From 0e756d67aa1e42e3b1b360936eb4d6c06bced2c1 Mon Sep 17 00:00:00 2001
From: Sergey Kandaurov <pluknet@nginx.com>
Date: Tue, 29 Oct 2024 16:25:11 +0400
Subject: SSL: caching certificates and certificate keys with variables.

A new directive "ssl_certificate_cache max=N [valid=time] [inactive=time]"
enables caching of SSL certificate chain and secret key objects specified
by "ssl_certificate" and "ssl_certificate_key" directives with variables.

Co-authored-by: Aleksei Bavshin <a.bavshin@nginx.com>
---
 src/stream/ngx_stream_ssl_module.h | 66 ++++++++++++++++++++------------------
 1 file changed, 34 insertions(+), 32 deletions(-)

(limited to 'src/stream/ngx_stream_ssl_module.h')

diff --git a/src/stream/ngx_stream_ssl_module.h b/src/stream/ngx_stream_ssl_module.h
index e6769426c..ffa03a6f3 100644
--- a/src/stream/ngx_stream_ssl_module.h
+++ b/src/stream/ngx_stream_ssl_module.h
@@ -15,53 +15,55 @@
 
 
 typedef struct {
-    ngx_msec_t       handshake_timeout;
+    ngx_msec_t        handshake_timeout;
 
-    ngx_flag_t       prefer_server_ciphers;
-    ngx_flag_t       reject_handshake;
+    ngx_flag_t        prefer_server_ciphers;
+    ngx_flag_t        reject_handshake;
 
-    ngx_ssl_t        ssl;
+    ngx_ssl_t         ssl;
 
-    ngx_uint_t       protocols;
+    ngx_uint_t        protocols;
 
-    ngx_uint_t       verify;
-    ngx_uint_t       verify_depth;
+    ngx_uint_t        verify;
+    ngx_uint_t        verify_depth;
 
-    ssize_t          builtin_session_cache;
+    ssize_t           builtin_session_cache;
 
-    time_t           session_timeout;
+    time_t            session_timeout;
 
-    ngx_array_t     *certificates;
-    ngx_array_t     *certificate_keys;
+    ngx_array_t      *certificates;
+    ngx_array_t      *certificate_keys;
 
-    ngx_array_t     *certificate_values;
-    ngx_array_t     *certificate_key_values;
+    ngx_array_t      *certificate_values;
+    ngx_array_t      *certificate_key_values;
 
-    ngx_str_t        dhparam;
-    ngx_str_t        ecdh_curve;
-    ngx_str_t        client_certificate;
-    ngx_str_t        trusted_certificate;
-    ngx_str_t        crl;
-    ngx_str_t        alpn;
+    ngx_ssl_cache_t  *certificate_cache;
 
-    ngx_str_t        ciphers;
+    ngx_str_t         dhparam;
+    ngx_str_t         ecdh_curve;
+    ngx_str_t         client_certificate;
+    ngx_str_t         trusted_certificate;
+    ngx_str_t         crl;
+    ngx_str_t         alpn;
 
-    ngx_array_t     *passwords;
-    ngx_array_t     *conf_commands;
+    ngx_str_t         ciphers;
 
-    ngx_shm_zone_t  *shm_zone;
+    ngx_array_t      *passwords;
+    ngx_array_t      *conf_commands;
 
-    ngx_flag_t       session_tickets;
-    ngx_array_t     *session_ticket_keys;
+    ngx_shm_zone_t   *shm_zone;
 
-    ngx_uint_t       ocsp;
-    ngx_str_t        ocsp_responder;
-    ngx_shm_zone_t  *ocsp_cache_zone;
+    ngx_flag_t        session_tickets;
+    ngx_array_t      *session_ticket_keys;
 
-    ngx_flag_t       stapling;
-    ngx_flag_t       stapling_verify;
-    ngx_str_t        stapling_file;
-    ngx_str_t        stapling_responder;
+    ngx_uint_t        ocsp;
+    ngx_str_t         ocsp_responder;
+    ngx_shm_zone_t   *ocsp_cache_zone;
+
+    ngx_flag_t        stapling;
+    ngx_flag_t        stapling_verify;
+    ngx_str_t         stapling_file;
+    ngx_str_t         stapling_responder;
 } ngx_stream_ssl_srv_conf_t;
 
 
-- 
cgit