static void ngx_stream_proxy_ssl_init_connection(ngx_stream_session_t *s) { ngx_int_t rc; ngx_connection_t *pc; ngx_stream_upstream_t *u; ngx_stream_proxy_srv_conf_t *pscf; u = s->upstream; pc = u->peer.connection; pscf = ngx_stream_get_module_srv_conf(s, ngx_stream_proxy_module); if (ngx_ssl_create_connection(pscf->ssl, pc, NGX_SSL_BUFFER|NGX_SSL_CLIENT) != NGX_OK) { ngx_stream_proxy_finalize(s, NGX_ERROR); return; } if (pscf->ssl_server_name || pscf->ssl_verify) { if (ngx_stream_proxy_ssl_name(s) != NGX_OK) { ngx_stream_proxy_finalize(s, NGX_ERROR); return; } } if (pscf->ssl_session_reuse) { if (u->peer.set_session(&u->peer, u->peer.data) != NGX_OK) { ngx_stream_proxy_finalize(s, NGX_ERROR); return; } } s->connection->log->action = "SSL handshaking to upstream"; rc = ngx_ssl_handshake(pc); if (rc == NGX_AGAIN) { if (!pc->write->timer_set) { ngx_add_timer(pc->write, pscf->connect_timeout); } pc->ssl->handler = ngx_stream_proxy_ssl_handshake; return; } ngx_stream_proxy_ssl_handshake(pc); }
void ngx_mail_ssl_init_connection(ngx_ssl_t *ssl, ngx_connection_t *c, ngx_int_t dir) { ngx_mail_session_t *s; ngx_mail_core_srv_conf_t *cscf; s = c->data; if (dir == NGX_MAIL_SECURE_DIR_IN) { if (ngx_ssl_create_connection(ssl, c, 0) == NGX_ERROR) { ngx_mail_close_connection(c); return; } } else { if (ngx_ssl_create_connection(ssl, c, NGX_SSL_BUFFER|NGX_SSL_CLIENT) == NGX_ERROR) { ngx_mail_proxy_internal_server_error(s); return; } } if (ngx_ssl_handshake(c) == NGX_AGAIN) { cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module); /* expected that for upstream, one is set already */ if (dir == NGX_MAIL_SECURE_DIR_IN) ngx_add_timer(c->read, cscf->timeout); c->ssl->handler = ngx_mail_ssl_handshake_handler; return; } ngx_mail_ssl_handshake_handler(c); }
void ngx_rtmp_ssl_handshake(ngx_rtmp_session_t *s) { ngx_connection_t *c; ngx_rtmp_ssl_srv_conf_t *sscf; c = s->connection; sscf = ngx_rtmp_get_module_srv_conf(s, ngx_rtmp_ssl_module); if (ngx_ssl_create_connection(&sscf->ssl, c, 0) != NGX_OK) { ngx_rtmp_finalize_session(s); return; } ngx_rtmp_ssl_handshake_handler(c); return; }
ngx_int_t ss_ftp_ssl_create_connection(ngx_connection_t *c, ngx_ssl_t *ssl) { assert(NULL != c); assert(NULL != ssl); ss_ftp_request *r; r = (ss_ftp_request *) c->data; assert(NULL != r); if (ngx_ssl_create_connection(ssl, c, 1) != NGX_OK) { /* TODO : make "1" to be more elegant */ ngx_log_debug(NGX_LOG_DEBUG_FTP, r->connection->log, 0, "ftp:ngx_ssl_create_connection error"); ss_ftp_reply(r, "451", "Server error in processing"); return NGX_ERROR; } return NGX_OK; }
static ngx_int_t ngx_stream_ssl_init_connection(ngx_ssl_t *ssl, ngx_connection_t *c) { ngx_int_t rc; ngx_stream_session_t *s; ngx_stream_ssl_conf_t *sslcf; ngx_stream_core_srv_conf_t *cscf; s = c->data; cscf = ngx_stream_get_module_srv_conf(s, ngx_stream_core_module); if (cscf->tcp_nodelay && ngx_tcp_nodelay(c) != NGX_OK) { return NGX_ERROR; } if (ngx_ssl_create_connection(ssl, c, 0) != NGX_OK) { return NGX_ERROR; } rc = ngx_ssl_handshake(c); if (rc == NGX_ERROR) { return NGX_ERROR; } if (rc == NGX_AGAIN) { sslcf = ngx_stream_get_module_srv_conf(s, ngx_stream_ssl_module); ngx_add_timer(c->read, sslcf->handshake_timeout); c->ssl->handler = ngx_stream_ssl_handshake_handler; return NGX_AGAIN; } /* rc == NGX_OK */ return NGX_OK; }