Mercurial > hg > nginx
comparison src/event/ngx_event_openssl.h @ 4873:dd74fd35ceb5
OCSP stapling: ssl_stapling_file support.
Very basic version without any OCSP responder query code, assuming valid
DER-encoded OCSP response is present in a ssl_stapling_file configured.
Such file might be produced with openssl like this:
openssl ocsp -issuer root.crt -cert domain.crt -respout domain.staple \
-url http://ocsp.example.com
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Mon, 01 Oct 2012 12:41:08 +0000 |
parents | 7c3cca603438 |
children | 386a06a22c40 |
comparison
equal
deleted
inserted
replaced
4872:7c3cca603438 | 4873:dd74fd35ceb5 |
---|---|
15 #include <openssl/ssl.h> | 15 #include <openssl/ssl.h> |
16 #include <openssl/err.h> | 16 #include <openssl/err.h> |
17 #include <openssl/conf.h> | 17 #include <openssl/conf.h> |
18 #include <openssl/engine.h> | 18 #include <openssl/engine.h> |
19 #include <openssl/evp.h> | 19 #include <openssl/evp.h> |
20 #include <openssl/ocsp.h> | |
20 | 21 |
21 #define NGX_SSL_NAME "OpenSSL" | 22 #define NGX_SSL_NAME "OpenSSL" |
22 | 23 |
23 | 24 |
24 #define ngx_ssl_session_t SSL_SESSION | 25 #define ngx_ssl_session_t SSL_SESSION |
102 ngx_int_t ngx_ssl_client_certificate(ngx_conf_t *cf, ngx_ssl_t *ssl, | 103 ngx_int_t ngx_ssl_client_certificate(ngx_conf_t *cf, ngx_ssl_t *ssl, |
103 ngx_str_t *cert, ngx_int_t depth); | 104 ngx_str_t *cert, ngx_int_t depth); |
104 ngx_int_t ngx_ssl_trusted_certificate(ngx_conf_t *cf, ngx_ssl_t *ssl, | 105 ngx_int_t ngx_ssl_trusted_certificate(ngx_conf_t *cf, ngx_ssl_t *ssl, |
105 ngx_str_t *cert, ngx_int_t depth); | 106 ngx_str_t *cert, ngx_int_t depth); |
106 ngx_int_t ngx_ssl_crl(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *crl); | 107 ngx_int_t ngx_ssl_crl(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *crl); |
108 ngx_int_t ngx_ssl_stapling(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *file); | |
107 RSA *ngx_ssl_rsa512_key_callback(SSL *ssl, int is_export, int key_length); | 109 RSA *ngx_ssl_rsa512_key_callback(SSL *ssl, int is_export, int key_length); |
108 ngx_int_t ngx_ssl_dhparam(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *file); | 110 ngx_int_t ngx_ssl_dhparam(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *file); |
109 ngx_int_t ngx_ssl_ecdh_curve(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *name); | 111 ngx_int_t ngx_ssl_ecdh_curve(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *name); |
110 ngx_int_t ngx_ssl_session_cache(ngx_ssl_t *ssl, ngx_str_t *sess_ctx, | 112 ngx_int_t ngx_ssl_session_cache(ngx_ssl_t *ssl, ngx_str_t *sess_ctx, |
111 ssize_t builtin_session_cache, ngx_shm_zone_t *shm_zone, time_t timeout); | 113 ssize_t builtin_session_cache, ngx_shm_zone_t *shm_zone, time_t timeout); |