Mercurial > hg > nginx

comparison src/http/modules/ngx_http_ssl_module.c @ 2996:d6285ff81d35

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
delete OpenSSL pre-0.9.7 compatibility: the sources were not actually compatible with OpenSSL 0.9.6 since ssl_session_cache introduction
author Igor Sysoev <igor@sysoev.ru>
date Thu, 23 Jul 2009 12:54:20 +0000
parents cc07d164f0dc
children ba9a8ba4207e
comparison
equal deleted inserted replaced
2995:cc07d164f0dc 2996:d6285ff81d35
28 28
29 static char *ngx_http_ssl_enable(ngx_conf_t *cf, ngx_command_t *cmd, 29 static char *ngx_http_ssl_enable(ngx_conf_t *cf, ngx_command_t *cmd,
30 void *conf); 30 void *conf);
31 static char *ngx_http_ssl_session_cache(ngx_conf_t *cf, ngx_command_t *cmd, 31 static char *ngx_http_ssl_session_cache(ngx_conf_t *cf, ngx_command_t *cmd,
32 void *conf); 32 void *conf);
33
34 #if !defined (SSL_OP_CIPHER_SERVER_PREFERENCE)
35
36 static char *ngx_http_ssl_nosupported(ngx_conf_t *cf, ngx_command_t *cmd,
37 void *conf);
38
39 static char ngx_http_ssl_openssl097[] = "OpenSSL 0.9.7 and higher";
40
41 #endif
42 33
43 34
44 static ngx_conf_bitmask_t ngx_http_ssl_protocols[] = { 35 static ngx_conf_bitmask_t ngx_http_ssl_protocols[] = {
45 { ngx_string("SSLv2"), NGX_SSL_SSLv2 }, 36 { ngx_string("SSLv2"), NGX_SSL_SSLv2 },
46 { ngx_string("SSLv3"), NGX_SSL_SSLv3 }, 37 { ngx_string("SSLv3"), NGX_SSL_SSLv3 },
122 offsetof(ngx_http_ssl_srv_conf_t, client_certificate), 113 offsetof(ngx_http_ssl_srv_conf_t, client_certificate),
123 NULL }, 114 NULL },
124 115
125 { ngx_string("ssl_prefer_server_ciphers"), 116 { ngx_string("ssl_prefer_server_ciphers"),
126 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_FLAG, 117 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_FLAG,
127 #ifdef SSL_OP_CIPHER_SERVER_PREFERENCE
128 ngx_conf_set_flag_slot, 118 ngx_conf_set_flag_slot,
129 NGX_HTTP_SRV_CONF_OFFSET, 119 NGX_HTTP_SRV_CONF_OFFSET,
130 offsetof(ngx_http_ssl_srv_conf_t, prefer_server_ciphers), 120 offsetof(ngx_http_ssl_srv_conf_t, prefer_server_ciphers),
131 NULL }, 121 NULL },
132 #else
133 ngx_http_ssl_nosupported, 0, 0, ngx_http_ssl_openssl097 },
134 #endif
135 122
136 { ngx_string("ssl_session_cache"), 123 { ngx_string("ssl_session_cache"),
137 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_TAKE12, 124 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_TAKE12,
138 ngx_http_ssl_session_cache, 125 ngx_http_ssl_session_cache,
139 NGX_HTTP_SRV_CONF_OFFSET, 126 NGX_HTTP_SRV_CONF_OFFSET,
469 if (ngx_ssl_crl(cf, &conf->ssl, &conf->crl) != NGX_OK) { 456 if (ngx_ssl_crl(cf, &conf->ssl, &conf->crl) != NGX_OK) {
470 return NGX_CONF_ERROR; 457 return NGX_CONF_ERROR;
471 } 458 }
472 } 459 }
473 460
474 #ifdef SSL_OP_CIPHER_SERVER_PREFERENCE
475
476 if (conf->prefer_server_ciphers) { 461 if (conf->prefer_server_ciphers) {
477 SSL_CTX_set_options(conf->ssl.ctx, SSL_OP_CIPHER_SERVER_PREFERENCE); 462 SSL_CTX_set_options(conf->ssl.ctx, SSL_OP_CIPHER_SERVER_PREFERENCE);
478 } 463 }
479
480 #endif
481 464
482 /* a temporary 512-bit RSA key is required for export versions of MSIE */ 465 /* a temporary 512-bit RSA key is required for export versions of MSIE */
483 if (ngx_ssl_generate_rsa512_key(&conf->ssl) != NGX_OK) { 466 if (ngx_ssl_generate_rsa512_key(&conf->ssl) != NGX_OK) {
484 return NGX_CONF_ERROR; 467 return NGX_CONF_ERROR;
485 } 468 }
634 ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, 617 ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
635 "invalid session cache \"%V\"", &value[i]); 618 "invalid session cache \"%V\"", &value[i]);
636 619
637 return NGX_CONF_ERROR; 620 return NGX_CONF_ERROR;
638 } 621 }
639
640
641 #if !defined (SSL_OP_CIPHER_SERVER_PREFERENCE)
642
643 static char *
644 ngx_http_ssl_nosupported(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
645 {
646 ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
647 "\"%V\" directive is available only in %s,",
648 &cmd->name, cmd->post);
649
650 return NGX_CONF_ERROR;
651 }
652
653 #endif