcf = ngx_http_get_module_loc_conf(r, ngx_http_core_module); | 3610 clcf = ngx_http_get_module_loc_conf(r, ngx_http_core_module); |