# HG changeset patch
# User Piotr Sikora <piotr@cloudflare.com>
# Date 1369177330 25200
# Node ID 8646199ded31a725bea599aeafc581f9c969872d
# Parent 4b277448dfd56751c7c88477e78b2ba3cf6ae472
SNI: store server name in the ngx_ssl_connection_t structure.

SNI server name is a property of the SSL connection and there is
no good reason to store it elsewhere.

Also, this makes the stored value accessible by non-HTTP modules.

Signed-off-by: Piotr Sikora <piotr@cloudflare.com>

diff -r 4b277448dfd5 -r 8646199ded31 src/event/ngx_event_openssl.h
--- a/src/event/ngx_event_openssl.h Tue May 21 16:01:59 2013 -0700
+++ b/src/event/ngx_event_openssl.h Tue May 21 16:02:10 2013 -0700
@@ -43,6 +43,13 @@
ngx_event_handler_pt saved_read_handler;
ngx_event_handler_pt saved_write_handler;

+#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
+ ngx_str_t *servername;
+#if (NGX_PCRE)
+ void *servername_regex;
+#endif
+#endif
+
unsigned handshaked:1;
unsigned renegotiation:1;
unsigned buffer:1;
diff -r 4b277448dfd5 -r 8646199ded31 src/http/ngx_http_request.c
--- a/src/http/ngx_http_request.c Tue May 21 16:01:59 2013 -0700
+++ b/src/http/ngx_http_request.c Tue May 21 16:02:10 2013 -0700
@@ -807,12 +807,12 @@
return SSL_TLSEXT_ERR_NOACK;
}

- hc->ssl_servername = ngx_palloc(c->pool, sizeof(ngx_str_t));
- if (hc->ssl_servername == NULL) {
+ c->ssl->servername = ngx_palloc(c->pool, sizeof(ngx_str_t));
+ if (c->ssl->servername == NULL) {
return SSL_TLSEXT_ERR_NOACK;
}

- *hc->ssl_servername = host;
+ *c->ssl->servername = host;

if (rc == NGX_DECLINED || hc->conf_ctx == cscf->ctx) {
return SSL_TLSEXT_ERR_OK;
@@ -1954,23 +1954,24 @@
ngx_http_set_virtual_server(ngx_http_request_t *r, ngx_str_t *host)
{
ngx_int_t rc;
+ ngx_connection_t *c;
ngx_http_connection_t *hc;
ngx_http_core_loc_conf_t *clcf;
ngx_http_core_srv_conf_t *cscf;

- hc = r->http_connection;
+ c = r->connection;

#if (NGX_HTTP_SSL && defined SSL_CTRL_SET_TLSEXT_HOSTNAME)

- if (hc->ssl_servername) {
- if (hc->ssl_servername->len == host->len
- && ngx_strncmp(hc->ssl_servername->data,
+ if (c->ssl && c->ssl->servername) {
+ if (c->ssl->servername->len == host->len
+ && ngx_strncmp(c->ssl->servername->data,
host->data, host->len) == 0)
{
#if (NGX_PCRE)
- if (hc->ssl_servername_regex
- && ngx_http_regex_exec(r, hc->ssl_servername_regex,
- hc->ssl_servername) != NGX_OK)
+ if (c->ssl->servername_regex
+ && ngx_http_regex_exec(r, c->ssl->servername_regex,
+ c->ssl->servername) != NGX_OK)
{
ngx_http_close_request(r, NGX_HTTP_INTERNAL_SERVER_ERROR);
return NGX_ERROR;
@@ -1982,8 +1983,9 @@

#endif

- rc = ngx_http_find_virtual_server(r->connection,
- hc->addr_conf->virtual_names,
+ hc = r->http_connection;
+
+ rc = ngx_http_find_virtual_server(c, hc->addr_conf->virtual_names,
host, r, &cscf);

if (rc == NGX_ERROR) {
@@ -1993,7 +1995,7 @@

#if (NGX_HTTP_SSL && defined SSL_CTRL_SET_TLSEXT_HOSTNAME)

- if (hc->ssl_servername) {
+ if (c->ssl && c->ssl->servername) {
ngx_http_ssl_srv_conf_t *sscf;

if (rc == NGX_DECLINED) {
@@ -2004,7 +2006,7 @@
sscf = ngx_http_get_module_srv_conf(cscf->ctx, ngx_http_ssl_module);

if (sscf->verify) {
- ngx_log_error(NGX_LOG_INFO, r->connection->log, 0,
+ ngx_log_error(NGX_LOG_INFO, c->log, 0,
"client attempted to request the server name "
"different from that one was negotiated");
ngx_http_finalize_request(r, NGX_HTTP_BAD_REQUEST);
@@ -2023,7 +2025,7 @@

clcf = ngx_http_get_module_loc_conf(r, ngx_http_core_module);

- ngx_http_set_connection_log(r->connection, clcf->error_log);
+ ngx_http_set_connection_log(c, clcf->error_log);

return NGX_OK;
}
@@ -2060,8 +2062,7 @@

#if (NGX_HTTP_SSL && defined SSL_CTRL_SET_TLSEXT_HOSTNAME)

- if (r == NULL) {
- ngx_http_connection_t *hc;
+ if (r == NULL && c->ssl) {

for (i = 0; i < virtual_names->nregex; i++) {

@@ -2072,8 +2073,7 @@
}

if (n >= 0) {
- hc = c->data;
- hc->ssl_servername_regex = sn[i].regex;
+ c->ssl->servername_regex = sn[i].regex;

*cscfp = sn[i].server;
return NGX_OK;
diff -r 4b277448dfd5 -r 8646199ded31 src/http/ngx_http_request.h
--- a/src/http/ngx_http_request.h Tue May 21 16:01:59 2013 -0700
+++ b/src/http/ngx_http_request.h Tue May 21 16:02:10 2013 -0700
@@ -295,13 +295,6 @@
ngx_http_addr_conf_t *addr_conf;
ngx_http_conf_ctx_t *conf_ctx;

-#if (NGX_HTTP_SSL && defined SSL_CTRL_SET_TLSEXT_HOSTNAME)
- ngx_str_t *ssl_servername;
-#if (NGX_PCRE)
- ngx_http_regex_t *ssl_servername_regex;
-#endif
-#endif
-
ngx_buf_t **busy;
ngx_int_t nbusy;

_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel