Mercurial > hg > nginx-quic

comparison src/mail/ngx_mail_ssl_module.c @ 8578:419c066cb710

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
SSL: ciphers now set before loading certificates (ticket #2035). To load old/weak server or client certificates it might be needed to adjust the security level, as introduced in OpenSSL 1.1.0. This change ensures that ciphers are set before loading the certificates, so security level changes via the cipher string apply to certificate loading.
author Maxim Dounin <mdounin@mdounin.ru>
date Mon, 16 Aug 2021 22:40:31 +0300
parents 7ce28b4cc57e
children dc955d274130
comparison
equal deleted inserted replaced
8577:f2ddd0c491bf 8578:419c066cb710
392 } 392 }
393 393
394 cln->handler = ngx_ssl_cleanup_ctx; 394 cln->handler = ngx_ssl_cleanup_ctx;
395 cln->data = &conf->ssl; 395 cln->data = &conf->ssl;
396 396
397 if (ngx_ssl_ciphers(cf, &conf->ssl, &conf->ciphers,
398 conf->prefer_server_ciphers)
399 != NGX_OK)
400 {
401 return NGX_CONF_ERROR;
402 }
403
397 if (ngx_ssl_certificates(cf, &conf->ssl, conf->certificates, 404 if (ngx_ssl_certificates(cf, &conf->ssl, conf->certificates,
398 conf->certificate_keys, conf->passwords) 405 conf->certificate_keys, conf->passwords)
399 != NGX_OK) 406 != NGX_OK)
400 { 407 {
401 return NGX_CONF_ERROR; 408 return NGX_CONF_ERROR;
426 } 433 }
427 434
428 if (ngx_ssl_crl(cf, &conf->ssl, &conf->crl) != NGX_OK) { 435 if (ngx_ssl_crl(cf, &conf->ssl, &conf->crl) != NGX_OK) {
429 return NGX_CONF_ERROR; 436 return NGX_CONF_ERROR;
430 } 437 }
431 }
432
433 if (ngx_ssl_ciphers(cf, &conf->ssl, &conf->ciphers,
434 conf->prefer_server_ciphers)
435 != NGX_OK)
436 {
437 return NGX_CONF_ERROR;
438 } 438 }
439 439
440 if (ngx_ssl_dhparam(cf, &conf->ssl, &conf->dhparam) != NGX_OK) { 440 if (ngx_ssl_dhparam(cf, &conf->ssl, &conf->dhparam) != NGX_OK) {
441 return NGX_CONF_ERROR; 441 return NGX_CONF_ERROR;
442 } 442 }