Mercurial > hg > nginx

comparison src/http/modules/ngx_http_ssl_filter.c @ 394:e7a68e14ccd3

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
nginx-0.0.7-2004-07-16-10:33:35 import
author Igor Sysoev <igor@sysoev.ru>
date Fri, 16 Jul 2004 06:33:35 +0000
parents 5659d773cfa8
children
comparison
equal deleted inserted replaced
393:5659d773cfa8 394:e7a68e14ccd3
1 1
2 #include <ngx_config.h> 2 #include <ngx_config.h>
3 #include <ngx_core.h> 3 #include <ngx_core.h>
4 #include <ngx_http.h> 4 #include <ngx_http.h>
5
6 /* STUB */
7 #define NGX_SSL_ERROR -11
8 5
9 6
10 #define NGX_DEFLAUT_CERTIFICATE "cert.pem" 7 #define NGX_DEFLAUT_CERTIFICATE "cert.pem"
11 #define NGX_DEFLAUT_CERTIFICATE_KEY "cert.pem" 8 #define NGX_DEFLAUT_CERTIFICATE_KEY "cert.pem"
12 9
13 10
14 static ngx_int_t ngx_http_ssl_create_ssl(ngx_http_request_t *r);
15 static void ngx_http_ssl_error(ngx_uint_t level, ngx_log_t *log, int err,
16 char *fmt, ...);
17 static void *ngx_http_ssl_create_srv_conf(ngx_conf_t *cf); 11 static void *ngx_http_ssl_create_srv_conf(ngx_conf_t *cf);
18 static char *ngx_http_ssl_merge_srv_conf(ngx_conf_t *cf, 12 static char *ngx_http_ssl_merge_srv_conf(ngx_conf_t *cf,
19 void *parent, void *child); 13 void *parent, void *child);
20 static ngx_int_t ngx_http_ssl_init_process(ngx_cycle_t *cycle); 14 static ngx_int_t ngx_http_ssl_init_process(ngx_cycle_t *cycle);
21 15
69 NULL, /* init module */ 63 NULL, /* init module */
70 ngx_http_ssl_init_process /* init process */ 64 ngx_http_ssl_init_process /* init process */
71 }; 65 };
72 66
73 67
74 ngx_int_t ngx_http_ssl_read(ngx_http_request_t *r, u_char *buf, size_t size)
75 {
76 int n;
77 SSL *ssl;
78 ngx_http_log_ctx_t *log_ctx;
79
80 if (r->connection->ssl == NULL) {
81 if (ngx_http_ssl_create_ssl(r) == NGX_ERROR) {
82 return NGX_HTTP_INTERNAL_SERVER_ERROR;
83 }
84 }
85
86 ssl = r->connection->ssl;
87
88 n = SSL_read(ssl, buf, size);
89
90 ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
91 "SSL_read: %d", n);
92
93 if (n > 0) {
94 return n;
95 }
96
97 n = SSL_get_error(ssl, n);
98
99 ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
100 "SSL_get_error: %d", n);
101
102 if (n == SSL_ERROR_WANT_READ) {
103 return NGX_AGAIN;
104 }
105
106 #if 0
107 if (n == SSL_ERROR_WANT_WRITE) {
108 return NGX_AGAIN;
109 }
110 #endif
111
112 if (!SSL_is_init_finished(ssl)) {
113 log_ctx = (ngx_http_log_ctx_t *) r->connection->log->data;
114 log_ctx->action = "SSL handshake";
115 }
116
117 if (n == SSL_ERROR_ZERO_RETURN) {
118 ngx_log_error(NGX_LOG_INFO, r->connection->log, 0,
119 "client closed connection");
120
121 SSL_set_shutdown(ssl, SSL_RECEIVED_SHUTDOWN);
122
123 return NGX_SSL_ERROR;
124 }
125
126 if (ERR_GET_REASON(ERR_peek_error()) == SSL_R_HTTP_REQUEST) {
127 ngx_log_error(NGX_LOG_ERR, r->connection->log, 0,
128 "client sent plain HTTP request to HTTPS port");
129
130 SSL_set_shutdown(ssl, SSL_RECEIVED_SHUTDOWN|SSL_SENT_SHUTDOWN);
131
132 return NGX_SSL_HTTP_ERROR;
133 }
134
135 ngx_http_ssl_error(NGX_LOG_ALERT, r->connection->log, n,
136 "SSL_read() failed");
137
138 SSL_set_shutdown(ssl, SSL_RECEIVED_SHUTDOWN);
139
140 return NGX_SSL_ERROR;
141 }
142
143
144 ngx_chain_t *ngx_http_ssl_write(ngx_connection_t *c, ngx_chain_t *in,
145 off_t limit)
146 {
147 int n;
148 ssize_t send, size;
149
150 send = 0;
151
152 for (/* void */; in; in = in->next) {
153 if (ngx_buf_special(in->buf)) {
154 continue;
155 }
156
157 size = in->buf->last - in->buf->pos;
158
159 if (send + size > limit) {
160 size = limit - send;
161 }
162
163 ngx_log_debug1(NGX_LOG_DEBUG_HTTP, c->log, 0, "SSL to write: %d", size);
164
165 n = SSL_write(c->ssl, in->buf->pos, size);
166
167 ngx_log_debug1(NGX_LOG_DEBUG_HTTP, c->log, 0, "SSL_write: %d", n);
168
169 if (n > 0) {
170 in->buf->pos += n;
171 send += n;
172
173 if (n == size) {
174 if (send < limit) {
175 continue;
176 }
177
178 return in;
179 }
180
181 c->write->ready = 0;
182 return in;
183 }
184
185 n = SSL_get_error(c->ssl, n);
186
187 ngx_log_debug1(NGX_LOG_DEBUG_HTTP, c->log, 0, "SSL_get_error: %d", n);
188
189 if (n == SSL_ERROR_WANT_WRITE) {
190 c->write->ready = 0;
191 return in;
192 }
193
194 ngx_http_ssl_error(NGX_LOG_ALERT, c->log, n, "SSL_write() failed");
195
196 return NGX_CHAIN_ERROR;
197 }
198
199 return in;
200 }
201
202
203 ngx_int_t ngx_http_ssl_shutdown(ngx_http_request_t *r)
204 {
205 int n;
206 SSL *ssl;
207
208 ssl = r->connection->ssl;
209
210 n = SSL_shutdown(ssl);
211
212 ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
213 "SSL_shutdown: %d", n);
214
215 if (n == 0) {
216 return NGX_AGAIN;
217 }
218
219 if (n == 1) {
220 SSL_free(ssl);
221 r->connection->ssl = NULL;
222 return NGX_OK;
223 }
224
225 n = SSL_get_error(ssl, n);
226
227 ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
228 "SSL_get_error: %d", n);
229
230 if (n == SSL_ERROR_WANT_WRITE) {
231 return NGX_AGAIN;
232 }
233
234 ngx_http_ssl_error(NGX_LOG_ALERT, r->connection->log, n,
235 "SSL_shutdown() failed");
236
237 return NGX_ERROR;
238 }
239
240
241 static ngx_int_t ngx_http_ssl_create_ssl(ngx_http_request_t *r)
242 {
243 SSL *ssl;
244 ngx_http_ssl_srv_conf_t *scf;
245
246 scf = ngx_http_get_module_srv_conf(r, ngx_http_ssl_filter_module);
247
248 ssl = SSL_new(scf->ssl_ctx);
249
250 if (ssl == NULL) {
251 ngx_http_ssl_error(NGX_LOG_ALERT, r->connection->log, 0,
252 "SSL_new() failed");
253 return NGX_ERROR;
254 }
255
256 if (SSL_set_fd(ssl, r->connection->fd) == 0) {
257 ngx_http_ssl_error(NGX_LOG_ALERT, r->connection->log, 0,
258 "SSL_set_fd() failed");
259 return NGX_ERROR;
260 }
261
262 SSL_set_accept_state(ssl);
263
264 r->connection->ssl = ssl;
265
266 return NGX_OK;
267 }
268
269
270 void ngx_http_ssl_close_connection(SSL *ssl, ngx_log_t *log)
271 {
272 int rc;
273
274 SSL_free(ssl);
275 }
276
277
278 static void ngx_http_ssl_error(ngx_uint_t level, ngx_log_t *log, int err,
279 char *fmt, ...)
280 {
281 int len;
282 char errstr[NGX_MAX_CONF_ERRSTR];
283 va_list args;
284
285 va_start(args, fmt);
286 len = ngx_vsnprintf(errstr, sizeof(errstr) - 1, fmt, args);
287 va_end(args);
288
289 errstr[len++] = ' ';
290 errstr[len++] = '(';
291 errstr[len++] = 'S';
292 errstr[len++] = 'S';
293 errstr[len++] = 'L';
294 errstr[len++] = ':';
295 errstr[len++] = ' ';
296
297 ERR_error_string_n(ERR_get_error(), errstr + len, sizeof(errstr) - len - 1);
298
299 ngx_log_error(level, log, 0, "%s)", errstr);
300 }
301
302
303 static void *ngx_http_ssl_create_srv_conf(ngx_conf_t *cf) 68 static void *ngx_http_ssl_create_srv_conf(ngx_conf_t *cf)
304 { 69 {
305 ngx_http_ssl_srv_conf_t *scf; 70 ngx_http_ssl_srv_conf_t *scf;
306 71
307 if (!(scf = ngx_pcalloc(cf->pool, sizeof(ngx_http_ssl_srv_conf_t)))) { 72 if (!(scf = ngx_pcalloc(cf->pool, sizeof(ngx_http_ssl_srv_conf_t)))) {
335 /* TODO: configure methods */ 100 /* TODO: configure methods */
336 101
337 conf->ssl_ctx = SSL_CTX_new(SSLv23_server_method()); 102 conf->ssl_ctx = SSL_CTX_new(SSLv23_server_method());
338 103
339 if (conf->ssl_ctx == NULL) { 104 if (conf->ssl_ctx == NULL) {
340 ngx_http_ssl_error(NGX_LOG_EMERG, cf->log, 0, "SSL_CTX_new() failed"); 105 ngx_ssl_error(NGX_LOG_EMERG, cf->log, "SSL_CTX_new() failed");
341 return NGX_CONF_ERROR; 106 return NGX_CONF_ERROR;
342 } 107 }
343 108
344 if (SSL_CTX_use_certificate_file(conf->ssl_ctx, conf->certificate.data, 109 if (SSL_CTX_use_certificate_file(conf->ssl_ctx, conf->certificate.data,
345 SSL_FILETYPE_PEM) == 0) { 110 SSL_FILETYPE_PEM) == 0) {
346 ngx_http_ssl_error(NGX_LOG_EMERG, cf->log, 0, 111 ngx_ssl_error(NGX_LOG_EMERG, cf->log,
347 "SSL_CTX_use_certificate_file(\"%s\") failed", 112 "SSL_CTX_use_certificate_file(\"%s\") failed",
348 conf->certificate.data); 113 conf->certificate.data);
349 return NGX_CONF_ERROR; 114 return NGX_CONF_ERROR;
350 } 115 }
351 116
352 if (SSL_CTX_use_PrivateKey_file(conf->ssl_ctx, conf->certificate_key.data, 117 if (SSL_CTX_use_PrivateKey_file(conf->ssl_ctx, conf->certificate_key.data,
353 SSL_FILETYPE_PEM) == 0) { 118 SSL_FILETYPE_PEM) == 0) {
354 ngx_http_ssl_error(NGX_LOG_EMERG, cf->log, 0, 119 ngx_ssl_error(NGX_LOG_EMERG, cf->log,
355 "SSL_CTX_use_PrivateKey_file(\"%s\") failed", 120 "SSL_CTX_use_PrivateKey_file(\"%s\") failed",
356 conf->certificate_key.data); 121 conf->certificate_key.data);
357 return NGX_CONF_ERROR; 122 return NGX_CONF_ERROR;
358 } 123 }
359 124
360 return NGX_CONF_OK; 125 return NGX_CONF_OK;
361 } 126 }
375 for (i = 0; i < cmcf->servers.nelts; i++) { 140 for (i = 0; i < cmcf->servers.nelts; i++) {
376 sscf = cscfp[i]->ctx->srv_conf[ngx_http_ssl_filter_module.ctx_index]; 141 sscf = cscfp[i]->ctx->srv_conf[ngx_http_ssl_filter_module.ctx_index];
377 142
378 if (sscf->enable) { 143 if (sscf->enable) {
379 cscfp[i]->recv = ngx_ssl_recv; 144 cscfp[i]->recv = ngx_ssl_recv;
380 #if 0
381 cscfp[i]->send_chain = ngx_ssl_send_chain; 145 cscfp[i]->send_chain = ngx_ssl_send_chain;
382 #endif
383 } 146 }
384 } 147 }
385 148
386 return NGX_OK; 149 return NGX_OK;
387 } 150 }