diff options
| author | Andrey Suvorov <a.suvorov@f5.com> | 2021-03-24 13:19:36 -0700 |
|---|---|---|
| committer | Andrey Suvorov <a.suvorov@f5.com> | 2021-03-24 13:19:36 -0700 |
| commit | d2b0882d89f29fea84b457e0709b6980c8a30a57 (patch) | |
| tree | 5bf41ab489a5866cfcb28ea35d36623110079d53 /src/nxt_tls.h | |
| parent | d62192738f2db9e22e1357daa7b7dccdce3c783f (diff) | |
| download | unit-d2b0882d89f29fea84b457e0709b6980c8a30a57.tar.gz unit-d2b0882d89f29fea84b457e0709b6980c8a30a57.tar.bz2 | |
Added ability to configure multiple certificates on a listener.
The certificate is selected by matching the arriving SNI to the common name and
the alternatives names. If no certificate matches the name, the first bundle in
the array is chosen.
Diffstat (limited to 'src/nxt_tls.h')
| -rw-r--r-- | src/nxt_tls.h | 29 |
1 files changed, 24 insertions, 5 deletions
diff --git a/src/nxt_tls.h b/src/nxt_tls.h index d9fcc6a8..c44bfe56 100644 --- a/src/nxt_tls.h +++ b/src/nxt_tls.h @@ -23,28 +23,47 @@ #define NXT_TLS_BUFFER_SIZE 4096 -typedef struct nxt_tls_conf_s nxt_tls_conf_t; - +typedef struct nxt_tls_conf_s nxt_tls_conf_t; +typedef struct nxt_tls_bundle_conf_s nxt_tls_bundle_conf_t; typedef struct { nxt_int_t (*library_init)(nxt_task_t *task); void (*library_free)(nxt_task_t *task); nxt_int_t (*server_init)(nxt_task_t *task, - nxt_tls_conf_t *conf); + nxt_tls_conf_t *conf, nxt_mp_t *mp, + nxt_bool_t last); void (*server_free)(nxt_task_t *task, nxt_tls_conf_t *conf); } nxt_tls_lib_t; -struct nxt_tls_conf_s { +typedef struct { + nxt_tls_bundle_conf_t *bundle; + + nxt_str_t name; +} nxt_tls_bundle_hash_item_t; + + +struct nxt_tls_bundle_conf_s { void *ctx; + + nxt_fd_t chain_file; + nxt_str_t *name; + + nxt_tls_bundle_conf_t *next; +}; + + +struct nxt_tls_conf_s { + nxt_tls_bundle_conf_t *bundle; + nxt_lvlhsh_t bundle_hash; + void (*conn_init)(nxt_task_t *task, nxt_tls_conf_t *conf, nxt_conn_t *c); const nxt_tls_lib_t *lib; - nxt_fd_t chain_file; char *ciphers; char *ca_certificate; |