Mercurial > hg > nginx
comparison src/mail/ngx_mail_ssl_module.c @ 3960:0832a6997227
ECDHE support
patch by Adrian Kotelba
| author | Igor Sysoev <igor@sysoev.ru> |
|---|---|
| date | Wed, 20 Jul 2011 15:42:40 +0000 |
| parents | b1f48fa31e6c |
| children | a1dd9dc754ab |
comparison
equal
deleted
inserted
replaced
| 3959:b1f48fa31e6c | 3960:0832a6997227 |
|---|---|
| 7 #include <ngx_config.h> | 7 #include <ngx_config.h> |
| 8 #include <ngx_core.h> | 8 #include <ngx_core.h> |
| 9 #include <ngx_mail.h> | 9 #include <ngx_mail.h> |
| 10 | 10 |
| 11 | 11 |
| 12 #define NGX_DEFAULT_CIPHERS "HIGH:!aNULL:!MD5" | 12 #define NGX_DEFAULT_CIPHERS "HIGH:!aNULL:!MD5" |
| 13 #define NGX_DEFAULT_ECDH_CURVE "prime256v1" | |
| 13 | 14 |
| 14 | 15 |
| 15 static void *ngx_mail_ssl_create_conf(ngx_conf_t *cf); | 16 static void *ngx_mail_ssl_create_conf(ngx_conf_t *cf); |
| 16 static char *ngx_mail_ssl_merge_conf(ngx_conf_t *cf, void *parent, void *child); | 17 static char *ngx_mail_ssl_merge_conf(ngx_conf_t *cf, void *parent, void *child); |
| 17 | 18 |
| 73 { ngx_string("ssl_dhparam"), | 74 { ngx_string("ssl_dhparam"), |
| 74 NGX_MAIL_MAIN_CONF|NGX_MAIL_SRV_CONF|NGX_CONF_TAKE1, | 75 NGX_MAIL_MAIN_CONF|NGX_MAIL_SRV_CONF|NGX_CONF_TAKE1, |
| 75 ngx_conf_set_str_slot, | 76 ngx_conf_set_str_slot, |
| 76 NGX_MAIL_SRV_CONF_OFFSET, | 77 NGX_MAIL_SRV_CONF_OFFSET, |
| 77 offsetof(ngx_mail_ssl_conf_t, dhparam), | 78 offsetof(ngx_mail_ssl_conf_t, dhparam), |
| 79 NULL }, | |
| 80 | |
| 81 { ngx_string("ssl_ecdh_curve"), | |
| 82 NGX_MAIL_MAIN_CONF|NGX_MAIL_SRV_CONF|NGX_CONF_TAKE1, | |
| 83 ngx_conf_set_str_slot, | |
| 84 NGX_MAIL_SRV_CONF_OFFSET, | |
| 85 offsetof(ngx_mail_ssl_conf_t, ecdh_curve), | |
| 78 NULL }, | 86 NULL }, |
| 79 | 87 |
| 80 { ngx_string("ssl_protocols"), | 88 { ngx_string("ssl_protocols"), |
| 81 NGX_MAIL_MAIN_CONF|NGX_MAIL_SRV_CONF|NGX_CONF_1MORE, | 89 NGX_MAIL_MAIN_CONF|NGX_MAIL_SRV_CONF|NGX_CONF_1MORE, |
| 82 ngx_conf_set_bitmask_slot, | 90 ngx_conf_set_bitmask_slot, |
| 161 * | 169 * |
| 162 * scf->protocols = 0; | 170 * scf->protocols = 0; |
| 163 * scf->certificate = { 0, NULL }; | 171 * scf->certificate = { 0, NULL }; |
| 164 * scf->certificate_key = { 0, NULL }; | 172 * scf->certificate_key = { 0, NULL }; |
| 165 * scf->dhparam = { 0, NULL }; | 173 * scf->dhparam = { 0, NULL }; |
| 174 * scf->ecdh_curve = { 0, NULL }; | |
| 166 * scf->ciphers = { 0, NULL }; | 175 * scf->ciphers = { 0, NULL }; |
| 167 * scf->shm_zone = NULL; | 176 * scf->shm_zone = NULL; |
| 168 */ | 177 */ |
| 169 | 178 |
| 170 scf->enable = NGX_CONF_UNSET; | 179 scf->enable = NGX_CONF_UNSET; |
| 201 | 210 |
| 202 ngx_conf_merge_str_value(conf->certificate, prev->certificate, ""); | 211 ngx_conf_merge_str_value(conf->certificate, prev->certificate, ""); |
| 203 ngx_conf_merge_str_value(conf->certificate_key, prev->certificate_key, ""); | 212 ngx_conf_merge_str_value(conf->certificate_key, prev->certificate_key, ""); |
| 204 | 213 |
| 205 ngx_conf_merge_str_value(conf->dhparam, prev->dhparam, ""); | 214 ngx_conf_merge_str_value(conf->dhparam, prev->dhparam, ""); |
| 215 | |
| 216 ngx_conf_merge_str_value(conf->ecdh_curve, prev->ecdh_curve, | |
| 217 NGX_DEFAULT_ECDH_CURVE); | |
| 206 | 218 |
| 207 ngx_conf_merge_str_value(conf->ciphers, prev->ciphers, NGX_DEFAULT_CIPHERS); | 219 ngx_conf_merge_str_value(conf->ciphers, prev->ciphers, NGX_DEFAULT_CIPHERS); |
| 208 | 220 |
| 209 | 221 |
| 210 conf->ssl.log = cf->log; | 222 conf->ssl.log = cf->log; |