nginx-vendor-current: src/mail/ngx_mail_ssl

comparison src/mail/ngx_mail_ssl_module.c @ 632:5b73504dd4ba NGINX_1_1_0

nginx 1.1.0 *) Feature: cache loader run time decrease. *) Feature: "loader_files", "loader_sleep", and "loader_threshold" options of the "proxy/fastcgi/scgi/uwsgi_cache_path" directives. *) Feature: loading time decrease of configuration with large number of HTTPS sites. *) Feature: now nginx supports ECDHE key exchange ciphers. Thanks to Adrian Kotelba. *) Feature: the "lingering_close" directive. Thanks to Maxim Dounin. *) Bugfix: in closing connection for pipelined requests. Thanks to Maxim Dounin. *) Bugfix: nginx did not disable gzipping if client sent "gzip;q=0" in "Accept-Encoding" request header line. *) Bugfix: in timeout in unbuffered proxied mode. Thanks to Maxim Dounin. *) Bugfix: memory leaks when a "proxy_pass" directive contains variables and proxies to an HTTPS backend. Thanks to Maxim Dounin. *) Bugfix: in parameter validaiton of a "proxy_pass" directive with variables. Thanks to Lanshun Zhou. *) Bugfix: SSL did not work on QNX. Thanks to Maxim Dounin. *) Bugfix: SSL modules could not be built by gcc 4.6 without --with-debug option.

author	Igor Sysoev <http://sysoev.ru>
date	Mon, 01 Aug 2011 00:00:00 +0400
parents	ad6fee8052d7
children	23ef0645ea57

comparison

equal deleted inserted replaced

-:9b978fa3cd33
+:5b73504dd4ba
 #include <ngx_config.h>
 #include <ngx_core.h>
 #include <ngx_mail.h>
-#define NGX_DEFAULT_CIPHERS  "HIGH:!aNULL:!MD5"
+#define NGX_DEFAULT_CIPHERS     "HIGH:!aNULL:!MD5"
+#define NGX_DEFAULT_ECDH_CURVE  "prime256v1"
 static void *ngx_mail_ssl_create_conf(ngx_conf_t *cf);
 static char *ngx_mail_ssl_merge_conf(ngx_conf_t *cf, void *parent, void *child);
 { ngx_string("ssl_dhparam"),
 NGX_MAIL_MAIN_CONF|NGX_MAIL_SRV_CONF|NGX_CONF_TAKE1,
 ngx_conf_set_str_slot,
 NGX_MAIL_SRV_CONF_OFFSET,
 offsetof(ngx_mail_ssl_conf_t, dhparam),
+NULL },
+{ ngx_string("ssl_ecdh_curve"),
+NGX_MAIL_MAIN_CONF|NGX_MAIL_SRV_CONF|NGX_CONF_TAKE1,
+ngx_conf_set_str_slot,
+NGX_MAIL_SRV_CONF_OFFSET,
+offsetof(ngx_mail_ssl_conf_t, ecdh_curve),
 NULL },
 { ngx_string("ssl_protocols"),
 NGX_MAIL_MAIN_CONF|NGX_MAIL_SRV_CONF|NGX_CONF_1MORE,
 ngx_conf_set_bitmask_slot,
 *
 *     scf->protocols = 0;
 *     scf->certificate = { 0, NULL };
 *     scf->certificate_key = { 0, NULL };
 *     scf->dhparam = { 0, NULL };
+*     scf->ecdh_curve = { 0, NULL };
 *     scf->ciphers = { 0, NULL };
 *     scf->shm_zone = NULL;
 */
 scf->enable = NGX_CONF_UNSET;
 ngx_conf_merge_str_value(conf->certificate, prev->certificate, "");
 ngx_conf_merge_str_value(conf->certificate_key, prev->certificate_key, "");
 ngx_conf_merge_str_value(conf->dhparam, prev->dhparam, "");
+ngx_conf_merge_str_value(conf->ecdh_curve, prev->ecdh_curve,
+NGX_DEFAULT_ECDH_CURVE);
 ngx_conf_merge_str_value(conf->ciphers, prev->ciphers, NGX_DEFAULT_CIPHERS);
 conf->ssl.log = cf->log;
 if (conf->prefer_server_ciphers) {
 SSL_CTX_set_options(conf->ssl.ctx, SSL_OP_CIPHER_SERVER_PREFERENCE);
 }
-if (ngx_ssl_generate_rsa512_key(&conf->ssl) != NGX_OK) {
+SSL_CTX_set_tmp_rsa_callback(conf->ssl.ctx, ngx_ssl_rsa512_key_callback);
-return NGX_CONF_ERROR;
-}
 if (ngx_ssl_dhparam(cf, &conf->ssl, &conf->dhparam) != NGX_OK) {
 return NGX_CONF_ERROR;
 }

Mercurial > hg > nginx-vendor-current

comparison src/mail/ngx_mail_ssl_module.c @ 632:5b73504dd4ba NGINX_1_1_0