diff options
| author | Igor Sysoev <igor@sysoev.ru> | 2005-01-18 13:03:58 +0000 |
|---|---|---|
| committer | Igor Sysoev <igor@sysoev.ru> | 2005-01-18 13:03:58 +0000 |
| commit | 02025fd6bdfa997f521c3b26a08aeba366308e84 (patch) | |
| tree | 44db6ebb4e310f97f4550b7d7d69932636764304 /src/http/modules/ngx_http_ssl_module.c | |
| parent | 543d02a4427e1833f8f9bdb60e3ff5e9fe2eb21b (diff) | |
| download | nginx-02025fd6bdfa997f521c3b26a08aeba366308e84.tar.gz nginx-02025fd6bdfa997f521c3b26a08aeba366308e84.zip | |
nginx-0.1.14-RELEASE importrelease-0.1.14
*) Feature: the autoconfiguration directives:
--http-client-body-temp-path=PATH, --http-proxy-temp-path=PATH, and
--http-fastcgi-temp-path=PATH
*) Change: the directory name for the temporary files with the client
request body is specified by directive client_body_temp_path, by
default it is <prefix>/client_body_temp.
*) Feature: the ngx_http_fastcgi_module and the directives:
fastcgi_pass, fastcgi_root, fastcgi_index, fastcgi_params,
fastcgi_connect_timeout, fastcgi_send_timeout, fastcgi_read_timeout,
fastcgi_send_lowat, fastcgi_header_buffer_size, fastcgi_buffers,
fastcgi_busy_buffers_size, fastcgi_temp_path,
fastcgi_max_temp_file_size, fastcgi_temp_file_write_size,
fastcgi_next_upstream, and fastcgi_x_powered_by.
*) Bugfix: the "[alert] zero size buf" error; the bug had appeared in
0.1.3.
*) Change: the URI must be specified after the host name in the
proxy_pass directive.
*) Change: the %3F symbol in the URI was considered as the argument
string start.
*) Feature: the unix domain sockets support in the
ngx_http_proxy_module.
*) Feature: the ssl_engine and ssl_ciphers directives.
Thanks to Sergey Skvortsov for SSL-accelerator.
Diffstat (limited to 'src/http/modules/ngx_http_ssl_module.c')
| -rw-r--r-- | src/http/modules/ngx_http_ssl_module.c | 96 |
1 files changed, 94 insertions, 2 deletions
diff --git a/src/http/modules/ngx_http_ssl_module.c b/src/http/modules/ngx_http_ssl_module.c index 35ab2c46c..9cb6e171d 100644 --- a/src/http/modules/ngx_http_ssl_module.c +++ b/src/http/modules/ngx_http_ssl_module.c @@ -8,11 +8,15 @@ #include <ngx_core.h> #include <ngx_http.h> +#include <openssl/engine.h> + #define NGX_DEFLAUT_CERTIFICATE "cert.pem" #define NGX_DEFLAUT_CERTIFICATE_KEY "cert.pem" +static void *ngx_http_ssl_create_main_conf(ngx_conf_t *cf); +static char *ngx_http_ssl_init_main_conf(ngx_conf_t *cf, void *conf); static void *ngx_http_ssl_create_srv_conf(ngx_conf_t *cf); static char *ngx_http_ssl_merge_srv_conf(ngx_conf_t *cf, void *parent, void *child); @@ -20,6 +24,13 @@ static char *ngx_http_ssl_merge_srv_conf(ngx_conf_t *cf, static ngx_command_t ngx_http_ssl_commands[] = { + { ngx_string("ssl_engine"), + NGX_HTTP_MAIN_CONF|NGX_CONF_TAKE1, + ngx_conf_set_str_slot, + NGX_HTTP_MAIN_CONF_OFFSET, + offsetof(ngx_http_ssl_main_conf_t, engine), + NULL }, + { ngx_string("ssl"), NGX_HTTP_SRV_CONF|NGX_CONF_FLAG, ngx_conf_set_flag_slot, @@ -41,6 +52,13 @@ static ngx_command_t ngx_http_ssl_commands[] = { offsetof(ngx_http_ssl_srv_conf_t, certificate_key), NULL }, + { ngx_string("ssl_ciphers"), + NGX_HTTP_SRV_CONF|NGX_CONF_TAKE1, + ngx_conf_set_str_slot, + NGX_HTTP_SRV_CONF_OFFSET, + offsetof(ngx_http_ssl_srv_conf_t, ciphers), + NULL }, + ngx_null_command }; @@ -48,8 +66,8 @@ static ngx_command_t ngx_http_ssl_commands[] = { static ngx_http_module_t ngx_http_ssl_module_ctx = { NULL, /* pre conf */ - NULL, /* create main configuration */ - NULL, /* init main configuration */ + ngx_http_ssl_create_main_conf, /* create main configuration */ + ngx_http_ssl_init_main_conf, /* init main configuration */ ngx_http_ssl_create_srv_conf, /* create server configuration */ ngx_http_ssl_merge_srv_conf, /* merge server configuration */ @@ -69,6 +87,56 @@ ngx_module_t ngx_http_ssl_module = { }; +static void *ngx_http_ssl_create_main_conf(ngx_conf_t *cf) +{ + ngx_http_ssl_main_conf_t *mcf; + + if (!(mcf = ngx_pcalloc(cf->pool, sizeof(ngx_http_ssl_main_conf_t)))) { + return NGX_CONF_ERROR; + } + + /* + * set by ngx_pcalloc(): + * + * mcf->engine.len = 0; + * mcf->engine.data = NULL; + */ + + return mcf; +} + + +static char *ngx_http_ssl_init_main_conf(ngx_conf_t *cf, void *conf) +{ + ngx_http_ssl_main_conf_t *mcf = conf; + + ENGINE *engine; + + if (mcf->engine.len == 0) { + return NGX_CONF_OK; + } + + engine = ENGINE_by_id((const char *) mcf->engine.data); + + if (engine == NULL) { + ngx_ssl_error(NGX_LOG_WARN, cf->log, 0, + "ENGINE_by_id(\"%V\") failed", &mcf->engine); + return NGX_CONF_ERROR; + } + + if (ENGINE_set_default(engine, ENGINE_METHOD_ALL) == 0) { + ngx_ssl_error(NGX_LOG_WARN, cf->log, 0, + "ENGINE_set_default(\"%V\", ENGINE_METHOD_ALL) failed", + &mcf->engine); + return NGX_CONF_ERROR; + } + + ENGINE_free(engine); + + return NGX_CONF_OK; +} + + static void *ngx_http_ssl_create_srv_conf(ngx_conf_t *cf) { ngx_http_ssl_srv_conf_t *scf; @@ -77,6 +145,17 @@ static void *ngx_http_ssl_create_srv_conf(ngx_conf_t *cf) return NGX_CONF_ERROR; } + /* + * set by ngx_pcalloc(): + * + * scf->certificate.len = 0; + * scf->certificate.data = NULL; + * scf->certificate_key.len = 0; + * scf->certificate_key.data = NULL; + * scf->ciphers.len = 0; + * scf->ciphers.data = NULL; + */ + scf->enable = NGX_CONF_UNSET; return scf; @@ -101,6 +180,9 @@ static char *ngx_http_ssl_merge_srv_conf(ngx_conf_t *cf, ngx_conf_merge_str_value(conf->certificate_key, prev->certificate_key, NGX_DEFLAUT_CERTIFICATE_KEY); + ngx_conf_merge_str_value(conf->ciphers, prev->ciphers, ""); + + /* TODO: configure methods */ conf->ssl_ctx = SSL_CTX_new(SSLv23_server_method()); @@ -110,6 +192,16 @@ static char *ngx_http_ssl_merge_srv_conf(ngx_conf_t *cf, return NGX_CONF_ERROR; } + if (conf->ciphers.len) { + if (SSL_CTX_set_cipher_list(conf->ssl_ctx, + (const char *) conf->ciphers.data) == 0) + { + ngx_ssl_error(NGX_LOG_EMERG, cf->log, 0, + "SSL_CTX_set_cipher_list(\"%V\") failed", + &conf->ciphers); + } + } + if (SSL_CTX_use_certificate_file(conf->ssl_ctx, (char *) conf->certificate.data, SSL_FILETYPE_PEM) == 0) { |