Mercurial > hg > nginx
comparison src/http/modules/ngx_http_ssl_filter.c @ 383:c05876036128
nginx-0.0.7-2004-07-08-19:17:47 import
| author | Igor Sysoev <igor@sysoev.ru> |
|---|---|
| date | Thu, 08 Jul 2004 15:17:47 +0000 |
| parents | |
| children | e7054aaedf68 |
comparison
equal
deleted
inserted
replaced
| 382:449c4885dcd1 | 383:c05876036128 |
|---|---|
| 1 | |
| 2 #include <ngx_config.h> | |
| 3 #include <ngx_core.h> | |
| 4 #include <ngx_http.h> | |
| 5 | |
| 6 #include <openssl/ssl.h> | |
| 7 #include <openssl/err.h> | |
| 8 | |
| 9 | |
| 10 #define NGX_DEFLAUT_CERTIFICATE "cert.pem" | |
| 11 #define NGX_DEFLAUT_CERTIFICATE_KEY "cert.pem" | |
| 12 | |
| 13 | |
| 14 typedef struct { | |
| 15 ngx_flag_t enable; | |
| 16 ngx_str_t certificate; | |
| 17 ngx_str_t certificate_key; | |
| 18 } ngx_http_ssl_srv_conf_t; | |
| 19 | |
| 20 | |
| 21 typedef struct { | |
| 22 SSL *ssl; | |
| 23 SSL_CTX *ssl_ctx; | |
| 24 | |
| 25 unsigned accepted; | |
| 26 } ngx_http_ssl_ctx_t; | |
| 27 | |
| 28 | |
| 29 static ngx_http_ssl_ctx_t *ngx_http_ssl_create_ctx(ngx_http_request_t *r); | |
| 30 static void ngx_http_ssl_error(ngx_uint_t level, ngx_log_t *log, int err, | |
| 31 char *fmt, ...); | |
| 32 static void *ngx_http_ssl_create_srv_conf(ngx_conf_t *cf); | |
| 33 static char *ngx_http_ssl_merge_srv_conf(ngx_conf_t *cf, | |
| 34 void *parent, void *child); | |
| 35 static ngx_int_t ngx_http_ssl_filter_init(ngx_cycle_t *cycle); | |
| 36 | |
| 37 | |
| 38 static ngx_command_t ngx_http_charset_filter_commands[] = { | |
| 39 | |
| 40 { ngx_string("ssl_"), | |
| 41 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_FLAG, | |
| 42 ngx_conf_set_flag_slot, | |
| 43 NGX_HTTP_SRV_CONF_OFFSET, | |
| 44 offsetof(ngx_http_ssl_srv_conf_t, enable), | |
| 45 NULL }, | |
| 46 | |
| 47 { ngx_string("ssl_certificate"), | |
| 48 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_TAKE1, | |
| 49 ngx_conf_set_str_slot, | |
| 50 NGX_HTTP_SRV_CONF_OFFSET, | |
| 51 offsetof(ngx_http_ssl_srv_conf_t, certificate), | |
| 52 NULL }, | |
| 53 | |
| 54 { ngx_string("ssl_certificate_key"), | |
| 55 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_TAKE1, | |
| 56 ngx_conf_set_str_slot, | |
| 57 NGX_HTTP_SRV_CONF_OFFSET, | |
| 58 offsetof(ngx_http_ssl_srv_conf_t, certificate_key), | |
| 59 NULL }, | |
| 60 | |
| 61 ngx_null_command | |
| 62 }; | |
| 63 | |
| 64 | |
| 65 static ngx_http_module_t ngx_http_ssl_filter_module_ctx = { | |
| 66 NULL, /* pre conf */ | |
| 67 | |
| 68 NULL, /* create main configuration */ | |
| 69 NULL, /* init main configuration */ | |
| 70 | |
| 71 ngx_http_ssl_create_srv_conf, /* create server configuration */ | |
| 72 ngx_http_ssl_merge_srv_conf, /* merge server configuration */ | |
| 73 | |
| 74 NULL, /* create location configuration */ | |
| 75 NULL, /* merge location configuration */ | |
| 76 }; | |
| 77 | |
| 78 | |
| 79 ngx_module_t ngx_http_ssl_filter_module = { | |
| 80 NGX_MODULE, | |
| 81 &ngx_http_ssl_filter_module_ctx, /* module context */ | |
| 82 NULL, /* module directives */ | |
| 83 NGX_HTTP_MODULE, /* module type */ | |
| 84 ngx_http_ssl_filter_init, /* init module */ | |
| 85 NULL /* init process */ | |
| 86 }; | |
| 87 | |
| 88 | |
| 89 ngx_int_t ngx_http_ssl_read(ngx_http_request_t *r) | |
| 90 { | |
| 91 int rc; | |
| 92 ngx_http_ssl_ctx_t *ctx; | |
| 93 | |
| 94 ctx = ngx_http_get_module_ctx(r, ngx_http_ssl_filter_module); | |
| 95 | |
| 96 if (ctx == NULL) { | |
| 97 ctx = ngx_http_ssl_create_ctx(r); | |
| 98 | |
| 99 if (ctx == NULL) { | |
| 100 return NGX_HTTP_INTERNAL_SERVER_ERROR; | |
| 101 } | |
| 102 } | |
| 103 | |
| 104 if (!ctx->accepted) { | |
| 105 rc = SSL_accept(ctx->ssl); | |
| 106 | |
| 107 if (rc != 1) { | |
| 108 rc = SSL_get_error(ctx->ssl, rc); | |
| 109 | |
| 110 if (rc == SSL_ERROR_WANT_READ || rc == SSL_ERROR_WANT_WRITE) { | |
| 111 return NGX_AGAIN; | |
| 112 } | |
| 113 | |
| 114 ngx_http_ssl_error(NGX_LOG_ALERT, r->connection->log, rc, | |
| 115 "SSL_accept() failed"); | |
| 116 return NGX_ERROR; | |
| 117 } | |
| 118 | |
| 119 ctx->accepted = 1; | |
| 120 } | |
| 121 | |
| 122 return NGX_OK; | |
| 123 } | |
| 124 | |
| 125 | |
| 126 static ngx_http_ssl_ctx_t *ngx_http_ssl_create_ctx(ngx_http_request_t *r) | |
| 127 { | |
| 128 ngx_http_ssl_ctx_t *ctx; | |
| 129 ngx_http_ssl_srv_conf_t *scf; | |
| 130 | |
| 131 ngx_http_create_ctx(r, ctx, ngx_http_ssl_filter_module, | |
| 132 sizeof(ngx_http_ssl_ctx_t), NULL); | |
| 133 | |
| 134 /* TODO: configure methods */ | |
| 135 ctx->ssl_ctx = SSL_CTX_new(SSLv23_server_method()); | |
| 136 | |
| 137 if (ctx->ssl_ctx == NULL) { | |
| 138 ngx_http_ssl_error(NGX_LOG_ALERT, r->connection->log, 0, | |
| 139 "SSL_CTX_new() failed"); | |
| 140 return NULL; | |
| 141 } | |
| 142 | |
| 143 scf = ngx_http_get_module_srv_conf(r, ngx_http_ssl_filter_module); | |
| 144 | |
| 145 if (SSL_CTX_use_certificate_file(ctx->ssl_ctx, scf->certificate.data, | |
| 146 SSL_FILETYPE_PEM) == 0) { | |
| 147 ngx_http_ssl_error(NGX_LOG_ALERT, r->connection->log, 0, | |
| 148 "SSL_CTX_use_certificate_file() failed"); | |
| 149 return NULL; | |
| 150 } | |
| 151 | |
| 152 if (SSL_CTX_use_PrivateKey_file(ctx->ssl_ctx, scf->certificate_key.data, | |
| 153 SSL_FILETYPE_PEM) == 0) { | |
| 154 ngx_http_ssl_error(NGX_LOG_ALERT, r->connection->log, 0, | |
| 155 "SSL_CTX_use_PrivateKey_file() failed"); | |
| 156 return NULL; | |
| 157 } | |
| 158 | |
| 159 ctx->ssl = SSL_new(ctx->ssl_ctx); | |
| 160 | |
| 161 if (ctx->ssl == NULL) { | |
| 162 ngx_http_ssl_error(NGX_LOG_ALERT, r->connection->log, 0, | |
| 163 "SSL_new() failed"); | |
| 164 return NULL; | |
| 165 } | |
| 166 | |
| 167 if (SSL_set_fd(ctx->ssl, r->connection->fd) == 0) { | |
| 168 ngx_http_ssl_error(NGX_LOG_ALERT, r->connection->log, 0, | |
| 169 "SSL_set_fd() failed"); | |
| 170 return NULL; | |
| 171 } | |
| 172 | |
| 173 return ctx; | |
| 174 } | |
| 175 | |
| 176 | |
| 177 static void ngx_http_ssl_error(ngx_uint_t level, ngx_log_t *log, int err, | |
| 178 char *fmt, ...) | |
| 179 { | |
| 180 int len; | |
| 181 char errstr[NGX_MAX_CONF_ERRSTR]; | |
| 182 va_list args; | |
| 183 | |
| 184 va_start(args, fmt); | |
| 185 len = ngx_vsnprintf(errstr, sizeof(errstr) - 1, fmt, args); | |
| 186 va_end(args); | |
| 187 | |
| 188 errstr[len++] = ' '; | |
| 189 errstr[len++] = '('; | |
| 190 errstr[len++] = 'S'; | |
| 191 errstr[len++] = 'S'; | |
| 192 errstr[len++] = 'L'; | |
| 193 errstr[len++] = ':'; | |
| 194 errstr[len++] = ' '; | |
| 195 | |
| 196 ERR_error_string_n(ERR_get_error(), errstr + len, sizeof(errstr) - len - 1); | |
| 197 | |
| 198 ngx_log_error(level, log, 0, "%s)", errstr); | |
| 199 } | |
| 200 | |
| 201 | |
| 202 static void *ngx_http_ssl_create_srv_conf(ngx_conf_t *cf) | |
| 203 { | |
| 204 ngx_http_ssl_srv_conf_t *scf; | |
| 205 | |
| 206 if (!(scf = ngx_pcalloc(cf->pool, sizeof(ngx_http_ssl_srv_conf_t)))) { | |
| 207 return NGX_CONF_ERROR; | |
| 208 } | |
| 209 | |
| 210 scf->enable = NGX_CONF_UNSET; | |
| 211 | |
| 212 return scf; | |
| 213 } | |
| 214 | |
| 215 | |
| 216 static char *ngx_http_ssl_merge_srv_conf(ngx_conf_t *cf, | |
| 217 void *parent, void *child) | |
| 218 { | |
| 219 ngx_http_ssl_srv_conf_t *prev = parent; | |
| 220 ngx_http_ssl_srv_conf_t *conf = child; | |
| 221 | |
| 222 ngx_conf_merge_value(conf->enable, prev->enable, 0); | |
| 223 | |
| 224 ngx_conf_merge_str_value(conf->certificate, prev->certificate, | |
| 225 NGX_DEFLAUT_CERTIFICATE); | |
| 226 | |
| 227 ngx_conf_merge_str_value(conf->certificate_key, prev->certificate_key, | |
| 228 NGX_DEFLAUT_CERTIFICATE_KEY); | |
| 229 | |
| 230 return NGX_CONF_OK; | |
| 231 } | |
| 232 | |
| 233 | |
| 234 static ngx_int_t ngx_http_ssl_filter_init(ngx_cycle_t *cycle) | |
| 235 { | |
| 236 SSL_library_init(); | |
| 237 SSL_load_error_strings(); | |
| 238 | |
| 239 #if 0 | |
| 240 ngx_http_next_header_filter = ngx_http_top_header_filter; | |
| 241 ngx_http_top_header_filter = ngx_http_ssl_header_filter; | |
| 242 | |
| 243 ngx_http_next_body_filter = ngx_http_top_body_filter; | |
| 244 ngx_http_top_body_filter = ngx_http_ssl_body_filter; | |
| 245 #endif | |
| 246 | |
| 247 return NGX_OK; | |
| 248 } |