# HG changeset patch # User Nate Karstens <[email protected]> # Date 1498137243 18000 # Thu Jun 22 08:14:03 2017 -0500 # Node ID b706695658216c88716904519467a36c1aac7ac9 # Parent a4635fa4a0cabf5312cda617b8010ea14279ab1c PSK: add identity hint config directive
Adds the directive "ssl_psk_identity_hint" to the ngx_http_ssl_module. This allows the user to specify the PSK identity hint given to the connecting client. Signed-off-by: Nate Karstens <[email protected]> diff -r a4635fa4a0ca -r b70669565821 contrib/vim/syntax/nginx.vim --- a/contrib/vim/syntax/nginx.vim Thu Jun 22 08:13:27 2017 -0500 +++ b/contrib/vim/syntax/nginx.vim Thu Jun 22 08:14:03 2017 -0500 @@ -551,6 +551,7 @@ syn keyword ngxDirective contained ssl_preread syn keyword ngxDirective contained ssl_protocols syn keyword ngxDirective contained ssl_psk_file +syn keyword ngxDirective contained ssl_psk_identity_hint syn keyword ngxDirective contained ssl_session_cache syn keyword ngxDirective contained ssl_session_ticket_key syn keyword ngxDirective contained ssl_session_tickets diff -r a4635fa4a0ca -r b70669565821 src/http/modules/ngx_http_ssl_module.c --- a/src/http/modules/ngx_http_ssl_module.c Thu Jun 22 08:13:27 2017 -0500 +++ b/src/http/modules/ngx_http_ssl_module.c Thu Jun 22 08:14:03 2017 -0500 @@ -241,6 +241,13 @@ offsetof(ngx_http_ssl_srv_conf_t, psk_file), NULL }, + { ngx_string("ssl_psk_identity_hint"), + NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_TAKE1, + ngx_conf_set_str_slot, + NGX_HTTP_SRV_CONF_OFFSET, + offsetof(ngx_http_ssl_srv_conf_t, psk_identity_hint), + NULL }, + ngx_null_command }; @@ -550,6 +557,7 @@ * sscf->stapling_file = { 0, NULL }; * sscf->stapling_responder = { 0, NULL }; * sscf->psk_file = { 0, NULL }; + * sscf->psk_identity_hint = { 0, NULL }; */ sscf->enable = NGX_CONF_UNSET; @@ -632,6 +640,7 @@ prev->stapling_responder, ""); ngx_conf_merge_str_value(conf->psk_file, prev->psk_file, ""); + ngx_conf_merge_str_value(conf->psk_identity_hint, prev->psk_identity_hint, ""); conf->ssl.log = cf->log; @@ -819,6 +828,15 @@ return NGX_CONF_ERROR; } + if (conf->psk_identity_hint.len != 0) { + if (SSL_CTX_use_psk_identity_hint(conf->ssl.ctx, + (char *) conf->psk_identity_hint.data) + != 1) + { + return NGX_CONF_ERROR; + } + } + return NGX_CONF_OK; } diff -r a4635fa4a0ca -r b70669565821 src/http/modules/ngx_http_ssl_module.h --- a/src/http/modules/ngx_http_ssl_module.h Thu Jun 22 08:13:27 2017 -0500 +++ b/src/http/modules/ngx_http_ssl_module.h Thu Jun 22 08:14:03 2017 -0500 @@ -56,6 +56,7 @@ ngx_str_t stapling_responder; ngx_str_t psk_file; + ngx_str_t psk_identity_hint; u_char *file; ngx_uint_t line; ________________________________ CONFIDENTIALITY NOTICE: This email and any attachments are for the sole use of the intended recipient(s) and contain information that may be Garmin confidential and/or Garmin legally privileged. If you have received this email in error, please notify the sender by reply email and delete the message. Any disclosure, copying, distribution or use of this communication (including attachments) by someone other than the intended recipient is prohibited. Thank you. _______________________________________________ nginx-devel mailing list [email protected] http://mailman.nginx.org/mailman/listinfo/nginx-devel
