101a102,106
> #if (NXT_HAVE_OPENSSL_TLSEXT)
> static nxt_int_t nxt_conf_vldt_ticket_key(nxt_conf_validation_t *vldt,
> nxt_conf_value_t *value, void *data);
> static nxt_int_t nxt_conf_vldt_ticket_key_element(nxt_conf_validation_t *vldt,
> nxt_conf_value_t *value);
102a108
> #endif
430a437,447
> }, {
> .name = nxt_string("tickets"),
> .type = NXT_CONF_VLDT_STRING
> | NXT_CONF_VLDT_ARRAY
> | NXT_CONF_VLDT_BOOLEAN,
> #if (NXT_HAVE_OPENSSL_TLSEXT)
> .validator = nxt_conf_vldt_ticket_key,
> #else
> .validator = nxt_conf_vldt_unsupported,
> .u.string = "tickets",
> #endif
471a489
> #if (NXT_HAVE_OPENSSL_TLSEXT)
472a491,545
> static nxt_int_t
> nxt_conf_vldt_ticket_key(nxt_conf_validation_t *vldt, nxt_conf_value_t *value,
> void *data)
> {
> if (nxt_conf_type(value) == NXT_CONF_BOOLEAN) {
> return NXT_OK;
> }
>
> if (nxt_conf_type(value) == NXT_CONF_ARRAY) {
> return nxt_conf_vldt_array_iterator(vldt, value,
> &nxt_conf_vldt_ticket_key_element);
> }
>
> /* NXT_CONF_STRING */
>
> return nxt_conf_vldt_ticket_key_element(vldt, value);
> }
>
>
> static nxt_int_t
> nxt_conf_vldt_ticket_key_element(nxt_conf_validation_t *vldt,
> nxt_conf_value_t *value)
> {
> nxt_str_t key;
> nxt_int_t ret;
>
> if (nxt_conf_type(value) != NXT_CONF_STRING) {
> return nxt_conf_vldt_error(vldt, "The \"key\" array must "
> "contain only string values.");
> }
>
> nxt_conf_get_string(value, &key);
>
> ret = nxt_openssl_base64_decode(NULL, 0, key.start, key.length);
> if (nxt_slow_path(ret == NXT_ERROR)) {
> return NXT_ERROR;
> }
>
> if (ret == NXT_DECLINED) {
> return nxt_conf_vldt_error(vldt, "Invalid Base64 format for the ticket "
> "key \"%V\".", &key);
> }
>
> if (ret != 48 && ret != 80) {
> return nxt_conf_vldt_error(vldt, "Invalid length %d of the ticket "
> "key \"%V\". Must be 48 or 80 bytes.",
> ret, &key);
> }
>
> return NXT_OK;
> }
>
> #endif
>
>