SSL: ssl_session_tickets directive.

author Dirkjan Bussink <d.bussink@gmail.com>

Fri, 10 Jan 2014 15:12:40 +0000 (16:12 +0100)

committer Dirkjan Bussink <d.bussink@gmail.com>

Fri, 10 Jan 2014 15:12:40 +0000 (16:12 +0100)
author Dirkjan Bussink <d.bussink@gmail.com>
Fri, 10 Jan 2014 15:12:40 +0000 (16:12 +0100)
committer Dirkjan Bussink <d.bussink@gmail.com>
Fri, 10 Jan 2014 15:12:40 +0000 (16:12 +0100)
diff --git a/src/http/modules/ngx_http_ssl_module.c b/src/http/modules/ngx_http_ssl_module.c

index a0d258c8ab8f807a914e8ffc822338043f1fa1bd..593111ca68058283fae3c88499bdfb16826f3d82 100644 (file)
--- a/src/http/modules/ngx_http_ssl_module.c
+++ b/src/http/modules/ngx_http_ssl_module.c
@@ -160,6 +160,13 @@ static ngx_command_t  ngx_http_ssl_commands[] = {
        0,
        NULL },
  
+    { ngx_string("ssl_session_tickets"),
+      NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_FLAG,
+      ngx_conf_set_flag_slot,
+      NGX_HTTP_SRV_CONF_OFFSET,
+      offsetof(ngx_http_ssl_srv_conf_t, session_tickets),
+      NULL },
+
      { ngx_string("ssl_session_ticket_key"),
        NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_TAKE1,
        ngx_conf_set_str_array_slot,
@@ -436,6 +443,7 @@ ngx_http_ssl_create_srv_conf(ngx_conf_t *cf)
      sscf->verify_depth = NGX_CONF_UNSET_UINT;
      sscf->builtin_session_cache = NGX_CONF_UNSET;
      sscf->session_timeout = NGX_CONF_UNSET;
+    sscf->session_tickets = NGX_CONF_UNSET;
      sscf->session_ticket_keys = NGX_CONF_UNSET_PTR;
      sscf->stapling = NGX_CONF_UNSET;
      sscf->stapling_verify = NGX_CONF_UNSET;
@@ -644,6 +652,14 @@ ngx_http_ssl_merge_srv_conf(ngx_conf_t *cf, void *parent, void *child)
          return NGX_CONF_ERROR;
      }
  
+    ngx_conf_merge_value(conf->session_tickets, prev->session_tickets, 1);
+
+#ifdef SSL_OP_NO_TICKET
+    if (!conf->session_tickets) {
+        SSL_CTX_set_options(conf->ssl.ctx, SSL_OP_NO_TICKET);
+    }
+#endif
+
      ngx_conf_merge_ptr_value(conf->session_ticket_keys,
                           prev->session_ticket_keys, NULL);
  
diff --git a/src/http/modules/ngx_http_ssl_module.h b/src/http/modules/ngx_http_ssl_module.h

index e72b921acc96841bbaed5346c8f9661b96126aea..ec2c62f6fb5df38c2f2e4c587b20227f28c9db5c 100644 (file)
--- a/src/http/modules/ngx_http_ssl_module.h
+++ b/src/http/modules/ngx_http_ssl_module.h
@@ -44,6 +44,7 @@ typedef struct {
  
      ngx_shm_zone_t                 *shm_zone;
  
+    ngx_flag_t                      session_tickets;
      ngx_array_t                    *session_ticket_keys;
  
      ngx_flag_t                      stapling;
diff --git a/src/mail/ngx_mail_ssl_module.c b/src/mail/ngx_mail_ssl_module.c

index 94c015700e78a3761e40dd326fc7aad4073c005c..fe88f48e43b1cbe1ee98122c0fa6a72e01be7a9f 100644 (file)
--- a/src/mail/ngx_mail_ssl_module.c
+++ b/src/mail/ngx_mail_ssl_module.c
@@ -116,6 +116,13 @@ static ngx_command_t  ngx_mail_ssl_commands[] = {
        0,
        NULL },
  
+    { ngx_string("ssl_session_tickets"),
+      NGX_MAIL_MAIN_CONF|NGX_MAIL_SRV_CONF|NGX_CONF_FLAG,
+      ngx_conf_set_flag_slot,
+      NGX_MAIL_SRV_CONF_OFFSET,
+      offsetof(ngx_mail_ssl_conf_t, session_tickets),
+      NULL },
+
      { ngx_string("ssl_session_ticket_key"),
        NGX_MAIL_MAIN_CONF|NGX_MAIL_SRV_CONF|NGX_CONF_TAKE1,
        ngx_conf_set_str_array_slot,
@@ -191,6 +198,7 @@ ngx_mail_ssl_create_conf(ngx_conf_t *cf)
      scf->prefer_server_ciphers = NGX_CONF_UNSET;
      scf->builtin_session_cache = NGX_CONF_UNSET;
      scf->session_timeout = NGX_CONF_UNSET;
+    scf->session_tickets = NGX_CONF_UNSET;
      scf->session_ticket_keys = NGX_CONF_UNSET_PTR;
  
      return scf;
@@ -339,6 +347,15 @@ ngx_mail_ssl_merge_conf(ngx_conf_t *cf, void *parent, void *child)
          return NGX_CONF_ERROR;
      }
  
+    ngx_conf_merge_value(conf->session_tickets,
+                         prev->session_tickets, 1);
+
+#ifdef SSL_OP_NO_TICKET
+    if (!conf->session_tickets) {
+        SSL_CTX_set_options(conf->ssl.ctx, SSL_OP_NO_TICKET);
+    }
+#endif
+
      ngx_conf_merge_ptr_value(conf->session_ticket_keys,
                           prev->session_ticket_keys, NULL);
  
diff --git a/src/mail/ngx_mail_ssl_module.h b/src/mail/ngx_mail_ssl_module.h

index 54e057721945186e2c3b4735d009e38540218580..bef0e515a02ba003777104164bfc29df838e0785 100644 (file)
--- a/src/mail/ngx_mail_ssl_module.h
+++ b/src/mail/ngx_mail_ssl_module.h
@@ -41,6 +41,7 @@ typedef struct {
  
      ngx_shm_zone_t  *shm_zone;
  
+    ngx_flag_t       session_tickets;
      ngx_array_t     *session_ticket_keys;
  
      u_char          *file;
author	Dirkjan Bussink <d.bussink@gmail.com>
	Fri, 10 Jan 2014 15:12:40 +0000 (16:12 +0100)
committer	Dirkjan Bussink <d.bussink@gmail.com>
	Fri, 10 Jan 2014 15:12:40 +0000 (16:12 +0100)
src/http/modules/ngx_http_ssl_module.c		patch \| blob \| history
src/http/modules/ngx_http_ssl_module.h		patch \| blob \| history
src/mail/ngx_mail_ssl_module.c		patch \| blob \| history
src/mail/ngx_mail_ssl_module.h		patch \| blob \| history