diff options
| author | Valentin Bartenev <vbart@nginx.com> | 2018-09-20 15:27:08 +0300 |
|---|---|---|
| committer | Valentin Bartenev <vbart@nginx.com> | 2018-09-20 15:27:08 +0300 |
| commit | 8d844bc2aa78d5acc789c5865a62bedbeba76902 (patch) | |
| tree | cbc6e225402434d5b14cb454a2b7c02cebc93bbf /src/nxt_router.c | |
| parent | 2dfd8ffc2fa36712c8987afa870c355185d61af9 (diff) | |
| download | unit-8d844bc2aa78d5acc789c5865a62bedbeba76902.tar.gz unit-8d844bc2aa78d5acc789c5865a62bedbeba76902.tar.bz2 | |
Controller: certificates storage interface.
Diffstat (limited to 'src/nxt_router.c')
| -rw-r--r-- | src/nxt_router.c | 136 |
1 files changed, 136 insertions, 0 deletions
diff --git a/src/nxt_router.c b/src/nxt_router.c index 87721ba4..21a7b4d7 100644 --- a/src/nxt_router.c +++ b/src/nxt_router.c @@ -7,6 +7,9 @@ #include <nxt_router.h> #include <nxt_conf.h> +#if (NXT_TLS) +#include <nxt_cert.h> +#endif #include <nxt_http.h> #include <nxt_port_memory_int.h> #include <nxt_unit_request.h> @@ -32,6 +35,18 @@ typedef struct { } nxt_router_listener_conf_t; +#if (NXT_TLS) + +typedef struct { + nxt_str_t name; + nxt_socket_conf_t *conf; + + nxt_queue_link_t link; /* for nxt_socket_conf_t.tls */ +} nxt_router_tlssock_t; + +#endif + + typedef struct nxt_msg_info_s { nxt_buf_t *buf; nxt_port_mmap_tracking_t tracking; @@ -156,6 +171,12 @@ static void nxt_router_listen_socket_ready(nxt_task_t *task, nxt_port_recv_msg_t *msg, void *data); static void nxt_router_listen_socket_error(nxt_task_t *task, nxt_port_recv_msg_t *msg, void *data); +#if (NXT_TLS) +static void nxt_router_tls_rpc_create(nxt_task_t *task, + nxt_router_temp_conf_t *tmcf, nxt_router_tlssock_t *tls); +static void nxt_router_tls_rpc_handler(nxt_task_t *task, + nxt_port_recv_msg_t *msg, void *data); +#endif static void nxt_router_app_rpc_create(nxt_task_t *task, nxt_router_temp_conf_t *tmcf, nxt_app_t *app); static void nxt_router_app_prefork_ready(nxt_task_t *task, @@ -957,6 +978,10 @@ nxt_router_temp_conf(nxt_task_t *task) nxt_queue_init(&tmcf->pending); nxt_queue_init(&tmcf->creating); +#if (NXT_TLS) + nxt_queue_init(&tmcf->tls); +#endif + nxt_queue_init(&tmcf->apps); nxt_queue_init(&tmcf->previous); @@ -1002,6 +1027,9 @@ nxt_router_conf_apply(nxt_task_t *task, void *obj, void *data) nxt_router_conf_t *rtcf; nxt_router_temp_conf_t *tmcf; const nxt_event_interface_t *interface; +#if (NXT_TLS) + nxt_router_tlssock_t *tls; +#endif tmcf = obj; @@ -1018,6 +1046,19 @@ nxt_router_conf_apply(nxt_task_t *task, void *obj, void *data) return; } +#if (NXT_TLS) + qlk = nxt_queue_first(&tmcf->tls); + + if (qlk != nxt_queue_tail(&tmcf->tls)) { + nxt_queue_remove(qlk); + + tls = nxt_queue_link_data(qlk, nxt_router_tlssock_t, link); + + nxt_router_tls_rpc_create(task, tmcf, tls); + return; + } +#endif + nxt_queue_each(app, &tmcf->apps, nxt_app_t, link) { if (nxt_router_app_need_start(app)) { @@ -1332,11 +1373,17 @@ nxt_router_conf_create(nxt_task_t *task, nxt_router_temp_conf_t *tmcf, nxt_router_app_conf_t apcf; nxt_router_access_log_t *access_log; nxt_router_listener_conf_t lscf; +#if (NXT_TLS) + nxt_router_tlssock_t *tls; +#endif static nxt_str_t http_path = nxt_string("/settings/http"); static nxt_str_t applications_path = nxt_string("/applications"); static nxt_str_t listeners_path = nxt_string("/listeners"); static nxt_str_t access_log_path = nxt_string("/access_log"); +#if (NXT_TLS) + static nxt_str_t certificate_path = nxt_string("/tls/certificate"); +#endif conf = nxt_conf_json_parse(tmcf->mem_pool, start, end, NULL); if (conf == NULL) { @@ -1588,6 +1635,26 @@ nxt_router_conf_create(nxt_task_t *task, nxt_router_temp_conf_t *tmcf, } } +#if (NXT_TLS) + + value = nxt_conf_get_path(listener, &certificate_path); + + if (value != NULL) { + nxt_conf_get_string(value, &name); + + tls = nxt_mp_get(mp, sizeof(nxt_router_tlssock_t)); + if (nxt_slow_path(tls == NULL)) { + goto fail; + } + + tls->name = name; + tls->conf = skcf; + + nxt_queue_insert_tail(&tmcf->tls, &tls->link); + } + +#endif + skcf->listen->handler = nxt_http_conn_init; skcf->router_conf = tmcf->router_conf; skcf->router_conf->count++; @@ -1956,6 +2023,75 @@ nxt_router_listen_socket_error(nxt_task_t *task, nxt_port_recv_msg_t *msg, } +#if (NXT_TLS) + +static void +nxt_router_tls_rpc_create(nxt_task_t *task, nxt_router_temp_conf_t *tmcf, + nxt_router_tlssock_t *tls) +{ + nxt_socket_rpc_t *rpc; + + rpc = nxt_mp_alloc(tmcf->mem_pool, sizeof(nxt_socket_rpc_t)); + if (rpc == NULL) { + nxt_router_conf_error(task, tmcf); + return; + } + + rpc->socket_conf = tls->conf; + rpc->temp_conf = tmcf; + + nxt_cert_store_get(task, &tls->name, tmcf->mem_pool, + nxt_router_tls_rpc_handler, rpc); +} + + +static void +nxt_router_tls_rpc_handler(nxt_task_t *task, nxt_port_recv_msg_t *msg, + void *data) +{ + nxt_mp_t *mp; + nxt_int_t ret; + nxt_tls_conf_t *tlscf; + nxt_socket_rpc_t *rpc; + nxt_router_temp_conf_t *tmcf; + + nxt_debug(task, "tls rpc handler"); + + rpc = data; + tmcf = rpc->temp_conf; + + if (msg == NULL || msg->port_msg.type == _NXT_PORT_MSG_RPC_ERROR) { + goto fail; + } + + mp = tmcf->router_conf->mem_pool; + + tlscf = nxt_mp_zget(mp, sizeof(nxt_tls_conf_t)); + if (nxt_slow_path(tlscf == NULL)) { + goto fail; + } + + tlscf->chain_file = msg->fd; + + ret = task->thread->runtime->tls->server_init(task, tlscf); + if (nxt_slow_path(ret != NXT_OK)) { + goto fail; + } + + rpc->socket_conf->tls = tlscf; + + nxt_work_queue_add(&task->thread->engine->fast_work_queue, + nxt_router_conf_apply, task, tmcf, NULL); + return; + +fail: + + nxt_router_conf_error(task, tmcf); +} + +#endif + + static void nxt_router_app_rpc_create(nxt_task_t *task, nxt_router_temp_conf_t *tmcf, nxt_app_t *app) |