Hello! On Thu, Jun 22, 2017 at 01:24:59PM +0000, Karstens, Nate wrote:
> # HG changeset patch > # User Nate Karstens <[email protected]> > # Date 1498137243 18000 > # Thu Jun 22 08:14:03 2017 -0500 > # Node ID b706695658216c88716904519467a36c1aac7ac9 > # Parent a4635fa4a0cabf5312cda617b8010ea14279ab1c > PSK: add identity hint config directive > > Adds the directive "ssl_psk_identity_hint" to the ngx_http_ssl_module. > This allows the user to specify the PSK identity hint given to the > connecting client. > > Signed-off-by: Nate Karstens <[email protected]> > > diff -r a4635fa4a0ca -r b70669565821 contrib/vim/syntax/nginx.vim > --- a/contrib/vim/syntax/nginx.vim Thu Jun 22 08:13:27 2017 -0500 > +++ b/contrib/vim/syntax/nginx.vim Thu Jun 22 08:14:03 2017 -0500 > @@ -551,6 +551,7 @@ > syn keyword ngxDirective contained ssl_preread > syn keyword ngxDirective contained ssl_protocols > syn keyword ngxDirective contained ssl_psk_file > +syn keyword ngxDirective contained ssl_psk_identity_hint > syn keyword ngxDirective contained ssl_session_cache > syn keyword ngxDirective contained ssl_session_ticket_key > syn keyword ngxDirective contained ssl_session_tickets > diff -r a4635fa4a0ca -r b70669565821 src/http/modules/ngx_http_ssl_module.c > --- a/src/http/modules/ngx_http_ssl_module.c Thu Jun 22 08:13:27 2017 -0500 > +++ b/src/http/modules/ngx_http_ssl_module.c Thu Jun 22 08:14:03 2017 -0500 > @@ -241,6 +241,13 @@ > offsetof(ngx_http_ssl_srv_conf_t, psk_file), > NULL }, > > + { ngx_string("ssl_psk_identity_hint"), > + NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_TAKE1, > + ngx_conf_set_str_slot, > + NGX_HTTP_SRV_CONF_OFFSET, > + offsetof(ngx_http_ssl_srv_conf_t, psk_identity_hint), > + NULL }, > + > ngx_null_command > }; > > @@ -550,6 +557,7 @@ > * sscf->stapling_file = { 0, NULL }; > * sscf->stapling_responder = { 0, NULL }; > * sscf->psk_file = { 0, NULL }; > + * sscf->psk_identity_hint = { 0, NULL }; > */ > > sscf->enable = NGX_CONF_UNSET; > @@ -632,6 +640,7 @@ > prev->stapling_responder, ""); > > ngx_conf_merge_str_value(conf->psk_file, prev->psk_file, ""); > + ngx_conf_merge_str_value(conf->psk_identity_hint, > prev->psk_identity_hint, ""); > > conf->ssl.log = cf->log; > > @@ -819,6 +828,15 @@ > return NGX_CONF_ERROR; > } > > + if (conf->psk_identity_hint.len != 0) { > + if (SSL_CTX_use_psk_identity_hint(conf->ssl.ctx, > + (char *) > conf->psk_identity_hint.data) > + != 1) > + { > + return NGX_CONF_ERROR; > + } > + } Please avoid direct calls of SSL library functions. Instead, please pass this as a prameter to ngx_ssl_psk_file(), and use appropriate library calls there. > + > return NGX_CONF_OK; > } > > diff -r a4635fa4a0ca -r b70669565821 src/http/modules/ngx_http_ssl_module.h > --- a/src/http/modules/ngx_http_ssl_module.h Thu Jun 22 08:13:27 2017 -0500 > +++ b/src/http/modules/ngx_http_ssl_module.h Thu Jun 22 08:14:03 2017 -0500 > @@ -56,6 +56,7 @@ > ngx_str_t stapling_responder; > > ngx_str_t psk_file; > + ngx_str_t psk_identity_hint; > > u_char *file; > ngx_uint_t line; > > ________________________________ > > CONFIDENTIALITY NOTICE: This email and any attachments are for the sole use > of the intended recipient(s) and contain information that may be Garmin > confidential and/or Garmin legally privileged. If you have received this > email in error, please notify the sender by reply email and delete the > message. Any disclosure, copying, distribution or use of this communication > (including attachments) by someone other than the intended recipient is > prohibited. Thank you. > _______________________________________________ > nginx-devel mailing list > [email protected] > http://mailman.nginx.org/mailman/listinfo/nginx-devel -- Maxim Dounin http://nginx.org/ _______________________________________________ nginx-devel mailing list [email protected] http://mailman.nginx.org/mailman/listinfo/nginx-devel
