Mercurial > hg > nginx
comparison src/mail/ngx_mail_ssl_module.c @ 6591:04d8d1f85649
SSL: ngx_ssl_ciphers() to set list of ciphers.
This patch moves various OpenSSL-specific function calls into the
OpenSSL module and introduces ngx_ssl_ciphers() to make nginx more
crypto-library-agnostic.
| author | Tim Taubert <tim@timtaubert.de> |
|---|---|
| date | Wed, 15 Jun 2016 21:05:30 +0100 |
| parents | 2014ed60f17f |
| children | 9cf2dce316e5 |
comparison
equal
deleted
inserted
replaced
| 6590:d375f4210e41 | 6591:04d8d1f85649 |
|---|---|
| 420 if (ngx_ssl_crl(cf, &conf->ssl, &conf->crl) != NGX_OK) { | 420 if (ngx_ssl_crl(cf, &conf->ssl, &conf->crl) != NGX_OK) { |
| 421 return NGX_CONF_ERROR; | 421 return NGX_CONF_ERROR; |
| 422 } | 422 } |
| 423 } | 423 } |
| 424 | 424 |
| 425 if (SSL_CTX_set_cipher_list(conf->ssl.ctx, | 425 if (ngx_ssl_ciphers(cf, &conf->ssl, &conf->ciphers, |
| 426 (const char *) conf->ciphers.data) | 426 conf->prefer_server_ciphers) |
| 427 == 0) | 427 != NGX_OK) |
| 428 { | 428 { |
| 429 ngx_ssl_error(NGX_LOG_EMERG, cf->log, 0, | 429 return NGX_CONF_ERROR; |
| 430 "SSL_CTX_set_cipher_list(\"%V\") failed", | 430 } |
| 431 &conf->ciphers); | |
| 432 return NGX_CONF_ERROR; | |
| 433 } | |
| 434 | |
| 435 if (conf->prefer_server_ciphers) { | |
| 436 SSL_CTX_set_options(conf->ssl.ctx, SSL_OP_CIPHER_SERVER_PREFERENCE); | |
| 437 } | |
| 438 | |
| 439 #if (OPENSSL_VERSION_NUMBER < 0x10100001L && !defined LIBRESSL_VERSION_NUMBER) | |
| 440 SSL_CTX_set_tmp_rsa_callback(conf->ssl.ctx, ngx_ssl_rsa512_key_callback); | |
| 441 #endif | |
| 442 | 431 |
| 443 if (ngx_ssl_dhparam(cf, &conf->ssl, &conf->dhparam) != NGX_OK) { | 432 if (ngx_ssl_dhparam(cf, &conf->ssl, &conf->dhparam) != NGX_OK) { |
| 444 return NGX_CONF_ERROR; | 433 return NGX_CONF_ERROR; |
| 445 } | 434 } |
| 446 | 435 |