Mercurial > hg > nginx
annotate auto/include @ 7729:3bff3f397c05
SSL: ssl_conf_command directive.
With the ssl_conf_command directive it is now possible to set
arbitrary OpenSSL configuration parameters as long as nginx is compiled
with OpenSSL 1.0.2 or later. Full list of available configuration
commands can be found in the SSL_CONF_cmd manual page
(https://www.openssl.org/docs/man1.1.1/man3/SSL_CONF_cmd.html).
In particular, this allows configuring PrioritizeChaCha option
(ticket #1445):
ssl_conf_command Options PrioritizeChaCha;
It can be also used to configure TLSv1.3 ciphers in OpenSSL,
which fails to configure them via the SSL_CTX_set_cipher_list()
interface (ticket #1529):
ssl_conf_command Ciphersuites TLS_CHACHA20_POLY1305_SHA256;
Configuration commands are applied after nginx own configuration
for SSL, so they can be used to override anything set by nginx.
Note though that configuring OpenSSL directly with ssl_conf_command
might result in a behaviour nginx does not expect, and should be
done with care.
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Thu, 22 Oct 2020 18:00:22 +0300 |
parents | a616bdc38645 |
children |
rev | line source |
---|---|
444
42d11f017717
nginx-0.1.0-2004-09-29-20:00:49 import; remove years from copyright
Igor Sysoev <igor@sysoev.ru>
parents:
253
diff
changeset
|
1 |
42d11f017717
nginx-0.1.0-2004-09-29-20:00:49 import; remove years from copyright
Igor Sysoev <igor@sysoev.ru>
parents:
253
diff
changeset
|
2 # Copyright (C) Igor Sysoev |
4412 | 3 # Copyright (C) Nginx, Inc. |
444
42d11f017717
nginx-0.1.0-2004-09-29-20:00:49 import; remove years from copyright
Igor Sysoev <igor@sysoev.ru>
parents:
253
diff
changeset
|
4 |
196
11fbd0fc041d
nginx-0.0.1-2003-11-26-18:42:18 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
5 |
455 | 6 echo $ngx_n "checking for $ngx_include ...$ngx_c" |
7 | |
8 cat << END >> $NGX_AUTOCONF_ERR | |
9 | |
10 ---------------------------------------- | |
11 checking for $ngx_include | |
12 | |
13 END | |
14 | |
196
11fbd0fc041d
nginx-0.0.1-2003-11-26-18:42:18 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
15 |
210
00cafae0bdf1
nginx-0.0.1-2003-12-14-23:10:27 import
Igor Sysoev <igor@sysoev.ru>
parents:
197
diff
changeset
|
16 ngx_found=no |
197
0b81c7a0b133
nginx-0.0.1-2003-11-27-10:45:22 import
Igor Sysoev <igor@sysoev.ru>
parents:
196
diff
changeset
|
17 |
210
00cafae0bdf1
nginx-0.0.1-2003-12-14-23:10:27 import
Igor Sysoev <igor@sysoev.ru>
parents:
197
diff
changeset
|
18 cat << END > $NGX_AUTOTEST.c |
196
11fbd0fc041d
nginx-0.0.1-2003-11-26-18:42:18 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
19 |
2624
418c9f97bd01
fix FreeBSD before 7 building, broken in r2616
Igor Sysoev <igor@sysoev.ru>
parents:
645
diff
changeset
|
20 $NGX_INCLUDE_SYS_PARAM_H |
455 | 21 #include <$ngx_include> |
210
00cafae0bdf1
nginx-0.0.1-2003-12-14-23:10:27 import
Igor Sysoev <igor@sysoev.ru>
parents:
197
diff
changeset
|
22 |
6624
e3faa5fb7772
Configure: fix build with -Werror=old-style-definition.
Piotr Sikora <piotrsikora@google.com>
parents:
5309
diff
changeset
|
23 int main(void) { |
210
00cafae0bdf1
nginx-0.0.1-2003-12-14-23:10:27 import
Igor Sysoev <igor@sysoev.ru>
parents:
197
diff
changeset
|
24 return 0; |
00cafae0bdf1
nginx-0.0.1-2003-12-14-23:10:27 import
Igor Sysoev <igor@sysoev.ru>
parents:
197
diff
changeset
|
25 } |
196
11fbd0fc041d
nginx-0.0.1-2003-11-26-18:42:18 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
26 |
210
00cafae0bdf1
nginx-0.0.1-2003-12-14-23:10:27 import
Igor Sysoev <igor@sysoev.ru>
parents:
197
diff
changeset
|
27 END |
00cafae0bdf1
nginx-0.0.1-2003-12-14-23:10:27 import
Igor Sysoev <igor@sysoev.ru>
parents:
197
diff
changeset
|
28 |
455 | 29 |
30 ngx_test="$CC -o $NGX_AUTOTEST $NGX_AUTOTEST.c" | |
31 | |
32 eval "$ngx_test >> $NGX_AUTOCONF_ERR 2>&1" | |
196
11fbd0fc041d
nginx-0.0.1-2003-11-26-18:42:18 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
33 |
210
00cafae0bdf1
nginx-0.0.1-2003-12-14-23:10:27 import
Igor Sysoev <igor@sysoev.ru>
parents:
197
diff
changeset
|
34 if [ -x $NGX_AUTOTEST ]; then |
455 | 35 |
36 ngx_found=yes | |
37 | |
210
00cafae0bdf1
nginx-0.0.1-2003-12-14-23:10:27 import
Igor Sysoev <igor@sysoev.ru>
parents:
197
diff
changeset
|
38 echo " found" |
455 | 39 |
645 | 40 ngx_name=`echo $ngx_include \ |
41 | tr abcdefghijklmnopqrstuvwxyz/. ABCDEFGHIJKLMNOPQRSTUVWXYZ__` | |
455 | 42 |
43 | |
509 | 44 have=NGX_HAVE_$ngx_name . auto/have_headers |
455 | 45 |
46 eval "NGX_INCLUDE_$ngx_name='#include <$ngx_include>'" | |
47 | |
196
11fbd0fc041d
nginx-0.0.1-2003-11-26-18:42:18 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
48 else |
210
00cafae0bdf1
nginx-0.0.1-2003-12-14-23:10:27 import
Igor Sysoev <igor@sysoev.ru>
parents:
197
diff
changeset
|
49 echo " not found" |
455 | 50 |
51 echo "----------" >> $NGX_AUTOCONF_ERR | |
52 cat $NGX_AUTOTEST.c >> $NGX_AUTOCONF_ERR | |
53 echo "----------" >> $NGX_AUTOCONF_ERR | |
54 echo $ngx_test >> $NGX_AUTOCONF_ERR | |
55 echo "----------" >> $NGX_AUTOCONF_ERR | |
196
11fbd0fc041d
nginx-0.0.1-2003-11-26-18:42:18 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
56 fi |
11fbd0fc041d
nginx-0.0.1-2003-11-26-18:42:18 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
57 |
5309
434548349838
Configure: fixed autotest cleanup commands.
Sergey Kandaurov <pluknet@nginx.com>
parents:
4412
diff
changeset
|
58 rm -rf $NGX_AUTOTEST* |