Mercurial > hg > nginx

comparison src/http/modules/ngx_http_ssl_module.c @ 4873:dd74fd35ceb5

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
OCSP stapling: ssl_stapling_file support. Very basic version without any OCSP responder query code, assuming valid DER-encoded OCSP response is present in a ssl_stapling_file configured. Such file might be produced with openssl like this: openssl ocsp -issuer root.crt -cert domain.crt -respout domain.staple \ -url http://ocsp.example.com
author Maxim Dounin <mdounin@mdounin.ru>
date Mon, 01 Oct 2012 12:41:08 +0000
parents 7c3cca603438
children 386a06a22c40
comparison
equal deleted inserted replaced
4872:7c3cca603438 4873:dd74fd35ceb5
155 { ngx_string("ssl_crl"), 155 { ngx_string("ssl_crl"),
156 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_TAKE1, 156 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_TAKE1,
157 ngx_conf_set_str_slot, 157 ngx_conf_set_str_slot,
158 NGX_HTTP_SRV_CONF_OFFSET, 158 NGX_HTTP_SRV_CONF_OFFSET,
159 offsetof(ngx_http_ssl_srv_conf_t, crl), 159 offsetof(ngx_http_ssl_srv_conf_t, crl),
160 NULL },
161
162 { ngx_string("ssl_stapling"),
163 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_FLAG,
164 ngx_conf_set_flag_slot,
165 NGX_HTTP_SRV_CONF_OFFSET,
166 offsetof(ngx_http_ssl_srv_conf_t, stapling),
167 NULL },
168
169 { ngx_string("ssl_stapling_file"),
170 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_TAKE1,
171 ngx_conf_set_str_slot,
172 NGX_HTTP_SRV_CONF_OFFSET,
173 offsetof(ngx_http_ssl_srv_conf_t, stapling_file),
160 NULL }, 174 NULL },
161 175
162 ngx_null_command 176 ngx_null_command
163 }; 177 };
164 178
334 * sscf->client_certificate = { 0, NULL }; 348 * sscf->client_certificate = { 0, NULL };
335 * sscf->trusted_certificate = { 0, NULL }; 349 * sscf->trusted_certificate = { 0, NULL };
336 * sscf->crl = { 0, NULL }; 350 * sscf->crl = { 0, NULL };
337 * sscf->ciphers = { 0, NULL }; 351 * sscf->ciphers = { 0, NULL };
338 * sscf->shm_zone = NULL; 352 * sscf->shm_zone = NULL;
353 * sscf->stapling_file = { 0, NULL };
339 */ 354 */
340 355
341 sscf->enable = NGX_CONF_UNSET; 356 sscf->enable = NGX_CONF_UNSET;
342 sscf->prefer_server_ciphers = NGX_CONF_UNSET; 357 sscf->prefer_server_ciphers = NGX_CONF_UNSET;
343 sscf->verify = NGX_CONF_UNSET_UINT; 358 sscf->verify = NGX_CONF_UNSET_UINT;
344 sscf->verify_depth = NGX_CONF_UNSET_UINT; 359 sscf->verify_depth = NGX_CONF_UNSET_UINT;
345 sscf->builtin_session_cache = NGX_CONF_UNSET; 360 sscf->builtin_session_cache = NGX_CONF_UNSET;
346 sscf->session_timeout = NGX_CONF_UNSET; 361 sscf->session_timeout = NGX_CONF_UNSET;
362 sscf->stapling = NGX_CONF_UNSET;
347 363
348 return sscf; 364 return sscf;
349 } 365 }
350 366
351 367
395 ngx_conf_merge_str_value(conf->ecdh_curve, prev->ecdh_curve, 411 ngx_conf_merge_str_value(conf->ecdh_curve, prev->ecdh_curve,
396 NGX_DEFAULT_ECDH_CURVE); 412 NGX_DEFAULT_ECDH_CURVE);
397 413
398 ngx_conf_merge_str_value(conf->ciphers, prev->ciphers, NGX_DEFAULT_CIPHERS); 414 ngx_conf_merge_str_value(conf->ciphers, prev->ciphers, NGX_DEFAULT_CIPHERS);
399 415
416 ngx_conf_merge_value(conf->stapling, prev->stapling, 0);
417 ngx_conf_merge_str_value(conf->stapling_file, prev->stapling_file, "");
400 418
401 conf->ssl.log = cf->log; 419 conf->ssl.log = cf->log;
402 420
403 if (conf->enable) { 421 if (conf->enable) {
404 422
531 != NGX_OK) 549 != NGX_OK)
532 { 550 {
533 return NGX_CONF_ERROR; 551 return NGX_CONF_ERROR;
534 } 552 }
535 553
554 if (conf->stapling
555 && ngx_ssl_stapling(cf, &conf->ssl, &conf->stapling_file) != NGX_OK)
556 {
557 return NGX_CONF_ERROR;
558 }
559
536 return NGX_CONF_OK; 560 return NGX_CONF_OK;
537 } 561 }
538 562
539 563
540 static char * 564 static char *