Google Git
Sign in
nginx / nginx / e980a6814bcc547f9435634f27856b48c70c9e26 / . / src / event / ngx_event_openssl.h
blob: 1e83606fd8f1d71ef20a8e15508500ed46685f8c [file] [log] [blame]
Igor Sysoevd90282d2004-09-28 08:34:51 +0000[diff] [blame]1
2/*
Igor Sysoevff8da912004-09-29 16:00:49 +0000[diff] [blame]3 * Copyright (C) Igor Sysoev
Igor Sysoevd90282d2004-09-28 08:34:51 +0000[diff] [blame]4 */
5
6
Igor Sysoev1c3567e2004-07-15 16:35:51 +0000[diff] [blame]7#ifndef _NGX_EVENT_OPENSSL_H_INCLUDED_
8#define _NGX_EVENT_OPENSSL_H_INCLUDED_
9
10
11#include <ngx_config.h>
12#include <ngx_core.h>
13
14#include <openssl/ssl.h>
15#include <openssl/err.h>
16
Igor Sysoeve5733802005-09-08 14:36:09 +0000[diff] [blame]17#if OPENSSL_VERSION_NUMBER >= 0x00907000
Igor Sysoev7504a402007-01-02 23:32:41 +0000[diff] [blame]18#include <openssl/conf.h>
Igor Sysoeve5733802005-09-08 14:36:09 +0000[diff] [blame]19#include <openssl/engine.h>
Igor Sysoev9fa5a822005-09-30 14:41:25 +0000[diff] [blame]20#define NGX_SSL_ENGINE 1
Igor Sysoeve5733802005-09-08 14:36:09 +0000[diff] [blame]21#endif
22
Igor Sysoev9fa5a822005-09-30 14:41:25 +0000[diff] [blame]23#define NGX_SSL_NAME "OpenSSL"
Igor Sysoeve5733802005-09-08 14:36:09 +0000[diff] [blame]24
Igor Sysoev1c3567e2004-07-15 16:35:51 +0000[diff] [blame]25
Igor Sysoevc55a1042006-08-09 19:59:45 +0000[diff] [blame]26#define ngx_ssl_session_t SSL_SESSION
27#define ngx_ssl_conn_t SSL
28
29
Igor Sysoevf38e0462004-07-16 17:11:43 +0000[diff] [blame]30typedef struct {
Igor Sysoev9fa5a822005-09-30 14:41:25 +0000[diff] [blame]31 SSL_CTX *ctx;
Igor Sysoev9fa5a822005-09-30 14:41:25 +0000[diff] [blame]32 ngx_log_t *log;
Igor Sysoevf38e0462004-07-16 17:11:43 +0000[diff] [blame]33} ngx_ssl_t;
34
35
Igor Sysoev9fa5a822005-09-30 14:41:25 +0000[diff] [blame]36typedef struct {
Igor Sysoevc55a1042006-08-09 19:59:45 +0000[diff] [blame]37 ngx_ssl_conn_t *connection;
Igor Sysoev44d87222006-05-06 16:28:56 +0000[diff] [blame]38
Igor Sysoev9fa5a822005-09-30 14:41:25 +0000[diff] [blame]39 ngx_int_t last;
40 ngx_buf_t *buf;
41
42 ngx_connection_handler_pt handler;
43
44 ngx_event_handler_pt saved_read_handler;
45 ngx_event_handler_pt saved_write_handler;
46
47 unsigned handshaked:1;
48 unsigned buffer:1;
49 unsigned no_wait_shutdown:1;
50 unsigned no_send_shutdown:1;
51} ngx_ssl_connection_t;
Igor Sysoev1c3567e2004-07-15 16:35:51 +0000[diff] [blame]52
53
Igor Sysoevd6548fa2008-05-26 07:14:13 +0000[diff] [blame]54#define NGX_SSL_NO_SCACHE -2
55#define NGX_SSL_NONE_SCACHE -3
56#define NGX_SSL_NO_BUILTIN_SCACHE -4
57#define NGX_SSL_DFLT_BUILTIN_SCACHE -5
Igor Sysoev3364dc62007-01-03 15:25:40 +0000[diff] [blame]58
59
Igor Sysoev6ff850b2007-12-26 20:27:22 +0000[diff] [blame]60#define NGX_SSL_MAX_SESSION_SIZE 4096
Igor Sysoev3364dc62007-01-03 15:25:40 +0000[diff] [blame]61
Igor Sysoevb3179452007-01-11 17:39:02 +0000[diff] [blame]62typedef struct ngx_ssl_sess_id_s ngx_ssl_sess_id_t;
Igor Sysoev3364dc62007-01-03 15:25:40 +0000[diff] [blame]63
Igor Sysoevb3179452007-01-11 17:39:02 +0000[diff] [blame]64struct ngx_ssl_sess_id_s {
Igor Sysoev3364dc62007-01-03 15:25:40 +0000[diff] [blame]65 ngx_rbtree_node_t node;
66 u_char *id;
67 size_t len;
Igor Sysoevb3179452007-01-11 17:39:02 +0000[diff] [blame]68 u_char *session;
Igor Sysoev01a129d2007-12-20 21:01:00 +0000[diff] [blame]69 ngx_queue_t queue;
Igor Sysoev3364dc62007-01-03 15:25:40 +0000[diff] [blame]70 time_t expire;
Igor Sysoev92766622007-01-11 18:59:17 +0000[diff] [blame]71#if (NGX_PTR_SIZE == 8)
72 void *stub;
73 u_char sess_id[32];
74#endif
Igor Sysoev3364dc62007-01-03 15:25:40 +0000[diff] [blame]75};
76
77
78typedef struct {
Igor Sysoev181abe52007-12-20 20:35:23 +0000[diff] [blame]79 ngx_rbtree_t session_rbtree;
80 ngx_rbtree_node_t sentinel;
Igor Sysoev01a129d2007-12-20 21:01:00 +0000[diff] [blame]81 ngx_queue_t expire_queue;
Igor Sysoev3364dc62007-01-03 15:25:40 +0000[diff] [blame]82} ngx_ssl_session_cache_t;
83
84
85
Igor Sysoev9fa5a822005-09-30 14:41:25 +0000[diff] [blame]86#define NGX_SSL_SSLv2 2
87#define NGX_SSL_SSLv3 4
88#define NGX_SSL_TLSv1 8
Igor Sysoevf38e0462004-07-16 17:11:43 +0000[diff] [blame]89
Igor Sysoev9fa5a822005-09-30 14:41:25 +0000[diff] [blame]90
91#define NGX_SSL_BUFFER 1
Igor Sysoev0e5dc5c2005-11-15 13:30:52 +0000[diff] [blame]92#define NGX_SSL_CLIENT 2
Igor Sysoev9fa5a822005-09-30 14:41:25 +0000[diff] [blame]93
94#define NGX_SSL_BUFSIZE 16384
Igor Sysoev1c3567e2004-07-15 16:35:51 +0000[diff] [blame]95
96
97ngx_int_t ngx_ssl_init(ngx_log_t *log);
Igor Sysoevebf2bbc2007-01-02 23:37:25 +0000[diff] [blame]98ngx_int_t ngx_ssl_create(ngx_ssl_t *ssl, ngx_uint_t protocols, void *data);
Igor Sysoevc2068d02005-10-19 12:33:58 +0000[diff] [blame]99ngx_int_t ngx_ssl_certificate(ngx_conf_t *cf, ngx_ssl_t *ssl,
100 ngx_str_t *cert, ngx_str_t *key);
Igor Sysoev44d87222006-05-06 16:28:56 +0000[diff] [blame]101ngx_int_t ngx_ssl_client_certificate(ngx_conf_t *cf, ngx_ssl_t *ssl,
Igor Sysoevc55a1042006-08-09 19:59:45 +0000[diff] [blame]102 ngx_str_t *cert, ngx_int_t depth);
Igor Sysoev9fa5a822005-09-30 14:41:25 +0000[diff] [blame]103ngx_int_t ngx_ssl_generate_rsa512_key(ngx_ssl_t *ssl);
Igor Sysoevdf83e6f2008-06-16 05:51:32 +0000[diff] [blame]104ngx_int_t ngx_ssl_dhparam(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *file);
Igor Sysoev3364dc62007-01-03 15:25:40 +0000[diff] [blame]105ngx_int_t ngx_ssl_session_cache(ngx_ssl_t *ssl, ngx_str_t *sess_ctx,
106 ssize_t builtin_session_cache, ngx_shm_zone_t *shm_zone, time_t timeout);
Igor Sysoev9fa5a822005-09-30 14:41:25 +0000[diff] [blame]107ngx_int_t ngx_ssl_create_connection(ngx_ssl_t *ssl, ngx_connection_t *c,
Igor Sysoev31eb8c02005-09-23 11:02:22 +0000[diff] [blame]108 ngx_uint_t flags);
Igor Sysoev0e5dc5c2005-11-15 13:30:52 +0000[diff] [blame]109
Igor Sysoev472233d2008-03-10 14:47:07 +0000[diff] [blame]110void ngx_ssl_remove_cached_session(SSL_CTX *ssl, ngx_ssl_session_t *sess);
Igor Sysoev0e5dc5c2005-11-15 13:30:52 +0000[diff] [blame]111ngx_int_t ngx_ssl_set_session(ngx_connection_t *c, ngx_ssl_session_t *session);
Igor Sysoevffe71442006-02-08 15:33:12 +0000[diff] [blame]112#define ngx_ssl_get_session(c) SSL_get1_session(c->ssl->connection)
113#define ngx_ssl_free_session SSL_SESSION_free
Igor Sysoevebf2bbc2007-01-02 23:37:25 +0000[diff] [blame]114#define ngx_ssl_get_connection(ssl_conn) \
115 SSL_get_ex_data(ssl_conn, ngx_ssl_connection_index)
116#define ngx_ssl_get_server_conf(ssl_ctx) \
117 SSL_CTX_get_ex_data(ssl_ctx, ngx_ssl_server_conf_index)
Igor Sysoevffe71442006-02-08 15:33:12 +0000[diff] [blame]118
119
Igor Sysoevc55a1042006-08-09 19:59:45 +0000[diff] [blame]120ngx_int_t ngx_ssl_get_protocol(ngx_connection_t *c, ngx_pool_t *pool,
121 ngx_str_t *s);
122ngx_int_t ngx_ssl_get_cipher_name(ngx_connection_t *c, ngx_pool_t *pool,
123 ngx_str_t *s);
Igor Sysoev49ed6f32008-07-29 14:29:02 +0000[diff] [blame]124ngx_int_t ngx_ssl_get_raw_certificate(ngx_connection_t *c, ngx_pool_t *pool,
125 ngx_str_t *s);
Igor Sysoev81f9c9d2008-06-16 05:54:18 +0000[diff] [blame]126ngx_int_t ngx_ssl_get_certificate(ngx_connection_t *c, ngx_pool_t *pool,
127 ngx_str_t *s);
Igor Sysoev44d87222006-05-06 16:28:56 +0000[diff] [blame]128ngx_int_t ngx_ssl_get_subject_dn(ngx_connection_t *c, ngx_pool_t *pool,
129 ngx_str_t *s);
130ngx_int_t ngx_ssl_get_issuer_dn(ngx_connection_t *c, ngx_pool_t *pool,
131 ngx_str_t *s);
Igor Sysoevc55a1042006-08-09 19:59:45 +0000[diff] [blame]132ngx_int_t ngx_ssl_get_serial_number(ngx_connection_t *c, ngx_pool_t *pool,
133 ngx_str_t *s);
134
Igor Sysoev44d87222006-05-06 16:28:56 +0000[diff] [blame]135
Igor Sysoev9fa5a822005-09-30 14:41:25 +0000[diff] [blame]136ngx_int_t ngx_ssl_handshake(ngx_connection_t *c);
Igor Sysoevf6906042004-11-25 16:17:31 +0000[diff] [blame]137ssize_t ngx_ssl_recv(ngx_connection_t *c, u_char *buf, size_t size);
Igor Sysoevceb99292005-09-06 16:09:32 +0000[diff] [blame]138ssize_t ngx_ssl_write(ngx_connection_t *c, u_char *data, size_t size);
Igor Sysoev0e5dc5c2005-11-15 13:30:52 +0000[diff] [blame]139ssize_t ngx_ssl_recv_chain(ngx_connection_t *c, ngx_chain_t *cl);
Igor Sysoev0ad25372004-07-16 06:33:35 +0000[diff] [blame]140ngx_chain_t *ngx_ssl_send_chain(ngx_connection_t *c, ngx_chain_t *in,
Igor Sysoev1ebfead2005-02-16 13:40:36 +0000[diff] [blame]141 off_t limit);
Igor Sysoevcd2aa8e2007-12-26 21:07:30 +0000[diff] [blame]142void ngx_ssl_free_buffer(ngx_connection_t *c);
Igor Sysoev0ad25372004-07-16 06:33:35 +0000[diff] [blame]143ngx_int_t ngx_ssl_shutdown(ngx_connection_t *c);
Igor Sysoevd3283ff2005-12-05 13:18:09 +0000[diff] [blame]144void ngx_cdecl ngx_ssl_error(ngx_uint_t level, ngx_log_t *log, ngx_err_t err,
Igor Sysoev1ebfead2005-02-16 13:40:36 +0000[diff] [blame]145 char *fmt, ...);
Igor Sysoev899b44e2005-05-12 14:58:06 +0000[diff] [blame]146void ngx_ssl_cleanup_ctx(void *data);
Igor Sysoev1c3567e2004-07-15 16:35:51 +0000[diff] [blame]147
Igor Sysoev1c3567e2004-07-15 16:35:51 +0000[diff] [blame]148
Igor Sysoevebf2bbc2007-01-02 23:37:25 +0000[diff] [blame]149extern int ngx_ssl_connection_index;
150extern int ngx_ssl_server_conf_index;
Igor Sysoev3364dc62007-01-03 15:25:40 +0000[diff] [blame]151extern int ngx_ssl_session_cache_index;
Igor Sysoevc55a1042006-08-09 19:59:45 +0000[diff] [blame]152
153
Igor Sysoev1c3567e2004-07-15 16:35:51 +0000[diff] [blame]154#endif /* _NGX_EVENT_OPENSSL_H_INCLUDED_ */