ngx_ssl_init

定义在 src\event\ngx_event_openssl.c 

ngx_int_t
ngx_ssl_init(ngx_log_t *log)
{
#if OPENSSL_VERSION_NUMBER >= 0x10100003Lif (OPENSSL_init_ssl(OPENSSL_INIT_LOAD_CONFIG, NULL) == 0) {ngx_ssl_error(NGX_LOG_ALERT, log, 0, "OPENSSL_init_ssl() failed");return NGX_ERROR;}/** OPENSSL_init_ssl() may leave errors in the error queue* while returning success*/ERR_clear_error();#elseOPENSSL_config(NULL);SSL_library_init();SSL_load_error_strings();OpenSSL_add_all_algorithms();#endif#ifndef SSL_OP_NO_COMPRESSION{/** Disable gzip compression in OpenSSL prior to 1.0.0 version,* this saves about 522K per connection.*/int                  n;STACK_OF(SSL_COMP)  *ssl_comp_methods;ssl_comp_methods = SSL_COMP_get_compression_methods();n = sk_SSL_COMP_num(ssl_comp_methods);while (n--) {(void) sk_SSL_COMP_pop(ssl_comp_methods);}}
#endifngx_ssl_connection_index = SSL_get_ex_new_index(0, NULL, NULL, NULL, NULL);if (ngx_ssl_connection_index == -1) {ngx_ssl_error(NGX_LOG_ALERT, log, 0, "SSL_get_ex_new_index() failed");return NGX_ERROR;}ngx_ssl_server_conf_index = SSL_CTX_get_ex_new_index(0, NULL, NULL, NULL,NULL);if (ngx_ssl_server_conf_index == -1) {ngx_ssl_error(NGX_LOG_ALERT, log, 0,"SSL_CTX_get_ex_new_index() failed");return NGX_ERROR;}ngx_ssl_session_cache_index = SSL_CTX_get_ex_new_index(0, NULL, NULL, NULL,NULL);if (ngx_ssl_session_cache_index == -1) {ngx_ssl_error(NGX_LOG_ALERT, log, 0,"SSL_CTX_get_ex_new_index() failed");return NGX_ERROR;}ngx_ssl_ticket_keys_index = SSL_CTX_get_ex_new_index(0, NULL, NULL, NULL,NULL);if (ngx_ssl_ticket_keys_index == -1) {ngx_ssl_error(NGX_LOG_ALERT, log, 0,"SSL_CTX_get_ex_new_index() failed");return NGX_ERROR;}ngx_ssl_ocsp_index = SSL_CTX_get_ex_new_index(0, NULL, NULL, NULL, NULL);if (ngx_ssl_ocsp_index == -1) {ngx_ssl_error(NGX_LOG_ALERT, log, 0,"SSL_CTX_get_ex_new_index() failed");return NGX_ERROR;}ngx_ssl_certificate_index = SSL_CTX_get_ex_new_index(0, NULL, NULL, NULL,NULL);if (ngx_ssl_certificate_index == -1) {ngx_ssl_error(NGX_LOG_ALERT, log, 0,"SSL_CTX_get_ex_new_index() failed");return NGX_ERROR;}ngx_ssl_next_certificate_index = X509_get_ex_new_index(0, NULL, NULL, NULL,NULL);if (ngx_ssl_next_certificate_index == -1) {ngx_ssl_error(NGX_LOG_ALERT, log, 0, "X509_get_ex_new_index() failed");return NGX_ERROR;}ngx_ssl_certificate_name_index = X509_get_ex_new_index(0, NULL, NULL, NULL,NULL);if (ngx_ssl_certificate_name_index == -1) {ngx_ssl_error(NGX_LOG_ALERT, log, 0, "X509_get_ex_new_index() failed");return NGX_ERROR;}ngx_ssl_stapling_index = X509_get_ex_new_index(0, NULL, NULL, NULL, NULL);if (ngx_ssl_stapling_index == -1) {ngx_ssl_error(NGX_LOG_ALERT, log, 0, "X509_get_ex_new_index() failed");return NGX_ERROR;}return NGX_OK;
}

这段代码是 Nginx 源码中用于初始化 OpenSSL 库的核心函数 ngx_ssl_init，其主要目的是为 Nginx 的 SSL/TLS 功能提供必要的初始化操作

---

ngx_int_t
ngx_ssl_init(ngx_log_t *log)
{
#if OPENSSL_VERSION_NUMBER >= 0x10100003Lif (OPENSSL_init_ssl(OPENSSL_INIT_LOAD_CONFIG, NULL) == 0) {ngx_ssl_error(NGX_LOG_ALERT, log, 0, "OPENSSL_init_ssl() failed");return NGX_ERROR;}/** OPENSSL_init_ssl() may leave errors in the error queue* while returning success*/ERR_clear_error();

 此时

#if OPENSSL_VERSION_NUMBER >= 0x10100003L

成立

OpenSSL 版本号大于等于 0x10100003L（即 OpenSSL 1.1.0 及以上版本），使用 OPENSSL_init_ssl 函数进行初始化

---

OPENSSL_init_ssl

在 OpenSSL 1.1.0 及以上版本中，OPENSSL_init_ssl 函数的声明位于以下头文件中：

#include <openssl/ssl.h>

OPENSSL_init_ssl 是 OpenSSL 1.1.0 引入的一个函数，用于初始化 SSL/TLS 库。

它的主要作用是替代旧版本中多个独立的初始化函数（如 SSL_library_init、SSL_load_error_strings 等），提供一个统一的接口来完成 SSL/TLS 的初始化工作。

函数原型如下：

int OPENSSL_init_ssl(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings);

opts ：

这是一个位掩码参数，用于指定初始化选项。

---

常见的选项包括：
OPENSSL_INIT_LOAD_CONFIG：加载 OpenSSL 配置文件（通常是 openssl.cnf）。
OPENSSL_INIT_LOAD_SSL_STRINGS：加载 SSL/TLS 相关的错误字符串。
OPENSSL_INIT_ADD_ALL_CIPHERS 和 OPENSSL_INIT_ADD_ALL_DIGESTS：注册所有加密算法和摘要算法。
OPENSSL_INIT_NO_LOAD_CONFIG：禁用配置文件加载。
更多选项可以参考 OpenSSL 文档。

---

settings ：

这是一个指向 OPENSSL_INIT_SETTINGS 结构的指针，用于传递更高级的初始化设置。
在大多数情况下，可以传入 NULL，表示使用默认设置。

---

返回值
成功时返回 1。
失败时返回 0。

---

需要注意的是，即使 OPENSSL_init_ssl 返回成功，也可能在错误队列中留下未处理的错误信息。

因此，通常会在调用后清除错误队列：

ERR_clear_error();

---

    ngx_ssl_connection_index = SSL_get_ex_new_index(0, NULL, NULL, NULL, NULL);if (ngx_ssl_connection_index == -1) {ngx_ssl_error(NGX_LOG_ALERT, log, 0, "SSL_get_ex_new_index() failed");return NGX_ERROR;}ngx_ssl_server_conf_index = SSL_CTX_get_ex_new_index(0, NULL, NULL, NULL,NULL);if (ngx_ssl_server_conf_index == -1) {ngx_ssl_error(NGX_LOG_ALERT, log, 0,"SSL_CTX_get_ex_new_index() failed");return NGX_ERROR;}ngx_ssl_session_cache_index = SSL_CTX_get_ex_new_index(0, NULL, NULL, NULL,NULL);if (ngx_ssl_session_cache_index == -1) {ngx_ssl_error(NGX_LOG_ALERT, log, 0,"SSL_CTX_get_ex_new_index() failed");return NGX_ERROR;}ngx_ssl_ticket_keys_index = SSL_CTX_get_ex_new_index(0, NULL, NULL, NULL,NULL);if (ngx_ssl_ticket_keys_index == -1) {ngx_ssl_error(NGX_LOG_ALERT, log, 0,"SSL_CTX_get_ex_new_index() failed");return NGX_ERROR;}ngx_ssl_ocsp_index = SSL_CTX_get_ex_new_index(0, NULL, NULL, NULL, NULL);if (ngx_ssl_ocsp_index == -1) {ngx_ssl_error(NGX_LOG_ALERT, log, 0,"SSL_CTX_get_ex_new_index() failed");return NGX_ERROR;}ngx_ssl_certificate_index = SSL_CTX_get_ex_new_index(0, NULL, NULL, NULL,NULL);if (ngx_ssl_certificate_index == -1) {ngx_ssl_error(NGX_LOG_ALERT, log, 0,"SSL_CTX_get_ex_new_index() failed");return NGX_ERROR;}ngx_ssl_next_certificate_index = X509_get_ex_new_index(0, NULL, NULL, NULL,NULL);if (ngx_ssl_next_certificate_index == -1) {ngx_ssl_error(NGX_LOG_ALERT, log, 0, "X509_get_ex_new_index() failed");return NGX_ERROR;}ngx_ssl_certificate_name_index = X509_get_ex_new_index(0, NULL, NULL, NULL,NULL);if (ngx_ssl_certificate_name_index == -1) {ngx_ssl_error(NGX_LOG_ALERT, log, 0, "X509_get_ex_new_index() failed");return NGX_ERROR;}ngx_ssl_stapling_index = X509_get_ex_new_index(0, NULL, NULL, NULL, NULL);if (ngx_ssl_stapling_index == -1) {ngx_ssl_error(NGX_LOG_ALERT, log, 0, "X509_get_ex_new_index() failed");return NGX_ERROR;}

创建扩展索引 ，创建扩展数据索引，为 Nginx 的 SSL 相关结构分配扩展存储空间

---

return NGX_OK;

返回 NGX_OK