Mercurial > hg > nginx
comparison src/event/ngx_event_openssl.c @ 8082:c71e113b57d8
SSL: renamed session ticket key functions and data index.
Previously used names are way too long, renamed to simplify writing code.
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Wed, 12 Oct 2022 20:14:49 +0300 |
parents | 4eeb53743d25 |
children | e13a271bdd40 |
comparison
equal
deleted
inserted
replaced
8081:4eeb53743d25 | 8082:c71e113b57d8 |
---|---|
69 ngx_slab_pool_t *shpool, ngx_uint_t n); | 69 ngx_slab_pool_t *shpool, ngx_uint_t n); |
70 static void ngx_ssl_session_rbtree_insert_value(ngx_rbtree_node_t *temp, | 70 static void ngx_ssl_session_rbtree_insert_value(ngx_rbtree_node_t *temp, |
71 ngx_rbtree_node_t *node, ngx_rbtree_node_t *sentinel); | 71 ngx_rbtree_node_t *node, ngx_rbtree_node_t *sentinel); |
72 | 72 |
73 #ifdef SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB | 73 #ifdef SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB |
74 static int ngx_ssl_session_ticket_key_callback(ngx_ssl_conn_t *ssl_conn, | 74 static int ngx_ssl_ticket_key_callback(ngx_ssl_conn_t *ssl_conn, |
75 unsigned char *name, unsigned char *iv, EVP_CIPHER_CTX *ectx, | 75 unsigned char *name, unsigned char *iv, EVP_CIPHER_CTX *ectx, |
76 HMAC_CTX *hctx, int enc); | 76 HMAC_CTX *hctx, int enc); |
77 static void ngx_ssl_session_ticket_keys_cleanup(void *data); | 77 static void ngx_ssl_ticket_keys_cleanup(void *data); |
78 #endif | 78 #endif |
79 | 79 |
80 #ifndef X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT | 80 #ifndef X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT |
81 static ngx_int_t ngx_ssl_check_name(ngx_str_t *name, ASN1_STRING *str); | 81 static ngx_int_t ngx_ssl_check_name(ngx_str_t *name, ASN1_STRING *str); |
82 #endif | 82 #endif |
129 | 129 |
130 | 130 |
131 int ngx_ssl_connection_index; | 131 int ngx_ssl_connection_index; |
132 int ngx_ssl_server_conf_index; | 132 int ngx_ssl_server_conf_index; |
133 int ngx_ssl_session_cache_index; | 133 int ngx_ssl_session_cache_index; |
134 int ngx_ssl_session_ticket_keys_index; | 134 int ngx_ssl_ticket_keys_index; |
135 int ngx_ssl_ocsp_index; | 135 int ngx_ssl_ocsp_index; |
136 int ngx_ssl_certificate_index; | 136 int ngx_ssl_certificate_index; |
137 int ngx_ssl_next_certificate_index; | 137 int ngx_ssl_next_certificate_index; |
138 int ngx_ssl_certificate_name_index; | 138 int ngx_ssl_certificate_name_index; |
139 int ngx_ssl_stapling_index; | 139 int ngx_ssl_stapling_index; |
206 ngx_ssl_error(NGX_LOG_ALERT, log, 0, | 206 ngx_ssl_error(NGX_LOG_ALERT, log, 0, |
207 "SSL_CTX_get_ex_new_index() failed"); | 207 "SSL_CTX_get_ex_new_index() failed"); |
208 return NGX_ERROR; | 208 return NGX_ERROR; |
209 } | 209 } |
210 | 210 |
211 ngx_ssl_session_ticket_keys_index = SSL_CTX_get_ex_new_index(0, NULL, NULL, | 211 ngx_ssl_ticket_keys_index = SSL_CTX_get_ex_new_index(0, NULL, NULL, NULL, |
212 NULL, NULL); | 212 NULL); |
213 if (ngx_ssl_session_ticket_keys_index == -1) { | 213 if (ngx_ssl_ticket_keys_index == -1) { |
214 ngx_ssl_error(NGX_LOG_ALERT, log, 0, | 214 ngx_ssl_error(NGX_LOG_ALERT, log, 0, |
215 "SSL_CTX_get_ex_new_index() failed"); | 215 "SSL_CTX_get_ex_new_index() failed"); |
216 return NGX_ERROR; | 216 return NGX_ERROR; |
217 } | 217 } |
218 | 218 |
4253 cln = ngx_pool_cleanup_add(cf->pool, 0); | 4253 cln = ngx_pool_cleanup_add(cf->pool, 0); |
4254 if (cln == NULL) { | 4254 if (cln == NULL) { |
4255 return NGX_ERROR; | 4255 return NGX_ERROR; |
4256 } | 4256 } |
4257 | 4257 |
4258 cln->handler = ngx_ssl_session_ticket_keys_cleanup; | 4258 cln->handler = ngx_ssl_ticket_keys_cleanup; |
4259 cln->data = keys; | 4259 cln->data = keys; |
4260 | 4260 |
4261 path = paths->elts; | 4261 path = paths->elts; |
4262 for (i = 0; i < paths->nelts; i++) { | 4262 for (i = 0; i < paths->nelts; i++) { |
4263 | 4263 |
4331 } | 4331 } |
4332 | 4332 |
4333 ngx_explicit_memzero(&buf, 80); | 4333 ngx_explicit_memzero(&buf, 80); |
4334 } | 4334 } |
4335 | 4335 |
4336 if (SSL_CTX_set_ex_data(ssl->ctx, ngx_ssl_session_ticket_keys_index, keys) | 4336 if (SSL_CTX_set_ex_data(ssl->ctx, ngx_ssl_ticket_keys_index, keys) == 0) { |
4337 == 0) | |
4338 { | |
4339 ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0, | 4337 ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0, |
4340 "SSL_CTX_set_ex_data() failed"); | 4338 "SSL_CTX_set_ex_data() failed"); |
4341 return NGX_ERROR; | 4339 return NGX_ERROR; |
4342 } | 4340 } |
4343 | 4341 |
4344 if (SSL_CTX_set_tlsext_ticket_key_cb(ssl->ctx, | 4342 if (SSL_CTX_set_tlsext_ticket_key_cb(ssl->ctx, ngx_ssl_ticket_key_callback) |
4345 ngx_ssl_session_ticket_key_callback) | |
4346 == 0) | 4343 == 0) |
4347 { | 4344 { |
4348 ngx_log_error(NGX_LOG_WARN, cf->log, 0, | 4345 ngx_log_error(NGX_LOG_WARN, cf->log, 0, |
4349 "nginx was built with Session Tickets support, however, " | 4346 "nginx was built with Session Tickets support, however, " |
4350 "now it is linked dynamically to an OpenSSL library " | 4347 "now it is linked dynamically to an OpenSSL library " |
4366 return NGX_ERROR; | 4363 return NGX_ERROR; |
4367 } | 4364 } |
4368 | 4365 |
4369 | 4366 |
4370 static int | 4367 static int |
4371 ngx_ssl_session_ticket_key_callback(ngx_ssl_conn_t *ssl_conn, | 4368 ngx_ssl_ticket_key_callback(ngx_ssl_conn_t *ssl_conn, |
4372 unsigned char *name, unsigned char *iv, EVP_CIPHER_CTX *ectx, | 4369 unsigned char *name, unsigned char *iv, EVP_CIPHER_CTX *ectx, |
4373 HMAC_CTX *hctx, int enc) | 4370 HMAC_CTX *hctx, int enc) |
4374 { | 4371 { |
4375 size_t size; | 4372 size_t size; |
4376 SSL_CTX *ssl_ctx; | 4373 SSL_CTX *ssl_ctx; |
4388 digest = EVP_sha1(); | 4385 digest = EVP_sha1(); |
4389 #else | 4386 #else |
4390 digest = EVP_sha256(); | 4387 digest = EVP_sha256(); |
4391 #endif | 4388 #endif |
4392 | 4389 |
4393 keys = SSL_CTX_get_ex_data(ssl_ctx, ngx_ssl_session_ticket_keys_index); | 4390 keys = SSL_CTX_get_ex_data(ssl_ctx, ngx_ssl_ticket_keys_index); |
4394 if (keys == NULL) { | 4391 if (keys == NULL) { |
4395 return -1; | 4392 return -1; |
4396 } | 4393 } |
4397 | 4394 |
4398 key = keys->elts; | 4395 key = keys->elts; |
4501 } | 4498 } |
4502 } | 4499 } |
4503 | 4500 |
4504 | 4501 |
4505 static void | 4502 static void |
4506 ngx_ssl_session_ticket_keys_cleanup(void *data) | 4503 ngx_ssl_ticket_keys_cleanup(void *data) |
4507 { | 4504 { |
4508 ngx_array_t *keys = data; | 4505 ngx_array_t *keys = data; |
4509 | 4506 |
4510 ngx_explicit_memzero(keys->elts, | 4507 ngx_explicit_memzero(keys->elts, |
4511 keys->nelts * sizeof(ngx_ssl_ticket_key_t)); | 4508 keys->nelts * sizeof(ngx_ssl_ticket_key_t)); |