details: http://hg.nginx.org/nginx/rev/97f102a13f33
branches:
changeset: 6261:97f102a13f33
user: Maxim Dounin <mdounin@mdounin.ru>
date: Mon Oct 19 21:22:38 2015 +0300
description:
SSL: preserve default server context in connection (ticket #235).

This context is needed for shared sessions cache to work in configurations
with multiple virtual servers sharing the same port. Unfortunately, OpenSSL
does not provide an API to access the session context, thus storing it
separately.

In collaboration with Vladimir Homutov.

diffstat:

src/event/ngx_event_openssl.c | 21 ++++++++-------------
src/event/ngx_event_openssl.h | 1 +
2 files changed, 9 insertions(+), 13 deletions(-)

diffs (84 lines):

diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c
--- a/src/event/ngx_event_openssl.c
+++ b/src/event/ngx_event_openssl.c
@@ -1038,6 +1038,8 @@ ngx_ssl_create_connection(ngx_ssl_t *ssl
sc->buffer = ((flags & NGX_SSL_BUFFER) != 0);
sc->buffer_size = ssl->buffer_size;

+ sc->session_ctx = ssl->ctx;
+
sc->connection = SSL_new(ssl->ctx);

if (sc->connection == NULL) {
@@ -2305,7 +2307,7 @@ ngx_ssl_new_session(ngx_ssl_conn_t *ssl_

c = ngx_ssl_get_connection(ssl_conn);

- ssl_ctx = SSL_get_SSL_CTX(ssl_conn);
+ ssl_ctx = c->ssl->session_ctx;
shm_zone = SSL_CTX_get_ex_data(ssl_ctx, ngx_ssl_session_cache_index);

cache = shm_zone->data;
@@ -2443,21 +2445,17 @@ ngx_ssl_get_cached_session(ngx_ssl_conn_
ngx_ssl_sess_id_t *sess_id;
ngx_ssl_session_cache_t *cache;
u_char buf[NGX_SSL_MAX_SESSION_SIZE];
-#if (NGX_DEBUG)
ngx_connection_t *c;
-#endif

hash = ngx_crc32_short(id, (size_t) len);
*copy = 0;

-#if (NGX_DEBUG)
c = ngx_ssl_get_connection(ssl_conn);

ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0,
"ssl get session: %08XD:%d", hash, len);
-#endif
-
- shm_zone = SSL_CTX_get_ex_data(SSL_get_SSL_CTX(ssl_conn),
+
+ shm_zone = SSL_CTX_get_ex_data(c->ssl->session_ctx,
ngx_ssl_session_cache_index);

cache = shm_zone->data;
@@ -2836,13 +2834,14 @@ ngx_ssl_session_ticket_key_callback(ngx_
SSL_CTX *ssl_ctx;
ngx_uint_t i;
ngx_array_t *keys;
+ ngx_connection_t *c;
ngx_ssl_session_ticket_key_t *key;
#if (NGX_DEBUG)
u_char buf[32];
- ngx_connection_t *c;
#endif

- ssl_ctx = SSL_get_SSL_CTX(ssl_conn);
+ c = ngx_ssl_get_connection(ssl_conn);
+ ssl_ctx = c->ssl->session_ctx;

keys = SSL_CTX_get_ex_data(ssl_ctx, ngx_ssl_session_ticket_keys_index);
if (keys == NULL) {
@@ -2851,10 +2850,6 @@ ngx_ssl_session_ticket_key_callback(ngx_

key = keys->elts;

-#if (NGX_DEBUG)
- c = ngx_ssl_get_connection(ssl_conn);
-#endif
-
if (enc == 1) {
/* encrypt session ticket */

diff --git a/src/event/ngx_event_openssl.h b/src/event/ngx_event_openssl.h
--- a/src/event/ngx_event_openssl.h
+++ b/src/event/ngx_event_openssl.h
@@ -46,6 +46,7 @@ typedef struct {

typedef struct {
ngx_ssl_conn_t *connection;
+ SSL_CTX *session_ctx;

ngx_int_t last;
ngx_buf_t *buf;

_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel