Welcome! Log In Create A New Profile

Advanced

[PATCH 3 of 6] SSL: pull common SSL options into OpenSSL module

Previous Message Next Message
Forum List Message List New Topic Print View
Piotr Sikora
August 17, 2016 08:32PM
# HG changeset patch
# User Piotr Sikora <piotrsikora@google.com>
# Date 1471428985 25200
# Wed Aug 17 03:16:25 2016 -0700
# Node ID 99c2f52beae28567bf2f8501d1a182cd20004c71
# Parent 788c6187bdbd72787ba24505731e42b6a2307be3
SSL: pull common SSL options into OpenSSL module.

No functional changes.

Signed-off-by: Piotr Sikora <piotrsikora@google.com>

diff -r 788c6187bdbd -r 99c2f52beae2 src/core/ngx_core.h
--- a/src/core/ngx_core.h
+++ b/src/core/ngx_core.h
@@ -79,11 +79,11 @@ typedef void (*ngx_connection_handler_pt
#include <ngx_inet.h>
#include <ngx_cycle.h>
#include <ngx_resolver.h>
+#include <ngx_conf_file.h>
#if (NGX_OPENSSL)
#include <ngx_event_openssl.h>
#endif
#include <ngx_process_cycle.h>
-#include <ngx_conf_file.h>
#include <ngx_module.h>
#include <ngx_open_file_cache.h>
#include <ngx_os.h>
diff -r 788c6187bdbd -r 99c2f52beae2 src/event/ngx_event_openssl.c
--- a/src/event/ngx_event_openssl.c
+++ b/src/event/ngx_event_openssl.c
@@ -64,6 +64,25 @@ static char *ngx_openssl_engine(ngx_conf
static void ngx_openssl_exit(ngx_cycle_t *cycle);


+ngx_conf_bitmask_t ngx_ssl_protocol_masks[] = {
+ { ngx_string("SSLv2"), NGX_SSL_SSLv2 },
+ { ngx_string("SSLv3"), NGX_SSL_SSLv3 },
+ { ngx_string("TLSv1"), NGX_SSL_TLSv1 },
+ { ngx_string("TLSv1.1"), NGX_SSL_TLSv1_1 },
+ { ngx_string("TLSv1.2"), NGX_SSL_TLSv1_2 },
+ { ngx_null_string, 0 }
+};
+
+
+ngx_conf_enum_t ngx_ssl_verify_options[] = {
+ { ngx_string("off"), NGX_SSL_VERIFY_OFF },
+ { ngx_string("on"), NGX_SSL_VERIFY_REQUIRED },
+ { ngx_string("optional"), NGX_SSL_VERIFY_OPTIONAL },
+ { ngx_string("optional_no_ca"), NGX_SSL_VERIFY_OPTIONAL_NO_CA },
+ { ngx_null_string, 0 }
+};
+
+
static ngx_command_t ngx_openssl_commands[] = {

{ ngx_string("ssl_engine"),
diff -r 788c6187bdbd -r 99c2f52beae2 src/event/ngx_event_openssl.h
--- a/src/event/ngx_event_openssl.h
+++ b/src/event/ngx_event_openssl.h
@@ -237,6 +237,10 @@ void ngx_cdecl ngx_ssl_error(ngx_uint_t
void ngx_ssl_cleanup_ctx(void *data);


+extern ngx_conf_bitmask_t ngx_ssl_protocol_masks[];
+extern ngx_conf_enum_t ngx_ssl_verify_options[];
+
+
extern int ngx_ssl_connection_index;
extern int ngx_ssl_server_conf_index;
extern int ngx_ssl_session_cache_index;
diff -r 788c6187bdbd -r 99c2f52beae2 src/http/modules/ngx_http_proxy_module.c
--- a/src/http/modules/ngx_http_proxy_module.c
+++ b/src/http/modules/ngx_http_proxy_module.c
@@ -226,20 +226,6 @@ static ngx_conf_bitmask_t ngx_http_prox
};


-#if (NGX_HTTP_SSL)
-
-static ngx_conf_bitmask_t ngx_http_proxy_ssl_protocols[] = {
- { ngx_string("SSLv2"), NGX_SSL_SSLv2 },
- { ngx_string("SSLv3"), NGX_SSL_SSLv3 },
- { ngx_string("TLSv1"), NGX_SSL_TLSv1 },
- { ngx_string("TLSv1.1"), NGX_SSL_TLSv1_1 },
- { ngx_string("TLSv1.2"), NGX_SSL_TLSv1_2 },
- { ngx_null_string, 0 }
-};
-
-#endif
-
-
static ngx_conf_enum_t ngx_http_proxy_http_version[] = {
{ ngx_string("1.0"), NGX_HTTP_VERSION_10 },
{ ngx_string("1.1"), NGX_HTTP_VERSION_11 },
@@ -627,7 +613,7 @@ static ngx_command_t ngx_http_proxy_com
ngx_conf_set_bitmask_slot,
NGX_HTTP_LOC_CONF_OFFSET,
offsetof(ngx_http_proxy_loc_conf_t, ssl_protocols),
- &ngx_http_proxy_ssl_protocols },
+ &ngx_ssl_protocol_masks },

{ ngx_string("proxy_ssl_ciphers"),
NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1,
diff -r 788c6187bdbd -r 99c2f52beae2 src/http/modules/ngx_http_ssl_module.c
--- a/src/http/modules/ngx_http_ssl_module.c
+++ b/src/http/modules/ngx_http_ssl_module.c
@@ -48,25 +48,6 @@ static char *ngx_http_ssl_session_cache(
static ngx_int_t ngx_http_ssl_init(ngx_conf_t *cf);


-static ngx_conf_bitmask_t ngx_http_ssl_protocols[] = {
- { ngx_string("SSLv2"), NGX_SSL_SSLv2 },
- { ngx_string("SSLv3"), NGX_SSL_SSLv3 },
- { ngx_string("TLSv1"), NGX_SSL_TLSv1 },
- { ngx_string("TLSv1.1"), NGX_SSL_TLSv1_1 },
- { ngx_string("TLSv1.2"), NGX_SSL_TLSv1_2 },
- { ngx_null_string, 0 }
-};
-
-
-static ngx_conf_enum_t ngx_http_ssl_verify[] = {
- { ngx_string("off"), NGX_SSL_VERIFY_OFF },
- { ngx_string("on"), NGX_SSL_VERIFY_REQUIRED },
- { ngx_string("optional"), NGX_SSL_VERIFY_OPTIONAL },
- { ngx_string("optional_no_ca"), NGX_SSL_VERIFY_OPTIONAL_NO_CA },
- { ngx_null_string, 0 }
-};
-
-
static ngx_command_t ngx_http_ssl_commands[] = {

{ ngx_string("ssl"),
@@ -116,7 +97,7 @@ static ngx_command_t ngx_http_ssl_comma
ngx_conf_set_bitmask_slot,
NGX_HTTP_SRV_CONF_OFFSET,
offsetof(ngx_http_ssl_srv_conf_t, protocols),
- &ngx_http_ssl_protocols },
+ &ngx_ssl_protocol_masks },

{ ngx_string("ssl_ciphers"),
NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_TAKE1,
@@ -137,7 +118,7 @@ static ngx_command_t ngx_http_ssl_comma
ngx_conf_set_enum_slot,
NGX_HTTP_SRV_CONF_OFFSET,
offsetof(ngx_http_ssl_srv_conf_t, verify),
- &ngx_http_ssl_verify },
+ &ngx_ssl_verify_options },

{ ngx_string("ssl_verify_depth"),
NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_TAKE1,
diff -r 788c6187bdbd -r 99c2f52beae2 src/http/modules/ngx_http_uwsgi_module.c
--- a/src/http/modules/ngx_http_uwsgi_module.c
+++ b/src/http/modules/ngx_http_uwsgi_module.c
@@ -120,20 +120,6 @@ static ngx_conf_bitmask_t ngx_http_uwsgi
};


-#if (NGX_HTTP_SSL)
-
-static ngx_conf_bitmask_t ngx_http_uwsgi_ssl_protocols[] = {
- { ngx_string("SSLv2"), NGX_SSL_SSLv2 },
- { ngx_string("SSLv3"), NGX_SSL_SSLv3 },
- { ngx_string("TLSv1"), NGX_SSL_TLSv1 },
- { ngx_string("TLSv1.1"), NGX_SSL_TLSv1_1 },
- { ngx_string("TLSv1.2"), NGX_SSL_TLSv1_2 },
- { ngx_null_string, 0 }
-};
-
-#endif
-
-
ngx_module_t ngx_http_uwsgi_module;


@@ -465,7 +451,7 @@ static ngx_command_t ngx_http_uwsgi_comm
ngx_conf_set_bitmask_slot,
NGX_HTTP_LOC_CONF_OFFSET,
offsetof(ngx_http_uwsgi_loc_conf_t, ssl_protocols),
- &ngx_http_uwsgi_ssl_protocols },
+ &ngx_ssl_protocol_masks },

{ ngx_string("uwsgi_ssl_ciphers"),
NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1,
diff -r 788c6187bdbd -r 99c2f52beae2 src/mail/ngx_mail_ssl_module.c
--- a/src/mail/ngx_mail_ssl_module.c
+++ b/src/mail/ngx_mail_ssl_module.c
@@ -31,26 +31,6 @@ static ngx_conf_enum_t ngx_mail_starttl
};


-
-static ngx_conf_bitmask_t ngx_mail_ssl_protocols[] = {
- { ngx_string("SSLv2"), NGX_SSL_SSLv2 },
- { ngx_string("SSLv3"), NGX_SSL_SSLv3 },
- { ngx_string("TLSv1"), NGX_SSL_TLSv1 },
- { ngx_string("TLSv1.1"), NGX_SSL_TLSv1_1 },
- { ngx_string("TLSv1.2"), NGX_SSL_TLSv1_2 },
- { ngx_null_string, 0 }
-};
-
-
-static ngx_conf_enum_t ngx_mail_ssl_verify[] = {
- { ngx_string("off"), NGX_SSL_VERIFY_OFF },
- { ngx_string("on"), NGX_SSL_VERIFY_REQUIRED },
- { ngx_string("optional"), NGX_SSL_VERIFY_OPTIONAL },
- { ngx_string("optional_no_ca"), NGX_SSL_VERIFY_OPTIONAL_NO_CA },
- { ngx_null_string, 0 }
-};
-
-
static ngx_command_t ngx_mail_ssl_commands[] = {

{ ngx_string("ssl"),
@@ -107,7 +87,7 @@ static ngx_command_t ngx_mail_ssl_comma
ngx_conf_set_bitmask_slot,
NGX_MAIL_SRV_CONF_OFFSET,
offsetof(ngx_mail_ssl_conf_t, protocols),
- &ngx_mail_ssl_protocols },
+ &ngx_ssl_protocol_masks },

{ ngx_string("ssl_ciphers"),
NGX_MAIL_MAIN_CONF|NGX_MAIL_SRV_CONF|NGX_CONF_TAKE1,
@@ -156,7 +136,7 @@ static ngx_command_t ngx_mail_ssl_comma
ngx_conf_set_enum_slot,
NGX_MAIL_SRV_CONF_OFFSET,
offsetof(ngx_mail_ssl_conf_t, verify),
- &ngx_mail_ssl_verify },
+ &ngx_ssl_verify_options },

{ ngx_string("ssl_verify_depth"),
NGX_MAIL_MAIN_CONF|NGX_MAIL_SRV_CONF|NGX_CONF_TAKE1,
diff -r 788c6187bdbd -r 99c2f52beae2 src/stream/ngx_stream_proxy_module.c
--- a/src/stream/ngx_stream_proxy_module.c
+++ b/src/stream/ngx_stream_proxy_module.c
@@ -96,16 +96,6 @@ static ngx_int_t ngx_stream_proxy_ssl_na
static ngx_int_t ngx_stream_proxy_set_ssl(ngx_conf_t *cf,
ngx_stream_proxy_srv_conf_t *pscf);

-
-static ngx_conf_bitmask_t ngx_stream_proxy_ssl_protocols[] = {
- { ngx_string("SSLv2"), NGX_SSL_SSLv2 },
- { ngx_string("SSLv3"), NGX_SSL_SSLv3 },
- { ngx_string("TLSv1"), NGX_SSL_TLSv1 },
- { ngx_string("TLSv1.1"), NGX_SSL_TLSv1_1 },
- { ngx_string("TLSv1.2"), NGX_SSL_TLSv1_2 },
- { ngx_null_string, 0 }
-};
-
#endif


@@ -239,7 +229,7 @@ static ngx_command_t ngx_stream_proxy_c
ngx_conf_set_bitmask_slot,
NGX_STREAM_SRV_CONF_OFFSET,
offsetof(ngx_stream_proxy_srv_conf_t, ssl_protocols),
- &ngx_stream_proxy_ssl_protocols },
+ &ngx_ssl_protocol_masks },

{ ngx_string("proxy_ssl_ciphers"),
NGX_STREAM_MAIN_CONF|NGX_STREAM_SRV_CONF|NGX_CONF_TAKE1,
diff -r 788c6187bdbd -r 99c2f52beae2 src/stream/ngx_stream_ssl_module.c
--- a/src/stream/ngx_stream_ssl_module.c
+++ b/src/stream/ngx_stream_ssl_module.c
@@ -30,16 +30,6 @@ static char *ngx_stream_ssl_session_cach
void *conf);


-static ngx_conf_bitmask_t ngx_stream_ssl_protocols[] = {
- { ngx_string("SSLv2"), NGX_SSL_SSLv2 },
- { ngx_string("SSLv3"), NGX_SSL_SSLv3 },
- { ngx_string("TLSv1"), NGX_SSL_TLSv1 },
- { ngx_string("TLSv1.1"), NGX_SSL_TLSv1_1 },
- { ngx_string("TLSv1.2"), NGX_SSL_TLSv1_2 },
- { ngx_null_string, 0 }
-};
-
-
static ngx_command_t ngx_stream_ssl_commands[] = {

{ ngx_string("ssl_handshake_timeout"),
@@ -89,7 +79,7 @@ static ngx_command_t ngx_stream_ssl_com
ngx_conf_set_bitmask_slot,
NGX_STREAM_SRV_CONF_OFFSET,
offsetof(ngx_stream_ssl_conf_t, protocols),
- &ngx_stream_ssl_protocols },
+ &ngx_ssl_protocol_masks },

{ ngx_string("ssl_ciphers"),
NGX_STREAM_MAIN_CONF|NGX_STREAM_SRV_CONF|NGX_CONF_TAKE1,

_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel
Reply Quote
RSS
Subject Author Views Posted

[PATCH 1 of 6] SSL: define NGX_SSL_VERIFY constants

Piotr Sikora 834 August 17, 2016 08:32PM

[PATCH 4 of 6] SSL: add ngx_ssl_verify_client()

Piotr Sikora 298 August 17, 2016 08:32PM

[PATCH 5 of 6] SSL: add ngx_ssl_verify_host()

Piotr Sikora 358 August 17, 2016 08:32PM

[PATCH 6 of 6] SSL: fix order of checks during SSL certificate verification

Piotr Sikora 297 August 17, 2016 08:32PM

[PATCH 3 of 6] SSL: pull common SSL options into OpenSSL module

Piotr Sikora 302 August 17, 2016 08:32PM

Re: [PATCH 3 of 6] SSL: pull common SSL options into OpenSSL module

Piotr Sikora 250 October 18, 2016 05:00PM

Re: [PATCH 1 of 6] SSL: define NGX_SSL_VERIFY constants

Piotr Sikora 248 October 18, 2016 05:00PM

Re: [PATCH 1 of 6] SSL: define NGX_SSL_VERIFY constants

Maxim Dounin 275 October 18, 2016 07:20PM

Re: [PATCH 1 of 6] SSL: define NGX_SSL_VERIFY constants

Piotr Sikora 237 October 18, 2016 07:38PM

Re: [PATCH 1 of 6] SSL: define NGX_SSL_VERIFY constants

Piotr Sikora via nginx-devel 248 November 29, 2016 08:10PM

Re: [PATCH 1 of 6] SSL: define NGX_SSL_VERIFY constants

Maxim Dounin 225 December 05, 2016 02:56PM



Sorry, you do not have permission to post/reply in this forum.

Online Users

Guests: 259
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready