summaryrefslogtreecommitdiffhomepage
path: root/src/nxt_tls.h (follow)
AgeCommit message (Collapse)AuthorFilesLines
2023-03-28Convert uint8_t struct boolean members to nxt_bool_t.Andrew Clayton1-1/+1
Replace the usage of uint8_t in structures to represent boolean values with our nxt_bool_t type. This will result in no change in structure layout as the nxt_bool_t is now a uint8_t, same as what it's replacing. Even though it's essentially the same type, it makes it much clearer as to what its purpose is. This was largely done with the following script from Alex, with some manual conversions $ grep -rl 'uint8_t.*1 bit' src/ \ | xargs sed -i '/uint8_t.*1 bit/{s/uint8_t /nxt_bool_t /;s/; *\/\*.*/;/}' This doesn't convert the non-uint8_t booleans, they will be handled separately. Reviewed-by: Alejandro Colomar <alx@nginx.com> Signed-off-by: Andrew Clayton <a.clayton@nginx.com>
2021-10-26Custom implementation of Base64 decoding function.Valentin Bartenev1-2/+0
Compared to the previous implementation based on OpenSSL, the new implementation has these advantages: 1. Strict and reliable detection of invalid strings, including strings with less than 4 bytes of garbage at the end; 2. Allows to use Base64 strings without '=' padding.
2021-08-25TLS: refactored nxt_tls_ticket_key_callback().Valentin Bartenev1-14/+0
Deduplicated code and improved style. No functional changes.
2021-08-17Added TLS session tickets support.Andrey Suvorov1-0/+21
2021-07-21Enabling configure TLS sessions.Andrey Suvorov1-3/+12
To support TLS sessions, Unit uses the OpenSSL built-in session cache; the cache_size option defines the number sessions to store. To disable the feather, the option must be zero.
2021-05-26Enabling SSL_CTX configuration by using SSL_CONF_cmd().Andrey Suvorov1-1/+5
To perform various configuration operations on SSL_CTX, OpenSSL provides SSL_CONF_cmd(). Specifically, to configure ciphers for a listener, "CipherString" and "Ciphersuites" file commands are used: https://www.openssl.org/docs/man1.1.1/man3/SSL_CONF_cmd.html This feature can be configured in the "tls/conf_commands" section.
2021-05-26Fixing crash during TLS connection shutdown.Andrey Suvorov1-0/+2
A crash was caused by an incorrect timer handler nxt_h1p_idle_timeout() if SSL_shutdown() returned SSL_ERROR_WANT_READ/SSL_ERROR_WANT_WRITE. The flag SSL_RECEIVED_SHUTDOWN is used to avoid getting SSL_ERROR_WANT_READ, so the server won't wait for a close notification from a client. For SSL_ERROR_WANT_WRITE, a correct timer handler is set up.
2021-03-24Added ability to configure multiple certificates on a listener.Andrey Suvorov1-5/+24
The certificate is selected by matching the arriving SNI to the common name and the alternatives names. If no certificate matches the name, the first bundle in the array is chosen.
2018-09-20Controller: certificates storage interface.Valentin Bartenev1-2/+1
2018-09-20Added SSL/TLS support on connection level.Igor Sysoev1-0/+78
generated by cgit (git 2.34.1) at 2024-11-16 21:42:52 +0000