[PATCH 3 of 3] PSK: add identity hint config directive
Karstens, Nate
Nate.Karstens at garmin.com
Thu Jun 22 13:24:59 UTC 2017
# HG changeset patch
# User Nate Karstens <nate.karstens at garmin.com>
# Date 1498137243 18000
# Thu Jun 22 08:14:03 2017 -0500
# Node ID b706695658216c88716904519467a36c1aac7ac9
# Parent a4635fa4a0cabf5312cda617b8010ea14279ab1c
PSK: add identity hint config directive
Adds the directive "ssl_psk_identity_hint" to the ngx_http_ssl_module.
This allows the user to specify the PSK identity hint given to the
connecting client.
Signed-off-by: Nate Karstens <nate.karstens at garmin.com>
diff -r a4635fa4a0ca -r b70669565821 contrib/vim/syntax/nginx.vim
--- a/contrib/vim/syntax/nginx.vim Thu Jun 22 08:13:27 2017 -0500
+++ b/contrib/vim/syntax/nginx.vim Thu Jun 22 08:14:03 2017 -0500
@@ -551,6 +551,7 @@
syn keyword ngxDirective contained ssl_preread
syn keyword ngxDirective contained ssl_protocols
syn keyword ngxDirective contained ssl_psk_file
+syn keyword ngxDirective contained ssl_psk_identity_hint
syn keyword ngxDirective contained ssl_session_cache
syn keyword ngxDirective contained ssl_session_ticket_key
syn keyword ngxDirective contained ssl_session_tickets
diff -r a4635fa4a0ca -r b70669565821 src/http/modules/ngx_http_ssl_module.c
--- a/src/http/modules/ngx_http_ssl_module.c Thu Jun 22 08:13:27 2017 -0500
+++ b/src/http/modules/ngx_http_ssl_module.c Thu Jun 22 08:14:03 2017 -0500
@@ -241,6 +241,13 @@
offsetof(ngx_http_ssl_srv_conf_t, psk_file),
NULL },
+ { ngx_string("ssl_psk_identity_hint"),
+ NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_TAKE1,
+ ngx_conf_set_str_slot,
+ NGX_HTTP_SRV_CONF_OFFSET,
+ offsetof(ngx_http_ssl_srv_conf_t, psk_identity_hint),
+ NULL },
+
ngx_null_command
};
@@ -550,6 +557,7 @@
* sscf->stapling_file = { 0, NULL };
* sscf->stapling_responder = { 0, NULL };
* sscf->psk_file = { 0, NULL };
+ * sscf->psk_identity_hint = { 0, NULL };
*/
sscf->enable = NGX_CONF_UNSET;
@@ -632,6 +640,7 @@
prev->stapling_responder, "");
ngx_conf_merge_str_value(conf->psk_file, prev->psk_file, "");
+ ngx_conf_merge_str_value(conf->psk_identity_hint, prev->psk_identity_hint, "");
conf->ssl.log = cf->log;
@@ -819,6 +828,15 @@
return NGX_CONF_ERROR;
}
+ if (conf->psk_identity_hint.len != 0) {
+ if (SSL_CTX_use_psk_identity_hint(conf->ssl.ctx,
+ (char *) conf->psk_identity_hint.data)
+ != 1)
+ {
+ return NGX_CONF_ERROR;
+ }
+ }
+
return NGX_CONF_OK;
}
diff -r a4635fa4a0ca -r b70669565821 src/http/modules/ngx_http_ssl_module.h
--- a/src/http/modules/ngx_http_ssl_module.h Thu Jun 22 08:13:27 2017 -0500
+++ b/src/http/modules/ngx_http_ssl_module.h Thu Jun 22 08:14:03 2017 -0500
@@ -56,6 +56,7 @@
ngx_str_t stapling_responder;
ngx_str_t psk_file;
+ ngx_str_t psk_identity_hint;
u_char *file;
ngx_uint_t line;
________________________________
CONFIDENTIALITY NOTICE: This email and any attachments are for the sole use of the intended recipient(s) and contain information that may be Garmin confidential and/or Garmin legally privileged. If you have received this email in error, please notify the sender by reply email and delete the message. Any disclosure, copying, distribution or use of this communication (including attachments) by someone other than the intended recipient is prohibited. Thank you.
More information about the nginx-devel
mailing list