Mercurial > hg > nginx-ranges
comparison src/imap/ngx_imap_ssl_module.c @ 88:e916a291e9aa NGINX_0_1_44
nginx 0.1.44
*) Feature: the IMAP/POP3 proxy supports SSL.
*) Feature: the "proxy_timeout" directive of the ngx_imap_proxy_module.
*) Feature: the "userid_mark" directive.
*) Feature: the $remote_user variable value is determined independently
of authorization use.
author | Igor Sysoev <http://sysoev.ru> |
---|---|
date | Tue, 06 Sep 2005 00:00:00 +0400 |
parents | |
children | 71c46860eb55 |
comparison
equal
deleted
inserted
replaced
87:5b7ec80c3c40 | 88:e916a291e9aa |
---|---|
1 | |
2 /* | |
3 * Copyright (C) Igor Sysoev | |
4 */ | |
5 | |
6 | |
7 #include <ngx_config.h> | |
8 #include <ngx_core.h> | |
9 #include <ngx_imap.h> | |
10 | |
11 | |
12 #define NGX_DEFLAUT_CERTIFICATE "cert.pem" | |
13 #define NGX_DEFLAUT_CERTIFICATE_KEY "cert.pem" | |
14 | |
15 | |
16 static void *ngx_imap_ssl_create_conf(ngx_conf_t *cf); | |
17 static char *ngx_imap_ssl_merge_conf(ngx_conf_t *cf, void *parent, void *child); | |
18 | |
19 | |
20 static ngx_command_t ngx_imap_ssl_commands[] = { | |
21 | |
22 { ngx_string("ssl"), | |
23 NGX_IMAP_MAIN_CONF|NGX_IMAP_SRV_CONF|NGX_CONF_FLAG, | |
24 ngx_conf_set_flag_slot, | |
25 NGX_IMAP_SRV_CONF_OFFSET, | |
26 offsetof(ngx_imap_ssl_conf_t, enable), | |
27 NULL }, | |
28 | |
29 { ngx_string("ssl_certificate"), | |
30 NGX_IMAP_MAIN_CONF|NGX_IMAP_SRV_CONF|NGX_CONF_TAKE1, | |
31 ngx_conf_set_str_slot, | |
32 NGX_IMAP_SRV_CONF_OFFSET, | |
33 offsetof(ngx_imap_ssl_conf_t, certificate), | |
34 NULL }, | |
35 | |
36 { ngx_string("ssl_certificate_key"), | |
37 NGX_IMAP_MAIN_CONF|NGX_IMAP_SRV_CONF|NGX_CONF_TAKE1, | |
38 ngx_conf_set_str_slot, | |
39 NGX_IMAP_SRV_CONF_OFFSET, | |
40 offsetof(ngx_imap_ssl_conf_t, certificate_key), | |
41 NULL }, | |
42 | |
43 { ngx_string("ssl_ciphers"), | |
44 NGX_IMAP_MAIN_CONF|NGX_IMAP_SRV_CONF|NGX_CONF_TAKE1, | |
45 ngx_conf_set_str_slot, | |
46 NGX_IMAP_SRV_CONF_OFFSET, | |
47 offsetof(ngx_imap_ssl_conf_t, ciphers), | |
48 NULL }, | |
49 | |
50 ngx_null_command | |
51 }; | |
52 | |
53 | |
54 static ngx_imap_module_t ngx_imap_ssl_module_ctx = { | |
55 NULL, /* create main configuration */ | |
56 NULL, /* init main configuration */ | |
57 | |
58 ngx_imap_ssl_create_conf, /* create server configuration */ | |
59 ngx_imap_ssl_merge_conf /* merge server configuration */ | |
60 }; | |
61 | |
62 | |
63 ngx_module_t ngx_imap_ssl_module = { | |
64 NGX_MODULE_V1, | |
65 &ngx_imap_ssl_module_ctx, /* module context */ | |
66 ngx_imap_ssl_commands, /* module directives */ | |
67 NGX_IMAP_MODULE, /* module type */ | |
68 NULL, /* init module */ | |
69 NULL /* init process */ | |
70 }; | |
71 | |
72 | |
73 static void * | |
74 ngx_imap_ssl_create_conf(ngx_conf_t *cf) | |
75 { | |
76 ngx_imap_ssl_conf_t *scf; | |
77 | |
78 scf = ngx_pcalloc(cf->pool, sizeof(ngx_imap_ssl_conf_t)); | |
79 if (scf == NULL) { | |
80 return NGX_CONF_ERROR; | |
81 } | |
82 | |
83 /* | |
84 * set by ngx_pcalloc(): | |
85 * | |
86 * scf->certificate.len = 0; | |
87 * scf->certificate.data = NULL; | |
88 * scf->certificate_key.len = 0; | |
89 * scf->certificate_key.data = NULL; | |
90 * scf->ciphers.len = 0; | |
91 * scf->ciphers.data = NULL; | |
92 */ | |
93 | |
94 scf->enable = NGX_CONF_UNSET; | |
95 | |
96 return scf; | |
97 } | |
98 | |
99 | |
100 static char * | |
101 ngx_imap_ssl_merge_conf(ngx_conf_t *cf, void *parent, void *child) | |
102 { | |
103 ngx_imap_ssl_conf_t *prev = parent; | |
104 ngx_imap_ssl_conf_t *conf = child; | |
105 | |
106 ngx_conf_merge_value(conf->enable, prev->enable, 0); | |
107 | |
108 if (conf->enable == 0) { | |
109 return NGX_CONF_OK; | |
110 } | |
111 | |
112 ngx_conf_merge_str_value(conf->certificate, prev->certificate, | |
113 NGX_DEFLAUT_CERTIFICATE); | |
114 | |
115 ngx_conf_merge_str_value(conf->certificate_key, prev->certificate_key, | |
116 NGX_DEFLAUT_CERTIFICATE_KEY); | |
117 | |
118 ngx_conf_merge_str_value(conf->ciphers, prev->ciphers, ""); | |
119 | |
120 | |
121 /* TODO: configure methods */ | |
122 | |
123 conf->ssl_ctx = SSL_CTX_new(SSLv23_server_method()); | |
124 | |
125 if (conf->ssl_ctx == NULL) { | |
126 ngx_ssl_error(NGX_LOG_EMERG, cf->log, 0, "SSL_CTX_new() failed"); | |
127 return NGX_CONF_ERROR; | |
128 } | |
129 | |
130 if (ngx_pool_cleanup_add(cf->pool, ngx_ssl_cleanup_ctx, conf->ssl_ctx) | |
131 == NULL) | |
132 { | |
133 return NGX_CONF_ERROR; | |
134 } | |
135 | |
136 | |
137 #if 0 | |
138 SSL_CTX_set_options(conf->ssl_ctx, SSL_OP_ALL); | |
139 SSL_CTX_set_options(conf->ssl_ctx, SSL_OP_NO_SSLv3); | |
140 SSL_CTX_set_options(conf->ssl_ctx, SSL_OP_SINGLE_DH_USE); | |
141 #endif | |
142 | |
143 if (conf->ciphers.len) { | |
144 if (SSL_CTX_set_cipher_list(conf->ssl_ctx, | |
145 (const char *) conf->ciphers.data) == 0) | |
146 { | |
147 ngx_ssl_error(NGX_LOG_EMERG, cf->log, 0, | |
148 "SSL_CTX_set_cipher_list(\"%V\") failed", | |
149 &conf->ciphers); | |
150 } | |
151 } | |
152 | |
153 if (SSL_CTX_use_certificate_chain_file(conf->ssl_ctx, | |
154 (char *) conf->certificate.data) == 0) | |
155 { | |
156 ngx_ssl_error(NGX_LOG_EMERG, cf->log, 0, | |
157 "SSL_CTX_use_certificate_chain_file(\"%s\") failed", | |
158 conf->certificate.data); | |
159 return NGX_CONF_ERROR; | |
160 } | |
161 | |
162 | |
163 if (SSL_CTX_use_PrivateKey_file(conf->ssl_ctx, | |
164 (char *) conf->certificate_key.data, | |
165 SSL_FILETYPE_PEM) == 0) | |
166 { | |
167 ngx_ssl_error(NGX_LOG_EMERG, cf->log, 0, | |
168 "SSL_CTX_use_PrivateKey_file(\"%s\") failed", | |
169 conf->certificate_key.data); | |
170 return NGX_CONF_ERROR; | |
171 } | |
172 | |
173 return NGX_CONF_OK; | |
174 } |