Mercurial > hg > nginx-quic
comparison src/mail/ngx_mail_ssl_module.c @ 8578:419c066cb710
SSL: ciphers now set before loading certificates (ticket #2035).
To load old/weak server or client certificates it might be needed to adjust
the security level, as introduced in OpenSSL 1.1.0. This change ensures that
ciphers are set before loading the certificates, so security level changes
via the cipher string apply to certificate loading.
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Mon, 16 Aug 2021 22:40:31 +0300 |
parents | 7ce28b4cc57e |
children | dc955d274130 |
comparison
equal
deleted
inserted
replaced
8577:f2ddd0c491bf | 8578:419c066cb710 |
---|---|
392 } | 392 } |
393 | 393 |
394 cln->handler = ngx_ssl_cleanup_ctx; | 394 cln->handler = ngx_ssl_cleanup_ctx; |
395 cln->data = &conf->ssl; | 395 cln->data = &conf->ssl; |
396 | 396 |
397 if (ngx_ssl_ciphers(cf, &conf->ssl, &conf->ciphers, | |
398 conf->prefer_server_ciphers) | |
399 != NGX_OK) | |
400 { | |
401 return NGX_CONF_ERROR; | |
402 } | |
403 | |
397 if (ngx_ssl_certificates(cf, &conf->ssl, conf->certificates, | 404 if (ngx_ssl_certificates(cf, &conf->ssl, conf->certificates, |
398 conf->certificate_keys, conf->passwords) | 405 conf->certificate_keys, conf->passwords) |
399 != NGX_OK) | 406 != NGX_OK) |
400 { | 407 { |
401 return NGX_CONF_ERROR; | 408 return NGX_CONF_ERROR; |
426 } | 433 } |
427 | 434 |
428 if (ngx_ssl_crl(cf, &conf->ssl, &conf->crl) != NGX_OK) { | 435 if (ngx_ssl_crl(cf, &conf->ssl, &conf->crl) != NGX_OK) { |
429 return NGX_CONF_ERROR; | 436 return NGX_CONF_ERROR; |
430 } | 437 } |
431 } | |
432 | |
433 if (ngx_ssl_ciphers(cf, &conf->ssl, &conf->ciphers, | |
434 conf->prefer_server_ciphers) | |
435 != NGX_OK) | |
436 { | |
437 return NGX_CONF_ERROR; | |
438 } | 438 } |
439 | 439 |
440 if (ngx_ssl_dhparam(cf, &conf->ssl, &conf->dhparam) != NGX_OK) { | 440 if (ngx_ssl_dhparam(cf, &conf->ssl, &conf->dhparam) != NGX_OK) { |
441 return NGX_CONF_ERROR; | 441 return NGX_CONF_ERROR; |
442 } | 442 } |