nginx/src/event/ngx_event_openssl.h


/*
 * Copyright (C) Igor Sysoev
 */


#ifndef _NGX_EVENT_OPENSSL_H_INCLUDED_
#define _NGX_EVENT_OPENSSL_H_INCLUDED_


#include <ngx_config.h>
#include <ngx_core.h>

#include <openssl/ssl.h>
#include <openssl/err.h>

#if OPENSSL_VERSION_NUMBER >= 0x00907000
#include <openssl/engine.h>
#define NGX_SSL_ENGINE     1
#endif

#define NGX_SSL_NAME       "OpenSSL"


typedef struct {
    SSL                   *connection;
    ngx_int_t              last;
    ngx_buf_t             *buf;
    ngx_event_handler_pt   saved_read_handler;
    ngx_event_handler_pt   saved_write_handler;

    unsigned               buffer:1;
    unsigned               no_rcv_shut:1;
    unsigned               no_send_shut:1;
    unsigned               shutdown_set:1;

#if (NGX_DEBUG)
    unsigned               handshaked:1;
#endif
} ngx_ssl_t;


typedef SSL_CTX  ngx_ssl_ctx_t;


#define NGX_SSL_BUFFER       1

#define NGX_SSL_BUFSIZE      16384


ngx_int_t ngx_ssl_init(ngx_log_t *log);
ngx_int_t ngx_ssl_create_connection(ngx_ssl_ctx_t *ctx, ngx_connection_t *c,
    ngx_uint_t flags);

#define ngx_ssl_handshake(c)     NGX_OK

ssize_t ngx_ssl_recv(ngx_connection_t *c, u_char *buf, size_t size);
ssize_t ngx_ssl_write(ngx_connection_t *c, u_char *data, size_t size);
ngx_chain_t *ngx_ssl_send_chain(ngx_connection_t *c, ngx_chain_t *in,
    off_t limit);
ngx_int_t ngx_ssl_shutdown(ngx_connection_t *c);
void ngx_ssl_error(ngx_uint_t level, ngx_log_t *log, ngx_err_t err,
    char *fmt, ...);
void ngx_ssl_cleanup_ctx(void *data);


#endif /* _NGX_EVENT_OPENSSL_H_INCLUDED_ */
nginx-0.1.0-2004-09-28-12:34:51 import; set copyright and remove unused files 2004-09-28 16:34:51 +08:00
			`/*`
nginx-0.1.0-2004-09-29-20:00:49 import; remove years from copyright 2004-09-30 00:00:49 +08:00			`* Copyright (C) Igor Sysoev`
nginx-0.1.0-2004-09-28-12:34:51 import; set copyright and remove unused files 2004-09-28 16:34:51 +08:00			`*/`


nginx-0.0.7-2004-07-15-20:35:51 import 2004-07-16 00:35:51 +08:00			`#ifndef _NGX_EVENT_OPENSSL_H_INCLUDED_`
			`#define _NGX_EVENT_OPENSSL_H_INCLUDED_`


			`#include <ngx_config.h>`
			`#include <ngx_core.h>`

			`#include <openssl/ssl.h>`
			`#include <openssl/err.h>`

nginx-0.1.45-RELEASE import ) Change: the "ssl_engine" directive was canceled in the ngx_http_ssl_module and now is introduced at global level. ) Bugfix: the responses with SSI subrequests did not transferred via SSL connection. *) Various bug fixes in the IMAP/POP3 proxy. 2005-09-08 22:36:09 +08:00			`#if OPENSSL_VERSION_NUMBER >= 0x00907000`
			`#include <openssl/engine.h>`
			`#define NGX_SSL_ENGINE 1`
			`#endif`

			`#define NGX_SSL_NAME "OpenSSL"`

nginx-0.0.7-2004-07-15-20:35:51 import 2004-07-16 00:35:51 +08:00
nginx-0.0.7-2004-07-16-21:11:43 import 2004-07-17 01:11:43 +08:00			`typedef struct {`
nginx-0.2.0-RELEASE import ) The pid-file names used during online upgrade was changed and now is not required a manual rename operation. The old master process adds the ".oldbin" suffix to its pid-file and executes a new binary file. The new master process creates usual pid-file without the ".newbin" suffix. If the master process exits, then old master process renames back its pid-file with the ".oldbin" suffix to the pid-file without suffix. ) Change: the "worker_connections" directive, new name of the "connections" directive; now the directive specifies maximum number of connections, but not maximum socket descriptor number. ) Feature: SSL supports the session cache inside one worker process. ) Feature: the "satisfy_any" directive. ) Change: the ngx_http_access_module and ngx_http_auth_basic_module do not run for subrequests. ) Feature: the "worker_rlimit_nofile" and "worker_rlimit_sigpending" directives. ) Bugfix: if all backend using in load-balancing failed after one error, then nginx did not try do connect to them during 60 seconds. ) Bugfix: in IMAP/POP3 command argument parsing. Thanks to Rob Mueller. ) Bugfix: errors while using SSL in IMAP/POP3 proxy. ) Bugfix: errors while using SSI and gzipping. *) Bugfix: the "Expires" and "Cache-Control" header lines were omitted from the 304 responses. Thanks to Alexandr Kukushkin. 2005-09-23 19:02:22 +08:00			`SSL *connection;`
nginx-0.1.19-RELEASE import ) Bugfix: now, if request contains the zero, then the 404 error is returned for the local requests. ) Bugfix: nginx could not be built on NetBSD 2.0. *) Bugfix: the timeout may occur while reading of the the client request body via SSL connections. 2005-02-16 21:40:36 +08:00			`ngx_int_t last;`
nginx-0.0.7-2004-07-16-21:11:43 import 2004-07-17 01:11:43 +08:00			`ngx_buf_t *buf;`
nginx-0.1.11-RELEASE import ) Feature: the worker_priority directive. ) Change: both tcp_nopush and tcp_nodelay directives affect the transferred response. ) Bugfix: nginx did not call initgroups(). Thanks to Andrew Sitnikov and Andrei Nigmatulin. ) Change: now the ngx_http_autoindex_module shows the file size in the bytes. ) Bugfix: the ngx_http_autoindex_module returned the 500 error if the broken symlink was in a directory. ) Bugfix: the files bigger than 4G could not be transferred using sendfile. ) Bugfix: if the backend was resolved to several backends and there was an error while the response waiting then process may got caught in an endless loop. ) Bugfix: the worker process may exit with the "unknown cycle" message when the /dev/poll method was used. ) Bugfix: "close() channel failed" errors. ) Bugfix: the autodetection of the "nobody" and "nogroup" groups. ) Bugfix: the send_lowat directive did not work on Linux. ) Bugfix: the segmentation fault occurred if there was no events section in configuration. ) Bugfix: nginx could not be built on OpenBSD. ) Bugfix: the double slashes in "://" in the URI were converted to ":/". 2004-12-03 02:40:46 +08:00			`ngx_event_handler_pt saved_read_handler;`
			`ngx_event_handler_pt saved_write_handler;`
nginx-0.0.7-2004-07-18-23:11:20 import 2004-07-19 03:11:20 +08:00
nginx-0.0.7-2004-07-23-09:37:29 import 2004-07-23 13:37:29 +08:00			`unsigned buffer:1;`
nginx-0.0.7-2004-07-18-23:11:20 import 2004-07-19 03:11:20 +08:00			`unsigned no_rcv_shut:1;`
			`unsigned no_send_shut:1;`
nginx-0.1.11-RELEASE import ) Feature: the worker_priority directive. ) Change: both tcp_nopush and tcp_nodelay directives affect the transferred response. ) Bugfix: nginx did not call initgroups(). Thanks to Andrew Sitnikov and Andrei Nigmatulin. ) Change: now the ngx_http_autoindex_module shows the file size in the bytes. ) Bugfix: the ngx_http_autoindex_module returned the 500 error if the broken symlink was in a directory. ) Bugfix: the files bigger than 4G could not be transferred using sendfile. ) Bugfix: if the backend was resolved to several backends and there was an error while the response waiting then process may got caught in an endless loop. ) Bugfix: the worker process may exit with the "unknown cycle" message when the /dev/poll method was used. ) Bugfix: "close() channel failed" errors. ) Bugfix: the autodetection of the "nobody" and "nogroup" groups. ) Bugfix: the send_lowat directive did not work on Linux. ) Bugfix: the segmentation fault occurred if there was no events section in configuration. ) Bugfix: nginx could not be built on OpenBSD. ) Bugfix: the double slashes in "://" in the URI were converted to ":/". 2004-12-03 02:40:46 +08:00			`unsigned shutdown_set:1;`
nginx-0.1.14-RELEASE import ) Feature: the autoconfiguration directives: --http-client-body-temp-path=PATH, --http-proxy-temp-path=PATH, and --http-fastcgi-temp-path=PATH ) Change: the directory name for the temporary files with the client request body is specified by directive client_body_temp_path, by default it is <prefix>/client_body_temp. ) Feature: the ngx_http_fastcgi_module and the directives: fastcgi_pass, fastcgi_root, fastcgi_index, fastcgi_params, fastcgi_connect_timeout, fastcgi_send_timeout, fastcgi_read_timeout, fastcgi_send_lowat, fastcgi_header_buffer_size, fastcgi_buffers, fastcgi_busy_buffers_size, fastcgi_temp_path, fastcgi_max_temp_file_size, fastcgi_temp_file_write_size, fastcgi_next_upstream, and fastcgi_x_powered_by. ) Bugfix: the "[alert] zero size buf" error; the bug had appeared in 0.1.3. ) Change: the URI must be specified after the host name in the proxy_pass directive. ) Change: the %3F symbol in the URI was considered as the argument string start. ) Feature: the unix domain sockets support in the ngx_http_proxy_module. ) Feature: the ssl_engine and ssl_ciphers directives. Thanks to Sergey Skvortsov for SSL-accelerator. 2005-01-18 21:03:58 +08:00
			`#if (NGX_DEBUG)`
			`unsigned handshaked:1;`
			`#endif`
nginx-0.0.7-2004-07-16-21:11:43 import 2004-07-17 01:11:43 +08:00			`} ngx_ssl_t;`


nginx-0.0.7-2004-07-15-20:35:51 import 2004-07-16 00:35:51 +08:00			`typedef SSL_CTX ngx_ssl_ctx_t;`


nginx-0.0.7-2004-07-16-21:11:43 import 2004-07-17 01:11:43 +08:00			`#define NGX_SSL_BUFFER 1`

			`#define NGX_SSL_BUFSIZE 16384`
nginx-0.0.7-2004-07-15-20:35:51 import 2004-07-16 00:35:51 +08:00

			`ngx_int_t ngx_ssl_init(ngx_log_t *log);`
nginx-0.2.0-RELEASE import ) The pid-file names used during online upgrade was changed and now is not required a manual rename operation. The old master process adds the ".oldbin" suffix to its pid-file and executes a new binary file. The new master process creates usual pid-file without the ".newbin" suffix. If the master process exits, then old master process renames back its pid-file with the ".oldbin" suffix to the pid-file without suffix. ) Change: the "worker_connections" directive, new name of the "connections" directive; now the directive specifies maximum number of connections, but not maximum socket descriptor number. ) Feature: SSL supports the session cache inside one worker process. ) Feature: the "satisfy_any" directive. ) Change: the ngx_http_access_module and ngx_http_auth_basic_module do not run for subrequests. ) Feature: the "worker_rlimit_nofile" and "worker_rlimit_sigpending" directives. ) Bugfix: if all backend using in load-balancing failed after one error, then nginx did not try do connect to them during 60 seconds. ) Bugfix: in IMAP/POP3 command argument parsing. Thanks to Rob Mueller. ) Bugfix: errors while using SSL in IMAP/POP3 proxy. ) Bugfix: errors while using SSI and gzipping. *) Bugfix: the "Expires" and "Cache-Control" header lines were omitted from the 304 responses. Thanks to Alexandr Kukushkin. 2005-09-23 19:02:22 +08:00			`ngx_int_t ngx_ssl_create_connection(ngx_ssl_ctx_t ctx, ngx_connection_t c,`
			`ngx_uint_t flags);`
nginx-0.0.7-2004-07-18-23:11:20 import 2004-07-19 03:11:20 +08:00
			`#define ngx_ssl_handshake(c) NGX_OK`

nginx-0.1.9-RELEASE import ) Bugfix: the proxied request was sent without arguments if the request contains "//", "/./", "/../" or "%XX". ) Bugfix: the large compressed responses may be transferred not completely. ) Bugfix: the files bigger than 2G was not transferred on Linux that does not support sendfile64(). ) Bugfix: while the build configuration on Linux the --with-poll_module parameter was required; the bug had appeared in 0.1.8. 2004-11-26 00:17:31 +08:00			`ssize_t ngx_ssl_recv(ngx_connection_t c, u_char buf, size_t size);`
nginx-0.1.44-RELEASE import ) Feature: the IMAP/POP3 proxy supports SSL. ) Feature: the "proxy_timeout" directive of the ngx_imap_proxy_module. ) Feature: the "userid_mark" directive. ) Feature: the $remote_user variable value is determined independently of authorization use. 2005-09-07 00:09:32 +08:00			`ssize_t ngx_ssl_write(ngx_connection_t c, u_char data, size_t size);`
nginx-0.0.7-2004-07-16-10:33:35 import 2004-07-16 14:33:35 +08:00			`ngx_chain_t ngx_ssl_send_chain(ngx_connection_t c, ngx_chain_t *in,`
nginx-0.1.19-RELEASE import ) Bugfix: now, if request contains the zero, then the 404 error is returned for the local requests. ) Bugfix: nginx could not be built on NetBSD 2.0. *) Bugfix: the timeout may occur while reading of the the client request body via SSL connections. 2005-02-16 21:40:36 +08:00			`off_t limit);`
nginx-0.0.7-2004-07-16-10:33:35 import 2004-07-16 14:33:35 +08:00			`ngx_int_t ngx_ssl_shutdown(ngx_connection_t *c);`
nginx-0.0.7-2004-07-16-21:11:43 import 2004-07-17 01:11:43 +08:00			`void ngx_ssl_error(ngx_uint_t level, ngx_log_t *log, ngx_err_t err,`
nginx-0.1.19-RELEASE import ) Bugfix: now, if request contains the zero, then the 404 error is returned for the local requests. ) Bugfix: nginx could not be built on NetBSD 2.0. *) Bugfix: the timeout may occur while reading of the the client request body via SSL connections. 2005-02-16 21:40:36 +08:00			`char *fmt, ...);`
nginx-0.1.29-RELEASE import ) Feature: the ngx_http_ssi_module supports "include virtual" command. ) Feature: the ngx_http_ssi_module supports the condition command like 'if expr="$NAME"' and "else" and "endif" commands. Only one nested level is supported. ) Feature: the ngx_http_ssi_module supports the DATE_LOCAL and DATE_GMT variables and "config timefmt" command. ) Feature: the "ssi_ignore_recycled_buffers" directive. ) Bugfix: the "echo" command did not show the default value for the empty QUERY_STRING variable. ) Change: the ngx_http_proxy_module was rewritten. ) Feature: the "proxy_redirect", "proxy_pass_request_headers", "proxy_pass_request_body", and "proxy_method" directives. ) Feature: the "proxy_set_header" directive. The "proxy_x_var" was canceled and must be replaced with the proxy_set_header directive. ) Change: the "proxy_preserve_host" is canceled and must be replaced with the "proxy_set_header Host $host" and the "proxy_redirect off" directives, the "proxy_set_header Host $host:$proxy_port" directive and the appropriate proxy_redirect directives. ) Change: the "proxy_set_x_real_ip" is canceled and must be replaced with the "proxy_set_header X-Real-IP $remote_addr" directive. ) Change: the "proxy_add_x_forwarded_for" is canceled and must be replaced with the "proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for" directive. ) Change: the "proxy_set_x_url" is canceled and must be replaced with the "proxy_set_header X-URL http://$host:$server_port$request_uri" directive. ) Feature: the "fastcgi_param" directive. ) Change: the "fastcgi_root", "fastcgi_set_var" and "fastcgi_params" directive are canceled and must be replaced with the fastcgi_param directives. ) Feature: the "index" directive can use the variables. ) Feature: the "index" directive can be used at http and server levels. ) Change: the last index only in the "index" directive can be absolute. ) Feature: the "rewrite" directive can use the variables. ) Feature: the "internal" directive. ) Feature: the CONTENT_LENGTH, CONTENT_TYPE, REMOTE_PORT, SERVER_ADDR, SERVER_PORT, SERVER_PROTOCOL, DOCUMENT_ROOT, SERVER_NAME, REQUEST_METHOD, REQUEST_URI, and REMOTE_USER variables. ) Change: nginx now passes the invalid lines in a client request headers or a backend response header. ) Bugfix: if the backend did not transfer response for a long time and the "send_timeout" was less than "proxy_read_timeout", then nginx returned the 408 response. ) Bugfix: the segmentation fault was occurred if the backend sent an invalid line in response header; the bug had appeared in 0.1.26. ) Bugfix: the segmentation fault may occurred in FastCGI fault tolerance configuration. ) Bugfix: the "expires" directive did not remove the previous "Expires" and "Cache-Control" headers. ) Bugfix: nginx did not take into account trailing dot in "Host" header line. ) Bugfix: the ngx_http_auth_module did not work under Linux. ) Bugfix: the rewrite directive worked incorrectly, if the arguments were in a request. *) Bugfix: nginx could not be built on MacOS X. 2005-05-12 22:58:06 +08:00			`void ngx_ssl_cleanup_ctx(void *data);`
nginx-0.0.7-2004-07-15-20:35:51 import 2004-07-16 00:35:51 +08:00

			`#endif /* _NGX_EVENT_OPENSSL_H_INCLUDED_ */`