Mercurial > hg > nginx-ranges

comparison src/mail/ngx_mail_ssl_module.c @ 410:a094317ba307 NGINX_0_7_14

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
nginx 0.7.14 *) Change: now the ssl_certificate and ssl_certificate_key directives have not default values. *) Feature: the "listen" directive supports the "ssl" parameter. *) Feature: now nginx takes into account a time zone change while reconfiguration on FreeBSD and Linux. *) Bugfix: the "listen" directive parameters such as "backlog", "rcvbuf", etc. were not set, if a default server was not the first one. *) Bugfix: if URI part captured by a "rewrite" directive was used as a query string, then the query string was not escaped. *) Bugfix: configuration file validity test improvements.
author Igor Sysoev <http://sysoev.ru>
date Mon, 01 Sep 2008 00:00:00 +0400
parents 0b6053502c55
children 392c16f2d858
comparison
equal deleted inserted replaced
409:d46814b99ca0 410:a094317ba307
7 #include <ngx_config.h> 7 #include <ngx_config.h>
8 #include <ngx_core.h> 8 #include <ngx_core.h>
9 #include <ngx_mail.h> 9 #include <ngx_mail.h>
10 10
11 11
12 #define NGX_DEFAULT_CERTIFICATE "cert.pem"
13 #define NGX_DEFAULT_CERTIFICATE_KEY "cert.pem"
14 #define NGX_DEFAULT_CIPHERS "ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP" 12 #define NGX_DEFAULT_CIPHERS "ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP"
15 13
16 14
17 static void *ngx_mail_ssl_create_conf(ngx_conf_t *cf); 15 static void *ngx_mail_ssl_create_conf(ngx_conf_t *cf);
18 static char *ngx_mail_ssl_merge_conf(ngx_conf_t *cf, void *parent, void *child); 16 static char *ngx_mail_ssl_merge_conf(ngx_conf_t *cf, void *parent, void *child);
17
18 static char *ngx_mail_ssl_enable(ngx_conf_t *cf, ngx_command_t *cmd,
19 void *conf);
20 static char *ngx_mail_ssl_starttls(ngx_conf_t *cf, ngx_command_t *cmd,
21 void *conf);
19 static char *ngx_mail_ssl_session_cache(ngx_conf_t *cf, ngx_command_t *cmd, 22 static char *ngx_mail_ssl_session_cache(ngx_conf_t *cf, ngx_command_t *cmd,
20 void *conf); 23 void *conf);
21 24
22 #if !defined (SSL_OP_CIPHER_SERVER_PREFERENCE) 25 #if !defined (SSL_OP_CIPHER_SERVER_PREFERENCE)
23 26
48 51
49 static ngx_command_t ngx_mail_ssl_commands[] = { 52 static ngx_command_t ngx_mail_ssl_commands[] = {
50 53
51 { ngx_string("ssl"), 54 { ngx_string("ssl"),
52 NGX_MAIL_MAIN_CONF|NGX_MAIL_SRV_CONF|NGX_CONF_FLAG, 55 NGX_MAIL_MAIN_CONF|NGX_MAIL_SRV_CONF|NGX_CONF_FLAG,
53 ngx_conf_set_flag_slot, 56 ngx_mail_ssl_enable,
54 NGX_MAIL_SRV_CONF_OFFSET, 57 NGX_MAIL_SRV_CONF_OFFSET,
55 offsetof(ngx_mail_ssl_conf_t, enable), 58 offsetof(ngx_mail_ssl_conf_t, enable),
56 NULL }, 59 NULL },
57 60
58 { ngx_string("starttls"), 61 { ngx_string("starttls"),
59 NGX_MAIL_MAIN_CONF|NGX_MAIL_SRV_CONF|NGX_CONF_TAKE1, 62 NGX_MAIL_MAIN_CONF|NGX_MAIL_SRV_CONF|NGX_CONF_TAKE1,
60 ngx_conf_set_enum_slot, 63 ngx_mail_ssl_starttls,
61 NGX_MAIL_SRV_CONF_OFFSET, 64 NGX_MAIL_SRV_CONF_OFFSET,
62 offsetof(ngx_mail_ssl_conf_t, starttls), 65 offsetof(ngx_mail_ssl_conf_t, starttls),
63 ngx_http_starttls_state }, 66 ngx_http_starttls_state },
64 67
65 { ngx_string("ssl_certificate"), 68 { ngx_string("ssl_certificate"),
192 ngx_mail_ssl_merge_conf(ngx_conf_t *cf, void *parent, void *child) 195 ngx_mail_ssl_merge_conf(ngx_conf_t *cf, void *parent, void *child)
193 { 196 {
194 ngx_mail_ssl_conf_t *prev = parent; 197 ngx_mail_ssl_conf_t *prev = parent;
195 ngx_mail_ssl_conf_t *conf = child; 198 ngx_mail_ssl_conf_t *conf = child;
196 199
200 char *mode;
197 ngx_pool_cleanup_t *cln; 201 ngx_pool_cleanup_t *cln;
198 202
199 ngx_conf_merge_value(conf->enable, prev->enable, 0); 203 ngx_conf_merge_value(conf->enable, prev->enable, 0);
200 ngx_conf_merge_value(conf->starttls, prev->starttls, NGX_MAIL_STARTTLS_OFF); 204 ngx_conf_merge_uint_value(conf->starttls, prev->starttls,
201 205 NGX_MAIL_STARTTLS_OFF);
202 if (conf->enable == 0 && conf->starttls == NGX_MAIL_STARTTLS_OFF) {
203 return NGX_CONF_OK;
204 }
205 206
206 ngx_conf_merge_value(conf->session_timeout, 207 ngx_conf_merge_value(conf->session_timeout,
207 prev->session_timeout, 300); 208 prev->session_timeout, 300);
208 209
209 ngx_conf_merge_value(conf->prefer_server_ciphers, 210 ngx_conf_merge_value(conf->prefer_server_ciphers,
211 212
212 ngx_conf_merge_bitmask_value(conf->protocols, prev->protocols, 213 ngx_conf_merge_bitmask_value(conf->protocols, prev->protocols,
213 (NGX_CONF_BITMASK_SET 214 (NGX_CONF_BITMASK_SET
214 |NGX_SSL_SSLv2|NGX_SSL_SSLv3|NGX_SSL_TLSv1)); 215 |NGX_SSL_SSLv2|NGX_SSL_SSLv3|NGX_SSL_TLSv1));
215 216
216 ngx_conf_merge_str_value(conf->certificate, prev->certificate, 217 ngx_conf_merge_str_value(conf->certificate, prev->certificate, "");
217 NGX_DEFAULT_CERTIFICATE); 218 ngx_conf_merge_str_value(conf->certificate_key, prev->certificate_key, "");
218
219 ngx_conf_merge_str_value(conf->certificate_key, prev->certificate_key,
220 NGX_DEFAULT_CERTIFICATE_KEY);
221 219
222 ngx_conf_merge_str_value(conf->dhparam, prev->dhparam, ""); 220 ngx_conf_merge_str_value(conf->dhparam, prev->dhparam, "");
223 221
224 ngx_conf_merge_str_value(conf->ciphers, prev->ciphers, NGX_DEFAULT_CIPHERS); 222 ngx_conf_merge_str_value(conf->ciphers, prev->ciphers, NGX_DEFAULT_CIPHERS);
225 223
226 224
227 conf->ssl.log = cf->log; 225 conf->ssl.log = cf->log;
226
227 if (conf->enable) {
228 mode = "ssl";
229
230 } else if (conf->starttls != NGX_MAIL_STARTTLS_OFF) {
231 mode = "starttls";
232
233 } else {
234 mode = "";
235 }
236
237 if (*mode) {
238
239 if (conf->certificate.len == 0) {
240 ngx_log_error(NGX_LOG_EMERG, cf->log, 0,
241 "no \"ssl_certificate\" is defined for "
242 "the \"%s\" directive in %s:%ui",
243 mode, conf->file, conf->line);
244 return NGX_CONF_ERROR;
245 }
246
247 if (conf->certificate_key.len == 0) {
248 ngx_log_error(NGX_LOG_EMERG, cf->log, 0,
249 "no \"ssl_certificate_key\" is defined for "
250 "the \"%s\" directive in %s:%ui",
251 mode, conf->file, conf->line);
252 return NGX_CONF_ERROR;
253 }
254
255 } else {
256
257 if (conf->certificate.len == 0) {
258 return NGX_CONF_OK;
259 }
260
261 if (conf->certificate_key.len == 0) {
262 ngx_log_error(NGX_LOG_EMERG, cf->log, 0,
263 "no \"ssl_certificate_key\" is defined "
264 "for certificate \"%V\"",
265 &conf->certificate);
266 return NGX_CONF_ERROR;
267 }
268 }
228 269
229 if (ngx_ssl_create(&conf->ssl, conf->protocols, NULL) != NGX_OK) { 270 if (ngx_ssl_create(&conf->ssl, conf->protocols, NULL) != NGX_OK) {
230 return NGX_CONF_ERROR; 271 return NGX_CONF_ERROR;
231 } 272 }
232 273
290 return NGX_CONF_OK; 331 return NGX_CONF_OK;
291 } 332 }
292 333
293 334
294 static char * 335 static char *
336 ngx_mail_ssl_enable(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
337 {
338 ngx_mail_ssl_conf_t *scf = conf;
339
340 char *rv;
341
342 rv = ngx_conf_set_flag_slot(cf, cmd, conf);
343
344 if (rv != NGX_CONF_OK) {
345 return rv;
346 }
347
348 if (scf->enable && (ngx_int_t) scf->starttls > NGX_MAIL_STARTTLS_OFF) {
349 ngx_conf_log_error(NGX_LOG_WARN, cf, 0,
350 "\"starttls\" directive conflicts with \"ssl on\"");
351 return NGX_CONF_ERROR;
352 }
353
354 scf->file = cf->conf_file->file.name.data;
355 scf->line = cf->conf_file->line;
356
357 return NGX_CONF_OK;
358 }
359
360
361 static char *
362 ngx_mail_ssl_starttls(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
363 {
364 ngx_mail_ssl_conf_t *scf = conf;
365
366 char *rv;
367
368 rv = ngx_conf_set_enum_slot(cf, cmd, conf);
369
370 if (rv != NGX_CONF_OK) {
371 return rv;
372 }
373
374 if (scf->enable == 1 && (ngx_int_t) scf->starttls > NGX_MAIL_STARTTLS_OFF) {
375 ngx_conf_log_error(NGX_LOG_WARN, cf, 0,
376 "\"ssl\" directive conflicts with \"starttls\"");
377 return NGX_CONF_ERROR;
378 }
379
380 scf->file = cf->conf_file->file.name.data;
381 scf->line = cf->conf_file->line;
382
383 return NGX_CONF_OK;
384 }
385
386
387 static char *
295 ngx_mail_ssl_session_cache(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) 388 ngx_mail_ssl_session_cache(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
296 { 389 {
297 ngx_mail_ssl_conf_t *scf = conf; 390 ngx_mail_ssl_conf_t *scf = conf;
298 391
299 size_t len; 392 size_t len;