# HG changeset patch # User Maxim Dounin # Date 1445278958 -10800 # Node ID 60ae7596958804ddb6cb6411017254252ccc2aeb # Parent 50169ef2f3feb96ed3a29c1af4fc42cdc8a6691f SSL: preserve default server context in connection (ticket #235). This context is needed for shared sessions cache to work in configurations with multiple virtual servers sharing the same port. Unfortunately, OpenSSL does not provide an API to access the session context, thus storing it separately. In collaboration with Vladimir Homutov. diff -r 50169ef2f3fe -r 60ae75969588 src/event/ngx_event_openssl.c --- a/src/event/ngx_event_openssl.c Thu Sep 03 15:09:21 2015 +0300 +++ b/src/event/ngx_event_openssl.c Mon Oct 19 21:22:38 2015 +0300 @@ -1038,6 +1038,8 @@ sc->buffer = ((flags & NGX_SSL_BUFFER) != 0); sc->buffer_size = ssl->buffer_size; + sc->session_ctx = ssl->ctx; + sc->connection = SSL_new(ssl->ctx); if (sc->connection == NULL) { @@ -2303,7 +2305,7 @@ c = ngx_ssl_get_connection(ssl_conn); - ssl_ctx = SSL_get_SSL_CTX(ssl_conn); + ssl_ctx = c->ssl->session_ctx; shm_zone = SSL_CTX_get_ex_data(ssl_ctx, ngx_ssl_session_cache_index); cache = shm_zone->data; @@ -2441,21 +2443,17 @@ ngx_ssl_sess_id_t *sess_id; ngx_ssl_session_cache_t *cache; u_char buf[NGX_SSL_MAX_SESSION_SIZE]; -#if (NGX_DEBUG) ngx_connection_t *c; -#endif hash = ngx_crc32_short(id, (size_t) len); *copy = 0; -#if (NGX_DEBUG) c = ngx_ssl_get_connection(ssl_conn); ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0, "ssl get session: %08XD:%d", hash, len); -#endif - - shm_zone = SSL_CTX_get_ex_data(SSL_get_SSL_CTX(ssl_conn), + + shm_zone = SSL_CTX_get_ex_data(c->ssl->session_ctx, ngx_ssl_session_cache_index); cache = shm_zone->data; @@ -2834,13 +2832,14 @@ SSL_CTX *ssl_ctx; ngx_uint_t i; ngx_array_t *keys; + ngx_connection_t *c; ngx_ssl_session_ticket_key_t *key; #if (NGX_DEBUG) u_char buf[32]; - ngx_connection_t *c; #endif - ssl_ctx = SSL_get_SSL_CTX(ssl_conn); + c = ngx_ssl_get_connection(ssl_conn); + ssl_ctx = c->ssl->session_ctx; keys = SSL_CTX_get_ex_data(ssl_ctx, ngx_ssl_session_ticket_keys_index); if (keys == NULL) { @@ -2849,10 +2848,6 @@ key = keys->elts; -#if (NGX_DEBUG) - c = ngx_ssl_get_connection(ssl_conn); -#endif - if (enc == 1) { /* encrypt session ticket */ diff -r 50169ef2f3fe -r 60ae75969588 src/event/ngx_event_openssl.h --- a/src/event/ngx_event_openssl.h Thu Sep 03 15:09:21 2015 +0300 +++ b/src/event/ngx_event_openssl.h Mon Oct 19 21:22:38 2015 +0300 @@ -46,6 +46,7 @@ typedef struct { ngx_ssl_conn_t *connection; + SSL_CTX *session_ctx; ngx_int_t last; ngx_buf_t *buf;