[PATCH 3 of 6] SSL: pull common SSL options into OpenSSL module
Piotr Sikora
piotrsikora at google.com
Thu Aug 18 00:29:24 UTC 2016
# HG changeset patch
# User Piotr Sikora <piotrsikora at google.com>
# Date 1471428985 25200
# Wed Aug 17 03:16:25 2016 -0700
# Node ID 99c2f52beae28567bf2f8501d1a182cd20004c71
# Parent 788c6187bdbd72787ba24505731e42b6a2307be3
SSL: pull common SSL options into OpenSSL module.
No functional changes.
Signed-off-by: Piotr Sikora <piotrsikora at google.com>
diff -r 788c6187bdbd -r 99c2f52beae2 src/core/ngx_core.h
--- a/src/core/ngx_core.h
+++ b/src/core/ngx_core.h
@@ -79,11 +79,11 @@ typedef void (*ngx_connection_handler_pt
#include <ngx_inet.h>
#include <ngx_cycle.h>
#include <ngx_resolver.h>
+#include <ngx_conf_file.h>
#if (NGX_OPENSSL)
#include <ngx_event_openssl.h>
#endif
#include <ngx_process_cycle.h>
-#include <ngx_conf_file.h>
#include <ngx_module.h>
#include <ngx_open_file_cache.h>
#include <ngx_os.h>
diff -r 788c6187bdbd -r 99c2f52beae2 src/event/ngx_event_openssl.c
--- a/src/event/ngx_event_openssl.c
+++ b/src/event/ngx_event_openssl.c
@@ -64,6 +64,25 @@ static char *ngx_openssl_engine(ngx_conf
static void ngx_openssl_exit(ngx_cycle_t *cycle);
+ngx_conf_bitmask_t ngx_ssl_protocol_masks[] = {
+ { ngx_string("SSLv2"), NGX_SSL_SSLv2 },
+ { ngx_string("SSLv3"), NGX_SSL_SSLv3 },
+ { ngx_string("TLSv1"), NGX_SSL_TLSv1 },
+ { ngx_string("TLSv1.1"), NGX_SSL_TLSv1_1 },
+ { ngx_string("TLSv1.2"), NGX_SSL_TLSv1_2 },
+ { ngx_null_string, 0 }
+};
+
+
+ngx_conf_enum_t ngx_ssl_verify_options[] = {
+ { ngx_string("off"), NGX_SSL_VERIFY_OFF },
+ { ngx_string("on"), NGX_SSL_VERIFY_REQUIRED },
+ { ngx_string("optional"), NGX_SSL_VERIFY_OPTIONAL },
+ { ngx_string("optional_no_ca"), NGX_SSL_VERIFY_OPTIONAL_NO_CA },
+ { ngx_null_string, 0 }
+};
+
+
static ngx_command_t ngx_openssl_commands[] = {
{ ngx_string("ssl_engine"),
diff -r 788c6187bdbd -r 99c2f52beae2 src/event/ngx_event_openssl.h
--- a/src/event/ngx_event_openssl.h
+++ b/src/event/ngx_event_openssl.h
@@ -237,6 +237,10 @@ void ngx_cdecl ngx_ssl_error(ngx_uint_t
void ngx_ssl_cleanup_ctx(void *data);
+extern ngx_conf_bitmask_t ngx_ssl_protocol_masks[];
+extern ngx_conf_enum_t ngx_ssl_verify_options[];
+
+
extern int ngx_ssl_connection_index;
extern int ngx_ssl_server_conf_index;
extern int ngx_ssl_session_cache_index;
diff -r 788c6187bdbd -r 99c2f52beae2 src/http/modules/ngx_http_proxy_module.c
--- a/src/http/modules/ngx_http_proxy_module.c
+++ b/src/http/modules/ngx_http_proxy_module.c
@@ -226,20 +226,6 @@ static ngx_conf_bitmask_t ngx_http_prox
};
-#if (NGX_HTTP_SSL)
-
-static ngx_conf_bitmask_t ngx_http_proxy_ssl_protocols[] = {
- { ngx_string("SSLv2"), NGX_SSL_SSLv2 },
- { ngx_string("SSLv3"), NGX_SSL_SSLv3 },
- { ngx_string("TLSv1"), NGX_SSL_TLSv1 },
- { ngx_string("TLSv1.1"), NGX_SSL_TLSv1_1 },
- { ngx_string("TLSv1.2"), NGX_SSL_TLSv1_2 },
- { ngx_null_string, 0 }
-};
-
-#endif
-
-
static ngx_conf_enum_t ngx_http_proxy_http_version[] = {
{ ngx_string("1.0"), NGX_HTTP_VERSION_10 },
{ ngx_string("1.1"), NGX_HTTP_VERSION_11 },
@@ -627,7 +613,7 @@ static ngx_command_t ngx_http_proxy_com
ngx_conf_set_bitmask_slot,
NGX_HTTP_LOC_CONF_OFFSET,
offsetof(ngx_http_proxy_loc_conf_t, ssl_protocols),
- &ngx_http_proxy_ssl_protocols },
+ &ngx_ssl_protocol_masks },
{ ngx_string("proxy_ssl_ciphers"),
NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1,
diff -r 788c6187bdbd -r 99c2f52beae2 src/http/modules/ngx_http_ssl_module.c
--- a/src/http/modules/ngx_http_ssl_module.c
+++ b/src/http/modules/ngx_http_ssl_module.c
@@ -48,25 +48,6 @@ static char *ngx_http_ssl_session_cache(
static ngx_int_t ngx_http_ssl_init(ngx_conf_t *cf);
-static ngx_conf_bitmask_t ngx_http_ssl_protocols[] = {
- { ngx_string("SSLv2"), NGX_SSL_SSLv2 },
- { ngx_string("SSLv3"), NGX_SSL_SSLv3 },
- { ngx_string("TLSv1"), NGX_SSL_TLSv1 },
- { ngx_string("TLSv1.1"), NGX_SSL_TLSv1_1 },
- { ngx_string("TLSv1.2"), NGX_SSL_TLSv1_2 },
- { ngx_null_string, 0 }
-};
-
-
-static ngx_conf_enum_t ngx_http_ssl_verify[] = {
- { ngx_string("off"), NGX_SSL_VERIFY_OFF },
- { ngx_string("on"), NGX_SSL_VERIFY_REQUIRED },
- { ngx_string("optional"), NGX_SSL_VERIFY_OPTIONAL },
- { ngx_string("optional_no_ca"), NGX_SSL_VERIFY_OPTIONAL_NO_CA },
- { ngx_null_string, 0 }
-};
-
-
static ngx_command_t ngx_http_ssl_commands[] = {
{ ngx_string("ssl"),
@@ -116,7 +97,7 @@ static ngx_command_t ngx_http_ssl_comma
ngx_conf_set_bitmask_slot,
NGX_HTTP_SRV_CONF_OFFSET,
offsetof(ngx_http_ssl_srv_conf_t, protocols),
- &ngx_http_ssl_protocols },
+ &ngx_ssl_protocol_masks },
{ ngx_string("ssl_ciphers"),
NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_TAKE1,
@@ -137,7 +118,7 @@ static ngx_command_t ngx_http_ssl_comma
ngx_conf_set_enum_slot,
NGX_HTTP_SRV_CONF_OFFSET,
offsetof(ngx_http_ssl_srv_conf_t, verify),
- &ngx_http_ssl_verify },
+ &ngx_ssl_verify_options },
{ ngx_string("ssl_verify_depth"),
NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_TAKE1,
diff -r 788c6187bdbd -r 99c2f52beae2 src/http/modules/ngx_http_uwsgi_module.c
--- a/src/http/modules/ngx_http_uwsgi_module.c
+++ b/src/http/modules/ngx_http_uwsgi_module.c
@@ -120,20 +120,6 @@ static ngx_conf_bitmask_t ngx_http_uwsgi
};
-#if (NGX_HTTP_SSL)
-
-static ngx_conf_bitmask_t ngx_http_uwsgi_ssl_protocols[] = {
- { ngx_string("SSLv2"), NGX_SSL_SSLv2 },
- { ngx_string("SSLv3"), NGX_SSL_SSLv3 },
- { ngx_string("TLSv1"), NGX_SSL_TLSv1 },
- { ngx_string("TLSv1.1"), NGX_SSL_TLSv1_1 },
- { ngx_string("TLSv1.2"), NGX_SSL_TLSv1_2 },
- { ngx_null_string, 0 }
-};
-
-#endif
-
-
ngx_module_t ngx_http_uwsgi_module;
@@ -465,7 +451,7 @@ static ngx_command_t ngx_http_uwsgi_comm
ngx_conf_set_bitmask_slot,
NGX_HTTP_LOC_CONF_OFFSET,
offsetof(ngx_http_uwsgi_loc_conf_t, ssl_protocols),
- &ngx_http_uwsgi_ssl_protocols },
+ &ngx_ssl_protocol_masks },
{ ngx_string("uwsgi_ssl_ciphers"),
NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1,
diff -r 788c6187bdbd -r 99c2f52beae2 src/mail/ngx_mail_ssl_module.c
--- a/src/mail/ngx_mail_ssl_module.c
+++ b/src/mail/ngx_mail_ssl_module.c
@@ -31,26 +31,6 @@ static ngx_conf_enum_t ngx_mail_starttl
};
-
-static ngx_conf_bitmask_t ngx_mail_ssl_protocols[] = {
- { ngx_string("SSLv2"), NGX_SSL_SSLv2 },
- { ngx_string("SSLv3"), NGX_SSL_SSLv3 },
- { ngx_string("TLSv1"), NGX_SSL_TLSv1 },
- { ngx_string("TLSv1.1"), NGX_SSL_TLSv1_1 },
- { ngx_string("TLSv1.2"), NGX_SSL_TLSv1_2 },
- { ngx_null_string, 0 }
-};
-
-
-static ngx_conf_enum_t ngx_mail_ssl_verify[] = {
- { ngx_string("off"), NGX_SSL_VERIFY_OFF },
- { ngx_string("on"), NGX_SSL_VERIFY_REQUIRED },
- { ngx_string("optional"), NGX_SSL_VERIFY_OPTIONAL },
- { ngx_string("optional_no_ca"), NGX_SSL_VERIFY_OPTIONAL_NO_CA },
- { ngx_null_string, 0 }
-};
-
-
static ngx_command_t ngx_mail_ssl_commands[] = {
{ ngx_string("ssl"),
@@ -107,7 +87,7 @@ static ngx_command_t ngx_mail_ssl_comma
ngx_conf_set_bitmask_slot,
NGX_MAIL_SRV_CONF_OFFSET,
offsetof(ngx_mail_ssl_conf_t, protocols),
- &ngx_mail_ssl_protocols },
+ &ngx_ssl_protocol_masks },
{ ngx_string("ssl_ciphers"),
NGX_MAIL_MAIN_CONF|NGX_MAIL_SRV_CONF|NGX_CONF_TAKE1,
@@ -156,7 +136,7 @@ static ngx_command_t ngx_mail_ssl_comma
ngx_conf_set_enum_slot,
NGX_MAIL_SRV_CONF_OFFSET,
offsetof(ngx_mail_ssl_conf_t, verify),
- &ngx_mail_ssl_verify },
+ &ngx_ssl_verify_options },
{ ngx_string("ssl_verify_depth"),
NGX_MAIL_MAIN_CONF|NGX_MAIL_SRV_CONF|NGX_CONF_TAKE1,
diff -r 788c6187bdbd -r 99c2f52beae2 src/stream/ngx_stream_proxy_module.c
--- a/src/stream/ngx_stream_proxy_module.c
+++ b/src/stream/ngx_stream_proxy_module.c
@@ -96,16 +96,6 @@ static ngx_int_t ngx_stream_proxy_ssl_na
static ngx_int_t ngx_stream_proxy_set_ssl(ngx_conf_t *cf,
ngx_stream_proxy_srv_conf_t *pscf);
-
-static ngx_conf_bitmask_t ngx_stream_proxy_ssl_protocols[] = {
- { ngx_string("SSLv2"), NGX_SSL_SSLv2 },
- { ngx_string("SSLv3"), NGX_SSL_SSLv3 },
- { ngx_string("TLSv1"), NGX_SSL_TLSv1 },
- { ngx_string("TLSv1.1"), NGX_SSL_TLSv1_1 },
- { ngx_string("TLSv1.2"), NGX_SSL_TLSv1_2 },
- { ngx_null_string, 0 }
-};
-
#endif
@@ -239,7 +229,7 @@ static ngx_command_t ngx_stream_proxy_c
ngx_conf_set_bitmask_slot,
NGX_STREAM_SRV_CONF_OFFSET,
offsetof(ngx_stream_proxy_srv_conf_t, ssl_protocols),
- &ngx_stream_proxy_ssl_protocols },
+ &ngx_ssl_protocol_masks },
{ ngx_string("proxy_ssl_ciphers"),
NGX_STREAM_MAIN_CONF|NGX_STREAM_SRV_CONF|NGX_CONF_TAKE1,
diff -r 788c6187bdbd -r 99c2f52beae2 src/stream/ngx_stream_ssl_module.c
--- a/src/stream/ngx_stream_ssl_module.c
+++ b/src/stream/ngx_stream_ssl_module.c
@@ -30,16 +30,6 @@ static char *ngx_stream_ssl_session_cach
void *conf);
-static ngx_conf_bitmask_t ngx_stream_ssl_protocols[] = {
- { ngx_string("SSLv2"), NGX_SSL_SSLv2 },
- { ngx_string("SSLv3"), NGX_SSL_SSLv3 },
- { ngx_string("TLSv1"), NGX_SSL_TLSv1 },
- { ngx_string("TLSv1.1"), NGX_SSL_TLSv1_1 },
- { ngx_string("TLSv1.2"), NGX_SSL_TLSv1_2 },
- { ngx_null_string, 0 }
-};
-
-
static ngx_command_t ngx_stream_ssl_commands[] = {
{ ngx_string("ssl_handshake_timeout"),
@@ -89,7 +79,7 @@ static ngx_command_t ngx_stream_ssl_com
ngx_conf_set_bitmask_slot,
NGX_STREAM_SRV_CONF_OFFSET,
offsetof(ngx_stream_ssl_conf_t, protocols),
- &ngx_stream_ssl_protocols },
+ &ngx_ssl_protocol_masks },
{ ngx_string("ssl_ciphers"),
NGX_STREAM_MAIN_CONF|NGX_STREAM_SRV_CONF|NGX_CONF_TAKE1,
More information about the nginx-devel
mailing list