summaryrefslogtreecommitdiffhomepage
path: root/src/nxt_conf_validation.c
diff options
context:
space:
mode:
authorAndrey Suvorov <a.suvorov@f5.com>2021-08-17 16:52:32 -0700
committerAndrey Suvorov <a.suvorov@f5.com>2021-08-17 16:52:32 -0700
commite0aa132172f03fe7c31484ce7d301813b5dacb89 (patch)
tree86c83ac1ffc2c842d99aca6ba47c7d7ad67ca82d /src/nxt_conf_validation.c
parent3bd60e317c142f4596bdc0ef4747ea0f2cc03503 (diff)
downloadunit-e0aa132172f03fe7c31484ce7d301813b5dacb89.tar.gz
unit-e0aa132172f03fe7c31484ce7d301813b5dacb89.tar.bz2
Added TLS session tickets support.
Diffstat (limited to '')
-rw-r--r--src/nxt_conf_validation.c73
1 files changed, 73 insertions, 0 deletions
diff --git a/src/nxt_conf_validation.c b/src/nxt_conf_validation.c
index 0106ebc8..a53fff74 100644
--- a/src/nxt_conf_validation.c
+++ b/src/nxt_conf_validation.c
@@ -99,6 +99,12 @@ static nxt_int_t nxt_conf_vldt_tls_cache_size(nxt_conf_validation_t *vldt,
nxt_conf_value_t *value, void *data);
static nxt_int_t nxt_conf_vldt_tls_timeout(nxt_conf_validation_t *vldt,
nxt_conf_value_t *value, void *data);
+#if (NXT_HAVE_OPENSSL_TLSEXT)
+static nxt_int_t nxt_conf_vldt_ticket_key(nxt_conf_validation_t *vldt,
+ nxt_conf_value_t *value, void *data);
+static nxt_int_t nxt_conf_vldt_ticket_key_element(nxt_conf_validation_t *vldt,
+ nxt_conf_value_t *value);
+#endif
#endif
static nxt_int_t nxt_conf_vldt_action(nxt_conf_validation_t *vldt,
nxt_conf_value_t *value, void *data);
@@ -428,6 +434,17 @@ static nxt_conf_vldt_object_t nxt_conf_vldt_session_members[] = {
.name = nxt_string("timeout"),
.type = NXT_CONF_VLDT_INTEGER,
.validator = nxt_conf_vldt_tls_timeout,
+ }, {
+ .name = nxt_string("tickets"),
+ .type = NXT_CONF_VLDT_STRING
+ | NXT_CONF_VLDT_ARRAY
+ | NXT_CONF_VLDT_BOOLEAN,
+#if (NXT_HAVE_OPENSSL_TLSEXT)
+ .validator = nxt_conf_vldt_ticket_key,
+#else
+ .validator = nxt_conf_vldt_unsupported,
+ .u.string = "tickets",
+#endif
},
NXT_CONF_VLDT_END
@@ -469,6 +486,62 @@ nxt_conf_vldt_tls_timeout(nxt_conf_validation_t *vldt, nxt_conf_value_t *value,
#endif
+#if (NXT_HAVE_OPENSSL_TLSEXT)
+
+static nxt_int_t
+nxt_conf_vldt_ticket_key(nxt_conf_validation_t *vldt, nxt_conf_value_t *value,
+ void *data)
+{
+ if (nxt_conf_type(value) == NXT_CONF_BOOLEAN) {
+ return NXT_OK;
+ }
+
+ if (nxt_conf_type(value) == NXT_CONF_ARRAY) {
+ return nxt_conf_vldt_array_iterator(vldt, value,
+ &nxt_conf_vldt_ticket_key_element);
+ }
+
+ /* NXT_CONF_STRING */
+
+ return nxt_conf_vldt_ticket_key_element(vldt, value);
+}
+
+
+static nxt_int_t
+nxt_conf_vldt_ticket_key_element(nxt_conf_validation_t *vldt,
+ nxt_conf_value_t *value)
+{
+ nxt_str_t key;
+ nxt_int_t ret;
+
+ if (nxt_conf_type(value) != NXT_CONF_STRING) {
+ return nxt_conf_vldt_error(vldt, "The \"key\" array must "
+ "contain only string values.");
+ }
+
+ nxt_conf_get_string(value, &key);
+
+ ret = nxt_openssl_base64_decode(NULL, 0, key.start, key.length);
+ if (nxt_slow_path(ret == NXT_ERROR)) {
+ return NXT_ERROR;
+ }
+
+ if (ret == NXT_DECLINED) {
+ return nxt_conf_vldt_error(vldt, "Invalid Base64 format for the ticket "
+ "key \"%V\".", &key);
+ }
+
+ if (ret != 48 && ret != 80) {
+ return nxt_conf_vldt_error(vldt, "Invalid length %d of the ticket "
+ "key \"%V\". Must be 48 or 80 bytes.",
+ ret, &key);
+ }
+
+ return NXT_OK;
+}
+
+#endif
+
static nxt_conf_vldt_object_t nxt_conf_vldt_route_members[] = {
{