Mercurial > hg > nginx-vendor-current
comparison src/mail/ngx_mail_ssl_module.c @ 510:24b676623d4f NGINX_0_8_7
nginx 0.8.7
*) Change: minimum supported OpenSSL version is 0.9.7.
*) Change: the "ask" parameter of the "ssl_verify_client" directive was
changed to the "optional" parameter and now it checks a client
certificate if it was offered.
Thanks to Brice Figureau.
*) Feature: the $ssl_client_verify variable.
Thanks to Brice Figureau.
*) Feature: the "ssl_crl" directive.
Thanks to Brice Figureau.
*) Feature: the "proxy" parameter of the "geo" directive.
*) Feature: the "image_filter" directive supports variables for setting
size.
*) Bugfix: the $ssl_client_cert variable usage corrupted memory; the
bug had appeared in 0.7.7.
Thanks to Sergey Zhuravlev.
*) Bugfix: "proxy_pass_header" and "fastcgi_pass_header" directives did
not pass to a client the "X-Accel-Redirect", "X-Accel-Limit-Rate",
"X-Accel-Buffering", and "X-Accel-Charset" lines from backend
response header.
Thanks to Maxim Dounin.
*) Bugfix: in handling "Last-Modified" and "Accept-Ranges" backend
response header lines; the bug had appeared in 0.7.44.
Thanks to Maxim Dounin.
*) Bugfix: the "[alert] zero size buf" error if subrequest returns an
empty response; the bug had appeared in 0.8.5.
| author | Igor Sysoev <http://sysoev.ru> |
|---|---|
| date | Mon, 27 Jul 2009 00:00:00 +0400 |
| parents | f39b9e29530d |
| children | a52c99698e7f |
comparison
equal
deleted
inserted
replaced
| 509:41f4e459ace8 | 510:24b676623d4f |
|---|---|
| 20 static char *ngx_mail_ssl_starttls(ngx_conf_t *cf, ngx_command_t *cmd, | 20 static char *ngx_mail_ssl_starttls(ngx_conf_t *cf, ngx_command_t *cmd, |
| 21 void *conf); | 21 void *conf); |
| 22 static char *ngx_mail_ssl_session_cache(ngx_conf_t *cf, ngx_command_t *cmd, | 22 static char *ngx_mail_ssl_session_cache(ngx_conf_t *cf, ngx_command_t *cmd, |
| 23 void *conf); | 23 void *conf); |
| 24 | 24 |
| 25 #if !defined (SSL_OP_CIPHER_SERVER_PREFERENCE) | |
| 26 | |
| 27 static char *ngx_mail_ssl_nosupported(ngx_conf_t *cf, ngx_command_t *cmd, | |
| 28 void *conf); | |
| 29 | |
| 30 static char ngx_mail_ssl_openssl097[] = "OpenSSL 0.9.7 and higher"; | |
| 31 | |
| 32 #endif | |
| 33 | |
| 34 | 25 |
| 35 static ngx_conf_enum_t ngx_http_starttls_state[] = { | 26 static ngx_conf_enum_t ngx_http_starttls_state[] = { |
| 36 { ngx_string("off"), NGX_MAIL_STARTTLS_OFF }, | 27 { ngx_string("off"), NGX_MAIL_STARTTLS_OFF }, |
| 37 { ngx_string("on"), NGX_MAIL_STARTTLS_ON }, | 28 { ngx_string("on"), NGX_MAIL_STARTTLS_ON }, |
| 38 { ngx_string("only"), NGX_MAIL_STARTTLS_ONLY }, | 29 { ngx_string("only"), NGX_MAIL_STARTTLS_ONLY }, |
| 100 offsetof(ngx_mail_ssl_conf_t, ciphers), | 91 offsetof(ngx_mail_ssl_conf_t, ciphers), |
| 101 NULL }, | 92 NULL }, |
| 102 | 93 |
| 103 { ngx_string("ssl_prefer_server_ciphers"), | 94 { ngx_string("ssl_prefer_server_ciphers"), |
| 104 NGX_MAIL_MAIN_CONF|NGX_MAIL_SRV_CONF|NGX_CONF_FLAG, | 95 NGX_MAIL_MAIN_CONF|NGX_MAIL_SRV_CONF|NGX_CONF_FLAG, |
| 105 #ifdef SSL_OP_CIPHER_SERVER_PREFERENCE | |
| 106 ngx_conf_set_flag_slot, | 96 ngx_conf_set_flag_slot, |
| 107 NGX_MAIL_SRV_CONF_OFFSET, | 97 NGX_MAIL_SRV_CONF_OFFSET, |
| 108 offsetof(ngx_mail_ssl_conf_t, prefer_server_ciphers), | 98 offsetof(ngx_mail_ssl_conf_t, prefer_server_ciphers), |
| 109 NULL }, | 99 NULL }, |
| 110 #else | |
| 111 ngx_mail_ssl_nosupported, 0, 0, ngx_mail_ssl_openssl097 }, | |
| 112 #endif | |
| 113 | 100 |
| 114 { ngx_string("ssl_session_cache"), | 101 { ngx_string("ssl_session_cache"), |
| 115 NGX_MAIL_MAIN_CONF|NGX_MAIL_SRV_CONF|NGX_CONF_TAKE12, | 102 NGX_MAIL_MAIN_CONF|NGX_MAIL_SRV_CONF|NGX_CONF_TAKE12, |
| 116 ngx_mail_ssl_session_cache, | 103 ngx_mail_ssl_session_cache, |
| 117 NGX_MAIL_SRV_CONF_OFFSET, | 104 NGX_MAIL_SRV_CONF_OFFSET, |
| 295 "SSL_CTX_set_cipher_list(\"%V\") failed", | 282 "SSL_CTX_set_cipher_list(\"%V\") failed", |
| 296 &conf->ciphers); | 283 &conf->ciphers); |
| 297 } | 284 } |
| 298 } | 285 } |
| 299 | 286 |
| 300 #ifdef SSL_OP_CIPHER_SERVER_PREFERENCE | |
| 301 | |
| 302 if (conf->prefer_server_ciphers) { | 287 if (conf->prefer_server_ciphers) { |
| 303 SSL_CTX_set_options(conf->ssl.ctx, SSL_OP_CIPHER_SERVER_PREFERENCE); | 288 SSL_CTX_set_options(conf->ssl.ctx, SSL_OP_CIPHER_SERVER_PREFERENCE); |
| 304 } | 289 } |
| 305 | |
| 306 #endif | |
| 307 | 290 |
| 308 if (ngx_ssl_generate_rsa512_key(&conf->ssl) != NGX_OK) { | 291 if (ngx_ssl_generate_rsa512_key(&conf->ssl) != NGX_OK) { |
| 309 return NGX_CONF_ERROR; | 292 return NGX_CONF_ERROR; |
| 310 } | 293 } |
| 311 | 294 |
| 490 ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, | 473 ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, |
| 491 "invalid session cache \"%V\"", &value[i]); | 474 "invalid session cache \"%V\"", &value[i]); |
| 492 | 475 |
| 493 return NGX_CONF_ERROR; | 476 return NGX_CONF_ERROR; |
| 494 } | 477 } |
| 495 | |
| 496 | |
| 497 #if !defined (SSL_OP_CIPHER_SERVER_PREFERENCE) | |
| 498 | |
| 499 static char * | |
| 500 ngx_mail_ssl_nosupported(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) | |
| 501 { | |
| 502 ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, | |
| 503 "\"%V\" directive is available only in %s,", | |
| 504 &cmd->name, cmd->post); | |
| 505 | |
| 506 return NGX_CONF_ERROR; | |
| 507 } | |
| 508 | |
| 509 #endif |