0,
NULL },
+ { ngx_string("ssl_stapling"),
+ NGX_STREAM_MAIN_CONF|NGX_STREAM_SRV_CONF|NGX_CONF_FLAG,
+ ngx_conf_set_flag_slot,
+ NGX_STREAM_SRV_CONF_OFFSET,
+ offsetof(ngx_stream_ssl_srv_conf_t, stapling),
+ NULL },
+
+ { ngx_string("ssl_stapling_file"),
+ NGX_STREAM_MAIN_CONF|NGX_STREAM_SRV_CONF|NGX_CONF_TAKE1,
+ ngx_conf_set_str_slot,
+ NGX_STREAM_SRV_CONF_OFFSET,
+ offsetof(ngx_stream_ssl_srv_conf_t, stapling_file),
+ NULL },
+
+ { ngx_string("ssl_stapling_responder"),
+ NGX_STREAM_MAIN_CONF|NGX_STREAM_SRV_CONF|NGX_CONF_TAKE1,
+ ngx_conf_set_str_slot,
+ NGX_STREAM_SRV_CONF_OFFSET,
+ offsetof(ngx_stream_ssl_srv_conf_t, stapling_responder),
+ NULL },
+
+ { ngx_string("ssl_stapling_verify"),
+ NGX_STREAM_MAIN_CONF|NGX_STREAM_SRV_CONF|NGX_CONF_FLAG,
+ ngx_conf_set_flag_slot,
+ NGX_STREAM_SRV_CONF_OFFSET,
+ offsetof(ngx_stream_ssl_srv_conf_t, stapling_verify),
+ NULL },
+
{ ngx_string("ssl_conf_command"),
NGX_STREAM_MAIN_CONF|NGX_STREAM_SRV_CONF|NGX_CONF_TAKE2,
ngx_conf_set_keyval_slot,
* sscf->ciphers = { 0, NULL };
* sscf->shm_zone = NULL;
* sscf->ocsp_responder = { 0, NULL };
+ * sscf->stapling_file = { 0, NULL };
+ * sscf->stapling_responder = { 0, NULL };
*/
sscf->handshake_timeout = NGX_CONF_UNSET_MSEC;
sscf->session_ticket_keys = NGX_CONF_UNSET_PTR;
sscf->ocsp = NGX_CONF_UNSET_UINT;
sscf->ocsp_cache_zone = NGX_CONF_UNSET_PTR;
+ sscf->stapling = NGX_CONF_UNSET;
+ sscf->stapling_verify = NGX_CONF_UNSET;
return sscf;
}
ngx_conf_merge_ptr_value(conf->ocsp_cache_zone,
prev->ocsp_cache_zone, NULL);
+ ngx_conf_merge_value(conf->stapling, prev->stapling, 0);
+ ngx_conf_merge_value(conf->stapling_verify, prev->stapling_verify, 0);
+ ngx_conf_merge_str_value(conf->stapling_file, prev->stapling_file, "");
+ ngx_conf_merge_str_value(conf->stapling_responder,
+ prev->stapling_responder, "");
+
conf->ssl.log = cf->log;
if (conf->certificates) {
{
return NGX_CONF_ERROR;
}
+ }
- if (ngx_ssl_trusted_certificate(cf, &conf->ssl,
- &conf->trusted_certificate,
- conf->verify_depth)
- != NGX_OK)
- {
- return NGX_CONF_ERROR;
- }
+ if (ngx_ssl_trusted_certificate(cf, &conf->ssl,
+ &conf->trusted_certificate,
+ conf->verify_depth)
+ != NGX_OK)
+ {
+ return NGX_CONF_ERROR;
+ }
- if (ngx_ssl_crl(cf, &conf->ssl, &conf->crl) != NGX_OK) {
- return NGX_CONF_ERROR;
- }
+ if (ngx_ssl_crl(cf, &conf->ssl, &conf->crl) != NGX_OK) {
+ return NGX_CONF_ERROR;
}
if (conf->ocsp) {
return NGX_CONF_ERROR;
}
+ if (conf->stapling) {
+
+ if (ngx_ssl_stapling(cf, &conf->ssl, &conf->stapling_file,
+ &conf->stapling_responder, conf->stapling_verify)
+ != NGX_OK)
+ {
+ return NGX_CONF_ERROR;
+ }
+
+ }
+
if (ngx_ssl_conf_commands(cf, &conf->ssl, conf->conf_commands) != NGX_OK) {
return NGX_CONF_ERROR;
}
cscf = cscfp[s]->ctx->srv_conf[ngx_stream_core_module.ctx_index];
+ if (sscf->stapling) {
+ if (ngx_ssl_stapling_resolver(cf, &sscf->ssl, cscf->resolver,
+ cscf->resolver_timeout)
+ != NGX_OK)
+ {
+ return NGX_ERROR;
+ }
+ }
+
if (sscf->ocsp) {
if (ngx_ssl_ocsp_resolver(cf, &sscf->ssl, cscf->resolver,
cscf->resolver_timeout)
projects / nginx.git / commitdiff