Mercurial > hg > nginx-vendor-current
comparison src/mail/ngx_mail_ssl_module.c @ 632:5b73504dd4ba NGINX_1_1_0
nginx 1.1.0
*) Feature: cache loader run time decrease.
*) Feature: "loader_files", "loader_sleep", and "loader_threshold"
options of the "proxy/fastcgi/scgi/uwsgi_cache_path" directives.
*) Feature: loading time decrease of configuration with large number of
HTTPS sites.
*) Feature: now nginx supports ECDHE key exchange ciphers.
Thanks to Adrian Kotelba.
*) Feature: the "lingering_close" directive.
Thanks to Maxim Dounin.
*) Bugfix: in closing connection for pipelined requests.
Thanks to Maxim Dounin.
*) Bugfix: nginx did not disable gzipping if client sent "gzip;q=0" in
"Accept-Encoding" request header line.
*) Bugfix: in timeout in unbuffered proxied mode.
Thanks to Maxim Dounin.
*) Bugfix: memory leaks when a "proxy_pass" directive contains
variables and proxies to an HTTPS backend.
Thanks to Maxim Dounin.
*) Bugfix: in parameter validaiton of a "proxy_pass" directive with
variables.
Thanks to Lanshun Zhou.
*) Bugfix: SSL did not work on QNX.
Thanks to Maxim Dounin.
*) Bugfix: SSL modules could not be built by gcc 4.6 without
--with-debug option.
author | Igor Sysoev <http://sysoev.ru> |
---|---|
date | Mon, 01 Aug 2011 00:00:00 +0400 |
parents | ad6fee8052d7 |
children | 23ef0645ea57 |
comparison
equal
deleted
inserted
replaced
631:9b978fa3cd33 | 632:5b73504dd4ba |
---|---|
7 #include <ngx_config.h> | 7 #include <ngx_config.h> |
8 #include <ngx_core.h> | 8 #include <ngx_core.h> |
9 #include <ngx_mail.h> | 9 #include <ngx_mail.h> |
10 | 10 |
11 | 11 |
12 #define NGX_DEFAULT_CIPHERS "HIGH:!aNULL:!MD5" | 12 #define NGX_DEFAULT_CIPHERS "HIGH:!aNULL:!MD5" |
13 #define NGX_DEFAULT_ECDH_CURVE "prime256v1" | |
13 | 14 |
14 | 15 |
15 static void *ngx_mail_ssl_create_conf(ngx_conf_t *cf); | 16 static void *ngx_mail_ssl_create_conf(ngx_conf_t *cf); |
16 static char *ngx_mail_ssl_merge_conf(ngx_conf_t *cf, void *parent, void *child); | 17 static char *ngx_mail_ssl_merge_conf(ngx_conf_t *cf, void *parent, void *child); |
17 | 18 |
73 { ngx_string("ssl_dhparam"), | 74 { ngx_string("ssl_dhparam"), |
74 NGX_MAIL_MAIN_CONF|NGX_MAIL_SRV_CONF|NGX_CONF_TAKE1, | 75 NGX_MAIL_MAIN_CONF|NGX_MAIL_SRV_CONF|NGX_CONF_TAKE1, |
75 ngx_conf_set_str_slot, | 76 ngx_conf_set_str_slot, |
76 NGX_MAIL_SRV_CONF_OFFSET, | 77 NGX_MAIL_SRV_CONF_OFFSET, |
77 offsetof(ngx_mail_ssl_conf_t, dhparam), | 78 offsetof(ngx_mail_ssl_conf_t, dhparam), |
79 NULL }, | |
80 | |
81 { ngx_string("ssl_ecdh_curve"), | |
82 NGX_MAIL_MAIN_CONF|NGX_MAIL_SRV_CONF|NGX_CONF_TAKE1, | |
83 ngx_conf_set_str_slot, | |
84 NGX_MAIL_SRV_CONF_OFFSET, | |
85 offsetof(ngx_mail_ssl_conf_t, ecdh_curve), | |
78 NULL }, | 86 NULL }, |
79 | 87 |
80 { ngx_string("ssl_protocols"), | 88 { ngx_string("ssl_protocols"), |
81 NGX_MAIL_MAIN_CONF|NGX_MAIL_SRV_CONF|NGX_CONF_1MORE, | 89 NGX_MAIL_MAIN_CONF|NGX_MAIL_SRV_CONF|NGX_CONF_1MORE, |
82 ngx_conf_set_bitmask_slot, | 90 ngx_conf_set_bitmask_slot, |
161 * | 169 * |
162 * scf->protocols = 0; | 170 * scf->protocols = 0; |
163 * scf->certificate = { 0, NULL }; | 171 * scf->certificate = { 0, NULL }; |
164 * scf->certificate_key = { 0, NULL }; | 172 * scf->certificate_key = { 0, NULL }; |
165 * scf->dhparam = { 0, NULL }; | 173 * scf->dhparam = { 0, NULL }; |
174 * scf->ecdh_curve = { 0, NULL }; | |
166 * scf->ciphers = { 0, NULL }; | 175 * scf->ciphers = { 0, NULL }; |
167 * scf->shm_zone = NULL; | 176 * scf->shm_zone = NULL; |
168 */ | 177 */ |
169 | 178 |
170 scf->enable = NGX_CONF_UNSET; | 179 scf->enable = NGX_CONF_UNSET; |
201 | 210 |
202 ngx_conf_merge_str_value(conf->certificate, prev->certificate, ""); | 211 ngx_conf_merge_str_value(conf->certificate, prev->certificate, ""); |
203 ngx_conf_merge_str_value(conf->certificate_key, prev->certificate_key, ""); | 212 ngx_conf_merge_str_value(conf->certificate_key, prev->certificate_key, ""); |
204 | 213 |
205 ngx_conf_merge_str_value(conf->dhparam, prev->dhparam, ""); | 214 ngx_conf_merge_str_value(conf->dhparam, prev->dhparam, ""); |
215 | |
216 ngx_conf_merge_str_value(conf->ecdh_curve, prev->ecdh_curve, | |
217 NGX_DEFAULT_ECDH_CURVE); | |
206 | 218 |
207 ngx_conf_merge_str_value(conf->ciphers, prev->ciphers, NGX_DEFAULT_CIPHERS); | 219 ngx_conf_merge_str_value(conf->ciphers, prev->ciphers, NGX_DEFAULT_CIPHERS); |
208 | 220 |
209 | 221 |
210 conf->ssl.log = cf->log; | 222 conf->ssl.log = cf->log; |
284 | 296 |
285 if (conf->prefer_server_ciphers) { | 297 if (conf->prefer_server_ciphers) { |
286 SSL_CTX_set_options(conf->ssl.ctx, SSL_OP_CIPHER_SERVER_PREFERENCE); | 298 SSL_CTX_set_options(conf->ssl.ctx, SSL_OP_CIPHER_SERVER_PREFERENCE); |
287 } | 299 } |
288 | 300 |
289 if (ngx_ssl_generate_rsa512_key(&conf->ssl) != NGX_OK) { | 301 SSL_CTX_set_tmp_rsa_callback(conf->ssl.ctx, ngx_ssl_rsa512_key_callback); |
290 return NGX_CONF_ERROR; | |
291 } | |
292 | 302 |
293 if (ngx_ssl_dhparam(cf, &conf->ssl, &conf->dhparam) != NGX_OK) { | 303 if (ngx_ssl_dhparam(cf, &conf->ssl, &conf->dhparam) != NGX_OK) { |
294 return NGX_CONF_ERROR; | 304 return NGX_CONF_ERROR; |
295 } | 305 } |
296 | 306 |