nginx: src/mail/ngx_mail_ssl

annotate src/mail/ngx_mail_ssl_module.c @ 8042:c7e25324be11

Upstream: handling of certificates specified as an empty string. Now, if the directive is given an empty string, such configuration cancels loading of certificates, in particular, if they would be otherwise inherited from the previous level. This restores previous behaviour, before variables support in certificates was introduced (3ab8e1e2f0f7).

author	Sergey Kandaurov <pluknet@nginx.com>
date	Tue, 07 Jun 2022 20:08:57 +0400
parents	dc955d274130
children	e32b48848add

rev	line source
539 371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	1
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	2 /*
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	3 * Copyright (C) Igor Sysoev
4412 d620f497c50f Copyright updated. Maxim Konovalov <maxim@nginx.com> parents: 4400 diff changeset	4 * Copyright (C) Nginx, Inc.
539 371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	5 */
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	6
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	7
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	8 #include <ngx_config.h>
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	9 #include <ngx_core.h>
1136 68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	10 #include <ngx_mail.h>
539 371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	11
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	12
3960 0832a6997227 ECDHE support Igor Sysoev <igor@sysoev.ru> parents: 3959 diff changeset	13 #define NGX_DEFAULT_CIPHERS "HIGH:!aNULL:!MD5"
6553 2014ed60f17f SSL: support for multiple curves (ticket #885). Maxim Dounin <mdounin@mdounin.ru> parents: 6550 diff changeset	14 #define NGX_DEFAULT_ECDH_CURVE "auto"
539 371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	15
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	16
7938 dc955d274130 Mail: connections with wrong ALPN protocols are now rejected. Vladimir Homutov <vl@nginx.com> parents: 7904 diff changeset	17 #ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
dc955d274130 Mail: connections with wrong ALPN protocols are now rejected. Vladimir Homutov <vl@nginx.com> parents: 7904 diff changeset	18 static int ngx_mail_ssl_alpn_select(ngx_ssl_conn_t *ssl_conn,
dc955d274130 Mail: connections with wrong ALPN protocols are now rejected. Vladimir Homutov <vl@nginx.com> parents: 7904 diff changeset	19 const unsigned char *out, unsigned char outlen,
dc955d274130 Mail: connections with wrong ALPN protocols are now rejected. Vladimir Homutov <vl@nginx.com> parents: 7904 diff changeset	20 const unsigned char in, unsigned int inlen, void arg);
dc955d274130 Mail: connections with wrong ALPN protocols are now rejected. Vladimir Homutov <vl@nginx.com> parents: 7904 diff changeset	21 #endif
dc955d274130 Mail: connections with wrong ALPN protocols are now rejected. Vladimir Homutov <vl@nginx.com> parents: 7904 diff changeset	22
1136 68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	23 static void ngx_mail_ssl_create_conf(ngx_conf_t cf);
68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	24 static char ngx_mail_ssl_merge_conf(ngx_conf_t cf, void parent, void child);
2224 109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	25
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	26 static char ngx_mail_ssl_enable(ngx_conf_t cf, ngx_command_t *cmd,
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	27 void *conf);
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	28 static char ngx_mail_ssl_starttls(ngx_conf_t cf, ngx_command_t *cmd,
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	29 void *conf);
5744 42114bf12da0 SSL: the "ssl_password_file" directive. Valentin Bartenev <vbart@nginx.com> parents: 5503 diff changeset	30 static char ngx_mail_ssl_password_file(ngx_conf_t cf, ngx_command_t *cmd,
42114bf12da0 SSL: the "ssl_password_file" directive. Valentin Bartenev <vbart@nginx.com> parents: 5503 diff changeset	31 void *conf);
1136 68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	32 static char ngx_mail_ssl_session_cache(ngx_conf_t cf, ngx_command_t *cmd,
976 b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	33 void *conf);
539 371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	34
7729 3bff3f397c05 SSL: ssl_conf_command directive. Maxim Dounin <mdounin@mdounin.ru> parents: 7567 diff changeset	35 static char ngx_mail_ssl_conf_command_check(ngx_conf_t cf, void *post,
3bff3f397c05 SSL: ssl_conf_command directive. Maxim Dounin <mdounin@mdounin.ru> parents: 7567 diff changeset	36 void *data);
3bff3f397c05 SSL: ssl_conf_command directive. Maxim Dounin <mdounin@mdounin.ru> parents: 7567 diff changeset	37
539 371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	38
5222 23a186e8ca45 Style: remove unnecessary references to HTTP from non-HTTP modules. Piotr Sikora <piotr@cloudflare.com> parents: 5219 diff changeset	39 static ngx_conf_enum_t ngx_mail_starttls_state[] = {
1136 68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	40 { ngx_string("off"), NGX_MAIL_STARTTLS_OFF },
68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	41 { ngx_string("on"), NGX_MAIL_STARTTLS_ON },
68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	42 { ngx_string("only"), NGX_MAIL_STARTTLS_ONLY },
583 4e296b7d25bf nginx-0.3.13-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 577 diff changeset	43 { ngx_null_string, 0 }
4e296b7d25bf nginx-0.3.13-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 577 diff changeset	44 };
4e296b7d25bf nginx-0.3.13-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 577 diff changeset	45
4e296b7d25bf nginx-0.3.13-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 577 diff changeset	46
4e296b7d25bf nginx-0.3.13-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 577 diff changeset	47
1136 68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	48 static ngx_conf_bitmask_t ngx_mail_ssl_protocols[] = {
547 818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	49 { ngx_string("SSLv2"), NGX_SSL_SSLv2 },
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	50 { ngx_string("SSLv3"), NGX_SSL_SSLv3 },
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	51 { ngx_string("TLSv1"), NGX_SSL_TLSv1 },
4400 a0505851e70c Added support for TLSv1.1, TLSv1.2 in ssl_protocols directive. Maxim Dounin <mdounin@mdounin.ru> parents: 4153 diff changeset	52 { ngx_string("TLSv1.1"), NGX_SSL_TLSv1_1 },
a0505851e70c Added support for TLSv1.1, TLSv1.2 in ssl_protocols directive. Maxim Dounin <mdounin@mdounin.ru> parents: 4153 diff changeset	53 { ngx_string("TLSv1.2"), NGX_SSL_TLSv1_2 },
6981 08dc60979133 SSL: added support for TLSv1.3 in ssl_protocols directive. Sergey Kandaurov <pluknet@nginx.com> parents: 6699 diff changeset	54 { ngx_string("TLSv1.3"), NGX_SSL_TLSv1_3 },
547 818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	55 { ngx_null_string, 0 }
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	56 };
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	57
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	58
5989 ec01b1d1fff1 Mail: client SSL certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 5744 diff changeset	59 static ngx_conf_enum_t ngx_mail_ssl_verify[] = {
ec01b1d1fff1 Mail: client SSL certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 5744 diff changeset	60 { ngx_string("off"), 0 },
ec01b1d1fff1 Mail: client SSL certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 5744 diff changeset	61 { ngx_string("on"), 1 },
ec01b1d1fff1 Mail: client SSL certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 5744 diff changeset	62 { ngx_string("optional"), 2 },
ec01b1d1fff1 Mail: client SSL certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 5744 diff changeset	63 { ngx_string("optional_no_ca"), 3 },
ec01b1d1fff1 Mail: client SSL certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 5744 diff changeset	64 { ngx_null_string, 0 }
ec01b1d1fff1 Mail: client SSL certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 5744 diff changeset	65 };
ec01b1d1fff1 Mail: client SSL certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 5744 diff changeset	66
ec01b1d1fff1 Mail: client SSL certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 5744 diff changeset	67
7270 46c0c7ef4913 SSL: deprecated the "ssl" directive. Ruslan Ermilov <ru@nginx.com> parents: 7269 diff changeset	68 static ngx_conf_deprecated_t ngx_mail_ssl_deprecated = {
46c0c7ef4913 SSL: deprecated the "ssl" directive. Ruslan Ermilov <ru@nginx.com> parents: 7269 diff changeset	69 ngx_conf_deprecated, "ssl", "listen ... ssl"
46c0c7ef4913 SSL: deprecated the "ssl" directive. Ruslan Ermilov <ru@nginx.com> parents: 7269 diff changeset	70 };
46c0c7ef4913 SSL: deprecated the "ssl" directive. Ruslan Ermilov <ru@nginx.com> parents: 7269 diff changeset	71
46c0c7ef4913 SSL: deprecated the "ssl" directive. Ruslan Ermilov <ru@nginx.com> parents: 7269 diff changeset	72
7729 3bff3f397c05 SSL: ssl_conf_command directive. Maxim Dounin <mdounin@mdounin.ru> parents: 7567 diff changeset	73 static ngx_conf_post_t ngx_mail_ssl_conf_command_post =
3bff3f397c05 SSL: ssl_conf_command directive. Maxim Dounin <mdounin@mdounin.ru> parents: 7567 diff changeset	74 { ngx_mail_ssl_conf_command_check };
3bff3f397c05 SSL: ssl_conf_command directive. Maxim Dounin <mdounin@mdounin.ru> parents: 7567 diff changeset	75
3bff3f397c05 SSL: ssl_conf_command directive. Maxim Dounin <mdounin@mdounin.ru> parents: 7567 diff changeset	76
1136 68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	77 static ngx_command_t ngx_mail_ssl_commands[] = {
539 371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	78
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	79 { ngx_string("ssl"),
1136 68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	80 NGX_MAIL_MAIN_CONF\|NGX_MAIL_SRV_CONF\|NGX_CONF_FLAG,
2224 109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	81 ngx_mail_ssl_enable,
1136 68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	82 NGX_MAIL_SRV_CONF_OFFSET,
68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	83 offsetof(ngx_mail_ssl_conf_t, enable),
7270 46c0c7ef4913 SSL: deprecated the "ssl" directive. Ruslan Ermilov <ru@nginx.com> parents: 7269 diff changeset	84 &ngx_mail_ssl_deprecated },
539 371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	85
583 4e296b7d25bf nginx-0.3.13-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 577 diff changeset	86 { ngx_string("starttls"),
1136 68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	87 NGX_MAIL_MAIN_CONF\|NGX_MAIL_SRV_CONF\|NGX_CONF_TAKE1,
2224 109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	88 ngx_mail_ssl_starttls,
1136 68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	89 NGX_MAIL_SRV_CONF_OFFSET,
68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	90 offsetof(ngx_mail_ssl_conf_t, starttls),
5222 23a186e8ca45 Style: remove unnecessary references to HTTP from non-HTTP modules. Piotr Sikora <piotr@cloudflare.com> parents: 5219 diff changeset	91 ngx_mail_starttls_state },
583 4e296b7d25bf nginx-0.3.13-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 577 diff changeset	92
539 371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	93 { ngx_string("ssl_certificate"),
1136 68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	94 NGX_MAIL_MAIN_CONF\|NGX_MAIL_SRV_CONF\|NGX_CONF_TAKE1,
6550 51e1f047d15d SSL: support for multiple certificates (ticket #814). Maxim Dounin <mdounin@mdounin.ru> parents: 6489 diff changeset	95 ngx_conf_set_str_array_slot,
1136 68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	96 NGX_MAIL_SRV_CONF_OFFSET,
6550 51e1f047d15d SSL: support for multiple certificates (ticket #814). Maxim Dounin <mdounin@mdounin.ru> parents: 6489 diff changeset	97 offsetof(ngx_mail_ssl_conf_t, certificates),
539 371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	98 NULL },
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	99
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	100 { ngx_string("ssl_certificate_key"),
1136 68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	101 NGX_MAIL_MAIN_CONF\|NGX_MAIL_SRV_CONF\|NGX_CONF_TAKE1,
6550 51e1f047d15d SSL: support for multiple certificates (ticket #814). Maxim Dounin <mdounin@mdounin.ru> parents: 6489 diff changeset	102 ngx_conf_set_str_array_slot,
1136 68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	103 NGX_MAIL_SRV_CONF_OFFSET,
6550 51e1f047d15d SSL: support for multiple certificates (ticket #814). Maxim Dounin <mdounin@mdounin.ru> parents: 6489 diff changeset	104 offsetof(ngx_mail_ssl_conf_t, certificate_keys),
539 371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	105 NULL },
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	106
5744 42114bf12da0 SSL: the "ssl_password_file" directive. Valentin Bartenev <vbart@nginx.com> parents: 5503 diff changeset	107 { ngx_string("ssl_password_file"),
42114bf12da0 SSL: the "ssl_password_file" directive. Valentin Bartenev <vbart@nginx.com> parents: 5503 diff changeset	108 NGX_MAIL_MAIN_CONF\|NGX_MAIL_SRV_CONF\|NGX_CONF_TAKE1,
42114bf12da0 SSL: the "ssl_password_file" directive. Valentin Bartenev <vbart@nginx.com> parents: 5503 diff changeset	109 ngx_mail_ssl_password_file,
42114bf12da0 SSL: the "ssl_password_file" directive. Valentin Bartenev <vbart@nginx.com> parents: 5503 diff changeset	110 NGX_MAIL_SRV_CONF_OFFSET,
42114bf12da0 SSL: the "ssl_password_file" directive. Valentin Bartenev <vbart@nginx.com> parents: 5503 diff changeset	111 0,
42114bf12da0 SSL: the "ssl_password_file" directive. Valentin Bartenev <vbart@nginx.com> parents: 5503 diff changeset	112 NULL },
42114bf12da0 SSL: the "ssl_password_file" directive. Valentin Bartenev <vbart@nginx.com> parents: 5503 diff changeset	113
2044 f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	114 { ngx_string("ssl_dhparam"),
f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	115 NGX_MAIL_MAIN_CONF\|NGX_MAIL_SRV_CONF\|NGX_CONF_TAKE1,
f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	116 ngx_conf_set_str_slot,
f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	117 NGX_MAIL_SRV_CONF_OFFSET,
f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	118 offsetof(ngx_mail_ssl_conf_t, dhparam),
f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	119 NULL },
f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	120
3960 0832a6997227 ECDHE support Igor Sysoev <igor@sysoev.ru> parents: 3959 diff changeset	121 { ngx_string("ssl_ecdh_curve"),
0832a6997227 ECDHE support Igor Sysoev <igor@sysoev.ru> parents: 3959 diff changeset	122 NGX_MAIL_MAIN_CONF\|NGX_MAIL_SRV_CONF\|NGX_CONF_TAKE1,
0832a6997227 ECDHE support Igor Sysoev <igor@sysoev.ru> parents: 3959 diff changeset	123 ngx_conf_set_str_slot,
0832a6997227 ECDHE support Igor Sysoev <igor@sysoev.ru> parents: 3959 diff changeset	124 NGX_MAIL_SRV_CONF_OFFSET,
0832a6997227 ECDHE support Igor Sysoev <igor@sysoev.ru> parents: 3959 diff changeset	125 offsetof(ngx_mail_ssl_conf_t, ecdh_curve),
0832a6997227 ECDHE support Igor Sysoev <igor@sysoev.ru> parents: 3959 diff changeset	126 NULL },
0832a6997227 ECDHE support Igor Sysoev <igor@sysoev.ru> parents: 3959 diff changeset	127
547 818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	128 { ngx_string("ssl_protocols"),
1136 68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	129 NGX_MAIL_MAIN_CONF\|NGX_MAIL_SRV_CONF\|NGX_CONF_1MORE,
547 818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	130 ngx_conf_set_bitmask_slot,
1136 68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	131 NGX_MAIL_SRV_CONF_OFFSET,
68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	132 offsetof(ngx_mail_ssl_conf_t, protocols),
68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	133 &ngx_mail_ssl_protocols },
547 818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	134
539 371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	135 { ngx_string("ssl_ciphers"),
1136 68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	136 NGX_MAIL_MAIN_CONF\|NGX_MAIL_SRV_CONF\|NGX_CONF_TAKE1,
539 371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	137 ngx_conf_set_str_slot,
1136 68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	138 NGX_MAIL_SRV_CONF_OFFSET,
68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	139 offsetof(ngx_mail_ssl_conf_t, ciphers),
539 371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	140 NULL },
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	141
547 818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	142 { ngx_string("ssl_prefer_server_ciphers"),
1136 68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	143 NGX_MAIL_MAIN_CONF\|NGX_MAIL_SRV_CONF\|NGX_CONF_FLAG,
547 818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	144 ngx_conf_set_flag_slot,
1136 68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	145 NGX_MAIL_SRV_CONF_OFFSET,
68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	146 offsetof(ngx_mail_ssl_conf_t, prefer_server_ciphers),
547 818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	147 NULL },
563 9c2f3ed7a247 nginx-0.3.3-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 547 diff changeset	148
976 b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	149 { ngx_string("ssl_session_cache"),
1136 68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	150 NGX_MAIL_MAIN_CONF\|NGX_MAIL_SRV_CONF\|NGX_CONF_TAKE12,
68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	151 ngx_mail_ssl_session_cache,
68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	152 NGX_MAIL_SRV_CONF_OFFSET,
976 b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	153 0,
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	154 NULL },
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	155
5503 d049b0ea00a3 SSL: ssl_session_tickets directive. Dirkjan Bussink <d.bussink@gmail.com> parents: 5425 diff changeset	156 { ngx_string("ssl_session_tickets"),
d049b0ea00a3 SSL: ssl_session_tickets directive. Dirkjan Bussink <d.bussink@gmail.com> parents: 5425 diff changeset	157 NGX_MAIL_MAIN_CONF\|NGX_MAIL_SRV_CONF\|NGX_CONF_FLAG,
d049b0ea00a3 SSL: ssl_session_tickets directive. Dirkjan Bussink <d.bussink@gmail.com> parents: 5425 diff changeset	158 ngx_conf_set_flag_slot,
d049b0ea00a3 SSL: ssl_session_tickets directive. Dirkjan Bussink <d.bussink@gmail.com> parents: 5425 diff changeset	159 NGX_MAIL_SRV_CONF_OFFSET,
d049b0ea00a3 SSL: ssl_session_tickets directive. Dirkjan Bussink <d.bussink@gmail.com> parents: 5425 diff changeset	160 offsetof(ngx_mail_ssl_conf_t, session_tickets),
d049b0ea00a3 SSL: ssl_session_tickets directive. Dirkjan Bussink <d.bussink@gmail.com> parents: 5425 diff changeset	161 NULL },
d049b0ea00a3 SSL: ssl_session_tickets directive. Dirkjan Bussink <d.bussink@gmail.com> parents: 5425 diff changeset	162
5425 1356a3b96924 SSL: added ability to set keys used for Session Tickets (RFC5077). Piotr Sikora <piotr@cloudflare.com> parents: 5401 diff changeset	163 { ngx_string("ssl_session_ticket_key"),
1356a3b96924 SSL: added ability to set keys used for Session Tickets (RFC5077). Piotr Sikora <piotr@cloudflare.com> parents: 5401 diff changeset	164 NGX_MAIL_MAIN_CONF\|NGX_MAIL_SRV_CONF\|NGX_CONF_TAKE1,
1356a3b96924 SSL: added ability to set keys used for Session Tickets (RFC5077). Piotr Sikora <piotr@cloudflare.com> parents: 5401 diff changeset	165 ngx_conf_set_str_array_slot,
1356a3b96924 SSL: added ability to set keys used for Session Tickets (RFC5077). Piotr Sikora <piotr@cloudflare.com> parents: 5401 diff changeset	166 NGX_MAIL_SRV_CONF_OFFSET,
1356a3b96924 SSL: added ability to set keys used for Session Tickets (RFC5077). Piotr Sikora <piotr@cloudflare.com> parents: 5401 diff changeset	167 offsetof(ngx_mail_ssl_conf_t, session_ticket_keys),
1356a3b96924 SSL: added ability to set keys used for Session Tickets (RFC5077). Piotr Sikora <piotr@cloudflare.com> parents: 5401 diff changeset	168 NULL },
1356a3b96924 SSL: added ability to set keys used for Session Tickets (RFC5077). Piotr Sikora <piotr@cloudflare.com> parents: 5401 diff changeset	169
573 58475592100c nginx-0.3.8-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 563 diff changeset	170 { ngx_string("ssl_session_timeout"),
1136 68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	171 NGX_MAIL_MAIN_CONF\|NGX_MAIL_SRV_CONF\|NGX_CONF_TAKE1,
573 58475592100c nginx-0.3.8-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 563 diff changeset	172 ngx_conf_set_sec_slot,
1136 68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	173 NGX_MAIL_SRV_CONF_OFFSET,
68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	174 offsetof(ngx_mail_ssl_conf_t, session_timeout),
573 58475592100c nginx-0.3.8-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 563 diff changeset	175 NULL },
547 818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	176
5989 ec01b1d1fff1 Mail: client SSL certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 5744 diff changeset	177 { ngx_string("ssl_verify_client"),
ec01b1d1fff1 Mail: client SSL certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 5744 diff changeset	178 NGX_MAIL_MAIN_CONF\|NGX_MAIL_SRV_CONF\|NGX_CONF_TAKE1,
ec01b1d1fff1 Mail: client SSL certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 5744 diff changeset	179 ngx_conf_set_enum_slot,
ec01b1d1fff1 Mail: client SSL certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 5744 diff changeset	180 NGX_MAIL_SRV_CONF_OFFSET,
ec01b1d1fff1 Mail: client SSL certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 5744 diff changeset	181 offsetof(ngx_mail_ssl_conf_t, verify),
ec01b1d1fff1 Mail: client SSL certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 5744 diff changeset	182 &ngx_mail_ssl_verify },
ec01b1d1fff1 Mail: client SSL certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 5744 diff changeset	183
ec01b1d1fff1 Mail: client SSL certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 5744 diff changeset	184 { ngx_string("ssl_verify_depth"),
ec01b1d1fff1 Mail: client SSL certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 5744 diff changeset	185 NGX_MAIL_MAIN_CONF\|NGX_MAIL_SRV_CONF\|NGX_CONF_TAKE1,
ec01b1d1fff1 Mail: client SSL certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 5744 diff changeset	186 ngx_conf_set_num_slot,
ec01b1d1fff1 Mail: client SSL certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 5744 diff changeset	187 NGX_MAIL_SRV_CONF_OFFSET,
ec01b1d1fff1 Mail: client SSL certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 5744 diff changeset	188 offsetof(ngx_mail_ssl_conf_t, verify_depth),
ec01b1d1fff1 Mail: client SSL certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 5744 diff changeset	189 NULL },
ec01b1d1fff1 Mail: client SSL certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 5744 diff changeset	190
ec01b1d1fff1 Mail: client SSL certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 5744 diff changeset	191 { ngx_string("ssl_client_certificate"),
ec01b1d1fff1 Mail: client SSL certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 5744 diff changeset	192 NGX_MAIL_MAIN_CONF\|NGX_MAIL_SRV_CONF\|NGX_CONF_TAKE1,
ec01b1d1fff1 Mail: client SSL certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 5744 diff changeset	193 ngx_conf_set_str_slot,
ec01b1d1fff1 Mail: client SSL certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 5744 diff changeset	194 NGX_MAIL_SRV_CONF_OFFSET,
ec01b1d1fff1 Mail: client SSL certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 5744 diff changeset	195 offsetof(ngx_mail_ssl_conf_t, client_certificate),
ec01b1d1fff1 Mail: client SSL certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 5744 diff changeset	196 NULL },
ec01b1d1fff1 Mail: client SSL certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 5744 diff changeset	197
ec01b1d1fff1 Mail: client SSL certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 5744 diff changeset	198 { ngx_string("ssl_trusted_certificate"),
ec01b1d1fff1 Mail: client SSL certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 5744 diff changeset	199 NGX_MAIL_MAIN_CONF\|NGX_MAIL_SRV_CONF\|NGX_CONF_TAKE1,
ec01b1d1fff1 Mail: client SSL certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 5744 diff changeset	200 ngx_conf_set_str_slot,
ec01b1d1fff1 Mail: client SSL certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 5744 diff changeset	201 NGX_MAIL_SRV_CONF_OFFSET,
ec01b1d1fff1 Mail: client SSL certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 5744 diff changeset	202 offsetof(ngx_mail_ssl_conf_t, trusted_certificate),
ec01b1d1fff1 Mail: client SSL certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 5744 diff changeset	203 NULL },
ec01b1d1fff1 Mail: client SSL certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 5744 diff changeset	204
ec01b1d1fff1 Mail: client SSL certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 5744 diff changeset	205 { ngx_string("ssl_crl"),
ec01b1d1fff1 Mail: client SSL certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 5744 diff changeset	206 NGX_MAIL_MAIN_CONF\|NGX_MAIL_SRV_CONF\|NGX_CONF_TAKE1,
ec01b1d1fff1 Mail: client SSL certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 5744 diff changeset	207 ngx_conf_set_str_slot,
ec01b1d1fff1 Mail: client SSL certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 5744 diff changeset	208 NGX_MAIL_SRV_CONF_OFFSET,
ec01b1d1fff1 Mail: client SSL certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 5744 diff changeset	209 offsetof(ngx_mail_ssl_conf_t, crl),
ec01b1d1fff1 Mail: client SSL certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 5744 diff changeset	210 NULL },
ec01b1d1fff1 Mail: client SSL certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 5744 diff changeset	211
7729 3bff3f397c05 SSL: ssl_conf_command directive. Maxim Dounin <mdounin@mdounin.ru> parents: 7567 diff changeset	212 { ngx_string("ssl_conf_command"),
3bff3f397c05 SSL: ssl_conf_command directive. Maxim Dounin <mdounin@mdounin.ru> parents: 7567 diff changeset	213 NGX_MAIL_MAIN_CONF\|NGX_MAIL_SRV_CONF\|NGX_CONF_TAKE2,
3bff3f397c05 SSL: ssl_conf_command directive. Maxim Dounin <mdounin@mdounin.ru> parents: 7567 diff changeset	214 ngx_conf_set_keyval_slot,
3bff3f397c05 SSL: ssl_conf_command directive. Maxim Dounin <mdounin@mdounin.ru> parents: 7567 diff changeset	215 NGX_MAIL_SRV_CONF_OFFSET,
3bff3f397c05 SSL: ssl_conf_command directive. Maxim Dounin <mdounin@mdounin.ru> parents: 7567 diff changeset	216 offsetof(ngx_mail_ssl_conf_t, conf_commands),
3bff3f397c05 SSL: ssl_conf_command directive. Maxim Dounin <mdounin@mdounin.ru> parents: 7567 diff changeset	217 &ngx_mail_ssl_conf_command_post },
3bff3f397c05 SSL: ssl_conf_command directive. Maxim Dounin <mdounin@mdounin.ru> parents: 7567 diff changeset	218
539 371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	219 ngx_null_command
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	220 };
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	221
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	222
1136 68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	223 static ngx_mail_module_t ngx_mail_ssl_module_ctx = {
1487 f69493e8faab ngx_mail_pop3_module, ngx_mail_imap_module, and ngx_mail_smtp_module Igor Sysoev <igor@sysoev.ru> parents: 1136 diff changeset	224 NULL, /* protocol */
f69493e8faab ngx_mail_pop3_module, ngx_mail_imap_module, and ngx_mail_smtp_module Igor Sysoev <igor@sysoev.ru> parents: 1136 diff changeset	225
539 371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	226 NULL, /* create main configuration */
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	227 NULL, /* init main configuration */
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	228
1136 68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	229 ngx_mail_ssl_create_conf, /* create server configuration */
68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	230 ngx_mail_ssl_merge_conf /* merge server configuration */
539 371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	231 };
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	232
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	233
1136 68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	234 ngx_module_t ngx_mail_ssl_module = {
539 371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	235 NGX_MODULE_V1,
1136 68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	236 &ngx_mail_ssl_module_ctx, /* module context */
68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	237 ngx_mail_ssl_commands, /* module directives */
68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	238 NGX_MAIL_MODULE, /* module type */
541 b09ee85d0ac8 nginx-0.1.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 539 diff changeset	239 NULL, /* init master */
539 371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	240 NULL, /* init module */
541 b09ee85d0ac8 nginx-0.1.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 539 diff changeset	241 NULL, /* init process */
b09ee85d0ac8 nginx-0.1.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 539 diff changeset	242 NULL, /* init thread */
b09ee85d0ac8 nginx-0.1.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 539 diff changeset	243 NULL, /* exit thread */
b09ee85d0ac8 nginx-0.1.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 539 diff changeset	244 NULL, /* exit process */
b09ee85d0ac8 nginx-0.1.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 539 diff changeset	245 NULL, /* exit master */
b09ee85d0ac8 nginx-0.1.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 539 diff changeset	246 NGX_MODULE_V1_PADDING
539 371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	247 };
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	248
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	249
1136 68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	250 static ngx_str_t ngx_mail_ssl_sess_id_ctx = ngx_string("MAIL");
543 511a89da35ad nginx-0.2.0-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 541 diff changeset	251
511a89da35ad nginx-0.2.0-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 541 diff changeset	252
7938 dc955d274130 Mail: connections with wrong ALPN protocols are now rejected. Vladimir Homutov <vl@nginx.com> parents: 7904 diff changeset	253 #ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
dc955d274130 Mail: connections with wrong ALPN protocols are now rejected. Vladimir Homutov <vl@nginx.com> parents: 7904 diff changeset	254
dc955d274130 Mail: connections with wrong ALPN protocols are now rejected. Vladimir Homutov <vl@nginx.com> parents: 7904 diff changeset	255 static int
dc955d274130 Mail: connections with wrong ALPN protocols are now rejected. Vladimir Homutov <vl@nginx.com> parents: 7904 diff changeset	256 ngx_mail_ssl_alpn_select(ngx_ssl_conn_t ssl_conn, const unsigned char *out,
dc955d274130 Mail: connections with wrong ALPN protocols are now rejected. Vladimir Homutov <vl@nginx.com> parents: 7904 diff changeset	257 unsigned char outlen, const unsigned char in, unsigned int inlen,
dc955d274130 Mail: connections with wrong ALPN protocols are now rejected. Vladimir Homutov <vl@nginx.com> parents: 7904 diff changeset	258 void *arg)
dc955d274130 Mail: connections with wrong ALPN protocols are now rejected. Vladimir Homutov <vl@nginx.com> parents: 7904 diff changeset	259 {
dc955d274130 Mail: connections with wrong ALPN protocols are now rejected. Vladimir Homutov <vl@nginx.com> parents: 7904 diff changeset	260 unsigned int srvlen;
dc955d274130 Mail: connections with wrong ALPN protocols are now rejected. Vladimir Homutov <vl@nginx.com> parents: 7904 diff changeset	261 unsigned char *srv;
dc955d274130 Mail: connections with wrong ALPN protocols are now rejected. Vladimir Homutov <vl@nginx.com> parents: 7904 diff changeset	262 ngx_connection_t *c;
dc955d274130 Mail: connections with wrong ALPN protocols are now rejected. Vladimir Homutov <vl@nginx.com> parents: 7904 diff changeset	263 ngx_mail_session_t *s;
dc955d274130 Mail: connections with wrong ALPN protocols are now rejected. Vladimir Homutov <vl@nginx.com> parents: 7904 diff changeset	264 ngx_mail_core_srv_conf_t *cscf;
dc955d274130 Mail: connections with wrong ALPN protocols are now rejected. Vladimir Homutov <vl@nginx.com> parents: 7904 diff changeset	265 #if (NGX_DEBUG)
dc955d274130 Mail: connections with wrong ALPN protocols are now rejected. Vladimir Homutov <vl@nginx.com> parents: 7904 diff changeset	266 unsigned int i;
dc955d274130 Mail: connections with wrong ALPN protocols are now rejected. Vladimir Homutov <vl@nginx.com> parents: 7904 diff changeset	267 #endif
dc955d274130 Mail: connections with wrong ALPN protocols are now rejected. Vladimir Homutov <vl@nginx.com> parents: 7904 diff changeset	268
dc955d274130 Mail: connections with wrong ALPN protocols are now rejected. Vladimir Homutov <vl@nginx.com> parents: 7904 diff changeset	269 c = ngx_ssl_get_connection(ssl_conn);
dc955d274130 Mail: connections with wrong ALPN protocols are now rejected. Vladimir Homutov <vl@nginx.com> parents: 7904 diff changeset	270 s = c->data;
dc955d274130 Mail: connections with wrong ALPN protocols are now rejected. Vladimir Homutov <vl@nginx.com> parents: 7904 diff changeset	271
dc955d274130 Mail: connections with wrong ALPN protocols are now rejected. Vladimir Homutov <vl@nginx.com> parents: 7904 diff changeset	272 #if (NGX_DEBUG)
dc955d274130 Mail: connections with wrong ALPN protocols are now rejected. Vladimir Homutov <vl@nginx.com> parents: 7904 diff changeset	273 for (i = 0; i < inlen; i += in[i] + 1) {
dc955d274130 Mail: connections with wrong ALPN protocols are now rejected. Vladimir Homutov <vl@nginx.com> parents: 7904 diff changeset	274 ngx_log_debug2(NGX_LOG_DEBUG_MAIL, c->log, 0,
dc955d274130 Mail: connections with wrong ALPN protocols are now rejected. Vladimir Homutov <vl@nginx.com> parents: 7904 diff changeset	275 "SSL ALPN supported by client: %*s",
dc955d274130 Mail: connections with wrong ALPN protocols are now rejected. Vladimir Homutov <vl@nginx.com> parents: 7904 diff changeset	276 (size_t) in[i], &in[i + 1]);
dc955d274130 Mail: connections with wrong ALPN protocols are now rejected. Vladimir Homutov <vl@nginx.com> parents: 7904 diff changeset	277 }
dc955d274130 Mail: connections with wrong ALPN protocols are now rejected. Vladimir Homutov <vl@nginx.com> parents: 7904 diff changeset	278 #endif
dc955d274130 Mail: connections with wrong ALPN protocols are now rejected. Vladimir Homutov <vl@nginx.com> parents: 7904 diff changeset	279
dc955d274130 Mail: connections with wrong ALPN protocols are now rejected. Vladimir Homutov <vl@nginx.com> parents: 7904 diff changeset	280 cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module);
dc955d274130 Mail: connections with wrong ALPN protocols are now rejected. Vladimir Homutov <vl@nginx.com> parents: 7904 diff changeset	281
dc955d274130 Mail: connections with wrong ALPN protocols are now rejected. Vladimir Homutov <vl@nginx.com> parents: 7904 diff changeset	282 srv = cscf->protocol->alpn.data;
dc955d274130 Mail: connections with wrong ALPN protocols are now rejected. Vladimir Homutov <vl@nginx.com> parents: 7904 diff changeset	283 srvlen = cscf->protocol->alpn.len;
dc955d274130 Mail: connections with wrong ALPN protocols are now rejected. Vladimir Homutov <vl@nginx.com> parents: 7904 diff changeset	284
dc955d274130 Mail: connections with wrong ALPN protocols are now rejected. Vladimir Homutov <vl@nginx.com> parents: 7904 diff changeset	285 if (SSL_select_next_proto((unsigned char **) out, outlen, srv, srvlen,
dc955d274130 Mail: connections with wrong ALPN protocols are now rejected. Vladimir Homutov <vl@nginx.com> parents: 7904 diff changeset	286 in, inlen)
dc955d274130 Mail: connections with wrong ALPN protocols are now rejected. Vladimir Homutov <vl@nginx.com> parents: 7904 diff changeset	287 != OPENSSL_NPN_NEGOTIATED)
dc955d274130 Mail: connections with wrong ALPN protocols are now rejected. Vladimir Homutov <vl@nginx.com> parents: 7904 diff changeset	288 {
dc955d274130 Mail: connections with wrong ALPN protocols are now rejected. Vladimir Homutov <vl@nginx.com> parents: 7904 diff changeset	289 return SSL_TLSEXT_ERR_ALERT_FATAL;
dc955d274130 Mail: connections with wrong ALPN protocols are now rejected. Vladimir Homutov <vl@nginx.com> parents: 7904 diff changeset	290 }
dc955d274130 Mail: connections with wrong ALPN protocols are now rejected. Vladimir Homutov <vl@nginx.com> parents: 7904 diff changeset	291
dc955d274130 Mail: connections with wrong ALPN protocols are now rejected. Vladimir Homutov <vl@nginx.com> parents: 7904 diff changeset	292 ngx_log_debug2(NGX_LOG_DEBUG_MAIL, c->log, 0,
dc955d274130 Mail: connections with wrong ALPN protocols are now rejected. Vladimir Homutov <vl@nginx.com> parents: 7904 diff changeset	293 "SSL ALPN selected: %s", (size_t) outlen, *out);
dc955d274130 Mail: connections with wrong ALPN protocols are now rejected. Vladimir Homutov <vl@nginx.com> parents: 7904 diff changeset	294
dc955d274130 Mail: connections with wrong ALPN protocols are now rejected. Vladimir Homutov <vl@nginx.com> parents: 7904 diff changeset	295 return SSL_TLSEXT_ERR_OK;
dc955d274130 Mail: connections with wrong ALPN protocols are now rejected. Vladimir Homutov <vl@nginx.com> parents: 7904 diff changeset	296 }
dc955d274130 Mail: connections with wrong ALPN protocols are now rejected. Vladimir Homutov <vl@nginx.com> parents: 7904 diff changeset	297
dc955d274130 Mail: connections with wrong ALPN protocols are now rejected. Vladimir Homutov <vl@nginx.com> parents: 7904 diff changeset	298 #endif
dc955d274130 Mail: connections with wrong ALPN protocols are now rejected. Vladimir Homutov <vl@nginx.com> parents: 7904 diff changeset	299
dc955d274130 Mail: connections with wrong ALPN protocols are now rejected. Vladimir Homutov <vl@nginx.com> parents: 7904 diff changeset	300
539 371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	301 static void *
1136 68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	302 ngx_mail_ssl_create_conf(ngx_conf_t *cf)
577 4d9ea73a627a nginx-0.3.10-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 573 diff changeset	303 {
1136 68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	304 ngx_mail_ssl_conf_t *scf;
577 4d9ea73a627a nginx-0.3.10-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 573 diff changeset	305
1136 68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	306 scf = ngx_pcalloc(cf->pool, sizeof(ngx_mail_ssl_conf_t));
539 371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	307 if (scf == NULL) {
2912 c7d57b539248 return NULL instead of NGX_CONF_ERROR on a create conf failure Igor Sysoev <igor@sysoev.ru> parents: 2759 diff changeset	308 return NULL;
539 371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	309 }
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	310
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	311 /*
577 4d9ea73a627a nginx-0.3.10-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 573 diff changeset	312 * set by ngx_pcalloc():
539 371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	313 *
7269 7f955d3b9a0d SSL: detect "listen ... ssl" without certificates (ticket #178). Maxim Dounin <mdounin@mdounin.ru> parents: 7268 diff changeset	314 * scf->listen = 0;
547 818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	315 * scf->protocols = 0;
2044 f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	316 * scf->dhparam = { 0, NULL };
3960 0832a6997227 ECDHE support Igor Sysoev <igor@sysoev.ru> parents: 3959 diff changeset	317 * scf->ecdh_curve = { 0, NULL };
5989 ec01b1d1fff1 Mail: client SSL certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 5744 diff changeset	318 * scf->client_certificate = { 0, NULL };
ec01b1d1fff1 Mail: client SSL certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 5744 diff changeset	319 * scf->trusted_certificate = { 0, NULL };
ec01b1d1fff1 Mail: client SSL certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 5744 diff changeset	320 * scf->crl = { 0, NULL };
3516 dd1570b6f237 ngx_str_set() and ngx_str_null() Igor Sysoev <igor@sysoev.ru> parents: 3196 diff changeset	321 * scf->ciphers = { 0, NULL };
976 b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	322 * scf->shm_zone = NULL;
539 371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	323 */
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	324
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	325 scf->enable = NGX_CONF_UNSET;
2759 38cb2238db13 fix building by MSVC8 Igor Sysoev <igor@sysoev.ru> parents: 2224 diff changeset	326 scf->starttls = NGX_CONF_UNSET_UINT;
6550 51e1f047d15d SSL: support for multiple certificates (ticket #814). Maxim Dounin <mdounin@mdounin.ru> parents: 6489 diff changeset	327 scf->certificates = NGX_CONF_UNSET_PTR;
51e1f047d15d SSL: support for multiple certificates (ticket #814). Maxim Dounin <mdounin@mdounin.ru> parents: 6489 diff changeset	328 scf->certificate_keys = NGX_CONF_UNSET_PTR;
5744 42114bf12da0 SSL: the "ssl_password_file" directive. Valentin Bartenev <vbart@nginx.com> parents: 5503 diff changeset	329 scf->passwords = NGX_CONF_UNSET_PTR;
7729 3bff3f397c05 SSL: ssl_conf_command directive. Maxim Dounin <mdounin@mdounin.ru> parents: 7567 diff changeset	330 scf->conf_commands = NGX_CONF_UNSET_PTR;
976 b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	331 scf->prefer_server_ciphers = NGX_CONF_UNSET;
5989 ec01b1d1fff1 Mail: client SSL certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 5744 diff changeset	332 scf->verify = NGX_CONF_UNSET_UINT;
ec01b1d1fff1 Mail: client SSL certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 5744 diff changeset	333 scf->verify_depth = NGX_CONF_UNSET_UINT;
976 b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	334 scf->builtin_session_cache = NGX_CONF_UNSET;
573 58475592100c nginx-0.3.8-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 563 diff changeset	335 scf->session_timeout = NGX_CONF_UNSET;
5503 d049b0ea00a3 SSL: ssl_session_tickets directive. Dirkjan Bussink <d.bussink@gmail.com> parents: 5425 diff changeset	336 scf->session_tickets = NGX_CONF_UNSET;
5425 1356a3b96924 SSL: added ability to set keys used for Session Tickets (RFC5077). Piotr Sikora <piotr@cloudflare.com> parents: 5401 diff changeset	337 scf->session_ticket_keys = NGX_CONF_UNSET_PTR;
539 371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	338
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	339 return scf;
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	340 }
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	341
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	342
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	343 static char *
1136 68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	344 ngx_mail_ssl_merge_conf(ngx_conf_t cf, void parent, void *child)
539 371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	345 {
1136 68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	346 ngx_mail_ssl_conf_t *prev = parent;
68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	347 ngx_mail_ssl_conf_t *conf = child;
539 371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	348
2224 109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	349 char *mode;
563 9c2f3ed7a247 nginx-0.3.3-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 547 diff changeset	350 ngx_pool_cleanup_t *cln;
9c2f3ed7a247 nginx-0.3.3-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 547 diff changeset	351
539 371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	352 ngx_conf_merge_value(conf->enable, prev->enable, 0);
2224 109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	353 ngx_conf_merge_uint_value(conf->starttls, prev->starttls,
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	354 NGX_MAIL_STARTTLS_OFF);
539 371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	355
573 58475592100c nginx-0.3.8-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 563 diff changeset	356 ngx_conf_merge_value(conf->session_timeout,
58475592100c nginx-0.3.8-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 563 diff changeset	357 prev->session_timeout, 300);
58475592100c nginx-0.3.8-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 563 diff changeset	358
547 818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	359 ngx_conf_merge_value(conf->prefer_server_ciphers,
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	360 prev->prefer_server_ciphers, 0);
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	361
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	362 ngx_conf_merge_bitmask_value(conf->protocols, prev->protocols,
6157 b2899e7d0ef8 Disabled SSLv3 by default (ticket #653). Maxim Dounin <mdounin@mdounin.ru> parents: 6035 diff changeset	363 (NGX_CONF_BITMASK_SET\|NGX_SSL_TLSv1
4400 a0505851e70c Added support for TLSv1.1, TLSv1.2 in ssl_protocols directive. Maxim Dounin <mdounin@mdounin.ru> parents: 4153 diff changeset	364 \|NGX_SSL_TLSv1_1\|NGX_SSL_TLSv1_2));
547 818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	365
5989 ec01b1d1fff1 Mail: client SSL certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 5744 diff changeset	366 ngx_conf_merge_uint_value(conf->verify, prev->verify, 0);
ec01b1d1fff1 Mail: client SSL certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 5744 diff changeset	367 ngx_conf_merge_uint_value(conf->verify_depth, prev->verify_depth, 1);
ec01b1d1fff1 Mail: client SSL certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 5744 diff changeset	368
6550 51e1f047d15d SSL: support for multiple certificates (ticket #814). Maxim Dounin <mdounin@mdounin.ru> parents: 6489 diff changeset	369 ngx_conf_merge_ptr_value(conf->certificates, prev->certificates, NULL);
51e1f047d15d SSL: support for multiple certificates (ticket #814). Maxim Dounin <mdounin@mdounin.ru> parents: 6489 diff changeset	370 ngx_conf_merge_ptr_value(conf->certificate_keys, prev->certificate_keys,
51e1f047d15d SSL: support for multiple certificates (ticket #814). Maxim Dounin <mdounin@mdounin.ru> parents: 6489 diff changeset	371 NULL);
539 371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	372
5744 42114bf12da0 SSL: the "ssl_password_file" directive. Valentin Bartenev <vbart@nginx.com> parents: 5503 diff changeset	373 ngx_conf_merge_ptr_value(conf->passwords, prev->passwords, NULL);
42114bf12da0 SSL: the "ssl_password_file" directive. Valentin Bartenev <vbart@nginx.com> parents: 5503 diff changeset	374
2044 f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	375 ngx_conf_merge_str_value(conf->dhparam, prev->dhparam, "");
f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	376
3960 0832a6997227 ECDHE support Igor Sysoev <igor@sysoev.ru> parents: 3959 diff changeset	377 ngx_conf_merge_str_value(conf->ecdh_curve, prev->ecdh_curve,
0832a6997227 ECDHE support Igor Sysoev <igor@sysoev.ru> parents: 3959 diff changeset	378 NGX_DEFAULT_ECDH_CURVE);
0832a6997227 ECDHE support Igor Sysoev <igor@sysoev.ru> parents: 3959 diff changeset	379
5989 ec01b1d1fff1 Mail: client SSL certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 5744 diff changeset	380 ngx_conf_merge_str_value(conf->client_certificate,
ec01b1d1fff1 Mail: client SSL certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 5744 diff changeset	381 prev->client_certificate, "");
ec01b1d1fff1 Mail: client SSL certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 5744 diff changeset	382 ngx_conf_merge_str_value(conf->trusted_certificate,
ec01b1d1fff1 Mail: client SSL certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 5744 diff changeset	383 prev->trusted_certificate, "");
ec01b1d1fff1 Mail: client SSL certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 5744 diff changeset	384 ngx_conf_merge_str_value(conf->crl, prev->crl, "");
ec01b1d1fff1 Mail: client SSL certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 5744 diff changeset	385
2124 e0b424b98f24 fix typo Igor Sysoev <igor@sysoev.ru> parents: 2044 diff changeset	386 ngx_conf_merge_str_value(conf->ciphers, prev->ciphers, NGX_DEFAULT_CIPHERS);
539 371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	387
7729 3bff3f397c05 SSL: ssl_conf_command directive. Maxim Dounin <mdounin@mdounin.ru> parents: 7567 diff changeset	388 ngx_conf_merge_ptr_value(conf->conf_commands, prev->conf_commands, NULL);
3bff3f397c05 SSL: ssl_conf_command directive. Maxim Dounin <mdounin@mdounin.ru> parents: 7567 diff changeset	389
539 371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	390
547 818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	391 conf->ssl.log = cf->log;
539 371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	392
7269 7f955d3b9a0d SSL: detect "listen ... ssl" without certificates (ticket #178). Maxim Dounin <mdounin@mdounin.ru> parents: 7268 diff changeset	393 if (conf->listen) {
7f955d3b9a0d SSL: detect "listen ... ssl" without certificates (ticket #178). Maxim Dounin <mdounin@mdounin.ru> parents: 7268 diff changeset	394 mode = "listen ... ssl";
7f955d3b9a0d SSL: detect "listen ... ssl" without certificates (ticket #178). Maxim Dounin <mdounin@mdounin.ru> parents: 7268 diff changeset	395
7f955d3b9a0d SSL: detect "listen ... ssl" without certificates (ticket #178). Maxim Dounin <mdounin@mdounin.ru> parents: 7268 diff changeset	396 } else if (conf->enable) {
6474 2cd019520210 Style. Ruslan Ermilov <ru@nginx.com> parents: 6157 diff changeset	397 mode = "ssl";
2224 109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	398
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	399 } else if (conf->starttls != NGX_MAIL_STARTTLS_OFF) {
6474 2cd019520210 Style. Ruslan Ermilov <ru@nginx.com> parents: 6157 diff changeset	400 mode = "starttls";
2224 109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	401
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	402 } else {
7269 7f955d3b9a0d SSL: detect "listen ... ssl" without certificates (ticket #178). Maxim Dounin <mdounin@mdounin.ru> parents: 7268 diff changeset	403 return NGX_CONF_OK;
2224 109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	404 }
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	405
5401 09fc4598fc8e Mail: fixed segfault with ssl/starttls at mail{} level and no cert. Maxim Dounin <mdounin@mdounin.ru> parents: 5387 diff changeset	406 if (conf->file == NULL) {
09fc4598fc8e Mail: fixed segfault with ssl/starttls at mail{} level and no cert. Maxim Dounin <mdounin@mdounin.ru> parents: 5387 diff changeset	407 conf->file = prev->file;
09fc4598fc8e Mail: fixed segfault with ssl/starttls at mail{} level and no cert. Maxim Dounin <mdounin@mdounin.ru> parents: 5387 diff changeset	408 conf->line = prev->line;
09fc4598fc8e Mail: fixed segfault with ssl/starttls at mail{} level and no cert. Maxim Dounin <mdounin@mdounin.ru> parents: 5387 diff changeset	409 }
09fc4598fc8e Mail: fixed segfault with ssl/starttls at mail{} level and no cert. Maxim Dounin <mdounin@mdounin.ru> parents: 5387 diff changeset	410
7269 7f955d3b9a0d SSL: detect "listen ... ssl" without certificates (ticket #178). Maxim Dounin <mdounin@mdounin.ru> parents: 7268 diff changeset	411 if (conf->certificates == NULL) {
7f955d3b9a0d SSL: detect "listen ... ssl" without certificates (ticket #178). Maxim Dounin <mdounin@mdounin.ru> parents: 7268 diff changeset	412 ngx_log_error(NGX_LOG_EMERG, cf->log, 0,
7f955d3b9a0d SSL: detect "listen ... ssl" without certificates (ticket #178). Maxim Dounin <mdounin@mdounin.ru> parents: 7268 diff changeset	413 "no \"ssl_certificate\" is defined for "
7f955d3b9a0d SSL: detect "listen ... ssl" without certificates (ticket #178). Maxim Dounin <mdounin@mdounin.ru> parents: 7268 diff changeset	414 "the \"%s\" directive in %s:%ui",
7f955d3b9a0d SSL: detect "listen ... ssl" without certificates (ticket #178). Maxim Dounin <mdounin@mdounin.ru> parents: 7268 diff changeset	415 mode, conf->file, conf->line);
7f955d3b9a0d SSL: detect "listen ... ssl" without certificates (ticket #178). Maxim Dounin <mdounin@mdounin.ru> parents: 7268 diff changeset	416 return NGX_CONF_ERROR;
7f955d3b9a0d SSL: detect "listen ... ssl" without certificates (ticket #178). Maxim Dounin <mdounin@mdounin.ru> parents: 7268 diff changeset	417 }
2224 109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	418
7269 7f955d3b9a0d SSL: detect "listen ... ssl" without certificates (ticket #178). Maxim Dounin <mdounin@mdounin.ru> parents: 7268 diff changeset	419 if (conf->certificate_keys == NULL) {
7f955d3b9a0d SSL: detect "listen ... ssl" without certificates (ticket #178). Maxim Dounin <mdounin@mdounin.ru> parents: 7268 diff changeset	420 ngx_log_error(NGX_LOG_EMERG, cf->log, 0,
7f955d3b9a0d SSL: detect "listen ... ssl" without certificates (ticket #178). Maxim Dounin <mdounin@mdounin.ru> parents: 7268 diff changeset	421 "no \"ssl_certificate_key\" is defined for "
7f955d3b9a0d SSL: detect "listen ... ssl" without certificates (ticket #178). Maxim Dounin <mdounin@mdounin.ru> parents: 7268 diff changeset	422 "the \"%s\" directive in %s:%ui",
7f955d3b9a0d SSL: detect "listen ... ssl" without certificates (ticket #178). Maxim Dounin <mdounin@mdounin.ru> parents: 7268 diff changeset	423 mode, conf->file, conf->line);
7f955d3b9a0d SSL: detect "listen ... ssl" without certificates (ticket #178). Maxim Dounin <mdounin@mdounin.ru> parents: 7268 diff changeset	424 return NGX_CONF_ERROR;
7f955d3b9a0d SSL: detect "listen ... ssl" without certificates (ticket #178). Maxim Dounin <mdounin@mdounin.ru> parents: 7268 diff changeset	425 }
2224 109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	426
7269 7f955d3b9a0d SSL: detect "listen ... ssl" without certificates (ticket #178). Maxim Dounin <mdounin@mdounin.ru> parents: 7268 diff changeset	427 if (conf->certificate_keys->nelts < conf->certificates->nelts) {
7f955d3b9a0d SSL: detect "listen ... ssl" without certificates (ticket #178). Maxim Dounin <mdounin@mdounin.ru> parents: 7268 diff changeset	428 ngx_log_error(NGX_LOG_EMERG, cf->log, 0,
7f955d3b9a0d SSL: detect "listen ... ssl" without certificates (ticket #178). Maxim Dounin <mdounin@mdounin.ru> parents: 7268 diff changeset	429 "no \"ssl_certificate_key\" is defined "
7f955d3b9a0d SSL: detect "listen ... ssl" without certificates (ticket #178). Maxim Dounin <mdounin@mdounin.ru> parents: 7268 diff changeset	430 "for certificate \"%V\" and "
7f955d3b9a0d SSL: detect "listen ... ssl" without certificates (ticket #178). Maxim Dounin <mdounin@mdounin.ru> parents: 7268 diff changeset	431 "the \"%s\" directive in %s:%ui",
7f955d3b9a0d SSL: detect "listen ... ssl" without certificates (ticket #178). Maxim Dounin <mdounin@mdounin.ru> parents: 7268 diff changeset	432 ((ngx_str_t *) conf->certificates->elts)
7f955d3b9a0d SSL: detect "listen ... ssl" without certificates (ticket #178). Maxim Dounin <mdounin@mdounin.ru> parents: 7268 diff changeset	433 + conf->certificates->nelts - 1,
7f955d3b9a0d SSL: detect "listen ... ssl" without certificates (ticket #178). Maxim Dounin <mdounin@mdounin.ru> parents: 7268 diff changeset	434 mode, conf->file, conf->line);
7f955d3b9a0d SSL: detect "listen ... ssl" without certificates (ticket #178). Maxim Dounin <mdounin@mdounin.ru> parents: 7268 diff changeset	435 return NGX_CONF_ERROR;
2224 109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	436 }
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	437
969 065b39794fff ngx_ssl_get_server_conf() Igor Sysoev <igor@sysoev.ru> parents: 583 diff changeset	438 if (ngx_ssl_create(&conf->ssl, conf->protocols, NULL) != NGX_OK) {
539 371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	439 return NGX_CONF_ERROR;
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	440 }
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	441
563 9c2f3ed7a247 nginx-0.3.3-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 547 diff changeset	442 cln = ngx_pool_cleanup_add(cf->pool, 0);
9c2f3ed7a247 nginx-0.3.3-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 547 diff changeset	443 if (cln == NULL) {
7473 8981dbb12254 SSL: fixed potential leak on memory allocation errors. Maxim Dounin <mdounin@mdounin.ru> parents: 7465 diff changeset	444 ngx_ssl_cleanup_ctx(&conf->ssl);
539 371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	445 return NGX_CONF_ERROR;
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	446 }
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	447
563 9c2f3ed7a247 nginx-0.3.3-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 547 diff changeset	448 cln->handler = ngx_ssl_cleanup_ctx;
9c2f3ed7a247 nginx-0.3.3-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 547 diff changeset	449 cln->data = &conf->ssl;
9c2f3ed7a247 nginx-0.3.3-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 547 diff changeset	450
7938 dc955d274130 Mail: connections with wrong ALPN protocols are now rejected. Vladimir Homutov <vl@nginx.com> parents: 7904 diff changeset	451 #ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
dc955d274130 Mail: connections with wrong ALPN protocols are now rejected. Vladimir Homutov <vl@nginx.com> parents: 7904 diff changeset	452 SSL_CTX_set_alpn_select_cb(conf->ssl.ctx, ngx_mail_ssl_alpn_select, NULL);
dc955d274130 Mail: connections with wrong ALPN protocols are now rejected. Vladimir Homutov <vl@nginx.com> parents: 7904 diff changeset	453 #endif
dc955d274130 Mail: connections with wrong ALPN protocols are now rejected. Vladimir Homutov <vl@nginx.com> parents: 7904 diff changeset	454
7904 419c066cb710 SSL: ciphers now set before loading certificates (ticket #2035). Maxim Dounin <mdounin@mdounin.ru> parents: 7787 diff changeset	455 if (ngx_ssl_ciphers(cf, &conf->ssl, &conf->ciphers,
419c066cb710 SSL: ciphers now set before loading certificates (ticket #2035). Maxim Dounin <mdounin@mdounin.ru> parents: 7787 diff changeset	456 conf->prefer_server_ciphers)
419c066cb710 SSL: ciphers now set before loading certificates (ticket #2035). Maxim Dounin <mdounin@mdounin.ru> parents: 7787 diff changeset	457 != NGX_OK)
419c066cb710 SSL: ciphers now set before loading certificates (ticket #2035). Maxim Dounin <mdounin@mdounin.ru> parents: 7787 diff changeset	458 {
419c066cb710 SSL: ciphers now set before loading certificates (ticket #2035). Maxim Dounin <mdounin@mdounin.ru> parents: 7787 diff changeset	459 return NGX_CONF_ERROR;
419c066cb710 SSL: ciphers now set before loading certificates (ticket #2035). Maxim Dounin <mdounin@mdounin.ru> parents: 7787 diff changeset	460 }
419c066cb710 SSL: ciphers now set before loading certificates (ticket #2035). Maxim Dounin <mdounin@mdounin.ru> parents: 7787 diff changeset	461
6550 51e1f047d15d SSL: support for multiple certificates (ticket #814). Maxim Dounin <mdounin@mdounin.ru> parents: 6489 diff changeset	462 if (ngx_ssl_certificates(cf, &conf->ssl, conf->certificates,
51e1f047d15d SSL: support for multiple certificates (ticket #814). Maxim Dounin <mdounin@mdounin.ru> parents: 6489 diff changeset	463 conf->certificate_keys, conf->passwords)
563 9c2f3ed7a247 nginx-0.3.3-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 547 diff changeset	464 != NGX_OK)
547 818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	465 {
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	466 return NGX_CONF_ERROR;
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	467 }
539 371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	468
5989 ec01b1d1fff1 Mail: client SSL certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 5744 diff changeset	469 if (conf->verify) {
ec01b1d1fff1 Mail: client SSL certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 5744 diff changeset	470
ec01b1d1fff1 Mail: client SSL certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 5744 diff changeset	471 if (conf->client_certificate.len == 0 && conf->verify != 3) {
ec01b1d1fff1 Mail: client SSL certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 5744 diff changeset	472 ngx_log_error(NGX_LOG_EMERG, cf->log, 0,
7567 ef7ee19776db SSL: fixed ssl_verify_client error message. Sergey Kandaurov <pluknet@nginx.com> parents: 7473 diff changeset	473 "no ssl_client_certificate for ssl_verify_client");
5989 ec01b1d1fff1 Mail: client SSL certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 5744 diff changeset	474 return NGX_CONF_ERROR;
ec01b1d1fff1 Mail: client SSL certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 5744 diff changeset	475 }
ec01b1d1fff1 Mail: client SSL certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 5744 diff changeset	476
ec01b1d1fff1 Mail: client SSL certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 5744 diff changeset	477 if (ngx_ssl_client_certificate(cf, &conf->ssl,
ec01b1d1fff1 Mail: client SSL certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 5744 diff changeset	478 &conf->client_certificate,
ec01b1d1fff1 Mail: client SSL certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 5744 diff changeset	479 conf->verify_depth)
ec01b1d1fff1 Mail: client SSL certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 5744 diff changeset	480 != NGX_OK)
ec01b1d1fff1 Mail: client SSL certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 5744 diff changeset	481 {
ec01b1d1fff1 Mail: client SSL certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 5744 diff changeset	482 return NGX_CONF_ERROR;
ec01b1d1fff1 Mail: client SSL certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 5744 diff changeset	483 }
ec01b1d1fff1 Mail: client SSL certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 5744 diff changeset	484
ec01b1d1fff1 Mail: client SSL certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 5744 diff changeset	485 if (ngx_ssl_trusted_certificate(cf, &conf->ssl,
ec01b1d1fff1 Mail: client SSL certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 5744 diff changeset	486 &conf->trusted_certificate,
ec01b1d1fff1 Mail: client SSL certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 5744 diff changeset	487 conf->verify_depth)
ec01b1d1fff1 Mail: client SSL certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 5744 diff changeset	488 != NGX_OK)
ec01b1d1fff1 Mail: client SSL certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 5744 diff changeset	489 {
ec01b1d1fff1 Mail: client SSL certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 5744 diff changeset	490 return NGX_CONF_ERROR;
ec01b1d1fff1 Mail: client SSL certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 5744 diff changeset	491 }
ec01b1d1fff1 Mail: client SSL certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 5744 diff changeset	492
ec01b1d1fff1 Mail: client SSL certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 5744 diff changeset	493 if (ngx_ssl_crl(cf, &conf->ssl, &conf->crl) != NGX_OK) {
ec01b1d1fff1 Mail: client SSL certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 5744 diff changeset	494 return NGX_CONF_ERROR;
ec01b1d1fff1 Mail: client SSL certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 5744 diff changeset	495 }
ec01b1d1fff1 Mail: client SSL certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 5744 diff changeset	496 }
ec01b1d1fff1 Mail: client SSL certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 5744 diff changeset	497
2044 f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	498 if (ngx_ssl_dhparam(cf, &conf->ssl, &conf->dhparam) != NGX_OK) {
f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	499 return NGX_CONF_ERROR;
f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	500 }
f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	501
5219 32fe021911c9 Mail: missing ngx_ssl_ecdh_curve() call. F. da Silva <fdasilvayy@gmail.com> parents: 4412 diff changeset	502 if (ngx_ssl_ecdh_curve(cf, &conf->ssl, &conf->ecdh_curve) != NGX_OK) {
32fe021911c9 Mail: missing ngx_ssl_ecdh_curve() call. F. da Silva <fdasilvayy@gmail.com> parents: 4412 diff changeset	503 return NGX_CONF_ERROR;
32fe021911c9 Mail: missing ngx_ssl_ecdh_curve() call. F. da Silva <fdasilvayy@gmail.com> parents: 4412 diff changeset	504 }
32fe021911c9 Mail: missing ngx_ssl_ecdh_curve() call. F. da Silva <fdasilvayy@gmail.com> parents: 4412 diff changeset	505
976 b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	506 ngx_conf_merge_value(conf->builtin_session_cache,
2032 12b3ad3353f9 ssl_session_cache none Igor Sysoev <igor@sysoev.ru> parents: 1778 diff changeset	507 prev->builtin_session_cache, NGX_SSL_NONE_SCACHE);
976 b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	508
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	509 if (conf->shm_zone == NULL) {
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	510 conf->shm_zone = prev->shm_zone;
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	511 }
539 371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	512
1136 68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	513 if (ngx_ssl_session_cache(&conf->ssl, &ngx_mail_ssl_sess_id_ctx,
7465 6708bec13757 SSL: adjusted session id context with dynamic certificates. Maxim Dounin <mdounin@mdounin.ru> parents: 7270 diff changeset	514 conf->certificates, conf->builtin_session_cache,
976 b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	515 conf->shm_zone, conf->session_timeout)
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	516 != NGX_OK)
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	517 {
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	518 return NGX_CONF_ERROR;
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	519 }
573 58475592100c nginx-0.3.8-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 563 diff changeset	520
5503 d049b0ea00a3 SSL: ssl_session_tickets directive. Dirkjan Bussink <d.bussink@gmail.com> parents: 5425 diff changeset	521 ngx_conf_merge_value(conf->session_tickets,
d049b0ea00a3 SSL: ssl_session_tickets directive. Dirkjan Bussink <d.bussink@gmail.com> parents: 5425 diff changeset	522 prev->session_tickets, 1);
d049b0ea00a3 SSL: ssl_session_tickets directive. Dirkjan Bussink <d.bussink@gmail.com> parents: 5425 diff changeset	523
d049b0ea00a3 SSL: ssl_session_tickets directive. Dirkjan Bussink <d.bussink@gmail.com> parents: 5425 diff changeset	524 #ifdef SSL_OP_NO_TICKET
d049b0ea00a3 SSL: ssl_session_tickets directive. Dirkjan Bussink <d.bussink@gmail.com> parents: 5425 diff changeset	525 if (!conf->session_tickets) {
d049b0ea00a3 SSL: ssl_session_tickets directive. Dirkjan Bussink <d.bussink@gmail.com> parents: 5425 diff changeset	526 SSL_CTX_set_options(conf->ssl.ctx, SSL_OP_NO_TICKET);
d049b0ea00a3 SSL: ssl_session_tickets directive. Dirkjan Bussink <d.bussink@gmail.com> parents: 5425 diff changeset	527 }
d049b0ea00a3 SSL: ssl_session_tickets directive. Dirkjan Bussink <d.bussink@gmail.com> parents: 5425 diff changeset	528 #endif
d049b0ea00a3 SSL: ssl_session_tickets directive. Dirkjan Bussink <d.bussink@gmail.com> parents: 5425 diff changeset	529
5425 1356a3b96924 SSL: added ability to set keys used for Session Tickets (RFC5077). Piotr Sikora <piotr@cloudflare.com> parents: 5401 diff changeset	530 ngx_conf_merge_ptr_value(conf->session_ticket_keys,
1356a3b96924 SSL: added ability to set keys used for Session Tickets (RFC5077). Piotr Sikora <piotr@cloudflare.com> parents: 5401 diff changeset	531 prev->session_ticket_keys, NULL);
1356a3b96924 SSL: added ability to set keys used for Session Tickets (RFC5077). Piotr Sikora <piotr@cloudflare.com> parents: 5401 diff changeset	532
1356a3b96924 SSL: added ability to set keys used for Session Tickets (RFC5077). Piotr Sikora <piotr@cloudflare.com> parents: 5401 diff changeset	533 if (ngx_ssl_session_ticket_keys(cf, &conf->ssl, conf->session_ticket_keys)
1356a3b96924 SSL: added ability to set keys used for Session Tickets (RFC5077). Piotr Sikora <piotr@cloudflare.com> parents: 5401 diff changeset	534 != NGX_OK)
1356a3b96924 SSL: added ability to set keys used for Session Tickets (RFC5077). Piotr Sikora <piotr@cloudflare.com> parents: 5401 diff changeset	535 {
1356a3b96924 SSL: added ability to set keys used for Session Tickets (RFC5077). Piotr Sikora <piotr@cloudflare.com> parents: 5401 diff changeset	536 return NGX_CONF_ERROR;
1356a3b96924 SSL: added ability to set keys used for Session Tickets (RFC5077). Piotr Sikora <piotr@cloudflare.com> parents: 5401 diff changeset	537 }
1356a3b96924 SSL: added ability to set keys used for Session Tickets (RFC5077). Piotr Sikora <piotr@cloudflare.com> parents: 5401 diff changeset	538
7729 3bff3f397c05 SSL: ssl_conf_command directive. Maxim Dounin <mdounin@mdounin.ru> parents: 7567 diff changeset	539 if (ngx_ssl_conf_commands(cf, &conf->ssl, conf->conf_commands) != NGX_OK) {
3bff3f397c05 SSL: ssl_conf_command directive. Maxim Dounin <mdounin@mdounin.ru> parents: 7567 diff changeset	540 return NGX_CONF_ERROR;
3bff3f397c05 SSL: ssl_conf_command directive. Maxim Dounin <mdounin@mdounin.ru> parents: 7567 diff changeset	541 }
3bff3f397c05 SSL: ssl_conf_command directive. Maxim Dounin <mdounin@mdounin.ru> parents: 7567 diff changeset	542
539 371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	543 return NGX_CONF_OK;
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	544 }
563 9c2f3ed7a247 nginx-0.3.3-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 547 diff changeset	545
577 4d9ea73a627a nginx-0.3.10-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 573 diff changeset	546
976 b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	547 static char *
2224 109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	548 ngx_mail_ssl_enable(ngx_conf_t cf, ngx_command_t cmd, void *conf)
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	549 {
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	550 ngx_mail_ssl_conf_t *scf = conf;
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	551
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	552 char *rv;
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	553
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	554 rv = ngx_conf_set_flag_slot(cf, cmd, conf);
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	555
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	556 if (rv != NGX_CONF_OK) {
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	557 return rv;
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	558 }
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	559
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	560 if (scf->enable && (ngx_int_t) scf->starttls > NGX_MAIL_STARTTLS_OFF) {
6699 9cf2dce316e5 Fixed log levels of configuration parsing errors. Valentin Bartenev <vbart@nginx.com> parents: 6591 diff changeset	561 ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
2224 109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	562 "\"starttls\" directive conflicts with \"ssl on\"");
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	563 return NGX_CONF_ERROR;
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	564 }
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	565
7269 7f955d3b9a0d SSL: detect "listen ... ssl" without certificates (ticket #178). Maxim Dounin <mdounin@mdounin.ru> parents: 7268 diff changeset	566 if (!scf->listen) {
7f955d3b9a0d SSL: detect "listen ... ssl" without certificates (ticket #178). Maxim Dounin <mdounin@mdounin.ru> parents: 7268 diff changeset	567 scf->file = cf->conf_file->file.name.data;
7f955d3b9a0d SSL: detect "listen ... ssl" without certificates (ticket #178). Maxim Dounin <mdounin@mdounin.ru> parents: 7268 diff changeset	568 scf->line = cf->conf_file->line;
7f955d3b9a0d SSL: detect "listen ... ssl" without certificates (ticket #178). Maxim Dounin <mdounin@mdounin.ru> parents: 7268 diff changeset	569 }
2224 109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	570
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	571 return NGX_CONF_OK;
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	572 }
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	573
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	574
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	575 static char *
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	576 ngx_mail_ssl_starttls(ngx_conf_t cf, ngx_command_t cmd, void *conf)
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	577 {
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	578 ngx_mail_ssl_conf_t *scf = conf;
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	579
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	580 char *rv;
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	581
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	582 rv = ngx_conf_set_enum_slot(cf, cmd, conf);
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	583
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	584 if (rv != NGX_CONF_OK) {
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	585 return rv;
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	586 }
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	587
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	588 if (scf->enable == 1 && (ngx_int_t) scf->starttls > NGX_MAIL_STARTTLS_OFF) {
6699 9cf2dce316e5 Fixed log levels of configuration parsing errors. Valentin Bartenev <vbart@nginx.com> parents: 6591 diff changeset	589 ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
2224 109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	590 "\"ssl\" directive conflicts with \"starttls\"");
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	591 return NGX_CONF_ERROR;
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	592 }
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	593
7269 7f955d3b9a0d SSL: detect "listen ... ssl" without certificates (ticket #178). Maxim Dounin <mdounin@mdounin.ru> parents: 7268 diff changeset	594 if (!scf->listen) {
7f955d3b9a0d SSL: detect "listen ... ssl" without certificates (ticket #178). Maxim Dounin <mdounin@mdounin.ru> parents: 7268 diff changeset	595 scf->file = cf->conf_file->file.name.data;
7f955d3b9a0d SSL: detect "listen ... ssl" without certificates (ticket #178). Maxim Dounin <mdounin@mdounin.ru> parents: 7268 diff changeset	596 scf->line = cf->conf_file->line;
7f955d3b9a0d SSL: detect "listen ... ssl" without certificates (ticket #178). Maxim Dounin <mdounin@mdounin.ru> parents: 7268 diff changeset	597 }
2224 109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	598
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	599 return NGX_CONF_OK;
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	600 }
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	601
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	602
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	603 static char *
5744 42114bf12da0 SSL: the "ssl_password_file" directive. Valentin Bartenev <vbart@nginx.com> parents: 5503 diff changeset	604 ngx_mail_ssl_password_file(ngx_conf_t cf, ngx_command_t cmd, void *conf)
42114bf12da0 SSL: the "ssl_password_file" directive. Valentin Bartenev <vbart@nginx.com> parents: 5503 diff changeset	605 {
42114bf12da0 SSL: the "ssl_password_file" directive. Valentin Bartenev <vbart@nginx.com> parents: 5503 diff changeset	606 ngx_mail_ssl_conf_t *scf = conf;
42114bf12da0 SSL: the "ssl_password_file" directive. Valentin Bartenev <vbart@nginx.com> parents: 5503 diff changeset	607
42114bf12da0 SSL: the "ssl_password_file" directive. Valentin Bartenev <vbart@nginx.com> parents: 5503 diff changeset	608 ngx_str_t *value;
42114bf12da0 SSL: the "ssl_password_file" directive. Valentin Bartenev <vbart@nginx.com> parents: 5503 diff changeset	609
42114bf12da0 SSL: the "ssl_password_file" directive. Valentin Bartenev <vbart@nginx.com> parents: 5503 diff changeset	610 if (scf->passwords != NGX_CONF_UNSET_PTR) {
42114bf12da0 SSL: the "ssl_password_file" directive. Valentin Bartenev <vbart@nginx.com> parents: 5503 diff changeset	611 return "is duplicate";
42114bf12da0 SSL: the "ssl_password_file" directive. Valentin Bartenev <vbart@nginx.com> parents: 5503 diff changeset	612 }
42114bf12da0 SSL: the "ssl_password_file" directive. Valentin Bartenev <vbart@nginx.com> parents: 5503 diff changeset	613
42114bf12da0 SSL: the "ssl_password_file" directive. Valentin Bartenev <vbart@nginx.com> parents: 5503 diff changeset	614 value = cf->args->elts;
42114bf12da0 SSL: the "ssl_password_file" directive. Valentin Bartenev <vbart@nginx.com> parents: 5503 diff changeset	615
42114bf12da0 SSL: the "ssl_password_file" directive. Valentin Bartenev <vbart@nginx.com> parents: 5503 diff changeset	616 scf->passwords = ngx_ssl_read_password_file(cf, &value[1]);
42114bf12da0 SSL: the "ssl_password_file" directive. Valentin Bartenev <vbart@nginx.com> parents: 5503 diff changeset	617
42114bf12da0 SSL: the "ssl_password_file" directive. Valentin Bartenev <vbart@nginx.com> parents: 5503 diff changeset	618 if (scf->passwords == NULL) {
42114bf12da0 SSL: the "ssl_password_file" directive. Valentin Bartenev <vbart@nginx.com> parents: 5503 diff changeset	619 return NGX_CONF_ERROR;
42114bf12da0 SSL: the "ssl_password_file" directive. Valentin Bartenev <vbart@nginx.com> parents: 5503 diff changeset	620 }
42114bf12da0 SSL: the "ssl_password_file" directive. Valentin Bartenev <vbart@nginx.com> parents: 5503 diff changeset	621
42114bf12da0 SSL: the "ssl_password_file" directive. Valentin Bartenev <vbart@nginx.com> parents: 5503 diff changeset	622 return NGX_CONF_OK;
42114bf12da0 SSL: the "ssl_password_file" directive. Valentin Bartenev <vbart@nginx.com> parents: 5503 diff changeset	623 }
42114bf12da0 SSL: the "ssl_password_file" directive. Valentin Bartenev <vbart@nginx.com> parents: 5503 diff changeset	624
42114bf12da0 SSL: the "ssl_password_file" directive. Valentin Bartenev <vbart@nginx.com> parents: 5503 diff changeset	625
42114bf12da0 SSL: the "ssl_password_file" directive. Valentin Bartenev <vbart@nginx.com> parents: 5503 diff changeset	626 static char *
1136 68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	627 ngx_mail_ssl_session_cache(ngx_conf_t cf, ngx_command_t cmd, void *conf)
976 b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	628 {
1136 68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	629 ngx_mail_ssl_conf_t *scf = conf;
976 b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	630
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	631 size_t len;
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	632 ngx_str_t *value, name, size;
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	633 ngx_int_t n;
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	634 ngx_uint_t i, j;
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	635
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	636 value = cf->args->elts;
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	637
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	638 for (i = 1; i < cf->args->nelts; i++) {
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	639
1778 14510c3cc6cb ssl_session_cache off Igor Sysoev <igor@sysoev.ru> parents: 1487 diff changeset	640 if (ngx_strcmp(value[i].data, "off") == 0) {
14510c3cc6cb ssl_session_cache off Igor Sysoev <igor@sysoev.ru> parents: 1487 diff changeset	641 scf->builtin_session_cache = NGX_SSL_NO_SCACHE;
14510c3cc6cb ssl_session_cache off Igor Sysoev <igor@sysoev.ru> parents: 1487 diff changeset	642 continue;
14510c3cc6cb ssl_session_cache off Igor Sysoev <igor@sysoev.ru> parents: 1487 diff changeset	643 }
14510c3cc6cb ssl_session_cache off Igor Sysoev <igor@sysoev.ru> parents: 1487 diff changeset	644
2032 12b3ad3353f9 ssl_session_cache none Igor Sysoev <igor@sysoev.ru> parents: 1778 diff changeset	645 if (ngx_strcmp(value[i].data, "none") == 0) {
12b3ad3353f9 ssl_session_cache none Igor Sysoev <igor@sysoev.ru> parents: 1778 diff changeset	646 scf->builtin_session_cache = NGX_SSL_NONE_SCACHE;
12b3ad3353f9 ssl_session_cache none Igor Sysoev <igor@sysoev.ru> parents: 1778 diff changeset	647 continue;
12b3ad3353f9 ssl_session_cache none Igor Sysoev <igor@sysoev.ru> parents: 1778 diff changeset	648 }
12b3ad3353f9 ssl_session_cache none Igor Sysoev <igor@sysoev.ru> parents: 1778 diff changeset	649
976 b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	650 if (ngx_strcmp(value[i].data, "builtin") == 0) {
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	651 scf->builtin_session_cache = NGX_SSL_DFLT_BUILTIN_SCACHE;
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	652 continue;
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	653 }
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	654
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	655 if (value[i].len > sizeof("builtin:") - 1
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	656 && ngx_strncmp(value[i].data, "builtin:", sizeof("builtin:") - 1)
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	657 == 0)
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	658 {
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	659 n = ngx_atoi(value[i].data + sizeof("builtin:") - 1,
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	660 value[i].len - (sizeof("builtin:") - 1));
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	661
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	662 if (n == NGX_ERROR) {
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	663 goto invalid;
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	664 }
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	665
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	666 scf->builtin_session_cache = n;
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	667
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	668 continue;
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	669 }
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	670
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	671 if (value[i].len > sizeof("shared:") - 1
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	672 && ngx_strncmp(value[i].data, "shared:", sizeof("shared:") - 1)
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	673 == 0)
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	674 {
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	675 len = 0;
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	676
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	677 for (j = sizeof("shared:") - 1; j < value[i].len; j++) {
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	678 if (value[i].data[j] == ':') {
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	679 break;
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	680 }
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	681
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	682 len++;
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	683 }
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	684
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	685 if (len == 0) {
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	686 goto invalid;
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	687 }
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	688
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	689 name.len = len;
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	690 name.data = value[i].data + sizeof("shared:") - 1;
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	691
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	692 size.len = value[i].len - j - 1;
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	693 size.data = name.data + len + 1;
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	694
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	695 n = ngx_parse_size(&size);
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	696
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	697 if (n == NGX_ERROR) {
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	698 goto invalid;
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	699 }
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	700
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	701 if (n < (ngx_int_t) (8 * ngx_pagesize)) {
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	702 ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	703 "session cache \"%V\" is too small",
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	704 &value[i]);
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	705
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	706 return NGX_CONF_ERROR;
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	707 }
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	708
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	709 scf->shm_zone = ngx_shared_memory_add(cf, &name, n,
1136 68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	710 &ngx_mail_ssl_module);
976 b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	711 if (scf->shm_zone == NULL) {
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	712 return NGX_CONF_ERROR;
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	713 }
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	714
4153 7de74ed694c8 Fix for "ssl_session_cache builtin" (broken since 1.1.1, r3993). Maxim Dounin <mdounin@mdounin.ru> parents: 3992 diff changeset	715 scf->shm_zone->init = ngx_ssl_session_cache_init;
7de74ed694c8 Fix for "ssl_session_cache builtin" (broken since 1.1.1, r3993). Maxim Dounin <mdounin@mdounin.ru> parents: 3992 diff changeset	716
976 b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	717 continue;
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	718 }
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	719
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	720 goto invalid;
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	721 }
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	722
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	723 if (scf->shm_zone && scf->builtin_session_cache == NGX_CONF_UNSET) {
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	724 scf->builtin_session_cache = NGX_SSL_NO_BUILTIN_SCACHE;
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	725 }
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	726
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	727 return NGX_CONF_OK;
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	728
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	729 invalid:
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	730
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	731 ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	732 "invalid session cache \"%V\"", &value[i]);
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	733
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	734 return NGX_CONF_ERROR;
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	735 }
7729 3bff3f397c05 SSL: ssl_conf_command directive. Maxim Dounin <mdounin@mdounin.ru> parents: 7567 diff changeset	736
3bff3f397c05 SSL: ssl_conf_command directive. Maxim Dounin <mdounin@mdounin.ru> parents: 7567 diff changeset	737
3bff3f397c05 SSL: ssl_conf_command directive. Maxim Dounin <mdounin@mdounin.ru> parents: 7567 diff changeset	738 static char *
3bff3f397c05 SSL: ssl_conf_command directive. Maxim Dounin <mdounin@mdounin.ru> parents: 7567 diff changeset	739 ngx_mail_ssl_conf_command_check(ngx_conf_t cf, void post, void *data)
3bff3f397c05 SSL: ssl_conf_command directive. Maxim Dounin <mdounin@mdounin.ru> parents: 7567 diff changeset	740 {
3bff3f397c05 SSL: ssl_conf_command directive. Maxim Dounin <mdounin@mdounin.ru> parents: 7567 diff changeset	741 #ifndef SSL_CONF_FLAG_FILE
3bff3f397c05 SSL: ssl_conf_command directive. Maxim Dounin <mdounin@mdounin.ru> parents: 7567 diff changeset	742 return "is not supported on this platform";
7787 7ce28b4cc57e SSL: fixed build by Sun C with old OpenSSL versions. Maxim Dounin <mdounin@mdounin.ru> parents: 7729 diff changeset	743 #else
7ce28b4cc57e SSL: fixed build by Sun C with old OpenSSL versions. Maxim Dounin <mdounin@mdounin.ru> parents: 7729 diff changeset	744 return NGX_CONF_OK;
7729 3bff3f397c05 SSL: ssl_conf_command directive. Maxim Dounin <mdounin@mdounin.ru> parents: 7567 diff changeset	745 #endif
3bff3f397c05 SSL: ssl_conf_command directive. Maxim Dounin <mdounin@mdounin.ru> parents: 7567 diff changeset	746 }

Mercurial > hg > nginx

annotate src/mail/ngx_mail_ssl_module.c @ 8042:c7e25324be11