nginx-vendor-0-8: src/imap/ngx_imap_ssl

annotate src/imap/ngx_imap_ssl_module.c @ 196:8759b346e431 NGINX_0_3_45

nginx 0.3.45 *) Feature: the "ssl_verify_client", "ssl_verify_depth", and "ssl_client_certificate" directives. *) Change: the $request_method variable now returns the main request method. *) Change: the ° symbol codes were changed in koi-win conversion table. *) Feature: the euro É N symbols were added to koi-win conversion table. *) Bugfix: if nginx distributed the requests among several backends and some backend failed, then requests intended for this backend was directed to one live backend only instead of being distributed among the rest.

author	Igor Sysoev <http://sysoev.ru>
date	Sat, 06 May 2006 00:00:00 +0400
parents	91372f004adf
children	29a6403156b0

rev	line source
88 e916a291e9aa nginx 0.1.44 Igor Sysoev <http://sysoev.ru> parents: diff changeset	1
e916a291e9aa nginx 0.1.44 Igor Sysoev <http://sysoev.ru> parents: diff changeset	2 /*
e916a291e9aa nginx 0.1.44 Igor Sysoev <http://sysoev.ru> parents: diff changeset	3 * Copyright (C) Igor Sysoev
e916a291e9aa nginx 0.1.44 Igor Sysoev <http://sysoev.ru> parents: diff changeset	4 */
e916a291e9aa nginx 0.1.44 Igor Sysoev <http://sysoev.ru> parents: diff changeset	5
e916a291e9aa nginx 0.1.44 Igor Sysoev <http://sysoev.ru> parents: diff changeset	6
e916a291e9aa nginx 0.1.44 Igor Sysoev <http://sysoev.ru> parents: diff changeset	7 #include <ngx_config.h>
e916a291e9aa nginx 0.1.44 Igor Sysoev <http://sysoev.ru> parents: diff changeset	8 #include <ngx_core.h>
e916a291e9aa nginx 0.1.44 Igor Sysoev <http://sysoev.ru> parents: diff changeset	9 #include <ngx_imap.h>
e916a291e9aa nginx 0.1.44 Igor Sysoev <http://sysoev.ru> parents: diff changeset	10
e916a291e9aa nginx 0.1.44 Igor Sysoev <http://sysoev.ru> parents: diff changeset	11
e916a291e9aa nginx 0.1.44 Igor Sysoev <http://sysoev.ru> parents: diff changeset	12 #define NGX_DEFLAUT_CERTIFICATE "cert.pem"
e916a291e9aa nginx 0.1.44 Igor Sysoev <http://sysoev.ru> parents: diff changeset	13 #define NGX_DEFLAUT_CERTIFICATE_KEY "cert.pem"
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	14 #define NGX_DEFLAUT_CIPHERS "ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP"
88 e916a291e9aa nginx 0.1.44 Igor Sysoev <http://sysoev.ru> parents: diff changeset	15
e916a291e9aa nginx 0.1.44 Igor Sysoev <http://sysoev.ru> parents: diff changeset	16
e916a291e9aa nginx 0.1.44 Igor Sysoev <http://sysoev.ru> parents: diff changeset	17 static void ngx_imap_ssl_create_conf(ngx_conf_t cf);
e916a291e9aa nginx 0.1.44 Igor Sysoev <http://sysoev.ru> parents: diff changeset	18 static char ngx_imap_ssl_merge_conf(ngx_conf_t cf, void parent, void child);
e916a291e9aa nginx 0.1.44 Igor Sysoev <http://sysoev.ru> parents: diff changeset	19
112 408f195b3482 nginx 0.3.3 Igor Sysoev <http://sysoev.ru> parents: 96 diff changeset	20 #if !defined (SSL_OP_CIPHER_SERVER_PREFERENCE)
408f195b3482 nginx 0.3.3 Igor Sysoev <http://sysoev.ru> parents: 96 diff changeset	21
408f195b3482 nginx 0.3.3 Igor Sysoev <http://sysoev.ru> parents: 96 diff changeset	22 static char ngx_imap_ssl_nosupported(ngx_conf_t cf, ngx_command_t *cmd,
408f195b3482 nginx 0.3.3 Igor Sysoev <http://sysoev.ru> parents: 96 diff changeset	23 void *conf);
408f195b3482 nginx 0.3.3 Igor Sysoev <http://sysoev.ru> parents: 96 diff changeset	24
408f195b3482 nginx 0.3.3 Igor Sysoev <http://sysoev.ru> parents: 96 diff changeset	25 static char ngx_imap_ssl_openssl097[] = "OpenSSL 0.9.7 and higher";
408f195b3482 nginx 0.3.3 Igor Sysoev <http://sysoev.ru> parents: 96 diff changeset	26
408f195b3482 nginx 0.3.3 Igor Sysoev <http://sysoev.ru> parents: 96 diff changeset	27 #endif
408f195b3482 nginx 0.3.3 Igor Sysoev <http://sysoev.ru> parents: 96 diff changeset	28
88 e916a291e9aa nginx 0.1.44 Igor Sysoev <http://sysoev.ru> parents: diff changeset	29
132 91372f004adf nginx 0.3.13 Igor Sysoev <http://sysoev.ru> parents: 126 diff changeset	30 static ngx_conf_enum_t ngx_http_starttls_state[] = {
91372f004adf nginx 0.3.13 Igor Sysoev <http://sysoev.ru> parents: 126 diff changeset	31 { ngx_string("off"), NGX_IMAP_STARTTLS_OFF },
91372f004adf nginx 0.3.13 Igor Sysoev <http://sysoev.ru> parents: 126 diff changeset	32 { ngx_string("on"), NGX_IMAP_STARTTLS_ON },
91372f004adf nginx 0.3.13 Igor Sysoev <http://sysoev.ru> parents: 126 diff changeset	33 { ngx_string("only"), NGX_IMAP_STARTTLS_ONLY },
91372f004adf nginx 0.3.13 Igor Sysoev <http://sysoev.ru> parents: 126 diff changeset	34 { ngx_null_string, 0 }
91372f004adf nginx 0.3.13 Igor Sysoev <http://sysoev.ru> parents: 126 diff changeset	35 };
91372f004adf nginx 0.3.13 Igor Sysoev <http://sysoev.ru> parents: 126 diff changeset	36
91372f004adf nginx 0.3.13 Igor Sysoev <http://sysoev.ru> parents: 126 diff changeset	37
91372f004adf nginx 0.3.13 Igor Sysoev <http://sysoev.ru> parents: 126 diff changeset	38
126 df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 122 diff changeset	39 static ngx_conf_bitmask_t ngx_imap_ssl_protocols[] = {
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	40 { ngx_string("SSLv2"), NGX_SSL_SSLv2 },
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	41 { ngx_string("SSLv3"), NGX_SSL_SSLv3 },
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	42 { ngx_string("TLSv1"), NGX_SSL_TLSv1 },
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	43 { ngx_null_string, 0 }
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	44 };
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	45
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	46
88 e916a291e9aa nginx 0.1.44 Igor Sysoev <http://sysoev.ru> parents: diff changeset	47 static ngx_command_t ngx_imap_ssl_commands[] = {
e916a291e9aa nginx 0.1.44 Igor Sysoev <http://sysoev.ru> parents: diff changeset	48
e916a291e9aa nginx 0.1.44 Igor Sysoev <http://sysoev.ru> parents: diff changeset	49 { ngx_string("ssl"),
e916a291e9aa nginx 0.1.44 Igor Sysoev <http://sysoev.ru> parents: diff changeset	50 NGX_IMAP_MAIN_CONF\|NGX_IMAP_SRV_CONF\|NGX_CONF_FLAG,
e916a291e9aa nginx 0.1.44 Igor Sysoev <http://sysoev.ru> parents: diff changeset	51 ngx_conf_set_flag_slot,
e916a291e9aa nginx 0.1.44 Igor Sysoev <http://sysoev.ru> parents: diff changeset	52 NGX_IMAP_SRV_CONF_OFFSET,
e916a291e9aa nginx 0.1.44 Igor Sysoev <http://sysoev.ru> parents: diff changeset	53 offsetof(ngx_imap_ssl_conf_t, enable),
e916a291e9aa nginx 0.1.44 Igor Sysoev <http://sysoev.ru> parents: diff changeset	54 NULL },
e916a291e9aa nginx 0.1.44 Igor Sysoev <http://sysoev.ru> parents: diff changeset	55
132 91372f004adf nginx 0.3.13 Igor Sysoev <http://sysoev.ru> parents: 126 diff changeset	56 { ngx_string("starttls"),
91372f004adf nginx 0.3.13 Igor Sysoev <http://sysoev.ru> parents: 126 diff changeset	57 NGX_IMAP_MAIN_CONF\|NGX_IMAP_SRV_CONF\|NGX_CONF_TAKE1,
91372f004adf nginx 0.3.13 Igor Sysoev <http://sysoev.ru> parents: 126 diff changeset	58 ngx_conf_set_enum_slot,
91372f004adf nginx 0.3.13 Igor Sysoev <http://sysoev.ru> parents: 126 diff changeset	59 NGX_IMAP_SRV_CONF_OFFSET,
91372f004adf nginx 0.3.13 Igor Sysoev <http://sysoev.ru> parents: 126 diff changeset	60 offsetof(ngx_imap_ssl_conf_t, starttls),
91372f004adf nginx 0.3.13 Igor Sysoev <http://sysoev.ru> parents: 126 diff changeset	61 ngx_http_starttls_state },
91372f004adf nginx 0.3.13 Igor Sysoev <http://sysoev.ru> parents: 126 diff changeset	62
88 e916a291e9aa nginx 0.1.44 Igor Sysoev <http://sysoev.ru> parents: diff changeset	63 { ngx_string("ssl_certificate"),
e916a291e9aa nginx 0.1.44 Igor Sysoev <http://sysoev.ru> parents: diff changeset	64 NGX_IMAP_MAIN_CONF\|NGX_IMAP_SRV_CONF\|NGX_CONF_TAKE1,
e916a291e9aa nginx 0.1.44 Igor Sysoev <http://sysoev.ru> parents: diff changeset	65 ngx_conf_set_str_slot,
e916a291e9aa nginx 0.1.44 Igor Sysoev <http://sysoev.ru> parents: diff changeset	66 NGX_IMAP_SRV_CONF_OFFSET,
e916a291e9aa nginx 0.1.44 Igor Sysoev <http://sysoev.ru> parents: diff changeset	67 offsetof(ngx_imap_ssl_conf_t, certificate),
e916a291e9aa nginx 0.1.44 Igor Sysoev <http://sysoev.ru> parents: diff changeset	68 NULL },
e916a291e9aa nginx 0.1.44 Igor Sysoev <http://sysoev.ru> parents: diff changeset	69
e916a291e9aa nginx 0.1.44 Igor Sysoev <http://sysoev.ru> parents: diff changeset	70 { ngx_string("ssl_certificate_key"),
e916a291e9aa nginx 0.1.44 Igor Sysoev <http://sysoev.ru> parents: diff changeset	71 NGX_IMAP_MAIN_CONF\|NGX_IMAP_SRV_CONF\|NGX_CONF_TAKE1,
e916a291e9aa nginx 0.1.44 Igor Sysoev <http://sysoev.ru> parents: diff changeset	72 ngx_conf_set_str_slot,
e916a291e9aa nginx 0.1.44 Igor Sysoev <http://sysoev.ru> parents: diff changeset	73 NGX_IMAP_SRV_CONF_OFFSET,
e916a291e9aa nginx 0.1.44 Igor Sysoev <http://sysoev.ru> parents: diff changeset	74 offsetof(ngx_imap_ssl_conf_t, certificate_key),
e916a291e9aa nginx 0.1.44 Igor Sysoev <http://sysoev.ru> parents: diff changeset	75 NULL },
e916a291e9aa nginx 0.1.44 Igor Sysoev <http://sysoev.ru> parents: diff changeset	76
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	77 { ngx_string("ssl_protocols"),
112 408f195b3482 nginx 0.3.3 Igor Sysoev <http://sysoev.ru> parents: 96 diff changeset	78 NGX_IMAP_MAIN_CONF\|NGX_IMAP_SRV_CONF\|NGX_CONF_1MORE,
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	79 ngx_conf_set_bitmask_slot,
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	80 NGX_IMAP_SRV_CONF_OFFSET,
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	81 offsetof(ngx_imap_ssl_conf_t, protocols),
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	82 &ngx_imap_ssl_protocols },
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	83
88 e916a291e9aa nginx 0.1.44 Igor Sysoev <http://sysoev.ru> parents: diff changeset	84 { ngx_string("ssl_ciphers"),
e916a291e9aa nginx 0.1.44 Igor Sysoev <http://sysoev.ru> parents: diff changeset	85 NGX_IMAP_MAIN_CONF\|NGX_IMAP_SRV_CONF\|NGX_CONF_TAKE1,
e916a291e9aa nginx 0.1.44 Igor Sysoev <http://sysoev.ru> parents: diff changeset	86 ngx_conf_set_str_slot,
e916a291e9aa nginx 0.1.44 Igor Sysoev <http://sysoev.ru> parents: diff changeset	87 NGX_IMAP_SRV_CONF_OFFSET,
e916a291e9aa nginx 0.1.44 Igor Sysoev <http://sysoev.ru> parents: diff changeset	88 offsetof(ngx_imap_ssl_conf_t, ciphers),
e916a291e9aa nginx 0.1.44 Igor Sysoev <http://sysoev.ru> parents: diff changeset	89 NULL },
e916a291e9aa nginx 0.1.44 Igor Sysoev <http://sysoev.ru> parents: diff changeset	90
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	91 { ngx_string("ssl_prefer_server_ciphers"),
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	92 NGX_IMAP_MAIN_CONF\|NGX_IMAP_SRV_CONF\|NGX_CONF_FLAG,
112 408f195b3482 nginx 0.3.3 Igor Sysoev <http://sysoev.ru> parents: 96 diff changeset	93 #ifdef SSL_OP_CIPHER_SERVER_PREFERENCE
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	94 ngx_conf_set_flag_slot,
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	95 NGX_IMAP_SRV_CONF_OFFSET,
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	96 offsetof(ngx_imap_ssl_conf_t, prefer_server_ciphers),
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	97 NULL },
112 408f195b3482 nginx 0.3.3 Igor Sysoev <http://sysoev.ru> parents: 96 diff changeset	98 #else
408f195b3482 nginx 0.3.3 Igor Sysoev <http://sysoev.ru> parents: 96 diff changeset	99 ngx_imap_ssl_nosupported, 0, 0, ngx_imap_ssl_openssl097 },
408f195b3482 nginx 0.3.3 Igor Sysoev <http://sysoev.ru> parents: 96 diff changeset	100 #endif
408f195b3482 nginx 0.3.3 Igor Sysoev <http://sysoev.ru> parents: 96 diff changeset	101
122 d25a1d6034f1 nginx 0.3.8 Igor Sysoev <http://sysoev.ru> parents: 112 diff changeset	102 { ngx_string("ssl_session_timeout"),
d25a1d6034f1 nginx 0.3.8 Igor Sysoev <http://sysoev.ru> parents: 112 diff changeset	103 NGX_IMAP_MAIN_CONF\|NGX_IMAP_SRV_CONF\|NGX_CONF_TAKE1,
d25a1d6034f1 nginx 0.3.8 Igor Sysoev <http://sysoev.ru> parents: 112 diff changeset	104 ngx_conf_set_sec_slot,
d25a1d6034f1 nginx 0.3.8 Igor Sysoev <http://sysoev.ru> parents: 112 diff changeset	105 NGX_IMAP_SRV_CONF_OFFSET,
d25a1d6034f1 nginx 0.3.8 Igor Sysoev <http://sysoev.ru> parents: 112 diff changeset	106 offsetof(ngx_imap_ssl_conf_t, session_timeout),
d25a1d6034f1 nginx 0.3.8 Igor Sysoev <http://sysoev.ru> parents: 112 diff changeset	107 NULL },
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	108
88 e916a291e9aa nginx 0.1.44 Igor Sysoev <http://sysoev.ru> parents: diff changeset	109 ngx_null_command
e916a291e9aa nginx 0.1.44 Igor Sysoev <http://sysoev.ru> parents: diff changeset	110 };
e916a291e9aa nginx 0.1.44 Igor Sysoev <http://sysoev.ru> parents: diff changeset	111
e916a291e9aa nginx 0.1.44 Igor Sysoev <http://sysoev.ru> parents: diff changeset	112
e916a291e9aa nginx 0.1.44 Igor Sysoev <http://sysoev.ru> parents: diff changeset	113 static ngx_imap_module_t ngx_imap_ssl_module_ctx = {
e916a291e9aa nginx 0.1.44 Igor Sysoev <http://sysoev.ru> parents: diff changeset	114 NULL, /* create main configuration */
e916a291e9aa nginx 0.1.44 Igor Sysoev <http://sysoev.ru> parents: diff changeset	115 NULL, /* init main configuration */
e916a291e9aa nginx 0.1.44 Igor Sysoev <http://sysoev.ru> parents: diff changeset	116
e916a291e9aa nginx 0.1.44 Igor Sysoev <http://sysoev.ru> parents: diff changeset	117 ngx_imap_ssl_create_conf, /* create server configuration */
e916a291e9aa nginx 0.1.44 Igor Sysoev <http://sysoev.ru> parents: diff changeset	118 ngx_imap_ssl_merge_conf /* merge server configuration */
e916a291e9aa nginx 0.1.44 Igor Sysoev <http://sysoev.ru> parents: diff changeset	119 };
e916a291e9aa nginx 0.1.44 Igor Sysoev <http://sysoev.ru> parents: diff changeset	120
e916a291e9aa nginx 0.1.44 Igor Sysoev <http://sysoev.ru> parents: diff changeset	121
e916a291e9aa nginx 0.1.44 Igor Sysoev <http://sysoev.ru> parents: diff changeset	122 ngx_module_t ngx_imap_ssl_module = {
e916a291e9aa nginx 0.1.44 Igor Sysoev <http://sysoev.ru> parents: diff changeset	123 NGX_MODULE_V1,
e916a291e9aa nginx 0.1.44 Igor Sysoev <http://sysoev.ru> parents: diff changeset	124 &ngx_imap_ssl_module_ctx, /* module context */
e916a291e9aa nginx 0.1.44 Igor Sysoev <http://sysoev.ru> parents: diff changeset	125 ngx_imap_ssl_commands, /* module directives */
e916a291e9aa nginx 0.1.44 Igor Sysoev <http://sysoev.ru> parents: diff changeset	126 NGX_IMAP_MODULE, /* module type */
90 71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	127 NULL, /* init master */
88 e916a291e9aa nginx 0.1.44 Igor Sysoev <http://sysoev.ru> parents: diff changeset	128 NULL, /* init module */
90 71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	129 NULL, /* init process */
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	130 NULL, /* init thread */
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	131 NULL, /* exit thread */
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	132 NULL, /* exit process */
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	133 NULL, /* exit master */
71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	134 NGX_MODULE_V1_PADDING
88 e916a291e9aa nginx 0.1.44 Igor Sysoev <http://sysoev.ru> parents: diff changeset	135 };
e916a291e9aa nginx 0.1.44 Igor Sysoev <http://sysoev.ru> parents: diff changeset	136
e916a291e9aa nginx 0.1.44 Igor Sysoev <http://sysoev.ru> parents: diff changeset	137
92 45945fa8b8ba nginx 0.2.0 Igor Sysoev <http://sysoev.ru> parents: 90 diff changeset	138 static u_char ngx_imap_session_id_ctx[] = "IMAP";
45945fa8b8ba nginx 0.2.0 Igor Sysoev <http://sysoev.ru> parents: 90 diff changeset	139
45945fa8b8ba nginx 0.2.0 Igor Sysoev <http://sysoev.ru> parents: 90 diff changeset	140
88 e916a291e9aa nginx 0.1.44 Igor Sysoev <http://sysoev.ru> parents: diff changeset	141 static void *
e916a291e9aa nginx 0.1.44 Igor Sysoev <http://sysoev.ru> parents: diff changeset	142 ngx_imap_ssl_create_conf(ngx_conf_t *cf)
126 df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 122 diff changeset	143 {
88 e916a291e9aa nginx 0.1.44 Igor Sysoev <http://sysoev.ru> parents: diff changeset	144 ngx_imap_ssl_conf_t *scf;
126 df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 122 diff changeset	145
88 e916a291e9aa nginx 0.1.44 Igor Sysoev <http://sysoev.ru> parents: diff changeset	146 scf = ngx_pcalloc(cf->pool, sizeof(ngx_imap_ssl_conf_t));
e916a291e9aa nginx 0.1.44 Igor Sysoev <http://sysoev.ru> parents: diff changeset	147 if (scf == NULL) {
e916a291e9aa nginx 0.1.44 Igor Sysoev <http://sysoev.ru> parents: diff changeset	148 return NGX_CONF_ERROR;
e916a291e9aa nginx 0.1.44 Igor Sysoev <http://sysoev.ru> parents: diff changeset	149 }
e916a291e9aa nginx 0.1.44 Igor Sysoev <http://sysoev.ru> parents: diff changeset	150
e916a291e9aa nginx 0.1.44 Igor Sysoev <http://sysoev.ru> parents: diff changeset	151 /*
126 df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 122 diff changeset	152 * set by ngx_pcalloc():
88 e916a291e9aa nginx 0.1.44 Igor Sysoev <http://sysoev.ru> parents: diff changeset	153 *
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	154 * scf->protocols = 0;
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	155 *
88 e916a291e9aa nginx 0.1.44 Igor Sysoev <http://sysoev.ru> parents: diff changeset	156 * scf->certificate.len = 0;
e916a291e9aa nginx 0.1.44 Igor Sysoev <http://sysoev.ru> parents: diff changeset	157 * scf->certificate.data = NULL;
e916a291e9aa nginx 0.1.44 Igor Sysoev <http://sysoev.ru> parents: diff changeset	158 * scf->certificate_key.len = 0;
e916a291e9aa nginx 0.1.44 Igor Sysoev <http://sysoev.ru> parents: diff changeset	159 * scf->certificate_key.data = NULL;
e916a291e9aa nginx 0.1.44 Igor Sysoev <http://sysoev.ru> parents: diff changeset	160 * scf->ciphers.len = 0;
e916a291e9aa nginx 0.1.44 Igor Sysoev <http://sysoev.ru> parents: diff changeset	161 * scf->ciphers.data = NULL;
e916a291e9aa nginx 0.1.44 Igor Sysoev <http://sysoev.ru> parents: diff changeset	162 */
e916a291e9aa nginx 0.1.44 Igor Sysoev <http://sysoev.ru> parents: diff changeset	163
e916a291e9aa nginx 0.1.44 Igor Sysoev <http://sysoev.ru> parents: diff changeset	164 scf->enable = NGX_CONF_UNSET;
132 91372f004adf nginx 0.3.13 Igor Sysoev <http://sysoev.ru> parents: 126 diff changeset	165 scf->starttls = NGX_CONF_UNSET;
122 d25a1d6034f1 nginx 0.3.8 Igor Sysoev <http://sysoev.ru> parents: 112 diff changeset	166 scf->session_timeout = NGX_CONF_UNSET;
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	167 scf->prefer_server_ciphers = NGX_CONF_UNSET;
88 e916a291e9aa nginx 0.1.44 Igor Sysoev <http://sysoev.ru> parents: diff changeset	168
e916a291e9aa nginx 0.1.44 Igor Sysoev <http://sysoev.ru> parents: diff changeset	169 return scf;
e916a291e9aa nginx 0.1.44 Igor Sysoev <http://sysoev.ru> parents: diff changeset	170 }
e916a291e9aa nginx 0.1.44 Igor Sysoev <http://sysoev.ru> parents: diff changeset	171
e916a291e9aa nginx 0.1.44 Igor Sysoev <http://sysoev.ru> parents: diff changeset	172
e916a291e9aa nginx 0.1.44 Igor Sysoev <http://sysoev.ru> parents: diff changeset	173 static char *
e916a291e9aa nginx 0.1.44 Igor Sysoev <http://sysoev.ru> parents: diff changeset	174 ngx_imap_ssl_merge_conf(ngx_conf_t cf, void parent, void *child)
e916a291e9aa nginx 0.1.44 Igor Sysoev <http://sysoev.ru> parents: diff changeset	175 {
e916a291e9aa nginx 0.1.44 Igor Sysoev <http://sysoev.ru> parents: diff changeset	176 ngx_imap_ssl_conf_t *prev = parent;
e916a291e9aa nginx 0.1.44 Igor Sysoev <http://sysoev.ru> parents: diff changeset	177 ngx_imap_ssl_conf_t *conf = child;
e916a291e9aa nginx 0.1.44 Igor Sysoev <http://sysoev.ru> parents: diff changeset	178
112 408f195b3482 nginx 0.3.3 Igor Sysoev <http://sysoev.ru> parents: 96 diff changeset	179 ngx_pool_cleanup_t *cln;
408f195b3482 nginx 0.3.3 Igor Sysoev <http://sysoev.ru> parents: 96 diff changeset	180
88 e916a291e9aa nginx 0.1.44 Igor Sysoev <http://sysoev.ru> parents: diff changeset	181 ngx_conf_merge_value(conf->enable, prev->enable, 0);
132 91372f004adf nginx 0.3.13 Igor Sysoev <http://sysoev.ru> parents: 126 diff changeset	182 ngx_conf_merge_value(conf->starttls, prev->starttls, NGX_IMAP_STARTTLS_OFF);
88 e916a291e9aa nginx 0.1.44 Igor Sysoev <http://sysoev.ru> parents: diff changeset	183
132 91372f004adf nginx 0.3.13 Igor Sysoev <http://sysoev.ru> parents: 126 diff changeset	184 if (conf->enable == 0 && conf->starttls == NGX_IMAP_STARTTLS_OFF) {
88 e916a291e9aa nginx 0.1.44 Igor Sysoev <http://sysoev.ru> parents: diff changeset	185 return NGX_CONF_OK;
e916a291e9aa nginx 0.1.44 Igor Sysoev <http://sysoev.ru> parents: diff changeset	186 }
e916a291e9aa nginx 0.1.44 Igor Sysoev <http://sysoev.ru> parents: diff changeset	187
122 d25a1d6034f1 nginx 0.3.8 Igor Sysoev <http://sysoev.ru> parents: 112 diff changeset	188 ngx_conf_merge_value(conf->session_timeout,
d25a1d6034f1 nginx 0.3.8 Igor Sysoev <http://sysoev.ru> parents: 112 diff changeset	189 prev->session_timeout, 300);
d25a1d6034f1 nginx 0.3.8 Igor Sysoev <http://sysoev.ru> parents: 112 diff changeset	190
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	191 ngx_conf_merge_value(conf->prefer_server_ciphers,
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	192 prev->prefer_server_ciphers, 0);
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	193
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	194 ngx_conf_merge_bitmask_value(conf->protocols, prev->protocols,
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	195 (NGX_CONF_BITMASK_SET
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	196 \|NGX_SSL_SSLv2\|NGX_SSL_SSLv3\|NGX_SSL_TLSv1));
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	197
88 e916a291e9aa nginx 0.1.44 Igor Sysoev <http://sysoev.ru> parents: diff changeset	198 ngx_conf_merge_str_value(conf->certificate, prev->certificate,
e916a291e9aa nginx 0.1.44 Igor Sysoev <http://sysoev.ru> parents: diff changeset	199 NGX_DEFLAUT_CERTIFICATE);
e916a291e9aa nginx 0.1.44 Igor Sysoev <http://sysoev.ru> parents: diff changeset	200
e916a291e9aa nginx 0.1.44 Igor Sysoev <http://sysoev.ru> parents: diff changeset	201 ngx_conf_merge_str_value(conf->certificate_key, prev->certificate_key,
e916a291e9aa nginx 0.1.44 Igor Sysoev <http://sysoev.ru> parents: diff changeset	202 NGX_DEFLAUT_CERTIFICATE_KEY);
e916a291e9aa nginx 0.1.44 Igor Sysoev <http://sysoev.ru> parents: diff changeset	203
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	204 ngx_conf_merge_str_value(conf->ciphers, prev->ciphers, NGX_DEFLAUT_CIPHERS);
88 e916a291e9aa nginx 0.1.44 Igor Sysoev <http://sysoev.ru> parents: diff changeset	205
e916a291e9aa nginx 0.1.44 Igor Sysoev <http://sysoev.ru> parents: diff changeset	206
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	207 conf->ssl.log = cf->log;
88 e916a291e9aa nginx 0.1.44 Igor Sysoev <http://sysoev.ru> parents: diff changeset	208
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	209 if (ngx_ssl_create(&conf->ssl, conf->protocols) != NGX_OK) {
88 e916a291e9aa nginx 0.1.44 Igor Sysoev <http://sysoev.ru> parents: diff changeset	210 return NGX_CONF_ERROR;
e916a291e9aa nginx 0.1.44 Igor Sysoev <http://sysoev.ru> parents: diff changeset	211 }
e916a291e9aa nginx 0.1.44 Igor Sysoev <http://sysoev.ru> parents: diff changeset	212
112 408f195b3482 nginx 0.3.3 Igor Sysoev <http://sysoev.ru> parents: 96 diff changeset	213 cln = ngx_pool_cleanup_add(cf->pool, 0);
408f195b3482 nginx 0.3.3 Igor Sysoev <http://sysoev.ru> parents: 96 diff changeset	214 if (cln == NULL) {
88 e916a291e9aa nginx 0.1.44 Igor Sysoev <http://sysoev.ru> parents: diff changeset	215 return NGX_CONF_ERROR;
e916a291e9aa nginx 0.1.44 Igor Sysoev <http://sysoev.ru> parents: diff changeset	216 }
e916a291e9aa nginx 0.1.44 Igor Sysoev <http://sysoev.ru> parents: diff changeset	217
112 408f195b3482 nginx 0.3.3 Igor Sysoev <http://sysoev.ru> parents: 96 diff changeset	218 cln->handler = ngx_ssl_cleanup_ctx;
408f195b3482 nginx 0.3.3 Igor Sysoev <http://sysoev.ru> parents: 96 diff changeset	219 cln->data = &conf->ssl;
408f195b3482 nginx 0.3.3 Igor Sysoev <http://sysoev.ru> parents: 96 diff changeset	220
408f195b3482 nginx 0.3.3 Igor Sysoev <http://sysoev.ru> parents: 96 diff changeset	221 if (ngx_ssl_certificate(cf, &conf->ssl, &conf->certificate,
408f195b3482 nginx 0.3.3 Igor Sysoev <http://sysoev.ru> parents: 96 diff changeset	222 &conf->certificate_key)
408f195b3482 nginx 0.3.3 Igor Sysoev <http://sysoev.ru> parents: 96 diff changeset	223 != NGX_OK)
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	224 {
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	225 return NGX_CONF_ERROR;
ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	226 }
88 e916a291e9aa nginx 0.1.44 Igor Sysoev <http://sysoev.ru> parents: diff changeset	227
e916a291e9aa nginx 0.1.44 Igor Sysoev <http://sysoev.ru> parents: diff changeset	228 if (conf->ciphers.len) {
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	229 if (SSL_CTX_set_cipher_list(conf->ssl.ctx,
112 408f195b3482 nginx 0.3.3 Igor Sysoev <http://sysoev.ru> parents: 96 diff changeset	230 (const char *) conf->ciphers.data)
408f195b3482 nginx 0.3.3 Igor Sysoev <http://sysoev.ru> parents: 96 diff changeset	231 == 0)
88 e916a291e9aa nginx 0.1.44 Igor Sysoev <http://sysoev.ru> parents: diff changeset	232 {
e916a291e9aa nginx 0.1.44 Igor Sysoev <http://sysoev.ru> parents: diff changeset	233 ngx_ssl_error(NGX_LOG_EMERG, cf->log, 0,
e916a291e9aa nginx 0.1.44 Igor Sysoev <http://sysoev.ru> parents: diff changeset	234 "SSL_CTX_set_cipher_list(\"%V\") failed",
e916a291e9aa nginx 0.1.44 Igor Sysoev <http://sysoev.ru> parents: diff changeset	235 &conf->ciphers);
e916a291e9aa nginx 0.1.44 Igor Sysoev <http://sysoev.ru> parents: diff changeset	236 }
e916a291e9aa nginx 0.1.44 Igor Sysoev <http://sysoev.ru> parents: diff changeset	237 }
e916a291e9aa nginx 0.1.44 Igor Sysoev <http://sysoev.ru> parents: diff changeset	238
112 408f195b3482 nginx 0.3.3 Igor Sysoev <http://sysoev.ru> parents: 96 diff changeset	239 #ifdef SSL_OP_CIPHER_SERVER_PREFERENCE
408f195b3482 nginx 0.3.3 Igor Sysoev <http://sysoev.ru> parents: 96 diff changeset	240
408f195b3482 nginx 0.3.3 Igor Sysoev <http://sysoev.ru> parents: 96 diff changeset	241 if (conf->prefer_server_ciphers) {
408f195b3482 nginx 0.3.3 Igor Sysoev <http://sysoev.ru> parents: 96 diff changeset	242 SSL_CTX_set_options(conf->ssl.ctx, SSL_OP_CIPHER_SERVER_PREFERENCE);
408f195b3482 nginx 0.3.3 Igor Sysoev <http://sysoev.ru> parents: 96 diff changeset	243 }
408f195b3482 nginx 0.3.3 Igor Sysoev <http://sysoev.ru> parents: 96 diff changeset	244
408f195b3482 nginx 0.3.3 Igor Sysoev <http://sysoev.ru> parents: 96 diff changeset	245 #endif
408f195b3482 nginx 0.3.3 Igor Sysoev <http://sysoev.ru> parents: 96 diff changeset	246
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	247 if (ngx_ssl_generate_rsa512_key(&conf->ssl) != NGX_OK) {
88 e916a291e9aa nginx 0.1.44 Igor Sysoev <http://sysoev.ru> parents: diff changeset	248 return NGX_CONF_ERROR;
e916a291e9aa nginx 0.1.44 Igor Sysoev <http://sysoev.ru> parents: diff changeset	249 }
e916a291e9aa nginx 0.1.44 Igor Sysoev <http://sysoev.ru> parents: diff changeset	250
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	251 SSL_CTX_set_session_cache_mode(conf->ssl.ctx, SSL_SESS_CACHE_SERVER);
88 e916a291e9aa nginx 0.1.44 Igor Sysoev <http://sysoev.ru> parents: diff changeset	252
96 ca4f70b3ccc6 nginx 0.2.2 Igor Sysoev <http://sysoev.ru> parents: 92 diff changeset	253 SSL_CTX_set_session_id_context(conf->ssl.ctx, ngx_imap_session_id_ctx,
92 45945fa8b8ba nginx 0.2.0 Igor Sysoev <http://sysoev.ru> parents: 90 diff changeset	254 sizeof(ngx_imap_session_id_ctx) - 1);
90 71c46860eb55 nginx 0.1.45 Igor Sysoev <http://sysoev.ru> parents: 88 diff changeset	255
122 d25a1d6034f1 nginx 0.3.8 Igor Sysoev <http://sysoev.ru> parents: 112 diff changeset	256 SSL_CTX_set_timeout(conf->ssl.ctx, conf->session_timeout);
d25a1d6034f1 nginx 0.3.8 Igor Sysoev <http://sysoev.ru> parents: 112 diff changeset	257
88 e916a291e9aa nginx 0.1.44 Igor Sysoev <http://sysoev.ru> parents: diff changeset	258 return NGX_CONF_OK;
e916a291e9aa nginx 0.1.44 Igor Sysoev <http://sysoev.ru> parents: diff changeset	259 }
112 408f195b3482 nginx 0.3.3 Igor Sysoev <http://sysoev.ru> parents: 96 diff changeset	260
126 df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 122 diff changeset	261
112 408f195b3482 nginx 0.3.3 Igor Sysoev <http://sysoev.ru> parents: 96 diff changeset	262 #if !defined (SSL_OP_CIPHER_SERVER_PREFERENCE)
126 df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 122 diff changeset	263
112 408f195b3482 nginx 0.3.3 Igor Sysoev <http://sysoev.ru> parents: 96 diff changeset	264 static char *
408f195b3482 nginx 0.3.3 Igor Sysoev <http://sysoev.ru> parents: 96 diff changeset	265 ngx_imap_ssl_nosupported(ngx_conf_t cf, ngx_command_t cmd, void *conf)
126 df17fbafec8f nginx 0.3.10 Igor Sysoev <http://sysoev.ru> parents: 122 diff changeset	266 {
112 408f195b3482 nginx 0.3.3 Igor Sysoev <http://sysoev.ru> parents: 96 diff changeset	267 ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
408f195b3482 nginx 0.3.3 Igor Sysoev <http://sysoev.ru> parents: 96 diff changeset	268 "\"%V\" directive is available only in %s,",
408f195b3482 nginx 0.3.3 Igor Sysoev <http://sysoev.ru> parents: 96 diff changeset	269 &cmd->name, cmd->post);
408f195b3482 nginx 0.3.3 Igor Sysoev <http://sysoev.ru> parents: 96 diff changeset	270
408f195b3482 nginx 0.3.3 Igor Sysoev <http://sysoev.ru> parents: 96 diff changeset	271 return NGX_CONF_ERROR;
408f195b3482 nginx 0.3.3 Igor Sysoev <http://sysoev.ru> parents: 96 diff changeset	272 }
408f195b3482 nginx 0.3.3 Igor Sysoev <http://sysoev.ru> parents: 96 diff changeset	273
408f195b3482 nginx 0.3.3 Igor Sysoev <http://sysoev.ru> parents: 96 diff changeset	274 #endif

Mercurial > hg > nginx-vendor-0-8

annotate src/imap/ngx_imap_ssl_module.c @ 196:8759b346e431 NGINX_0_3_45