Mercurial > hg > nginx-quic
comparison src/event/ngx_event_openssl.c @ 6591:04d8d1f85649
SSL: ngx_ssl_ciphers() to set list of ciphers.
This patch moves various OpenSSL-specific function calls into the
OpenSSL module and introduces ngx_ssl_ciphers() to make nginx more
crypto-library-agnostic.
author | Tim Taubert <tim@timtaubert.de> |
---|---|
date | Wed, 15 Jun 2016 21:05:30 +0100 |
parents | 1aa9650a8154 |
children | 1891b2892b68 |
comparison
equal
deleted
inserted
replaced
6590:d375f4210e41 | 6591:04d8d1f85649 |
---|---|
586 } | 586 } |
587 | 587 |
588 ngx_memcpy(buf, pwd->data, size); | 588 ngx_memcpy(buf, pwd->data, size); |
589 | 589 |
590 return size; | 590 return size; |
591 } | |
592 | |
593 | |
594 ngx_int_t | |
595 ngx_ssl_ciphers(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *ciphers, | |
596 ngx_uint_t prefer_server_ciphers) | |
597 { | |
598 if (SSL_CTX_set_cipher_list(ssl->ctx, (char *) ciphers->data) == 0) { | |
599 ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0, | |
600 "SSL_CTX_set_cipher_list(\"%V\") failed", | |
601 ciphers); | |
602 return NGX_ERROR; | |
603 } | |
604 | |
605 if (prefer_server_ciphers) { | |
606 SSL_CTX_set_options(ssl->ctx, SSL_OP_CIPHER_SERVER_PREFERENCE); | |
607 } | |
608 | |
609 #if (OPENSSL_VERSION_NUMBER < 0x10100001L && !defined LIBRESSL_VERSION_NUMBER) | |
610 /* a temporary 512-bit RSA key is required for export versions of MSIE */ | |
611 SSL_CTX_set_tmp_rsa_callback(ssl->ctx, ngx_ssl_rsa512_key_callback); | |
612 #endif | |
613 | |
614 return NGX_OK; | |
591 } | 615 } |
592 | 616 |
593 | 617 |
594 ngx_int_t | 618 ngx_int_t |
595 ngx_ssl_client_certificate(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *cert, | 619 ngx_ssl_client_certificate(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *cert, |