SSL: preserve default server context in connection (ticket #235).
This context is needed for shared sessions cache to work in configurations with multiple virtual servers sharing the same port. Unfortunately, OpenSSL does not provide an API to access the session context, thus storing it separately. In collaboration with Vladimir Homutov.
This commit is contained in:
parent
22ffc8e33e
commit
e80d9b9bf7
|
@ -1038,6 +1038,8 @@ ngx_ssl_create_connection(ngx_ssl_t *ssl, ngx_connection_t *c, ngx_uint_t flags)
|
|||
sc->buffer = ((flags & NGX_SSL_BUFFER) != 0);
|
||||
sc->buffer_size = ssl->buffer_size;
|
||||
|
||||
sc->session_ctx = ssl->ctx;
|
||||
|
||||
sc->connection = SSL_new(ssl->ctx);
|
||||
|
||||
if (sc->connection == NULL) {
|
||||
|
@ -2305,7 +2307,7 @@ ngx_ssl_new_session(ngx_ssl_conn_t *ssl_conn, ngx_ssl_session_t *sess)
|
|||
|
||||
c = ngx_ssl_get_connection(ssl_conn);
|
||||
|
||||
ssl_ctx = SSL_get_SSL_CTX(ssl_conn);
|
||||
ssl_ctx = c->ssl->session_ctx;
|
||||
shm_zone = SSL_CTX_get_ex_data(ssl_ctx, ngx_ssl_session_cache_index);
|
||||
|
||||
cache = shm_zone->data;
|
||||
|
@ -2443,21 +2445,17 @@ ngx_ssl_get_cached_session(ngx_ssl_conn_t *ssl_conn, u_char *id, int len,
|
|||
ngx_ssl_sess_id_t *sess_id;
|
||||
ngx_ssl_session_cache_t *cache;
|
||||
u_char buf[NGX_SSL_MAX_SESSION_SIZE];
|
||||
#if (NGX_DEBUG)
|
||||
ngx_connection_t *c;
|
||||
#endif
|
||||
|
||||
hash = ngx_crc32_short(id, (size_t) len);
|
||||
*copy = 0;
|
||||
|
||||
#if (NGX_DEBUG)
|
||||
c = ngx_ssl_get_connection(ssl_conn);
|
||||
|
||||
ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0,
|
||||
"ssl get session: %08XD:%d", hash, len);
|
||||
#endif
|
||||
|
||||
shm_zone = SSL_CTX_get_ex_data(SSL_get_SSL_CTX(ssl_conn),
|
||||
shm_zone = SSL_CTX_get_ex_data(c->ssl->session_ctx,
|
||||
ngx_ssl_session_cache_index);
|
||||
|
||||
cache = shm_zone->data;
|
||||
|
@ -2836,13 +2834,14 @@ ngx_ssl_session_ticket_key_callback(ngx_ssl_conn_t *ssl_conn,
|
|||
SSL_CTX *ssl_ctx;
|
||||
ngx_uint_t i;
|
||||
ngx_array_t *keys;
|
||||
ngx_connection_t *c;
|
||||
ngx_ssl_session_ticket_key_t *key;
|
||||
#if (NGX_DEBUG)
|
||||
u_char buf[32];
|
||||
ngx_connection_t *c;
|
||||
#endif
|
||||
|
||||
ssl_ctx = SSL_get_SSL_CTX(ssl_conn);
|
||||
c = ngx_ssl_get_connection(ssl_conn);
|
||||
ssl_ctx = c->ssl->session_ctx;
|
||||
|
||||
keys = SSL_CTX_get_ex_data(ssl_ctx, ngx_ssl_session_ticket_keys_index);
|
||||
if (keys == NULL) {
|
||||
|
@ -2851,10 +2850,6 @@ ngx_ssl_session_ticket_key_callback(ngx_ssl_conn_t *ssl_conn,
|
|||
|
||||
key = keys->elts;
|
||||
|
||||
#if (NGX_DEBUG)
|
||||
c = ngx_ssl_get_connection(ssl_conn);
|
||||
#endif
|
||||
|
||||
if (enc == 1) {
|
||||
/* encrypt session ticket */
|
||||
|
||||
|
|
|
@ -46,6 +46,7 @@ typedef struct {
|
|||
|
||||
typedef struct {
|
||||
ngx_ssl_conn_t *connection;
|
||||
SSL_CTX *session_ctx;
|
||||
|
||||
ngx_int_t last;
|
||||
ngx_buf_t *buf;
|
||||
|
|
Loading…
Reference in New Issue