nginx: src/mail/ngx_mail_ssl

annotate src/mail/ngx_mail_ssl_module.h @ 7729:3bff3f397c05

SSL: ssl_conf_command directive. With the ssl_conf_command directive it is now possible to set arbitrary OpenSSL configuration parameters as long as nginx is compiled with OpenSSL 1.0.2 or later. Full list of available configuration commands can be found in the SSL_CONF_cmd manual page (https://www.openssl.org/docs/man1.1.1/man3/SSL_CONF_cmd.html). In particular, this allows configuring PrioritizeChaCha option (ticket #1445): ssl_conf_command Options PrioritizeChaCha; It can be also used to configure TLSv1.3 ciphers in OpenSSL, which fails to configure them via the SSL_CTX_set_cipher_list() interface (ticket #1529): ssl_conf_command Ciphersuites TLS_CHACHA20_POLY1305_SHA256; Configuration commands are applied after nginx own configuration for SSL, so they can be used to override anything set by nginx. Note though that configuring OpenSSL directly with ssl_conf_command might result in a behaviour nginx does not expect, and should be done with care.

author	Maxim Dounin <mdounin@mdounin.ru>
date	Thu, 22 Oct 2020 18:00:22 +0300
parents	7f955d3b9a0d
children	0aaa09927703

rev	line source
539 371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	1
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	2 /*
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	3 * Copyright (C) Igor Sysoev
4412 d620f497c50f Copyright updated. Maxim Konovalov <maxim@nginx.com> parents: 3960 diff changeset	4 * Copyright (C) Nginx, Inc.
539 371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	5 */
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	6
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	7
1136 68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	8 #ifndef _NGX_MAIL_SSL_H_INCLUDED_
68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	9 #define _NGX_MAIL_SSL_H_INCLUDED_
539 371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	10
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	11
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	12 #include <ngx_config.h>
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	13 #include <ngx_core.h>
1136 68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	14 #include <ngx_mail.h>
539 371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	15
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	16
1136 68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	17 #define NGX_MAIL_STARTTLS_OFF 0
68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	18 #define NGX_MAIL_STARTTLS_ON 1
68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	19 #define NGX_MAIL_STARTTLS_ONLY 2
583 4e296b7d25bf nginx-0.3.13-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 573 diff changeset	20
4e296b7d25bf nginx-0.3.13-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 573 diff changeset	21
539 371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	22 typedef struct {
976 b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 583 diff changeset	23 ngx_flag_t enable;
2224 109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2044 diff changeset	24 ngx_flag_t prefer_server_ciphers;
976 b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 583 diff changeset	25
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 583 diff changeset	26 ngx_ssl_t ssl;
547 818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 539 diff changeset	27
2224 109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2044 diff changeset	28 ngx_uint_t starttls;
7269 7f955d3b9a0d SSL: detect "listen ... ssl" without certificates (ticket #178). Maxim Dounin <mdounin@mdounin.ru> parents: 6550 diff changeset	29 ngx_uint_t listen;
976 b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 583 diff changeset	30 ngx_uint_t protocols;
547 818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 539 diff changeset	31
5989 ec01b1d1fff1 Mail: client SSL certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 5744 diff changeset	32 ngx_uint_t verify;
ec01b1d1fff1 Mail: client SSL certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 5744 diff changeset	33 ngx_uint_t verify_depth;
ec01b1d1fff1 Mail: client SSL certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 5744 diff changeset	34
976 b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 583 diff changeset	35 ssize_t builtin_session_cache;
547 818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 539 diff changeset	36
976 b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 583 diff changeset	37 time_t session_timeout;
573 58475592100c nginx-0.3.8-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 547 diff changeset	38
6550 51e1f047d15d SSL: support for multiple certificates (ticket #814). Maxim Dounin <mdounin@mdounin.ru> parents: 5989 diff changeset	39 ngx_array_t *certificates;
51e1f047d15d SSL: support for multiple certificates (ticket #814). Maxim Dounin <mdounin@mdounin.ru> parents: 5989 diff changeset	40 ngx_array_t *certificate_keys;
51e1f047d15d SSL: support for multiple certificates (ticket #814). Maxim Dounin <mdounin@mdounin.ru> parents: 5989 diff changeset	41
2044 f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 1136 diff changeset	42 ngx_str_t dhparam;
3960 0832a6997227 ECDHE support Igor Sysoev <igor@sysoev.ru> parents: 2224 diff changeset	43 ngx_str_t ecdh_curve;
5989 ec01b1d1fff1 Mail: client SSL certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 5744 diff changeset	44 ngx_str_t client_certificate;
ec01b1d1fff1 Mail: client SSL certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 5744 diff changeset	45 ngx_str_t trusted_certificate;
ec01b1d1fff1 Mail: client SSL certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 5744 diff changeset	46 ngx_str_t crl;
539 371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	47
976 b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 583 diff changeset	48 ngx_str_t ciphers;
539 371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	49
5744 42114bf12da0 SSL: the "ssl_password_file" directive. Valentin Bartenev <vbart@nginx.com> parents: 5503 diff changeset	50 ngx_array_t *passwords;
7729 3bff3f397c05 SSL: ssl_conf_command directive. Maxim Dounin <mdounin@mdounin.ru> parents: 7269 diff changeset	51 ngx_array_t *conf_commands;
5744 42114bf12da0 SSL: the "ssl_password_file" directive. Valentin Bartenev <vbart@nginx.com> parents: 5503 diff changeset	52
976 b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 583 diff changeset	53 ngx_shm_zone_t *shm_zone;
2224 109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2044 diff changeset	54
5503 d049b0ea00a3 SSL: ssl_session_tickets directive. Dirkjan Bussink <d.bussink@gmail.com> parents: 5425 diff changeset	55 ngx_flag_t session_tickets;
5425 1356a3b96924 SSL: added ability to set keys used for Session Tickets (RFC5077). Piotr Sikora <piotr@cloudflare.com> parents: 4412 diff changeset	56 ngx_array_t *session_ticket_keys;
1356a3b96924 SSL: added ability to set keys used for Session Tickets (RFC5077). Piotr Sikora <piotr@cloudflare.com> parents: 4412 diff changeset	57
2224 109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2044 diff changeset	58 u_char *file;
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2044 diff changeset	59 ngx_uint_t line;
1136 68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	60 } ngx_mail_ssl_conf_t;
539 371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	61
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	62
1136 68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	63 extern ngx_module_t ngx_mail_ssl_module;
539 371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	64
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	65
1136 68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	66 #endif /* _NGX_MAIL_SSL_H_INCLUDED_ */

Mercurial > hg > nginx

annotate src/mail/ngx_mail_ssl_module.h @ 7729:3bff3f397c05