Mercurial > hg > nginx-vendor-current
comparison src/imap/ngx_imap_ssl_module.c @ 112:408f195b3482 NGINX_0_3_3
nginx 0.3.3
*) Change: the "bl" and "af" parameters of the "listen" directive was
renamed to the "backlog" and "accept_filter".
*) Feature: the "rcvbuf" and "sndbuf" parameters of the "listen"
directive.
*) Change: the "$msec" log parameter does not require now the
additional the gettimeofday() system call.
*) Feature: the -t switch now tests the "listen" directives.
*) Bugfix: if the invalid address was specified in the "listen"
directive, then after the -HUP signal nginx left an open socket in
the CLOSED state.
*) Bugfix: the mime type may be incorrectly set to default value for
index file with variable in the name; bug appeared in 0.3.0.
*) Feature: the "timer_resolution" directive.
*) Feature: the millisecond "$upstream_response_time" log parameter.
*) Bugfix: a temporary file with client request body now is removed
just after the response header was transferred to a client.
*) Bugfix: OpenSSL 0.9.6 compatibility.
*) Bugfix: the SSL certificate and key file paths could not be relative.
*) Bugfix: the "ssl_prefer_server_ciphers" directive did not work in
the ngx_imap_ssl_module.
*) Bugfix: the "ssl_protocols" directive allowed to specify the single
protocol only.
author | Igor Sysoev <http://sysoev.ru> |
---|---|
date | Wed, 19 Oct 2005 00:00:00 +0400 |
parents | ca4f70b3ccc6 |
children | d25a1d6034f1 |
comparison
equal
deleted
inserted
replaced
111:a175b609c76d | 112:408f195b3482 |
---|---|
14 #define NGX_DEFLAUT_CIPHERS "ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP" | 14 #define NGX_DEFLAUT_CIPHERS "ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP" |
15 | 15 |
16 | 16 |
17 static void *ngx_imap_ssl_create_conf(ngx_conf_t *cf); | 17 static void *ngx_imap_ssl_create_conf(ngx_conf_t *cf); |
18 static char *ngx_imap_ssl_merge_conf(ngx_conf_t *cf, void *parent, void *child); | 18 static char *ngx_imap_ssl_merge_conf(ngx_conf_t *cf, void *parent, void *child); |
19 | |
20 #if !defined (SSL_OP_CIPHER_SERVER_PREFERENCE) | |
21 | |
22 static char *ngx_imap_ssl_nosupported(ngx_conf_t *cf, ngx_command_t *cmd, | |
23 void *conf); | |
24 | |
25 static char ngx_imap_ssl_openssl097[] = "OpenSSL 0.9.7 and higher"; | |
26 | |
27 #endif | |
19 | 28 |
20 | 29 |
21 static ngx_conf_bitmask_t ngx_imap_ssl_protocols[] = { | 30 static ngx_conf_bitmask_t ngx_imap_ssl_protocols[] = { |
22 { ngx_string("SSLv2"), NGX_SSL_SSLv2 }, | 31 { ngx_string("SSLv2"), NGX_SSL_SSLv2 }, |
23 { ngx_string("SSLv3"), NGX_SSL_SSLv3 }, | 32 { ngx_string("SSLv3"), NGX_SSL_SSLv3 }, |
48 NGX_IMAP_SRV_CONF_OFFSET, | 57 NGX_IMAP_SRV_CONF_OFFSET, |
49 offsetof(ngx_imap_ssl_conf_t, certificate_key), | 58 offsetof(ngx_imap_ssl_conf_t, certificate_key), |
50 NULL }, | 59 NULL }, |
51 | 60 |
52 { ngx_string("ssl_protocols"), | 61 { ngx_string("ssl_protocols"), |
53 NGX_IMAP_MAIN_CONF|NGX_IMAP_SRV_CONF|NGX_CONF_TAKE1, | 62 NGX_IMAP_MAIN_CONF|NGX_IMAP_SRV_CONF|NGX_CONF_1MORE, |
54 ngx_conf_set_bitmask_slot, | 63 ngx_conf_set_bitmask_slot, |
55 NGX_IMAP_SRV_CONF_OFFSET, | 64 NGX_IMAP_SRV_CONF_OFFSET, |
56 offsetof(ngx_imap_ssl_conf_t, protocols), | 65 offsetof(ngx_imap_ssl_conf_t, protocols), |
57 &ngx_imap_ssl_protocols }, | 66 &ngx_imap_ssl_protocols }, |
58 | 67 |
63 offsetof(ngx_imap_ssl_conf_t, ciphers), | 72 offsetof(ngx_imap_ssl_conf_t, ciphers), |
64 NULL }, | 73 NULL }, |
65 | 74 |
66 { ngx_string("ssl_prefer_server_ciphers"), | 75 { ngx_string("ssl_prefer_server_ciphers"), |
67 NGX_IMAP_MAIN_CONF|NGX_IMAP_SRV_CONF|NGX_CONF_FLAG, | 76 NGX_IMAP_MAIN_CONF|NGX_IMAP_SRV_CONF|NGX_CONF_FLAG, |
77 #ifdef SSL_OP_CIPHER_SERVER_PREFERENCE | |
68 ngx_conf_set_flag_slot, | 78 ngx_conf_set_flag_slot, |
69 NGX_IMAP_SRV_CONF_OFFSET, | 79 NGX_IMAP_SRV_CONF_OFFSET, |
70 offsetof(ngx_imap_ssl_conf_t, prefer_server_ciphers), | 80 offsetof(ngx_imap_ssl_conf_t, prefer_server_ciphers), |
71 NULL }, | 81 NULL }, |
82 #else | |
83 ngx_imap_ssl_nosupported, 0, 0, ngx_imap_ssl_openssl097 }, | |
84 #endif | |
85 | |
72 | 86 |
73 ngx_null_command | 87 ngx_null_command |
74 }; | 88 }; |
75 | 89 |
76 | 90 |
136 ngx_imap_ssl_merge_conf(ngx_conf_t *cf, void *parent, void *child) | 150 ngx_imap_ssl_merge_conf(ngx_conf_t *cf, void *parent, void *child) |
137 { | 151 { |
138 ngx_imap_ssl_conf_t *prev = parent; | 152 ngx_imap_ssl_conf_t *prev = parent; |
139 ngx_imap_ssl_conf_t *conf = child; | 153 ngx_imap_ssl_conf_t *conf = child; |
140 | 154 |
155 ngx_pool_cleanup_t *cln; | |
156 | |
141 ngx_conf_merge_value(conf->enable, prev->enable, 0); | 157 ngx_conf_merge_value(conf->enable, prev->enable, 0); |
142 | 158 |
143 if (conf->enable == 0) { | 159 if (conf->enable == 0) { |
144 return NGX_CONF_OK; | 160 return NGX_CONF_OK; |
145 } | 161 } |
164 | 180 |
165 if (ngx_ssl_create(&conf->ssl, conf->protocols) != NGX_OK) { | 181 if (ngx_ssl_create(&conf->ssl, conf->protocols) != NGX_OK) { |
166 return NGX_CONF_ERROR; | 182 return NGX_CONF_ERROR; |
167 } | 183 } |
168 | 184 |
169 if (ngx_pool_cleanup_add(cf->pool, ngx_ssl_cleanup_ctx, &conf->ssl) == NULL) | 185 cln = ngx_pool_cleanup_add(cf->pool, 0); |
170 { | 186 if (cln == NULL) { |
171 return NGX_CONF_ERROR; | 187 return NGX_CONF_ERROR; |
172 } | 188 } |
173 | 189 |
174 if (ngx_ssl_certificate(&conf->ssl, conf->certificate.data, | 190 cln->handler = ngx_ssl_cleanup_ctx; |
175 conf->certificate_key.data) != NGX_OK) | 191 cln->data = &conf->ssl; |
192 | |
193 if (ngx_ssl_certificate(cf, &conf->ssl, &conf->certificate, | |
194 &conf->certificate_key) | |
195 != NGX_OK) | |
176 { | 196 { |
177 return NGX_CONF_ERROR; | 197 return NGX_CONF_ERROR; |
178 } | 198 } |
179 | 199 |
180 if (conf->ciphers.len) { | 200 if (conf->ciphers.len) { |
181 if (SSL_CTX_set_cipher_list(conf->ssl.ctx, | 201 if (SSL_CTX_set_cipher_list(conf->ssl.ctx, |
182 (const char *) conf->ciphers.data) == 0) | 202 (const char *) conf->ciphers.data) |
203 == 0) | |
183 { | 204 { |
184 ngx_ssl_error(NGX_LOG_EMERG, cf->log, 0, | 205 ngx_ssl_error(NGX_LOG_EMERG, cf->log, 0, |
185 "SSL_CTX_set_cipher_list(\"%V\") failed", | 206 "SSL_CTX_set_cipher_list(\"%V\") failed", |
186 &conf->ciphers); | 207 &conf->ciphers); |
187 } | 208 } |
188 } | 209 } |
189 | 210 |
211 #ifdef SSL_OP_CIPHER_SERVER_PREFERENCE | |
212 | |
213 if (conf->prefer_server_ciphers) { | |
214 SSL_CTX_set_options(conf->ssl.ctx, SSL_OP_CIPHER_SERVER_PREFERENCE); | |
215 } | |
216 | |
217 #endif | |
218 | |
190 if (ngx_ssl_generate_rsa512_key(&conf->ssl) != NGX_OK) { | 219 if (ngx_ssl_generate_rsa512_key(&conf->ssl) != NGX_OK) { |
191 return NGX_CONF_ERROR; | 220 return NGX_CONF_ERROR; |
192 } | 221 } |
193 | 222 |
194 SSL_CTX_set_session_cache_mode(conf->ssl.ctx, SSL_SESS_CACHE_SERVER); | 223 SSL_CTX_set_session_cache_mode(conf->ssl.ctx, SSL_SESS_CACHE_SERVER); |
196 SSL_CTX_set_session_id_context(conf->ssl.ctx, ngx_imap_session_id_ctx, | 225 SSL_CTX_set_session_id_context(conf->ssl.ctx, ngx_imap_session_id_ctx, |
197 sizeof(ngx_imap_session_id_ctx) - 1); | 226 sizeof(ngx_imap_session_id_ctx) - 1); |
198 | 227 |
199 return NGX_CONF_OK; | 228 return NGX_CONF_OK; |
200 } | 229 } |
230 | |
231 | |
232 #if !defined (SSL_OP_CIPHER_SERVER_PREFERENCE) | |
233 | |
234 static char * | |
235 ngx_imap_ssl_nosupported(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) | |
236 { | |
237 ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, | |
238 "\"%V\" directive is available only in %s,", | |
239 &cmd->name, cmd->post); | |
240 | |
241 return NGX_CONF_ERROR; | |
242 } | |
243 | |
244 #endif |