Mercurial > hg > nginx
comparison src/http/modules/ngx_http_ssl_module.c @ 479:c52408583801 release-0.1.14
nginx-0.1.14-RELEASE import
*) Feature: the autoconfiguration directives:
--http-client-body-temp-path=PATH, --http-proxy-temp-path=PATH, and
--http-fastcgi-temp-path=PATH
*) Change: the directory name for the temporary files with the client
request body is specified by directive client_body_temp_path, by
default it is <prefix>/client_body_temp.
*) Feature: the ngx_http_fastcgi_module and the directives:
fastcgi_pass, fastcgi_root, fastcgi_index, fastcgi_params,
fastcgi_connect_timeout, fastcgi_send_timeout, fastcgi_read_timeout,
fastcgi_send_lowat, fastcgi_header_buffer_size, fastcgi_buffers,
fastcgi_busy_buffers_size, fastcgi_temp_path,
fastcgi_max_temp_file_size, fastcgi_temp_file_write_size,
fastcgi_next_upstream, and fastcgi_x_powered_by.
*) Bugfix: the "[alert] zero size buf" error; the bug had appeared in
0.1.3.
*) Change: the URI must be specified after the host name in the
proxy_pass directive.
*) Change: the %3F symbol in the URI was considered as the argument
string start.
*) Feature: the unix domain sockets support in the
ngx_http_proxy_module.
*) Feature: the ssl_engine and ssl_ciphers directives.
Thanks to Sergey Skvortsov for SSL-accelerator.
author | Igor Sysoev <igor@sysoev.ru> |
---|---|
date | Tue, 18 Jan 2005 13:03:58 +0000 |
parents | 42d11f017717 |
children | 4ebe09b07e30 |
comparison
equal
deleted
inserted
replaced
478:e6576f690993 | 479:c52408583801 |
---|---|
6 | 6 |
7 #include <ngx_config.h> | 7 #include <ngx_config.h> |
8 #include <ngx_core.h> | 8 #include <ngx_core.h> |
9 #include <ngx_http.h> | 9 #include <ngx_http.h> |
10 | 10 |
11 #include <openssl/engine.h> | |
12 | |
11 | 13 |
12 #define NGX_DEFLAUT_CERTIFICATE "cert.pem" | 14 #define NGX_DEFLAUT_CERTIFICATE "cert.pem" |
13 #define NGX_DEFLAUT_CERTIFICATE_KEY "cert.pem" | 15 #define NGX_DEFLAUT_CERTIFICATE_KEY "cert.pem" |
14 | 16 |
15 | 17 |
18 static void *ngx_http_ssl_create_main_conf(ngx_conf_t *cf); | |
19 static char *ngx_http_ssl_init_main_conf(ngx_conf_t *cf, void *conf); | |
16 static void *ngx_http_ssl_create_srv_conf(ngx_conf_t *cf); | 20 static void *ngx_http_ssl_create_srv_conf(ngx_conf_t *cf); |
17 static char *ngx_http_ssl_merge_srv_conf(ngx_conf_t *cf, | 21 static char *ngx_http_ssl_merge_srv_conf(ngx_conf_t *cf, |
18 void *parent, void *child); | 22 void *parent, void *child); |
19 | 23 |
20 | 24 |
21 static ngx_command_t ngx_http_ssl_commands[] = { | 25 static ngx_command_t ngx_http_ssl_commands[] = { |
22 | 26 |
27 { ngx_string("ssl_engine"), | |
28 NGX_HTTP_MAIN_CONF|NGX_CONF_TAKE1, | |
29 ngx_conf_set_str_slot, | |
30 NGX_HTTP_MAIN_CONF_OFFSET, | |
31 offsetof(ngx_http_ssl_main_conf_t, engine), | |
32 NULL }, | |
33 | |
23 { ngx_string("ssl"), | 34 { ngx_string("ssl"), |
24 NGX_HTTP_SRV_CONF|NGX_CONF_FLAG, | 35 NGX_HTTP_SRV_CONF|NGX_CONF_FLAG, |
25 ngx_conf_set_flag_slot, | 36 ngx_conf_set_flag_slot, |
26 NGX_HTTP_SRV_CONF_OFFSET, | 37 NGX_HTTP_SRV_CONF_OFFSET, |
27 offsetof(ngx_http_ssl_srv_conf_t, enable), | 38 offsetof(ngx_http_ssl_srv_conf_t, enable), |
39 ngx_conf_set_str_slot, | 50 ngx_conf_set_str_slot, |
40 NGX_HTTP_SRV_CONF_OFFSET, | 51 NGX_HTTP_SRV_CONF_OFFSET, |
41 offsetof(ngx_http_ssl_srv_conf_t, certificate_key), | 52 offsetof(ngx_http_ssl_srv_conf_t, certificate_key), |
42 NULL }, | 53 NULL }, |
43 | 54 |
55 { ngx_string("ssl_ciphers"), | |
56 NGX_HTTP_SRV_CONF|NGX_CONF_TAKE1, | |
57 ngx_conf_set_str_slot, | |
58 NGX_HTTP_SRV_CONF_OFFSET, | |
59 offsetof(ngx_http_ssl_srv_conf_t, ciphers), | |
60 NULL }, | |
61 | |
44 ngx_null_command | 62 ngx_null_command |
45 }; | 63 }; |
46 | 64 |
47 | 65 |
48 static ngx_http_module_t ngx_http_ssl_module_ctx = { | 66 static ngx_http_module_t ngx_http_ssl_module_ctx = { |
49 NULL, /* pre conf */ | 67 NULL, /* pre conf */ |
50 | 68 |
51 NULL, /* create main configuration */ | 69 ngx_http_ssl_create_main_conf, /* create main configuration */ |
52 NULL, /* init main configuration */ | 70 ngx_http_ssl_init_main_conf, /* init main configuration */ |
53 | 71 |
54 ngx_http_ssl_create_srv_conf, /* create server configuration */ | 72 ngx_http_ssl_create_srv_conf, /* create server configuration */ |
55 ngx_http_ssl_merge_srv_conf, /* merge server configuration */ | 73 ngx_http_ssl_merge_srv_conf, /* merge server configuration */ |
56 | 74 |
57 NULL, /* create location configuration */ | 75 NULL, /* create location configuration */ |
67 NULL, /* init module */ | 85 NULL, /* init module */ |
68 NULL /* init process */ | 86 NULL /* init process */ |
69 }; | 87 }; |
70 | 88 |
71 | 89 |
90 static void *ngx_http_ssl_create_main_conf(ngx_conf_t *cf) | |
91 { | |
92 ngx_http_ssl_main_conf_t *mcf; | |
93 | |
94 if (!(mcf = ngx_pcalloc(cf->pool, sizeof(ngx_http_ssl_main_conf_t)))) { | |
95 return NGX_CONF_ERROR; | |
96 } | |
97 | |
98 /* | |
99 * set by ngx_pcalloc(): | |
100 * | |
101 * mcf->engine.len = 0; | |
102 * mcf->engine.data = NULL; | |
103 */ | |
104 | |
105 return mcf; | |
106 } | |
107 | |
108 | |
109 static char *ngx_http_ssl_init_main_conf(ngx_conf_t *cf, void *conf) | |
110 { | |
111 ngx_http_ssl_main_conf_t *mcf = conf; | |
112 | |
113 ENGINE *engine; | |
114 | |
115 if (mcf->engine.len == 0) { | |
116 return NGX_CONF_OK; | |
117 } | |
118 | |
119 engine = ENGINE_by_id((const char *) mcf->engine.data); | |
120 | |
121 if (engine == NULL) { | |
122 ngx_ssl_error(NGX_LOG_WARN, cf->log, 0, | |
123 "ENGINE_by_id(\"%V\") failed", &mcf->engine); | |
124 return NGX_CONF_ERROR; | |
125 } | |
126 | |
127 if (ENGINE_set_default(engine, ENGINE_METHOD_ALL) == 0) { | |
128 ngx_ssl_error(NGX_LOG_WARN, cf->log, 0, | |
129 "ENGINE_set_default(\"%V\", ENGINE_METHOD_ALL) failed", | |
130 &mcf->engine); | |
131 return NGX_CONF_ERROR; | |
132 } | |
133 | |
134 ENGINE_free(engine); | |
135 | |
136 return NGX_CONF_OK; | |
137 } | |
138 | |
139 | |
72 static void *ngx_http_ssl_create_srv_conf(ngx_conf_t *cf) | 140 static void *ngx_http_ssl_create_srv_conf(ngx_conf_t *cf) |
73 { | 141 { |
74 ngx_http_ssl_srv_conf_t *scf; | 142 ngx_http_ssl_srv_conf_t *scf; |
75 | 143 |
76 if (!(scf = ngx_pcalloc(cf->pool, sizeof(ngx_http_ssl_srv_conf_t)))) { | 144 if (!(scf = ngx_pcalloc(cf->pool, sizeof(ngx_http_ssl_srv_conf_t)))) { |
77 return NGX_CONF_ERROR; | 145 return NGX_CONF_ERROR; |
78 } | 146 } |
147 | |
148 /* | |
149 * set by ngx_pcalloc(): | |
150 * | |
151 * scf->certificate.len = 0; | |
152 * scf->certificate.data = NULL; | |
153 * scf->certificate_key.len = 0; | |
154 * scf->certificate_key.data = NULL; | |
155 * scf->ciphers.len = 0; | |
156 * scf->ciphers.data = NULL; | |
157 */ | |
79 | 158 |
80 scf->enable = NGX_CONF_UNSET; | 159 scf->enable = NGX_CONF_UNSET; |
81 | 160 |
82 return scf; | 161 return scf; |
83 } | 162 } |
99 NGX_DEFLAUT_CERTIFICATE); | 178 NGX_DEFLAUT_CERTIFICATE); |
100 | 179 |
101 ngx_conf_merge_str_value(conf->certificate_key, prev->certificate_key, | 180 ngx_conf_merge_str_value(conf->certificate_key, prev->certificate_key, |
102 NGX_DEFLAUT_CERTIFICATE_KEY); | 181 NGX_DEFLAUT_CERTIFICATE_KEY); |
103 | 182 |
183 ngx_conf_merge_str_value(conf->ciphers, prev->ciphers, ""); | |
184 | |
185 | |
104 /* TODO: configure methods */ | 186 /* TODO: configure methods */ |
105 | 187 |
106 conf->ssl_ctx = SSL_CTX_new(SSLv23_server_method()); | 188 conf->ssl_ctx = SSL_CTX_new(SSLv23_server_method()); |
107 | 189 |
108 if (conf->ssl_ctx == NULL) { | 190 if (conf->ssl_ctx == NULL) { |
109 ngx_ssl_error(NGX_LOG_EMERG, cf->log, 0, "SSL_CTX_new() failed"); | 191 ngx_ssl_error(NGX_LOG_EMERG, cf->log, 0, "SSL_CTX_new() failed"); |
110 return NGX_CONF_ERROR; | 192 return NGX_CONF_ERROR; |
193 } | |
194 | |
195 if (conf->ciphers.len) { | |
196 if (SSL_CTX_set_cipher_list(conf->ssl_ctx, | |
197 (const char *) conf->ciphers.data) == 0) | |
198 { | |
199 ngx_ssl_error(NGX_LOG_EMERG, cf->log, 0, | |
200 "SSL_CTX_set_cipher_list(\"%V\") failed", | |
201 &conf->ciphers); | |
202 } | |
111 } | 203 } |
112 | 204 |
113 if (SSL_CTX_use_certificate_file(conf->ssl_ctx, | 205 if (SSL_CTX_use_certificate_file(conf->ssl_ctx, |
114 (char *) conf->certificate.data, | 206 (char *) conf->certificate.data, |
115 SSL_FILETYPE_PEM) == 0) { | 207 SSL_FILETYPE_PEM) == 0) { |