# HG changeset patch # User Maxim Dounin # Date 1445278958 -10800 # Node ID 97f102a13f3373ed27d1d0d8f78ac9af8d88a0ff # Parent 0e37389c0bd5ef2341fbfc297b5d59215306b9dd SSL: preserve default server context in connection (ticket #235). This context is needed for shared sessions cache to work in configurations with multiple virtual servers sharing the same port. Unfortunately, OpenSSL does not provide an API to access the session context, thus storing it separately. In collaboration with Vladimir Homutov. diff -r 0e37389c0bd5 -r 97f102a13f33 src/event/ngx_event_openssl.c --- a/src/event/ngx_event_openssl.c Mon Oct 19 16:16:47 2015 +0300 +++ b/src/event/ngx_event_openssl.c Mon Oct 19 21:22:38 2015 +0300 @@ -1038,6 +1038,8 @@ sc->buffer = ((flags & NGX_SSL_BUFFER) != 0); sc->buffer_size = ssl->buffer_size; + sc->session_ctx = ssl->ctx; + sc->connection = SSL_new(ssl->ctx); if (sc->connection == NULL) { @@ -2305,7 +2307,7 @@ c = ngx_ssl_get_connection(ssl_conn); - ssl_ctx = SSL_get_SSL_CTX(ssl_conn); + ssl_ctx = c->ssl->session_ctx; shm_zone = SSL_CTX_get_ex_data(ssl_ctx, ngx_ssl_session_cache_index); cache = shm_zone->data; @@ -2443,21 +2445,17 @@ ngx_ssl_sess_id_t *sess_id; ngx_ssl_session_cache_t *cache; u_char buf[NGX_SSL_MAX_SESSION_SIZE]; -#if (NGX_DEBUG) ngx_connection_t *c; -#endif hash = ngx_crc32_short(id, (size_t) len); *copy = 0; -#if (NGX_DEBUG) c = ngx_ssl_get_connection(ssl_conn); ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0, "ssl get session: %08XD:%d", hash, len); -#endif - - shm_zone = SSL_CTX_get_ex_data(SSL_get_SSL_CTX(ssl_conn), + + shm_zone = SSL_CTX_get_ex_data(c->ssl->session_ctx, ngx_ssl_session_cache_index); cache = shm_zone->data; @@ -2836,13 +2834,14 @@ SSL_CTX *ssl_ctx; ngx_uint_t i; ngx_array_t *keys; + ngx_connection_t *c; ngx_ssl_session_ticket_key_t *key; #if (NGX_DEBUG) u_char buf[32]; - ngx_connection_t *c; #endif - ssl_ctx = SSL_get_SSL_CTX(ssl_conn); + c = ngx_ssl_get_connection(ssl_conn); + ssl_ctx = c->ssl->session_ctx; keys = SSL_CTX_get_ex_data(ssl_ctx, ngx_ssl_session_ticket_keys_index); if (keys == NULL) { @@ -2851,10 +2850,6 @@ key = keys->elts; -#if (NGX_DEBUG) - c = ngx_ssl_get_connection(ssl_conn); -#endif - if (enc == 1) { /* encrypt session ticket */ diff -r 0e37389c0bd5 -r 97f102a13f33 src/event/ngx_event_openssl.h --- a/src/event/ngx_event_openssl.h Mon Oct 19 16:16:47 2015 +0300 +++ b/src/event/ngx_event_openssl.h Mon Oct 19 21:22:38 2015 +0300 @@ -46,6 +46,7 @@ typedef struct { ngx_ssl_conn_t *connection; + SSL_CTX *session_ctx; ngx_int_t last; ngx_buf_t *buf;