# HG changeset patch # User Piotr Sikora <piotrsik...@google.com> # Date 1471428985 25200 # Wed Aug 17 03:16:25 2016 -0700 # Node ID 99c2f52beae28567bf2f8501d1a182cd20004c71 # Parent 788c6187bdbd72787ba24505731e42b6a2307be3 SSL: pull common SSL options into OpenSSL module.
No functional changes. Signed-off-by: Piotr Sikora <piotrsik...@google.com> diff -r 788c6187bdbd -r 99c2f52beae2 src/core/ngx_core.h --- a/src/core/ngx_core.h +++ b/src/core/ngx_core.h @@ -79,11 +79,11 @@ typedef void (*ngx_connection_handler_pt #include <ngx_inet.h> #include <ngx_cycle.h> #include <ngx_resolver.h> +#include <ngx_conf_file.h> #if (NGX_OPENSSL) #include <ngx_event_openssl.h> #endif #include <ngx_process_cycle.h> -#include <ngx_conf_file.h> #include <ngx_module.h> #include <ngx_open_file_cache.h> #include <ngx_os.h> diff -r 788c6187bdbd -r 99c2f52beae2 src/event/ngx_event_openssl.c --- a/src/event/ngx_event_openssl.c +++ b/src/event/ngx_event_openssl.c @@ -64,6 +64,25 @@ static char *ngx_openssl_engine(ngx_conf static void ngx_openssl_exit(ngx_cycle_t *cycle); +ngx_conf_bitmask_t ngx_ssl_protocol_masks[] = { + { ngx_string("SSLv2"), NGX_SSL_SSLv2 }, + { ngx_string("SSLv3"), NGX_SSL_SSLv3 }, + { ngx_string("TLSv1"), NGX_SSL_TLSv1 }, + { ngx_string("TLSv1.1"), NGX_SSL_TLSv1_1 }, + { ngx_string("TLSv1.2"), NGX_SSL_TLSv1_2 }, + { ngx_null_string, 0 } +}; + + +ngx_conf_enum_t ngx_ssl_verify_options[] = { + { ngx_string("off"), NGX_SSL_VERIFY_OFF }, + { ngx_string("on"), NGX_SSL_VERIFY_REQUIRED }, + { ngx_string("optional"), NGX_SSL_VERIFY_OPTIONAL }, + { ngx_string("optional_no_ca"), NGX_SSL_VERIFY_OPTIONAL_NO_CA }, + { ngx_null_string, 0 } +}; + + static ngx_command_t ngx_openssl_commands[] = { { ngx_string("ssl_engine"), diff -r 788c6187bdbd -r 99c2f52beae2 src/event/ngx_event_openssl.h --- a/src/event/ngx_event_openssl.h +++ b/src/event/ngx_event_openssl.h @@ -237,6 +237,10 @@ void ngx_cdecl ngx_ssl_error(ngx_uint_t void ngx_ssl_cleanup_ctx(void *data); +extern ngx_conf_bitmask_t ngx_ssl_protocol_masks[]; +extern ngx_conf_enum_t ngx_ssl_verify_options[]; + + extern int ngx_ssl_connection_index; extern int ngx_ssl_server_conf_index; extern int ngx_ssl_session_cache_index; diff -r 788c6187bdbd -r 99c2f52beae2 src/http/modules/ngx_http_proxy_module.c --- a/src/http/modules/ngx_http_proxy_module.c +++ b/src/http/modules/ngx_http_proxy_module.c @@ -226,20 +226,6 @@ static ngx_conf_bitmask_t ngx_http_prox }; -#if (NGX_HTTP_SSL) - -static ngx_conf_bitmask_t ngx_http_proxy_ssl_protocols[] = { - { ngx_string("SSLv2"), NGX_SSL_SSLv2 }, - { ngx_string("SSLv3"), NGX_SSL_SSLv3 }, - { ngx_string("TLSv1"), NGX_SSL_TLSv1 }, - { ngx_string("TLSv1.1"), NGX_SSL_TLSv1_1 }, - { ngx_string("TLSv1.2"), NGX_SSL_TLSv1_2 }, - { ngx_null_string, 0 } -}; - -#endif - - static ngx_conf_enum_t ngx_http_proxy_http_version[] = { { ngx_string("1.0"), NGX_HTTP_VERSION_10 }, { ngx_string("1.1"), NGX_HTTP_VERSION_11 }, @@ -627,7 +613,7 @@ static ngx_command_t ngx_http_proxy_com ngx_conf_set_bitmask_slot, NGX_HTTP_LOC_CONF_OFFSET, offsetof(ngx_http_proxy_loc_conf_t, ssl_protocols), - &ngx_http_proxy_ssl_protocols }, + &ngx_ssl_protocol_masks }, { ngx_string("proxy_ssl_ciphers"), NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1, diff -r 788c6187bdbd -r 99c2f52beae2 src/http/modules/ngx_http_ssl_module.c --- a/src/http/modules/ngx_http_ssl_module.c +++ b/src/http/modules/ngx_http_ssl_module.c @@ -48,25 +48,6 @@ static char *ngx_http_ssl_session_cache( static ngx_int_t ngx_http_ssl_init(ngx_conf_t *cf); -static ngx_conf_bitmask_t ngx_http_ssl_protocols[] = { - { ngx_string("SSLv2"), NGX_SSL_SSLv2 }, - { ngx_string("SSLv3"), NGX_SSL_SSLv3 }, - { ngx_string("TLSv1"), NGX_SSL_TLSv1 }, - { ngx_string("TLSv1.1"), NGX_SSL_TLSv1_1 }, - { ngx_string("TLSv1.2"), NGX_SSL_TLSv1_2 }, - { ngx_null_string, 0 } -}; - - -static ngx_conf_enum_t ngx_http_ssl_verify[] = { - { ngx_string("off"), NGX_SSL_VERIFY_OFF }, - { ngx_string("on"), NGX_SSL_VERIFY_REQUIRED }, - { ngx_string("optional"), NGX_SSL_VERIFY_OPTIONAL }, - { ngx_string("optional_no_ca"), NGX_SSL_VERIFY_OPTIONAL_NO_CA }, - { ngx_null_string, 0 } -}; - - static ngx_command_t ngx_http_ssl_commands[] = { { ngx_string("ssl"), @@ -116,7 +97,7 @@ static ngx_command_t ngx_http_ssl_comma ngx_conf_set_bitmask_slot, NGX_HTTP_SRV_CONF_OFFSET, offsetof(ngx_http_ssl_srv_conf_t, protocols), - &ngx_http_ssl_protocols }, + &ngx_ssl_protocol_masks }, { ngx_string("ssl_ciphers"), NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_TAKE1, @@ -137,7 +118,7 @@ static ngx_command_t ngx_http_ssl_comma ngx_conf_set_enum_slot, NGX_HTTP_SRV_CONF_OFFSET, offsetof(ngx_http_ssl_srv_conf_t, verify), - &ngx_http_ssl_verify }, + &ngx_ssl_verify_options }, { ngx_string("ssl_verify_depth"), NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_TAKE1, diff -r 788c6187bdbd -r 99c2f52beae2 src/http/modules/ngx_http_uwsgi_module.c --- a/src/http/modules/ngx_http_uwsgi_module.c +++ b/src/http/modules/ngx_http_uwsgi_module.c @@ -120,20 +120,6 @@ static ngx_conf_bitmask_t ngx_http_uwsgi }; -#if (NGX_HTTP_SSL) - -static ngx_conf_bitmask_t ngx_http_uwsgi_ssl_protocols[] = { - { ngx_string("SSLv2"), NGX_SSL_SSLv2 }, - { ngx_string("SSLv3"), NGX_SSL_SSLv3 }, - { ngx_string("TLSv1"), NGX_SSL_TLSv1 }, - { ngx_string("TLSv1.1"), NGX_SSL_TLSv1_1 }, - { ngx_string("TLSv1.2"), NGX_SSL_TLSv1_2 }, - { ngx_null_string, 0 } -}; - -#endif - - ngx_module_t ngx_http_uwsgi_module; @@ -465,7 +451,7 @@ static ngx_command_t ngx_http_uwsgi_comm ngx_conf_set_bitmask_slot, NGX_HTTP_LOC_CONF_OFFSET, offsetof(ngx_http_uwsgi_loc_conf_t, ssl_protocols), - &ngx_http_uwsgi_ssl_protocols }, + &ngx_ssl_protocol_masks }, { ngx_string("uwsgi_ssl_ciphers"), NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1, diff -r 788c6187bdbd -r 99c2f52beae2 src/mail/ngx_mail_ssl_module.c --- a/src/mail/ngx_mail_ssl_module.c +++ b/src/mail/ngx_mail_ssl_module.c @@ -31,26 +31,6 @@ static ngx_conf_enum_t ngx_mail_starttl }; - -static ngx_conf_bitmask_t ngx_mail_ssl_protocols[] = { - { ngx_string("SSLv2"), NGX_SSL_SSLv2 }, - { ngx_string("SSLv3"), NGX_SSL_SSLv3 }, - { ngx_string("TLSv1"), NGX_SSL_TLSv1 }, - { ngx_string("TLSv1.1"), NGX_SSL_TLSv1_1 }, - { ngx_string("TLSv1.2"), NGX_SSL_TLSv1_2 }, - { ngx_null_string, 0 } -}; - - -static ngx_conf_enum_t ngx_mail_ssl_verify[] = { - { ngx_string("off"), NGX_SSL_VERIFY_OFF }, - { ngx_string("on"), NGX_SSL_VERIFY_REQUIRED }, - { ngx_string("optional"), NGX_SSL_VERIFY_OPTIONAL }, - { ngx_string("optional_no_ca"), NGX_SSL_VERIFY_OPTIONAL_NO_CA }, - { ngx_null_string, 0 } -}; - - static ngx_command_t ngx_mail_ssl_commands[] = { { ngx_string("ssl"), @@ -107,7 +87,7 @@ static ngx_command_t ngx_mail_ssl_comma ngx_conf_set_bitmask_slot, NGX_MAIL_SRV_CONF_OFFSET, offsetof(ngx_mail_ssl_conf_t, protocols), - &ngx_mail_ssl_protocols }, + &ngx_ssl_protocol_masks }, { ngx_string("ssl_ciphers"), NGX_MAIL_MAIN_CONF|NGX_MAIL_SRV_CONF|NGX_CONF_TAKE1, @@ -156,7 +136,7 @@ static ngx_command_t ngx_mail_ssl_comma ngx_conf_set_enum_slot, NGX_MAIL_SRV_CONF_OFFSET, offsetof(ngx_mail_ssl_conf_t, verify), - &ngx_mail_ssl_verify }, + &ngx_ssl_verify_options }, { ngx_string("ssl_verify_depth"), NGX_MAIL_MAIN_CONF|NGX_MAIL_SRV_CONF|NGX_CONF_TAKE1, diff -r 788c6187bdbd -r 99c2f52beae2 src/stream/ngx_stream_proxy_module.c --- a/src/stream/ngx_stream_proxy_module.c +++ b/src/stream/ngx_stream_proxy_module.c @@ -96,16 +96,6 @@ static ngx_int_t ngx_stream_proxy_ssl_na static ngx_int_t ngx_stream_proxy_set_ssl(ngx_conf_t *cf, ngx_stream_proxy_srv_conf_t *pscf); - -static ngx_conf_bitmask_t ngx_stream_proxy_ssl_protocols[] = { - { ngx_string("SSLv2"), NGX_SSL_SSLv2 }, - { ngx_string("SSLv3"), NGX_SSL_SSLv3 }, - { ngx_string("TLSv1"), NGX_SSL_TLSv1 }, - { ngx_string("TLSv1.1"), NGX_SSL_TLSv1_1 }, - { ngx_string("TLSv1.2"), NGX_SSL_TLSv1_2 }, - { ngx_null_string, 0 } -}; - #endif @@ -239,7 +229,7 @@ static ngx_command_t ngx_stream_proxy_c ngx_conf_set_bitmask_slot, NGX_STREAM_SRV_CONF_OFFSET, offsetof(ngx_stream_proxy_srv_conf_t, ssl_protocols), - &ngx_stream_proxy_ssl_protocols }, + &ngx_ssl_protocol_masks }, { ngx_string("proxy_ssl_ciphers"), NGX_STREAM_MAIN_CONF|NGX_STREAM_SRV_CONF|NGX_CONF_TAKE1, diff -r 788c6187bdbd -r 99c2f52beae2 src/stream/ngx_stream_ssl_module.c --- a/src/stream/ngx_stream_ssl_module.c +++ b/src/stream/ngx_stream_ssl_module.c @@ -30,16 +30,6 @@ static char *ngx_stream_ssl_session_cach void *conf); -static ngx_conf_bitmask_t ngx_stream_ssl_protocols[] = { - { ngx_string("SSLv2"), NGX_SSL_SSLv2 }, - { ngx_string("SSLv3"), NGX_SSL_SSLv3 }, - { ngx_string("TLSv1"), NGX_SSL_TLSv1 }, - { ngx_string("TLSv1.1"), NGX_SSL_TLSv1_1 }, - { ngx_string("TLSv1.2"), NGX_SSL_TLSv1_2 }, - { ngx_null_string, 0 } -}; - - static ngx_command_t ngx_stream_ssl_commands[] = { { ngx_string("ssl_handshake_timeout"), @@ -89,7 +79,7 @@ static ngx_command_t ngx_stream_ssl_com ngx_conf_set_bitmask_slot, NGX_STREAM_SRV_CONF_OFFSET, offsetof(ngx_stream_ssl_conf_t, protocols), - &ngx_stream_ssl_protocols }, + &ngx_ssl_protocol_masks }, { ngx_string("ssl_ciphers"), NGX_STREAM_MAIN_CONF|NGX_STREAM_SRV_CONF|NGX_CONF_TAKE1, _______________________________________________ nginx-devel mailing list nginx-devel@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx-devel