Enabling SSL_CTX configuration by using SSL_CONF_cmd().

To perform various configuration operations on SSL_CTX, OpenSSL provides SSL_CONF_cmd(). Specifically, to configure ciphers for a listener, "CipherString" and "Ciphersuites" file commands are used: https://www.openssl.org/docs/man1.1.1/man3/SSL_CONF_cmd.html This feature can be configured in the "tls/conf_commands" section.
2021-05-26 11:19:47 -07:00
parent 3efffddd95
commit 3f7ccf142f
6 changed files with 215 additions and 61 deletions
--- a/src/nxt_tls.h
+++ b/src/nxt_tls.h
@@ -8,6 +8,9 @@
 #define _NXT_TLS_H_INCLUDED_


+#include <nxt_conf.h>
+
+
 /*
 * The SSL/TLS libraries lack vector I/O interface yet add noticeable
 * overhead to each SSL/TLS record so buffering allows to decrease the
@@ -32,6 +35,7 @@ typedef struct {

    nxt_int_t                     (*server_init)(nxt_task_t *task,
                                      nxt_tls_conf_t *conf, nxt_mp_t *mp,
+                                      nxt_conf_value_t *conf_cmds,
                                      nxt_bool_t last);
    void                          (*server_free)(nxt_task_t *task,
                                      nxt_tls_conf_t *conf);
@@ -49,7 +53,7 @@ struct nxt_tls_bundle_conf_s {
    void                          *ctx;

    nxt_fd_t                      chain_file;
-    nxt_str_t                     *name;
+    nxt_str_t                     name;

    nxt_tls_bundle_conf_t         *next;
 };