Mercurial > hg > nginx

changeset 6261:97f102a13f33

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
SSL: preserve default server context in connection (ticket #235). This context is needed for shared sessions cache to work in configurations with multiple virtual servers sharing the same port. Unfortunately, OpenSSL does not provide an API to access the session context, thus storing it separately. In collaboration with Vladimir Homutov.
author Maxim Dounin <mdounin@mdounin.ru>
date Mon, 19 Oct 2015 21:22:38 +0300
parents 0e37389c0bd5
children 1063097b22b6
files src/event/ngx_event_openssl.c src/event/ngx_event_openssl.h
diffstat 2 files changed, 9 insertions(+), 13 deletions(-) [+]
line wrap: on
line diff
--- a/src/event/ngx_event_openssl.c	Mon Oct 19 16:16:47 2015 +0300
+++ b/src/event/ngx_event_openssl.c	Mon Oct 19 21:22:38 2015 +0300
@@ -1038,6 +1038,8 @@
     sc->buffer = ((flags & NGX_SSL_BUFFER) != 0);
     sc->buffer_size = ssl->buffer_size;
 
+    sc->session_ctx = ssl->ctx;
+
     sc->connection = SSL_new(ssl->ctx);
 
     if (sc->connection == NULL) {
@@ -2305,7 +2307,7 @@
 
     c = ngx_ssl_get_connection(ssl_conn);
 
-    ssl_ctx = SSL_get_SSL_CTX(ssl_conn);
+    ssl_ctx = c->ssl->session_ctx;
     shm_zone = SSL_CTX_get_ex_data(ssl_ctx, ngx_ssl_session_cache_index);
 
     cache = shm_zone->data;
@@ -2443,21 +2445,17 @@
     ngx_ssl_sess_id_t        *sess_id;
     ngx_ssl_session_cache_t  *cache;
     u_char                    buf[NGX_SSL_MAX_SESSION_SIZE];
-#if (NGX_DEBUG)
     ngx_connection_t         *c;
-#endif
 
     hash = ngx_crc32_short(id, (size_t) len);
     *copy = 0;
 
-#if (NGX_DEBUG)
     c = ngx_ssl_get_connection(ssl_conn);
 
     ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0,
                    "ssl get session: %08XD:%d", hash, len);
-#endif
-
-    shm_zone = SSL_CTX_get_ex_data(SSL_get_SSL_CTX(ssl_conn),
+
+    shm_zone = SSL_CTX_get_ex_data(c->ssl->session_ctx,
                                    ngx_ssl_session_cache_index);
 
     cache = shm_zone->data;
@@ -2836,13 +2834,14 @@
     SSL_CTX                       *ssl_ctx;
     ngx_uint_t                     i;
     ngx_array_t                   *keys;
+    ngx_connection_t              *c;
     ngx_ssl_session_ticket_key_t  *key;
 #if (NGX_DEBUG)
     u_char                         buf[32];
-    ngx_connection_t              *c;
 #endif
 
-    ssl_ctx = SSL_get_SSL_CTX(ssl_conn);
+    c = ngx_ssl_get_connection(ssl_conn);
+    ssl_ctx = c->ssl->session_ctx;
 
     keys = SSL_CTX_get_ex_data(ssl_ctx, ngx_ssl_session_ticket_keys_index);
     if (keys == NULL) {
@@ -2851,10 +2850,6 @@
 
     key = keys->elts;
 
-#if (NGX_DEBUG)
-    c = ngx_ssl_get_connection(ssl_conn);
-#endif
-
     if (enc == 1) {
         /* encrypt session ticket */
 
--- a/src/event/ngx_event_openssl.h	Mon Oct 19 16:16:47 2015 +0300
+++ b/src/event/ngx_event_openssl.h	Mon Oct 19 21:22:38 2015 +0300
@@ -46,6 +46,7 @@
 
 typedef struct {
     ngx_ssl_conn_t             *connection;
+    SSL_CTX                    *session_ctx;
 
     ngx_int_t                   last;
     ngx_buf_t                  *buf;