mirror/nginx
1
0
Fork 0
mirror of https://github.com/nginx/nginx.git synced 2025-01-18 17:23:30 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

SSL: preserve paths before full name extension.

Browse Source 
This allows calling some ssl init functions multiple times to initialize
several ssl contexts.  This will be useful when adding a DTLS context.
This commit is contained in:
Roman Arutyunyan 2024-11-24 16:27:04 +04:00
parent 358d6d855e
commit 37728de184
2 changed files with 27 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
src/event/ngx_event_openssl.c
View File

@ -1289,20 +1289,23 @@ ngx_ssl_passwords_cleanup(void *data)
ngx_int_t
ngx_ssl_dhparam(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *file)
{
BIO *bio;
BIO *bio;
ngx_str_t path;
if (file->len == 0) {
return NGX_OK;
}
if (ngx_conf_full_name(cf->cycle, file, 1) != NGX_OK) {
path = *file;
if (ngx_conf_full_name(cf->cycle, &path, 1) != NGX_OK) {
return NGX_ERROR;
}
bio = BIO_new_file((char *) file->data, "r");
bio = BIO_new_file((char *) path.data, "r");
if (bio == NULL) {
ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0,
"BIO_new_file(\"%s\") failed", file->data);
"BIO_new_file(\"%s\") failed", path.data);
return NGX_ERROR;
}
@ -1313,14 +1316,14 @@ ngx_ssl_dhparam(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *file)
dh = PEM_read_bio_DHparams(bio, NULL, NULL, NULL);
if (dh == NULL) {
ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0,
"PEM_read_bio_DHparams(\"%s\") failed", file->data);
"PEM_read_bio_DHparams(\"%s\") failed", path.data);
BIO_free(bio);
return NGX_ERROR;
}
if (SSL_CTX_set_tmp_dh(ssl->ctx, dh) != 1) {
ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0,
"SSL_CTX_set_tmp_dh(\"%s\") failed", file->data);
"SSL_CTX_set_tmp_dh(\"%s\") failed", path.data);
DH_free(dh);
BIO_free(bio);
return NGX_ERROR;
@ -1340,14 +1343,14 @@ ngx_ssl_dhparam(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *file)
dh = PEM_read_bio_Parameters(bio, NULL);
if (dh == NULL) {
ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0,
"PEM_read_bio_Parameters(\"%s\") failed", file->data);
"PEM_read_bio_Parameters(\"%s\") failed", path.data);
BIO_free(bio);
return NGX_ERROR;
}
if (SSL_CTX_set0_tmp_dh_pkey(ssl->ctx, dh) != 1) {
ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0,
"SSL_CTX_set0_tmp_dh_pkey(\"%s\") failed", file->data);
"SSL_CTX_set0_tmp_dh_pkey(\"%s\") failed", path.data);
#if (OPENSSL_VERSION_NUMBER >= 0x3000001fL)
EVP_PKEY_free(dh);
#endif
@ -1485,6 +1488,7 @@ ngx_ssl_conf_commands(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_array_t *commands)
{
int type;
u_char *key, *value;
ngx_str_t file;
ngx_uint_t i;
ngx_keyval_t *cmd;
SSL_CONF_CTX *cctx;
@ -1509,15 +1513,16 @@ ngx_ssl_conf_commands(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_array_t *commands)
key = cmd[i].key.data;
type = SSL_CONF_cmd_value_type(cctx, (char *) key);
file = cmd[i].value;
if (type == SSL_CONF_TYPE_FILE || type == SSL_CONF_TYPE_DIR) {
if (ngx_conf_full_name(cf->cycle, &cmd[i].value, 1) != NGX_OK) {
if (ngx_conf_full_name(cf->cycle, &file, 1) != NGX_OK) {
SSL_CONF_CTX_free(cctx);
return NGX_ERROR;
}
}
value = cmd[i].value.data;
value = file.data;
if (SSL_CONF_cmd(cctx, (char *) key, (char *) value) <= 0) {
ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0,
@ -4342,14 +4347,14 @@ ngx_ssl_session_ticket_keys(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_array_t *paths)
path = paths->elts;
for (i = 0; i < paths->nelts; i++) {
if (ngx_conf_full_name(cf->cycle, &path[i], 1) != NGX_OK) {
return NGX_ERROR;
}
ngx_memzero(&file, sizeof(ngx_file_t));
file.name = path[i];
file.log = cf->log;
if (ngx_conf_full_name(cf->cycle, &file.name, 1) != NGX_OK) {
return NGX_ERROR;
}
file.fd = ngx_open_file(file.name.data, NGX_FILE_RDONLY,
NGX_FILE_OPEN, 0);

11
src/event/ngx_event_openssl_cache.c
View File

@ -199,6 +199,10 @@ static ngx_int_t
ngx_ssl_cache_init_key(ngx_pool_t *pool, ngx_uint_t index, ngx_str_t *path,
ngx_ssl_cache_key_t *id)
{
ngx_str_t file;
file = *path;
if (index <= NGX_SSL_CACHE_PKEY
&& ngx_strncmp(path->data, "data:", sizeof("data:") - 1) == 0)
{
@ -210,7 +214,8 @@ ngx_ssl_cache_init_key(ngx_pool_t *pool, ngx_uint_t index, ngx_str_t *path,
id->type = NGX_SSL_CACHE_ENGINE;
} else {
if (ngx_get_full_name(pool, (ngx_str_t *) &ngx_cycle->conf_prefix, path)
if (ngx_get_full_name(pool, (ngx_str_t *) &ngx_cycle->conf_prefix,
&file)
!= NGX_OK)
{
return NGX_ERROR;
@ -219,8 +224,8 @@ ngx_ssl_cache_init_key(ngx_pool_t *pool, ngx_uint_t index, ngx_str_t *path,
id->type = NGX_SSL_CACHE_PATH;
}
id->len = path->len;
id->data = path->data;
id->len = file.len;
id->data = file.data;
return NGX_OK;
}