mirror/nginx
1
0
Fork 0
mirror of https://github.com/nginx/nginx.git synced 2025-06-08 02:02:38 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

SSL: preserve default server context in connection (ticket #235).

Browse Source 
This context is needed for shared sessions cache to work in configurations
with multiple virtual servers sharing the same port.  Unfortunately, OpenSSL
does not provide an API to access the session context, thus storing it
separately.

In collaboration with Vladimir Homutov.
This commit is contained in:
Maxim Dounin 2015-10-19 21:22:38 +03:00
parent 7d2af13f3a
commit a6befbb40f
2 changed files with 8 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
src/event/ngx_event_openssl.c
View File

@ -1038,6 +1038,8 @@ ngx_ssl_create_connection(ngx_ssl_t *ssl, ngx_connection_t *c, ngx_uint_t flags)
sc->buffer = ((flags & NGX_SSL_BUFFER) != 0); sc->buffer = ((flags & NGX_SSL_BUFFER) != 0);
sc->buffer_size = ssl->buffer_size; sc->buffer_size = ssl->buffer_size;
sc->session_ctx = ssl->ctx;
sc->connection = SSL_new(ssl->ctx); sc->connection = SSL_new(ssl->ctx);
if (sc->connection == NULL) { if (sc->connection == NULL) {
@ -2305,7 +2307,7 @@ ngx_ssl_new_session(ngx_ssl_conn_t *ssl_conn, ngx_ssl_session_t *sess)
c = ngx_ssl_get_connection(ssl_conn); c = ngx_ssl_get_connection(ssl_conn);
ssl_ctx = SSL_get_SSL_CTX(ssl_conn); ssl_ctx = c->ssl->session_ctx;
shm_zone = SSL_CTX_get_ex_data(ssl_ctx, ngx_ssl_session_cache_index); shm_zone = SSL_CTX_get_ex_data(ssl_ctx, ngx_ssl_session_cache_index);
cache = shm_zone->data; cache = shm_zone->data;
@ -2443,21 +2445,17 @@ ngx_ssl_get_cached_session(ngx_ssl_conn_t *ssl_conn, u_char *id, int len,
ngx_ssl_sess_id_t *sess_id; ngx_ssl_sess_id_t *sess_id;
ngx_ssl_session_cache_t *cache; ngx_ssl_session_cache_t *cache;
u_char buf[NGX_SSL_MAX_SESSION_SIZE]; u_char buf[NGX_SSL_MAX_SESSION_SIZE];
#if (NGX_DEBUG)
ngx_connection_t *c; ngx_connection_t *c;
#endif
hash = ngx_crc32_short(id, (size_t) len); hash = ngx_crc32_short(id, (size_t) len);
*copy = 0; *copy = 0;
#if (NGX_DEBUG)
c = ngx_ssl_get_connection(ssl_conn); c = ngx_ssl_get_connection(ssl_conn);
ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0, ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0,
"ssl get session: %08XD:%d", hash, len); "ssl get session: %08XD:%d", hash, len);
#endif
shm_zone = SSL_CTX_get_ex_data(SSL_get_SSL_CTX(ssl_conn), shm_zone = SSL_CTX_get_ex_data(c->ssl->session_ctx,
ngx_ssl_session_cache_index); ngx_ssl_session_cache_index);
cache = shm_zone->data; cache = shm_zone->data;
@ -2836,13 +2834,14 @@ ngx_ssl_session_ticket_key_callback(ngx_ssl_conn_t *ssl_conn,
SSL_CTX *ssl_ctx; SSL_CTX *ssl_ctx;
ngx_uint_t i; ngx_uint_t i;
ngx_array_t *keys; ngx_array_t *keys;
ngx_connection_t *c;
ngx_ssl_session_ticket_key_t *key; ngx_ssl_session_ticket_key_t *key;
#if (NGX_DEBUG) #if (NGX_DEBUG)
u_char buf[32]; u_char buf[32];
ngx_connection_t *c;
#endif #endif
ssl_ctx = SSL_get_SSL_CTX(ssl_conn); c = ngx_ssl_get_connection(ssl_conn);
ssl_ctx = c->ssl->session_ctx;
keys = SSL_CTX_get_ex_data(ssl_ctx, ngx_ssl_session_ticket_keys_index); keys = SSL_CTX_get_ex_data(ssl_ctx, ngx_ssl_session_ticket_keys_index);
if (keys == NULL) { if (keys == NULL) {
@ -2851,10 +2850,6 @@ ngx_ssl_session_ticket_key_callback(ngx_ssl_conn_t *ssl_conn,
key = keys->elts; key = keys->elts;
#if (NGX_DEBUG)
c = ngx_ssl_get_connection(ssl_conn);
#endif
if (enc == 1) { if (enc == 1) {
/* encrypt session ticket */ /* encrypt session ticket */

1
src/event/ngx_event_openssl.h
View File

@ -46,6 +46,7 @@ typedef struct {
typedef struct { typedef struct {
ngx_ssl_conn_t *connection; ngx_ssl_conn_t *connection;
SSL_CTX *session_ctx;
ngx_int_t last; ngx_int_t last;
ngx_buf_t *buf; ngx_buf_t *buf;