Mercurial > hg > nginx
comparison src/http/modules/ngx_http_ssl_module.c @ 2996:d6285ff81d35
delete OpenSSL pre-0.9.7 compatibility: the sources were not actually
compatible with OpenSSL 0.9.6 since ssl_session_cache introduction
author | Igor Sysoev <igor@sysoev.ru> |
---|---|
date | Thu, 23 Jul 2009 12:54:20 +0000 |
parents | cc07d164f0dc |
children | ba9a8ba4207e |
comparison
equal
deleted
inserted
replaced
2995:cc07d164f0dc | 2996:d6285ff81d35 |
---|---|
28 | 28 |
29 static char *ngx_http_ssl_enable(ngx_conf_t *cf, ngx_command_t *cmd, | 29 static char *ngx_http_ssl_enable(ngx_conf_t *cf, ngx_command_t *cmd, |
30 void *conf); | 30 void *conf); |
31 static char *ngx_http_ssl_session_cache(ngx_conf_t *cf, ngx_command_t *cmd, | 31 static char *ngx_http_ssl_session_cache(ngx_conf_t *cf, ngx_command_t *cmd, |
32 void *conf); | 32 void *conf); |
33 | |
34 #if !defined (SSL_OP_CIPHER_SERVER_PREFERENCE) | |
35 | |
36 static char *ngx_http_ssl_nosupported(ngx_conf_t *cf, ngx_command_t *cmd, | |
37 void *conf); | |
38 | |
39 static char ngx_http_ssl_openssl097[] = "OpenSSL 0.9.7 and higher"; | |
40 | |
41 #endif | |
42 | 33 |
43 | 34 |
44 static ngx_conf_bitmask_t ngx_http_ssl_protocols[] = { | 35 static ngx_conf_bitmask_t ngx_http_ssl_protocols[] = { |
45 { ngx_string("SSLv2"), NGX_SSL_SSLv2 }, | 36 { ngx_string("SSLv2"), NGX_SSL_SSLv2 }, |
46 { ngx_string("SSLv3"), NGX_SSL_SSLv3 }, | 37 { ngx_string("SSLv3"), NGX_SSL_SSLv3 }, |
122 offsetof(ngx_http_ssl_srv_conf_t, client_certificate), | 113 offsetof(ngx_http_ssl_srv_conf_t, client_certificate), |
123 NULL }, | 114 NULL }, |
124 | 115 |
125 { ngx_string("ssl_prefer_server_ciphers"), | 116 { ngx_string("ssl_prefer_server_ciphers"), |
126 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_FLAG, | 117 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_FLAG, |
127 #ifdef SSL_OP_CIPHER_SERVER_PREFERENCE | |
128 ngx_conf_set_flag_slot, | 118 ngx_conf_set_flag_slot, |
129 NGX_HTTP_SRV_CONF_OFFSET, | 119 NGX_HTTP_SRV_CONF_OFFSET, |
130 offsetof(ngx_http_ssl_srv_conf_t, prefer_server_ciphers), | 120 offsetof(ngx_http_ssl_srv_conf_t, prefer_server_ciphers), |
131 NULL }, | 121 NULL }, |
132 #else | |
133 ngx_http_ssl_nosupported, 0, 0, ngx_http_ssl_openssl097 }, | |
134 #endif | |
135 | 122 |
136 { ngx_string("ssl_session_cache"), | 123 { ngx_string("ssl_session_cache"), |
137 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_TAKE12, | 124 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_TAKE12, |
138 ngx_http_ssl_session_cache, | 125 ngx_http_ssl_session_cache, |
139 NGX_HTTP_SRV_CONF_OFFSET, | 126 NGX_HTTP_SRV_CONF_OFFSET, |
469 if (ngx_ssl_crl(cf, &conf->ssl, &conf->crl) != NGX_OK) { | 456 if (ngx_ssl_crl(cf, &conf->ssl, &conf->crl) != NGX_OK) { |
470 return NGX_CONF_ERROR; | 457 return NGX_CONF_ERROR; |
471 } | 458 } |
472 } | 459 } |
473 | 460 |
474 #ifdef SSL_OP_CIPHER_SERVER_PREFERENCE | |
475 | |
476 if (conf->prefer_server_ciphers) { | 461 if (conf->prefer_server_ciphers) { |
477 SSL_CTX_set_options(conf->ssl.ctx, SSL_OP_CIPHER_SERVER_PREFERENCE); | 462 SSL_CTX_set_options(conf->ssl.ctx, SSL_OP_CIPHER_SERVER_PREFERENCE); |
478 } | 463 } |
479 | |
480 #endif | |
481 | 464 |
482 /* a temporary 512-bit RSA key is required for export versions of MSIE */ | 465 /* a temporary 512-bit RSA key is required for export versions of MSIE */ |
483 if (ngx_ssl_generate_rsa512_key(&conf->ssl) != NGX_OK) { | 466 if (ngx_ssl_generate_rsa512_key(&conf->ssl) != NGX_OK) { |
484 return NGX_CONF_ERROR; | 467 return NGX_CONF_ERROR; |
485 } | 468 } |
634 ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, | 617 ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, |
635 "invalid session cache \"%V\"", &value[i]); | 618 "invalid session cache \"%V\"", &value[i]); |
636 | 619 |
637 return NGX_CONF_ERROR; | 620 return NGX_CONF_ERROR; |
638 } | 621 } |
639 | |
640 | |
641 #if !defined (SSL_OP_CIPHER_SERVER_PREFERENCE) | |
642 | |
643 static char * | |
644 ngx_http_ssl_nosupported(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) | |
645 { | |
646 ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, | |
647 "\"%V\" directive is available only in %s,", | |
648 &cmd->name, cmd->post); | |
649 | |
650 return NGX_CONF_ERROR; | |
651 } | |
652 | |
653 #endif |