Mercurial > hg > nginx-vendor-0-8
comparison src/imap/ngx_imap_ssl_module.c @ 272:29a6403156b0 NGINX_0_5_6
nginx 0.5.6
*) Change: now the ngx_http_index_module ignores all methods except the
GET, HEAD, and POST methods.
*) Feature: the ngx_http_limit_zone_module.
*) Feature: the $binary_remote_addr variable.
*) Feature: the "ssl_session_cache" directives of the
ngx_http_ssl_module and ngx_imap_ssl_module.
*) Feature: the DELETE method supports recursive removal.
*) Bugfix: the byte-ranges were transferred incorrectly if the
$r->sendfile() was used.
author | Igor Sysoev <http://sysoev.ru> |
---|---|
date | Tue, 09 Jan 2007 00:00:00 +0300 |
parents | 91372f004adf |
children |
comparison
equal
deleted
inserted
replaced
271:fcbee7dacf2b | 272:29a6403156b0 |
---|---|
14 #define NGX_DEFLAUT_CIPHERS "ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP" | 14 #define NGX_DEFLAUT_CIPHERS "ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP" |
15 | 15 |
16 | 16 |
17 static void *ngx_imap_ssl_create_conf(ngx_conf_t *cf); | 17 static void *ngx_imap_ssl_create_conf(ngx_conf_t *cf); |
18 static char *ngx_imap_ssl_merge_conf(ngx_conf_t *cf, void *parent, void *child); | 18 static char *ngx_imap_ssl_merge_conf(ngx_conf_t *cf, void *parent, void *child); |
19 static char *ngx_imap_ssl_session_cache(ngx_conf_t *cf, ngx_command_t *cmd, | |
20 void *conf); | |
19 | 21 |
20 #if !defined (SSL_OP_CIPHER_SERVER_PREFERENCE) | 22 #if !defined (SSL_OP_CIPHER_SERVER_PREFERENCE) |
21 | 23 |
22 static char *ngx_imap_ssl_nosupported(ngx_conf_t *cf, ngx_command_t *cmd, | 24 static char *ngx_imap_ssl_nosupported(ngx_conf_t *cf, ngx_command_t *cmd, |
23 void *conf); | 25 void *conf); |
96 offsetof(ngx_imap_ssl_conf_t, prefer_server_ciphers), | 98 offsetof(ngx_imap_ssl_conf_t, prefer_server_ciphers), |
97 NULL }, | 99 NULL }, |
98 #else | 100 #else |
99 ngx_imap_ssl_nosupported, 0, 0, ngx_imap_ssl_openssl097 }, | 101 ngx_imap_ssl_nosupported, 0, 0, ngx_imap_ssl_openssl097 }, |
100 #endif | 102 #endif |
103 | |
104 { ngx_string("ssl_session_cache"), | |
105 NGX_IMAP_MAIN_CONF|NGX_IMAP_SRV_CONF|NGX_CONF_TAKE12, | |
106 ngx_imap_ssl_session_cache, | |
107 NGX_IMAP_SRV_CONF_OFFSET, | |
108 0, | |
109 NULL }, | |
101 | 110 |
102 { ngx_string("ssl_session_timeout"), | 111 { ngx_string("ssl_session_timeout"), |
103 NGX_IMAP_MAIN_CONF|NGX_IMAP_SRV_CONF|NGX_CONF_TAKE1, | 112 NGX_IMAP_MAIN_CONF|NGX_IMAP_SRV_CONF|NGX_CONF_TAKE1, |
104 ngx_conf_set_sec_slot, | 113 ngx_conf_set_sec_slot, |
105 NGX_IMAP_SRV_CONF_OFFSET, | 114 NGX_IMAP_SRV_CONF_OFFSET, |
133 NULL, /* exit master */ | 142 NULL, /* exit master */ |
134 NGX_MODULE_V1_PADDING | 143 NGX_MODULE_V1_PADDING |
135 }; | 144 }; |
136 | 145 |
137 | 146 |
138 static u_char ngx_imap_session_id_ctx[] = "IMAP"; | 147 static ngx_str_t ngx_imap_ssl_sess_id_ctx = ngx_string("IMAP"); |
139 | 148 |
140 | 149 |
141 static void * | 150 static void * |
142 ngx_imap_ssl_create_conf(ngx_conf_t *cf) | 151 ngx_imap_ssl_create_conf(ngx_conf_t *cf) |
143 { | 152 { |
150 | 159 |
151 /* | 160 /* |
152 * set by ngx_pcalloc(): | 161 * set by ngx_pcalloc(): |
153 * | 162 * |
154 * scf->protocols = 0; | 163 * scf->protocols = 0; |
155 * | |
156 * scf->certificate.len = 0; | 164 * scf->certificate.len = 0; |
157 * scf->certificate.data = NULL; | 165 * scf->certificate.data = NULL; |
158 * scf->certificate_key.len = 0; | 166 * scf->certificate_key.len = 0; |
159 * scf->certificate_key.data = NULL; | 167 * scf->certificate_key.data = NULL; |
160 * scf->ciphers.len = 0; | 168 * scf->ciphers.len = 0; |
161 * scf->ciphers.data = NULL; | 169 * scf->ciphers.data = NULL; |
170 * scf->shm_zone = NULL; | |
162 */ | 171 */ |
163 | 172 |
164 scf->enable = NGX_CONF_UNSET; | 173 scf->enable = NGX_CONF_UNSET; |
165 scf->starttls = NGX_CONF_UNSET; | 174 scf->starttls = NGX_CONF_UNSET; |
175 scf->prefer_server_ciphers = NGX_CONF_UNSET; | |
176 scf->builtin_session_cache = NGX_CONF_UNSET; | |
166 scf->session_timeout = NGX_CONF_UNSET; | 177 scf->session_timeout = NGX_CONF_UNSET; |
167 scf->prefer_server_ciphers = NGX_CONF_UNSET; | |
168 | 178 |
169 return scf; | 179 return scf; |
170 } | 180 } |
171 | 181 |
172 | 182 |
204 ngx_conf_merge_str_value(conf->ciphers, prev->ciphers, NGX_DEFLAUT_CIPHERS); | 214 ngx_conf_merge_str_value(conf->ciphers, prev->ciphers, NGX_DEFLAUT_CIPHERS); |
205 | 215 |
206 | 216 |
207 conf->ssl.log = cf->log; | 217 conf->ssl.log = cf->log; |
208 | 218 |
209 if (ngx_ssl_create(&conf->ssl, conf->protocols) != NGX_OK) { | 219 if (ngx_ssl_create(&conf->ssl, conf->protocols, NULL) != NGX_OK) { |
210 return NGX_CONF_ERROR; | 220 return NGX_CONF_ERROR; |
211 } | 221 } |
212 | 222 |
213 cln = ngx_pool_cleanup_add(cf->pool, 0); | 223 cln = ngx_pool_cleanup_add(cf->pool, 0); |
214 if (cln == NULL) { | 224 if (cln == NULL) { |
246 | 256 |
247 if (ngx_ssl_generate_rsa512_key(&conf->ssl) != NGX_OK) { | 257 if (ngx_ssl_generate_rsa512_key(&conf->ssl) != NGX_OK) { |
248 return NGX_CONF_ERROR; | 258 return NGX_CONF_ERROR; |
249 } | 259 } |
250 | 260 |
251 SSL_CTX_set_session_cache_mode(conf->ssl.ctx, SSL_SESS_CACHE_SERVER); | 261 ngx_conf_merge_value(conf->builtin_session_cache, |
252 | 262 prev->builtin_session_cache, |
253 SSL_CTX_set_session_id_context(conf->ssl.ctx, ngx_imap_session_id_ctx, | 263 NGX_SSL_DFLT_BUILTIN_SCACHE); |
254 sizeof(ngx_imap_session_id_ctx) - 1); | 264 |
255 | 265 if (conf->shm_zone == NULL) { |
256 SSL_CTX_set_timeout(conf->ssl.ctx, conf->session_timeout); | 266 conf->shm_zone = prev->shm_zone; |
267 } | |
268 | |
269 if (ngx_ssl_session_cache(&conf->ssl, &ngx_imap_ssl_sess_id_ctx, | |
270 conf->builtin_session_cache, | |
271 conf->shm_zone, conf->session_timeout) | |
272 != NGX_OK) | |
273 { | |
274 return NGX_CONF_ERROR; | |
275 } | |
257 | 276 |
258 return NGX_CONF_OK; | 277 return NGX_CONF_OK; |
278 } | |
279 | |
280 | |
281 static char * | |
282 ngx_imap_ssl_session_cache(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) | |
283 { | |
284 ngx_imap_ssl_conf_t *scf = conf; | |
285 | |
286 size_t len; | |
287 ngx_str_t *value, name, size; | |
288 ngx_int_t n; | |
289 ngx_uint_t i, j; | |
290 | |
291 value = cf->args->elts; | |
292 | |
293 for (i = 1; i < cf->args->nelts; i++) { | |
294 | |
295 if (ngx_strcmp(value[i].data, "builtin") == 0) { | |
296 scf->builtin_session_cache = NGX_SSL_DFLT_BUILTIN_SCACHE; | |
297 continue; | |
298 } | |
299 | |
300 if (value[i].len > sizeof("builtin:") - 1 | |
301 && ngx_strncmp(value[i].data, "builtin:", sizeof("builtin:") - 1) | |
302 == 0) | |
303 { | |
304 n = ngx_atoi(value[i].data + sizeof("builtin:") - 1, | |
305 value[i].len - (sizeof("builtin:") - 1)); | |
306 | |
307 if (n == NGX_ERROR) { | |
308 goto invalid; | |
309 } | |
310 | |
311 scf->builtin_session_cache = n; | |
312 | |
313 continue; | |
314 } | |
315 | |
316 if (value[i].len > sizeof("shared:") - 1 | |
317 && ngx_strncmp(value[i].data, "shared:", sizeof("shared:") - 1) | |
318 == 0) | |
319 { | |
320 len = 0; | |
321 | |
322 for (j = sizeof("shared:") - 1; j < value[i].len; j++) { | |
323 if (value[i].data[j] == ':') { | |
324 break; | |
325 } | |
326 | |
327 len++; | |
328 } | |
329 | |
330 if (len == 0) { | |
331 goto invalid; | |
332 } | |
333 | |
334 name.len = len; | |
335 name.data = value[i].data + sizeof("shared:") - 1; | |
336 | |
337 size.len = value[i].len - j - 1; | |
338 size.data = name.data + len + 1; | |
339 | |
340 n = ngx_parse_size(&size); | |
341 | |
342 if (n == NGX_ERROR) { | |
343 goto invalid; | |
344 } | |
345 | |
346 if (n < (ngx_int_t) (8 * ngx_pagesize)) { | |
347 ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, | |
348 "session cache \"%V\" is too small", | |
349 &value[i]); | |
350 | |
351 return NGX_CONF_ERROR; | |
352 } | |
353 | |
354 scf->shm_zone = ngx_shared_memory_add(cf, &name, n, | |
355 &ngx_imap_ssl_module); | |
356 if (scf->shm_zone == NULL) { | |
357 return NGX_CONF_ERROR; | |
358 } | |
359 | |
360 continue; | |
361 } | |
362 | |
363 goto invalid; | |
364 } | |
365 | |
366 if (scf->shm_zone && scf->builtin_session_cache == NGX_CONF_UNSET) { | |
367 scf->builtin_session_cache = NGX_SSL_NO_BUILTIN_SCACHE; | |
368 } | |
369 | |
370 return NGX_CONF_OK; | |
371 | |
372 invalid: | |
373 | |
374 ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, | |
375 "invalid session cache \"%V\"", &value[i]); | |
376 | |
377 return NGX_CONF_ERROR; | |
259 } | 378 } |
260 | 379 |
261 | 380 |
262 #if !defined (SSL_OP_CIPHER_SERVER_PREFERENCE) | 381 #if !defined (SSL_OP_CIPHER_SERVER_PREFERENCE) |
263 | 382 |