# HG changeset patch # User Piotr Sikora <[email protected]> # Date 1369177330 25200 # Node ID 8646199ded31a725bea599aeafc581f9c969872d # Parent 4b277448dfd56751c7c88477e78b2ba3cf6ae472 SNI: store server name in the ngx_ssl_connection_t structure.
SNI server name is a property of the SSL connection and there is no good reason to store it elsewhere. Also, this makes the stored value accessible by non-HTTP modules. Signed-off-by: Piotr Sikora <[email protected]> diff -r 4b277448dfd5 -r 8646199ded31 src/event/ngx_event_openssl.h --- a/src/event/ngx_event_openssl.h Tue May 21 16:01:59 2013 -0700 +++ b/src/event/ngx_event_openssl.h Tue May 21 16:02:10 2013 -0700 @@ -43,6 +43,13 @@ ngx_event_handler_pt saved_read_handler; ngx_event_handler_pt saved_write_handler; +#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME + ngx_str_t *servername; +#if (NGX_PCRE) + void *servername_regex; +#endif +#endif + unsigned handshaked:1; unsigned renegotiation:1; unsigned buffer:1; diff -r 4b277448dfd5 -r 8646199ded31 src/http/ngx_http_request.c --- a/src/http/ngx_http_request.c Tue May 21 16:01:59 2013 -0700 +++ b/src/http/ngx_http_request.c Tue May 21 16:02:10 2013 -0700 @@ -807,12 +807,12 @@ return SSL_TLSEXT_ERR_NOACK; } - hc->ssl_servername = ngx_palloc(c->pool, sizeof(ngx_str_t)); - if (hc->ssl_servername == NULL) { + c->ssl->servername = ngx_palloc(c->pool, sizeof(ngx_str_t)); + if (c->ssl->servername == NULL) { return SSL_TLSEXT_ERR_NOACK; } - *hc->ssl_servername = host; + *c->ssl->servername = host; if (rc == NGX_DECLINED || hc->conf_ctx == cscf->ctx) { return SSL_TLSEXT_ERR_OK; @@ -1954,23 +1954,24 @@ ngx_http_set_virtual_server(ngx_http_request_t *r, ngx_str_t *host) { ngx_int_t rc; + ngx_connection_t *c; ngx_http_connection_t *hc; ngx_http_core_loc_conf_t *clcf; ngx_http_core_srv_conf_t *cscf; - hc = r->http_connection; + c = r->connection; #if (NGX_HTTP_SSL && defined SSL_CTRL_SET_TLSEXT_HOSTNAME) - if (hc->ssl_servername) { - if (hc->ssl_servername->len == host->len - && ngx_strncmp(hc->ssl_servername->data, + if (c->ssl && c->ssl->servername) { + if (c->ssl->servername->len == host->len + && ngx_strncmp(c->ssl->servername->data, host->data, host->len) == 0) { #if (NGX_PCRE) - if (hc->ssl_servername_regex - && ngx_http_regex_exec(r, hc->ssl_servername_regex, - hc->ssl_servername) != NGX_OK) + if (c->ssl->servername_regex + && ngx_http_regex_exec(r, c->ssl->servername_regex, + c->ssl->servername) != NGX_OK) { ngx_http_close_request(r, NGX_HTTP_INTERNAL_SERVER_ERROR); return NGX_ERROR; @@ -1982,8 +1983,9 @@ #endif - rc = ngx_http_find_virtual_server(r->connection, - hc->addr_conf->virtual_names, + hc = r->http_connection; + + rc = ngx_http_find_virtual_server(c, hc->addr_conf->virtual_names, host, r, &cscf); if (rc == NGX_ERROR) { @@ -1993,7 +1995,7 @@ #if (NGX_HTTP_SSL && defined SSL_CTRL_SET_TLSEXT_HOSTNAME) - if (hc->ssl_servername) { + if (c->ssl && c->ssl->servername) { ngx_http_ssl_srv_conf_t *sscf; if (rc == NGX_DECLINED) { @@ -2004,7 +2006,7 @@ sscf = ngx_http_get_module_srv_conf(cscf->ctx, ngx_http_ssl_module); if (sscf->verify) { - ngx_log_error(NGX_LOG_INFO, r->connection->log, 0, + ngx_log_error(NGX_LOG_INFO, c->log, 0, "client attempted to request the server name " "different from that one was negotiated"); ngx_http_finalize_request(r, NGX_HTTP_BAD_REQUEST); @@ -2023,7 +2025,7 @@ clcf = ngx_http_get_module_loc_conf(r, ngx_http_core_module); - ngx_http_set_connection_log(r->connection, clcf->error_log); + ngx_http_set_connection_log(c, clcf->error_log); return NGX_OK; } @@ -2060,8 +2062,7 @@ #if (NGX_HTTP_SSL && defined SSL_CTRL_SET_TLSEXT_HOSTNAME) - if (r == NULL) { - ngx_http_connection_t *hc; + if (r == NULL && c->ssl) { for (i = 0; i < virtual_names->nregex; i++) { @@ -2072,8 +2073,7 @@ } if (n >= 0) { - hc = c->data; - hc->ssl_servername_regex = sn[i].regex; + c->ssl->servername_regex = sn[i].regex; *cscfp = sn[i].server; return NGX_OK; diff -r 4b277448dfd5 -r 8646199ded31 src/http/ngx_http_request.h --- a/src/http/ngx_http_request.h Tue May 21 16:01:59 2013 -0700 +++ b/src/http/ngx_http_request.h Tue May 21 16:02:10 2013 -0700 @@ -295,13 +295,6 @@ ngx_http_addr_conf_t *addr_conf; ngx_http_conf_ctx_t *conf_ctx; -#if (NGX_HTTP_SSL && defined SSL_CTRL_SET_TLSEXT_HOSTNAME) - ngx_str_t *ssl_servername; -#if (NGX_PCRE) - ngx_http_regex_t *ssl_servername_regex; -#endif -#endif - ngx_buf_t **busy; ngx_int_t nbusy; _______________________________________________ nginx-devel mailing list [email protected] http://mailman.nginx.org/mailman/listinfo/nginx-devel
