[nginx] svn commit: r5094 - trunk/src/http

Wed, 27 Feb 2013 09:34:04 -0800 

Author: vbart
Date: 2013-02-27 17:33:59 +0000 (Wed, 27 Feb 2013)
New Revision: 5094
URL: http://trac.nginx.org/nginx/changeset/5094/nginx

Log:
SNI: avoid surplus lookup of virtual server if SNI was used.


Modified:
   trunk/src/http/ngx_http_request.c
   trunk/src/http/ngx_http_request.h

Modified: trunk/src/http/ngx_http_request.c
===================================================================
--- trunk/src/http/ngx_http_request.c   2013-02-27 17:27:15 UTC (rev 5093)
+++ trunk/src/http/ngx_http_request.c   2013-02-27 17:33:59 UTC (rev 5094)
@@ -693,6 +693,13 @@
         return SSL_TLSEXT_ERR_NOACK;
     }
 
+    hc->ssl_servername = ngx_palloc(c->pool, sizeof(ngx_str_t));
+    if (hc->ssl_servername == NULL) {
+        return SSL_TLSEXT_ERR_NOACK;
+    }
+
+    *hc->ssl_servername = host;
+
     hc->conf_ctx = cscf->ctx;
 
     clcf = ngx_http_get_module_loc_conf(hc->conf_ctx, ngx_http_core_module);
@@ -1831,6 +1838,28 @@
 
     hc = r->http_connection;
 
+#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
+
+    if (hc->ssl_servername) {
+        if (hc->ssl_servername->len == host->len
+            && ngx_strncmp(hc->ssl_servername->data,
+                           host->data, host->len) == 0)
+        {
+#if (NGX_PCRE)
+            if (hc->ssl_servername_regex
+                && ngx_http_regex_exec(r, hc->ssl_servername_regex,
+                                          hc->ssl_servername) != NGX_OK)
+            {
+                ngx_http_close_request(r, NGX_HTTP_INTERNAL_SERVER_ERROR);
+                return NGX_ERROR;
+            }
+#endif
+            return NGX_OK;
+        }
+    }
+
+#endif
+
     rc = ngx_http_find_virtual_server(r->connection,
                                       hc->addr_conf->virtual_names,
                                       host, r, &cscf);
@@ -1887,6 +1916,8 @@
 #ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
 
         if (r == NULL) {
+            ngx_http_connection_t  *hc;
+
             for (i = 0; i < virtual_names->nregex; i++) {
 
                 n = ngx_regex_exec(sn[i].regex->regex, host, NULL, 0);
@@ -1896,6 +1927,9 @@
                 }
 
                 if (n >= 0) {
+                    hc = c->data;
+                    hc->ssl_servername_regex = sn[i].regex;
+
                     *cscfp = sn[i].server;
                     return NGX_OK;
                 }

Modified: trunk/src/http/ngx_http_request.h
===================================================================
--- trunk/src/http/ngx_http_request.h   2013-02-27 17:27:15 UTC (rev 5093)
+++ trunk/src/http/ngx_http_request.h   2013-02-27 17:33:59 UTC (rev 5094)
@@ -295,6 +295,13 @@
     ngx_http_addr_conf_t             *addr_conf;
     ngx_http_conf_ctx_t              *conf_ctx;
 
+#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
+    ngx_str_t                        *ssl_servername;
+#if (NGX_PCRE)
+    ngx_http_regex_t                 *ssl_servername_regex;
+#endif
+#endif
+
     ngx_http_request_t               *request;
 
     ngx_buf_t                       **busy;

_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel

Reply via email to