Mercurial > hg > nginx
comparison src/mail/ngx_mail_ssl_module.c @ 6591:04d8d1f85649
SSL: ngx_ssl_ciphers() to set list of ciphers.
This patch moves various OpenSSL-specific function calls into the
OpenSSL module and introduces ngx_ssl_ciphers() to make nginx more
crypto-library-agnostic.
author | Tim Taubert <tim@timtaubert.de> |
---|---|
date | Wed, 15 Jun 2016 21:05:30 +0100 |
parents | 2014ed60f17f |
children | 9cf2dce316e5 |
comparison
equal
deleted
inserted
replaced
6590:d375f4210e41 | 6591:04d8d1f85649 |
---|---|
420 if (ngx_ssl_crl(cf, &conf->ssl, &conf->crl) != NGX_OK) { | 420 if (ngx_ssl_crl(cf, &conf->ssl, &conf->crl) != NGX_OK) { |
421 return NGX_CONF_ERROR; | 421 return NGX_CONF_ERROR; |
422 } | 422 } |
423 } | 423 } |
424 | 424 |
425 if (SSL_CTX_set_cipher_list(conf->ssl.ctx, | 425 if (ngx_ssl_ciphers(cf, &conf->ssl, &conf->ciphers, |
426 (const char *) conf->ciphers.data) | 426 conf->prefer_server_ciphers) |
427 == 0) | 427 != NGX_OK) |
428 { | 428 { |
429 ngx_ssl_error(NGX_LOG_EMERG, cf->log, 0, | 429 return NGX_CONF_ERROR; |
430 "SSL_CTX_set_cipher_list(\"%V\") failed", | 430 } |
431 &conf->ciphers); | |
432 return NGX_CONF_ERROR; | |
433 } | |
434 | |
435 if (conf->prefer_server_ciphers) { | |
436 SSL_CTX_set_options(conf->ssl.ctx, SSL_OP_CIPHER_SERVER_PREFERENCE); | |
437 } | |
438 | |
439 #if (OPENSSL_VERSION_NUMBER < 0x10100001L && !defined LIBRESSL_VERSION_NUMBER) | |
440 SSL_CTX_set_tmp_rsa_callback(conf->ssl.ctx, ngx_ssl_rsa512_key_callback); | |
441 #endif | |
442 | 431 |
443 if (ngx_ssl_dhparam(cf, &conf->ssl, &conf->dhparam) != NGX_OK) { | 432 if (ngx_ssl_dhparam(cf, &conf->ssl, &conf->dhparam) != NGX_OK) { |
444 return NGX_CONF_ERROR; | 433 return NGX_CONF_ERROR; |
445 } | 434 } |
446 | 435 |