Mercurial > hg > nginx
comparison src/http/modules/ngx_http_ssl_module.c @ 2044:f45cec1cd270
DH parameters, ssl_dhparam
author | Igor Sysoev <igor@sysoev.ru> |
---|---|
date | Mon, 16 Jun 2008 05:51:32 +0000 |
parents | 12b3ad3353f9 |
children | 2b11822b12d6 |
comparison
equal
deleted
inserted
replaced
2043:1d86674d1286 | 2044:f45cec1cd270 |
---|---|
68 { ngx_string("ssl_certificate_key"), | 68 { ngx_string("ssl_certificate_key"), |
69 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_TAKE1, | 69 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_TAKE1, |
70 ngx_conf_set_str_slot, | 70 ngx_conf_set_str_slot, |
71 NGX_HTTP_SRV_CONF_OFFSET, | 71 NGX_HTTP_SRV_CONF_OFFSET, |
72 offsetof(ngx_http_ssl_srv_conf_t, certificate_key), | 72 offsetof(ngx_http_ssl_srv_conf_t, certificate_key), |
73 NULL }, | |
74 | |
75 { ngx_string("ssl_dhparam"), | |
76 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_TAKE1, | |
77 ngx_conf_set_str_slot, | |
78 NGX_HTTP_SRV_CONF_OFFSET, | |
79 offsetof(ngx_http_ssl_srv_conf_t, dhparam), | |
73 NULL }, | 80 NULL }, |
74 | 81 |
75 { ngx_string("ssl_protocols"), | 82 { ngx_string("ssl_protocols"), |
76 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_1MORE, | 83 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_1MORE, |
77 ngx_conf_set_bitmask_slot, | 84 ngx_conf_set_bitmask_slot, |
285 | 292 |
286 /* | 293 /* |
287 * set by ngx_pcalloc(): | 294 * set by ngx_pcalloc(): |
288 * | 295 * |
289 * sscf->protocols = 0; | 296 * sscf->protocols = 0; |
290 * sscf->certificate.len = 0; | 297 * sscf->certificate = { 0, NULL }; |
291 * sscf->certificate.data = NULL; | 298 * sscf->certificate_key = { 0, NULL }; |
292 * sscf->certificate_key.len = 0; | 299 * sscf->dhparam = { 0, NULL }; |
293 * sscf->certificate_key.data = NULL; | 300 * sscf->client_certificate = { 0, NULL }; |
294 * sscf->client_certificate.len = 0; | |
295 * sscf->client_certificate.data = NULL; | |
296 * sscf->ciphers.len = 0; | 301 * sscf->ciphers.len = 0; |
297 * sscf->ciphers.data = NULL; | 302 * sscf->ciphers.data = NULL; |
298 * sscf->shm_zone = NULL; | 303 * sscf->shm_zone = NULL; |
299 */ | 304 */ |
300 | 305 |
339 ngx_conf_merge_str_value(conf->certificate, prev->certificate, | 344 ngx_conf_merge_str_value(conf->certificate, prev->certificate, |
340 NGX_DEFLAUT_CERTIFICATE); | 345 NGX_DEFLAUT_CERTIFICATE); |
341 | 346 |
342 ngx_conf_merge_str_value(conf->certificate_key, prev->certificate_key, | 347 ngx_conf_merge_str_value(conf->certificate_key, prev->certificate_key, |
343 NGX_DEFLAUT_CERTIFICATE_KEY); | 348 NGX_DEFLAUT_CERTIFICATE_KEY); |
349 | |
350 ngx_conf_merge_str_value(conf->dhparam, prev->dhparam, ""); | |
344 | 351 |
345 ngx_conf_merge_str_value(conf->client_certificate, prev->client_certificate, | 352 ngx_conf_merge_str_value(conf->client_certificate, prev->client_certificate, |
346 ""); | 353 ""); |
347 | 354 |
348 ngx_conf_merge_str_value(conf->ciphers, prev->ciphers, NGX_DEFLAUT_CIPHERS); | 355 ngx_conf_merge_str_value(conf->ciphers, prev->ciphers, NGX_DEFLAUT_CIPHERS); |
412 /* a temporary 512-bit RSA key is required for export versions of MSIE */ | 419 /* a temporary 512-bit RSA key is required for export versions of MSIE */ |
413 if (ngx_ssl_generate_rsa512_key(&conf->ssl) != NGX_OK) { | 420 if (ngx_ssl_generate_rsa512_key(&conf->ssl) != NGX_OK) { |
414 return NGX_CONF_ERROR; | 421 return NGX_CONF_ERROR; |
415 } | 422 } |
416 | 423 |
424 if (ngx_ssl_dhparam(cf, &conf->ssl, &conf->dhparam) != NGX_OK) { | |
425 return NGX_CONF_ERROR; | |
426 } | |
427 | |
417 ngx_conf_merge_value(conf->builtin_session_cache, | 428 ngx_conf_merge_value(conf->builtin_session_cache, |
418 prev->builtin_session_cache, NGX_SSL_NONE_SCACHE); | 429 prev->builtin_session_cache, NGX_SSL_NONE_SCACHE); |
419 | 430 |
420 if (conf->shm_zone == NULL) { | 431 if (conf->shm_zone == NULL) { |
421 conf->shm_zone = prev->shm_zone; | 432 conf->shm_zone = prev->shm_zone; |