summaryrefslogtreecommitdiffhomepage
path: root/src/http/modules
diff options
context:
space:
mode:
Diffstat (limited to 'src/http/modules')
-rw-r--r--src/http/modules/ngx_http_autoindex_module.c25
-rw-r--r--src/http/modules/ngx_http_fastcgi_module.c2
-rw-r--r--src/http/modules/ngx_http_geo_module.c2
-rw-r--r--src/http/modules/ngx_http_gzip_filter_module.c2
-rw-r--r--src/http/modules/ngx_http_proxy_module.c2
-rw-r--r--src/http/modules/ngx_http_ssi_filter_module.c23
-rw-r--r--src/http/modules/ngx_http_ssl_module.c126
-rw-r--r--src/http/modules/ngx_http_ssl_module.h9
8 files changed, 93 insertions, 98 deletions
diff --git a/src/http/modules/ngx_http_autoindex_module.c b/src/http/modules/ngx_http_autoindex_module.c
index fb40669ba..d5a6b69ba 100644
--- a/src/http/modules/ngx_http_autoindex_module.c
+++ b/src/http/modules/ngx_http_autoindex_module.c
@@ -271,21 +271,14 @@ ngx_http_autoindex_handler(ngx_http_request_t *r)
len = ngx_de_namelen(&dir);
- if (len == 1 && ngx_de_name(&dir)[0] == '.') {
- continue;
- }
-
- if (len == 2
- && ngx_de_name(&dir)[0] == '.'
- && ngx_de_name(&dir)[1] == '.')
- {
+ if (ngx_de_name(&dir)[0] == '.') {
continue;
}
if (!dir.valid_info) {
- if (dname.len + 1 + len > fname.len) {
- fname.len = dname.len + 1 + len + 32;
+ if (dname.len + 1 + len + 1 > fname.len) {
+ fname.len = dname.len + 1 + len + 1 + 32;
fname.data = ngx_palloc(pool, fname.len);
if (fname.data == NULL) {
@@ -468,7 +461,8 @@ ngx_http_autoindex_handler(ngx_http_request_t *r)
} else {
if (entry[i].dir) {
- b->last = ngx_cpymem(b->last, " -", sizeof(" -") - 1);
+ b->last = ngx_cpymem(b->last, " -",
+ sizeof(" -") - 1);
} else {
length = entry[i].size;
@@ -498,13 +492,14 @@ ngx_http_autoindex_handler(ngx_http_request_t *r)
} else {
size = (ngx_int_t) length;
- scale = ' ';
+ scale = '\0';
}
- b->last = ngx_sprintf(b->last, "%6i", size);
+ if (scale) {
+ b->last = ngx_sprintf(b->last, "%6i%c", size, scale);
- if (scale != ' ') {
- *b->last++ = scale;
+ } else {
+ b->last = ngx_sprintf(b->last, " %6i", size);
}
}
}
diff --git a/src/http/modules/ngx_http_fastcgi_module.c b/src/http/modules/ngx_http_fastcgi_module.c
index 6efac3df6..9b317f9d9 100644
--- a/src/http/modules/ngx_http_fastcgi_module.c
+++ b/src/http/modules/ngx_http_fastcgi_module.c
@@ -293,7 +293,7 @@ static ngx_command_t ngx_http_fastcgi_commands[] = {
NULL },
{ ngx_string("fastcgi_next_upstream"),
- NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_ANY,
+ NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_1MORE,
ngx_conf_set_bitmask_slot,
NGX_HTTP_LOC_CONF_OFFSET,
offsetof(ngx_http_fastcgi_loc_conf_t, upstream.next_upstream),
diff --git a/src/http/modules/ngx_http_geo_module.c b/src/http/modules/ngx_http_geo_module.c
index 834282b16..2031a4c0b 100644
--- a/src/http/modules/ngx_http_geo_module.c
+++ b/src/http/modules/ngx_http_geo_module.c
@@ -117,7 +117,7 @@ ngx_http_geo_block(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
name.data++;
}
- var = ngx_http_add_variable(cf, &name, 0);
+ var = ngx_http_add_variable(cf, &name, NGX_HTTP_VAR_CHANGABLE);
if (var == NULL) {
return NGX_CONF_ERROR;
}
diff --git a/src/http/modules/ngx_http_gzip_filter_module.c b/src/http/modules/ngx_http_gzip_filter_module.c
index c37f79cb7..012ea4581 100644
--- a/src/http/modules/ngx_http_gzip_filter_module.c
+++ b/src/http/modules/ngx_http_gzip_filter_module.c
@@ -181,7 +181,7 @@ static ngx_command_t ngx_http_gzip_filter_commands[] = {
&ngx_http_gzip_http_version },
{ ngx_string("gzip_proxied"),
- NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_ANY,
+ NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_1MORE,
ngx_conf_set_bitmask_slot,
NGX_HTTP_LOC_CONF_OFFSET,
offsetof(ngx_http_gzip_conf_t, proxied),
diff --git a/src/http/modules/ngx_http_proxy_module.c b/src/http/modules/ngx_http_proxy_module.c
index c807df94d..a7fd74172 100644
--- a/src/http/modules/ngx_http_proxy_module.c
+++ b/src/http/modules/ngx_http_proxy_module.c
@@ -244,7 +244,7 @@ static ngx_command_t ngx_http_proxy_commands[] = {
NULL },
{ ngx_string("proxy_next_upstream"),
- NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_ANY,
+ NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_1MORE,
ngx_conf_set_bitmask_slot,
NGX_HTTP_LOC_CONF_OFFSET,
offsetof(ngx_http_proxy_loc_conf_t, upstream.next_upstream),
diff --git a/src/http/modules/ngx_http_ssi_filter_module.c b/src/http/modules/ngx_http_ssi_filter_module.c
index 0f3829594..f3eb093d3 100644
--- a/src/http/modules/ngx_http_ssi_filter_module.c
+++ b/src/http/modules/ngx_http_ssi_filter_module.c
@@ -59,6 +59,7 @@ typedef struct {
ngx_uint_t output; /* unsigned output:1; */
ngx_str_t timefmt;
+ ngx_str_t errmsg;
} ngx_http_ssi_ctx_t;
@@ -217,8 +218,6 @@ static ngx_int_t (*ngx_http_next_body_filter) (ngx_http_request_t *r,
static u_char ngx_http_ssi_string[] = "<!--";
-static u_char ngx_http_ssi_error_string[] =
- "[an error occurred while processing the directive]";
static ngx_str_t ngx_http_ssi_none = ngx_string("(none)");
@@ -226,7 +225,8 @@ static ngx_str_t ngx_http_ssi_none = ngx_string("(none)");
#define NGX_HTTP_SSI_ECHO_VAR 0
#define NGX_HTTP_SSI_ECHO_DEFAULT 1
-#define NGX_HTTP_SSI_CONFIG_TIMEFMT 0
+#define NGX_HTTP_SSI_CONFIG_ERRMSG 0
+#define NGX_HTTP_SSI_CONFIG_TIMEFMT 1
#define NGX_HTTP_SSI_INCLUDE_VIRTUAL 0
#define NGX_HTTP_SSI_INCLUDE_FILE 1
@@ -250,6 +250,7 @@ static ngx_http_ssi_param_t ngx_http_ssi_include_params[] = {
static ngx_http_ssi_param_t ngx_http_ssi_config_params[] = {
+ { ngx_string("errmsg"), NGX_HTTP_SSI_CONFIG_ERRMSG, 0 },
{ ngx_string("timefmt"), NGX_HTTP_SSI_CONFIG_TIMEFMT, 0 },
{ ngx_null_string, 0, 0 }
};
@@ -347,6 +348,11 @@ found:
ctx->timefmt.len = sizeof("%A, %d-%b-%Y %H:%M:%S %Z") - 1;
ctx->timefmt.data = (u_char *) "%A, %d-%b-%Y %H:%M:%S %Z";
+ ctx->errmsg.len =
+ sizeof("[an error occurred while processing the directive]") - 1;
+ ctx->errmsg.data = (u_char *)
+ "[an error occurred while processing the directive]";
+
r->filter_need_in_memory = 1;
if (r->main == NULL) {
@@ -653,9 +659,8 @@ ngx_http_ssi_body_filter(ngx_http_request_t *r, ngx_chain_t *in)
}
b->memory = 1;
- b->pos = ngx_http_ssi_error_string;
- b->last = ngx_http_ssi_error_string
- + sizeof(ngx_http_ssi_error_string) - 1;
+ b->pos = ctx->errmsg.data;
+ b->last = ctx->errmsg.data + ctx->errmsg.len;
cl->next = NULL;
*ctx->last_out = cl;
@@ -1371,6 +1376,12 @@ ngx_http_ssi_config(ngx_http_request_t *r, ngx_http_ssi_ctx_t *ctx,
ctx->timefmt = *value;
}
+ value = params[NGX_HTTP_SSI_CONFIG_ERRMSG];
+
+ if (value) {
+ ctx->errmsg = *value;
+ }
+
return NGX_OK;
}
diff --git a/src/http/modules/ngx_http_ssl_module.c b/src/http/modules/ngx_http_ssl_module.c
index 130f2b305..bb9a55f49 100644
--- a/src/http/modules/ngx_http_ssl_module.c
+++ b/src/http/modules/ngx_http_ssl_module.c
@@ -8,9 +8,9 @@
#include <ngx_core.h>
#include <ngx_http.h>
-
#define NGX_DEFLAUT_CERTIFICATE "cert.pem"
#define NGX_DEFLAUT_CERTIFICATE_KEY "cert.pem"
+#define NGX_DEFLAUT_CIPHERS "ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP"
static void *ngx_http_ssl_create_srv_conf(ngx_conf_t *cf);
@@ -18,6 +18,14 @@ static char *ngx_http_ssl_merge_srv_conf(ngx_conf_t *cf,
void *parent, void *child);
+static ngx_conf_bitmask_t ngx_http_ssl_protocols[] = {
+ { ngx_string("SSLv2"), NGX_SSL_SSLv2 },
+ { ngx_string("SSLv3"), NGX_SSL_SSLv3 },
+ { ngx_string("TLSv1"), NGX_SSL_TLSv1 },
+ { ngx_null_string, 0 }
+};
+
+
static ngx_command_t ngx_http_ssl_commands[] = {
{ ngx_string("ssl"),
@@ -41,13 +49,27 @@ static ngx_command_t ngx_http_ssl_commands[] = {
offsetof(ngx_http_ssl_srv_conf_t, certificate_key),
NULL },
+ { ngx_string("ssl_protocols"),
+ NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_TAKE1,
+ ngx_conf_set_bitmask_slot,
+ NGX_HTTP_SRV_CONF_OFFSET,
+ offsetof(ngx_http_ssl_srv_conf_t, protocols),
+ &ngx_http_ssl_protocols },
+
{ ngx_string("ssl_ciphers"),
- NGX_HTTP_SRV_CONF|NGX_CONF_TAKE1,
+ NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_1MORE,
ngx_conf_set_str_slot,
NGX_HTTP_SRV_CONF_OFFSET,
offsetof(ngx_http_ssl_srv_conf_t, ciphers),
NULL },
+ { ngx_string("ssl_prefer_server_ciphers"),
+ NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_FLAG,
+ ngx_conf_set_flag_slot,
+ NGX_HTTP_SRV_CONF_OFFSET,
+ offsetof(ngx_http_ssl_srv_conf_t, prefer_server_ciphers),
+ NULL },
+
ngx_null_command
};
@@ -99,6 +121,8 @@ ngx_http_ssl_create_srv_conf(ngx_conf_t *cf)
/*
* set by ngx_pcalloc():
*
+ * scf->protocols = 0;
+
* scf->certificate.len = 0;
* scf->certificate.data = NULL;
* scf->certificate_key.len = 0;
@@ -108,6 +132,7 @@ ngx_http_ssl_create_srv_conf(ngx_conf_t *cf)
*/
scf->enable = NGX_CONF_UNSET;
+ scf->prefer_server_ciphers = NGX_CONF_UNSET;
return scf;
}
@@ -125,101 +150,60 @@ ngx_http_ssl_merge_srv_conf(ngx_conf_t *cf, void *parent, void *child)
return NGX_CONF_OK;
}
+ ngx_conf_merge_value(conf->prefer_server_ciphers,
+ prev->prefer_server_ciphers, 0);
+
+ ngx_conf_merge_bitmask_value(conf->protocols, prev->protocols,
+ (NGX_CONF_BITMASK_SET
+ |NGX_SSL_SSLv2|NGX_SSL_SSLv3|NGX_SSL_TLSv1));
+
ngx_conf_merge_str_value(conf->certificate, prev->certificate,
- NGX_DEFLAUT_CERTIFICATE);
+ NGX_DEFLAUT_CERTIFICATE);
ngx_conf_merge_str_value(conf->certificate_key, prev->certificate_key,
- NGX_DEFLAUT_CERTIFICATE_KEY);
-
- ngx_conf_merge_str_value(conf->ciphers, prev->ciphers, "");
+ NGX_DEFLAUT_CERTIFICATE_KEY);
+ ngx_conf_merge_str_value(conf->ciphers, prev->ciphers, NGX_DEFLAUT_CIPHERS);
- /* TODO: configure methods */
- conf->ssl_ctx = SSL_CTX_new(SSLv23_server_method());
+ conf->ssl.log = cf->log;
- if (conf->ssl_ctx == NULL) {
- ngx_ssl_error(NGX_LOG_EMERG, cf->log, 0, "SSL_CTX_new() failed");
+ if (ngx_ssl_create(&conf->ssl, conf->protocols) != NGX_OK) {
return NGX_CONF_ERROR;
}
- if (ngx_pool_cleanup_add(cf->pool, ngx_ssl_cleanup_ctx, conf->ssl_ctx)
- == NULL)
+ if (ngx_pool_cleanup_add(cf->pool, ngx_ssl_cleanup_ctx, &conf->ssl) == NULL)
{
return NGX_CONF_ERROR;
}
-
- if (conf->ciphers.len) {
- if (SSL_CTX_set_cipher_list(conf->ssl_ctx,
- (const char *) conf->ciphers.data) == 0)
- {
- ngx_ssl_error(NGX_LOG_EMERG, cf->log, 0,
- "SSL_CTX_set_cipher_list(\"%V\") failed",
- &conf->ciphers);
- }
- }
-
- if (SSL_CTX_use_certificate_chain_file(conf->ssl_ctx,
- (char *) conf->certificate.data) == 0)
+ if (ngx_ssl_certificate(&conf->ssl, conf->certificate.data,
+ conf->certificate_key.data) != NGX_OK)
{
- ngx_ssl_error(NGX_LOG_EMERG, cf->log, 0,
- "SSL_CTX_use_certificate_chain_file(\"%s\") failed",
- conf->certificate.data);
return NGX_CONF_ERROR;
}
- if (SSL_CTX_use_PrivateKey_file(conf->ssl_ctx,
- (char *) conf->certificate_key.data,
- SSL_FILETYPE_PEM) == 0)
+ if (SSL_CTX_set_cipher_list(conf->ssl.ctx,
+ (const char *) conf->ciphers.data) == 0)
{
ngx_ssl_error(NGX_LOG_EMERG, cf->log, 0,
- "SSL_CTX_use_PrivateKey_file(\"%s\") failed",
- conf->certificate_key.data);
- return NGX_CONF_ERROR;
+ "SSL_CTX_set_cipher_list(\"%V\") failed",
+ &conf->ciphers);
}
- SSL_CTX_set_options(conf->ssl_ctx, SSL_OP_ALL);
-
- SSL_CTX_set_mode(conf->ssl_ctx, SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER);
+ if (conf->prefer_server_ciphers) {
+ SSL_CTX_set_options(conf->ssl.ctx, SSL_OP_CIPHER_SERVER_PREFERENCE);
+ }
- SSL_CTX_set_read_ahead(conf->ssl_ctx, 1);
+ /* a temporary 512-bit RSA key is required for export versions of MSIE */
+ if (ngx_ssl_generate_rsa512_key(&conf->ssl) != NGX_OK) {
+ return NGX_CONF_ERROR;
+ }
- SSL_CTX_set_session_cache_mode(conf->ssl_ctx, SSL_SESS_CACHE_SERVER);
+ SSL_CTX_set_session_cache_mode(conf->ssl.ctx, SSL_SESS_CACHE_SERVER);
- SSL_CTX_set_session_id_context(conf->ssl_ctx, ngx_http_session_id_ctx,
+ SSL_CTX_set_session_id_context(conf->ssl.ctx, ngx_http_session_id_ctx,
sizeof(ngx_http_session_id_ctx) - 1);
return NGX_CONF_OK;
}
-
-
-#if 0
-
-/* how to enumrate server' configs */
-
-static ngx_int_t
-ngx_http_ssl_init_process(ngx_cycle_t *cycle)
-{
- ngx_uint_t i;
- ngx_http_ssl_srv_conf_t *sscf;
- ngx_http_core_srv_conf_t **cscfp;
- ngx_http_core_main_conf_t *cmcf;
-
- cmcf = ngx_http_cycle_get_module_main_conf(cycle, ngx_http_core_module);
-
- cscfp = cmcf->servers.elts;
-
- for (i = 0; i < cmcf->servers.nelts; i++) {
- sscf = cscfp[i]->ctx->srv_conf[ngx_http_ssl_module.ctx_index];
-
- if (sscf->enable) {
- cscfp[i]->recv = ngx_ssl_recv;
- cscfp[i]->send_chain = ngx_ssl_send_chain;
- }
- }
-
- return NGX_OK;
-}
-
-#endif
diff --git a/src/http/modules/ngx_http_ssl_module.h b/src/http/modules/ngx_http_ssl_module.h
index acb0aeeb5..a705635ff 100644
--- a/src/http/modules/ngx_http_ssl_module.h
+++ b/src/http/modules/ngx_http_ssl_module.h
@@ -15,12 +15,17 @@
typedef struct {
ngx_flag_t enable;
+
+ ngx_ssl_t ssl;
+
+ ngx_flag_t prefer_server_ciphers;
+
+ ngx_uint_t protocols;
+
ngx_str_t certificate;
ngx_str_t certificate_key;
ngx_str_t ciphers;
-
- ngx_ssl_ctx_t *ssl_ctx;
} ngx_http_ssl_srv_conf_t;
generated by cgit (git 2.34.1) at 2025-12-06 19:50:01 +0000