Mercurial > hg > nginx
view src/http/ngx_http_busy_lock.h @ 4033:4e1a489c26cd
Better handling of various per-server ssl options with SNI.
SSL_set_SSL_CTX() doesn't touch values cached within ssl connection
structure, it only changes certificates (at least as of now, OpenSSL
1.0.0d and earlier).
As a result settings like ssl_verify_client, ssl_verify_depth,
ssl_prefer_server_ciphers are only configurable on per-socket basis while
with SNI it should be possible to specify them different for two servers
listening on the same socket.
Workaround is to explicitly re-apply settings we care about from context
to ssl connection in servername callback.
Note that SSL_clear_options() is only available in OpenSSL 0.9.8m+. I.e.
with older versions it is not possible to clear ssl_prefer_server_ciphers
option if it's set in default server for a socket.
| author | Maxim Dounin <mdounin@mdounin.ru> |
|---|---|
| date | Tue, 23 Aug 2011 14:36:31 +0000 |
| parents | 4c43e25d11ea |
| children | d620f497c50f |
line wrap: on
line source
/* * Copyright (C) Igor Sysoev */ #ifndef _NGX_HTTP_BUSY_LOCK_H_INCLUDED_ #define _NGX_HTTP_BUSY_LOCK_H_INCLUDED_ #include <ngx_config.h> #include <ngx_core.h> #include <ngx_event.h> #include <ngx_http.h> typedef struct { u_char *md5_mask; char *md5; int cacheable; int busy; int max_busy; int waiting; int max_waiting; time_t timeout; ngx_event_mutex_t *mutex; } ngx_http_busy_lock_t; typedef struct { time_t time; ngx_event_t *event; void (*event_handler)(ngx_event_t *ev); u_char *md5; int slot; } ngx_http_busy_lock_ctx_t; int ngx_http_busy_lock(ngx_http_busy_lock_t *bl, ngx_http_busy_lock_ctx_t *bc); int ngx_http_busy_lock_cacheable(ngx_http_busy_lock_t *bl, ngx_http_busy_lock_ctx_t *bc, int lock); void ngx_http_busy_unlock(ngx_http_busy_lock_t *bl, ngx_http_busy_lock_ctx_t *bc); char *ngx_http_set_busy_lock_slot(ngx_conf_t *cf, ngx_command_t *cmd, void *conf); #endif /* _NGX_HTTP_BUSY_LOCK_H_INCLUDED_ */