[nginx] Stream: SSL-related variables.
Vladimir Homutov
vl at nginx.com
Mon Jul 4 14:50:25 UTC 2016
details: http://hg.nginx.org/nginx/rev/85e7bcb37d6b
branches:
changeset: 6611:85e7bcb37d6b
user: Vladimir Homutov <vl at nginx.com>
date: Wed Jun 29 12:52:52 2016 +0300
description:
Stream: SSL-related variables.
diffstat:
src/stream/ngx_stream_ssl_module.c | 115 ++++++++++++++++++++++++++++++++++++-
1 files changed, 114 insertions(+), 1 deletions(-)
diffs (146 lines):
diff -r d5b5866c06c4 -r 85e7bcb37d6b src/stream/ngx_stream_ssl_module.c
--- a/src/stream/ngx_stream_ssl_module.c Wed Jun 29 12:46:12 2016 +0300
+++ b/src/stream/ngx_stream_ssl_module.c Wed Jun 29 12:52:52 2016 +0300
@@ -10,10 +10,20 @@
#include <ngx_stream.h>
+typedef ngx_int_t (*ngx_ssl_variable_handler_pt)(ngx_connection_t *c,
+ ngx_pool_t *pool, ngx_str_t *s);
+
+
#define NGX_DEFAULT_CIPHERS "HIGH:!aNULL:!MD5"
#define NGX_DEFAULT_ECDH_CURVE "auto"
+static ngx_int_t ngx_stream_ssl_static_variable(ngx_stream_session_t *s,
+ ngx_stream_variable_value_t *v, uintptr_t data);
+static ngx_int_t ngx_stream_ssl_variable(ngx_stream_session_t *s,
+ ngx_stream_variable_value_t *v, uintptr_t data);
+
+static ngx_int_t ngx_stream_ssl_add_variables(ngx_conf_t *cf);
static void *ngx_stream_ssl_create_conf(ngx_conf_t *cf);
static char *ngx_stream_ssl_merge_conf(ngx_conf_t *cf, void *parent,
void *child);
@@ -132,7 +142,7 @@ static ngx_command_t ngx_stream_ssl_com
static ngx_stream_module_t ngx_stream_ssl_module_ctx = {
- NULL, /* preconfiguration */
+ ngx_stream_ssl_add_variables, /* preconfiguration */
NULL, /* postconfiguration */
NULL, /* create main configuration */
@@ -159,9 +169,112 @@ ngx_module_t ngx_stream_ssl_module = {
};
+static ngx_stream_variable_t ngx_stream_ssl_vars[] = {
+
+ { ngx_string("ssl_protocol"), NULL, ngx_stream_ssl_static_variable,
+ (uintptr_t) ngx_ssl_get_protocol, NGX_STREAM_VAR_CHANGEABLE, 0 },
+
+ { ngx_string("ssl_cipher"), NULL, ngx_stream_ssl_static_variable,
+ (uintptr_t) ngx_ssl_get_cipher_name, NGX_STREAM_VAR_CHANGEABLE, 0 },
+
+ { ngx_string("ssl_session_id"), NULL, ngx_stream_ssl_variable,
+ (uintptr_t) ngx_ssl_get_session_id, NGX_STREAM_VAR_CHANGEABLE, 0 },
+
+ { ngx_string("ssl_session_reused"), NULL, ngx_stream_ssl_variable,
+ (uintptr_t) ngx_ssl_get_session_reused, NGX_STREAM_VAR_CHANGEABLE, 0 },
+
+ { ngx_string("ssl_server_name"), NULL, ngx_stream_ssl_variable,
+ (uintptr_t) ngx_ssl_get_server_name, NGX_STREAM_VAR_CHANGEABLE, 0 },
+
+ { ngx_null_string, NULL, NULL, 0, 0, 0 }
+};
+
+
static ngx_str_t ngx_stream_ssl_sess_id_ctx = ngx_string("STREAM");
+static ngx_int_t
+ngx_stream_ssl_static_variable(ngx_stream_session_t *s,
+ ngx_stream_variable_value_t *v, uintptr_t data)
+{
+ ngx_ssl_variable_handler_pt handler = (ngx_ssl_variable_handler_pt) data;
+
+ size_t len;
+ ngx_str_t str;
+
+ if (s->connection->ssl) {
+
+ (void) handler(s->connection, NULL, &str);
+
+ v->data = str.data;
+
+ for (len = 0; v->data[len]; len++) { /* void */ }
+
+ v->len = len;
+ v->valid = 1;
+ v->no_cacheable = 0;
+ v->not_found = 0;
+
+ return NGX_OK;
+ }
+
+ v->not_found = 1;
+
+ return NGX_OK;
+}
+
+
+static ngx_int_t
+ngx_stream_ssl_variable(ngx_stream_session_t *s,
+ ngx_stream_variable_value_t *v, uintptr_t data)
+{
+ ngx_ssl_variable_handler_pt handler = (ngx_ssl_variable_handler_pt) data;
+
+ ngx_str_t str;
+
+ if (s->connection->ssl) {
+
+ if (handler(s->connection, s->connection->pool, &str) != NGX_OK) {
+ return NGX_ERROR;
+ }
+
+ v->len = str.len;
+ v->data = str.data;
+
+ if (v->len) {
+ v->valid = 1;
+ v->no_cacheable = 0;
+ v->not_found = 0;
+
+ return NGX_OK;
+ }
+ }
+
+ v->not_found = 1;
+
+ return NGX_OK;
+}
+
+
+static ngx_int_t
+ngx_stream_ssl_add_variables(ngx_conf_t *cf)
+{
+ ngx_stream_variable_t *var, *v;
+
+ for (v = ngx_stream_ssl_vars; v->name.len; v++) {
+ var = ngx_stream_add_variable(cf, &v->name, v->flags);
+ if (var == NULL) {
+ return NGX_ERROR;
+ }
+
+ var->get_handler = v->get_handler;
+ var->data = v->data;
+ }
+
+ return NGX_OK;
+}
+
+
static void *
ngx_stream_ssl_create_conf(ngx_conf_t *cf)
{
More information about the nginx-devel
mailing list