nginx: src/mail/ngx_mail_ssl

annotate src/mail/ngx_mail_ssl_module.c @ 4749:613750237b36

Entity tags: the "etag" directive. It allows to disable generation of nginx's own entity tags, while still handling ETags in cache properly. This may be useful e.g. if one want to serve static files from servers with different ETag generation algorithms.

author	Maxim Dounin <mdounin@mdounin.ru>
date	Mon, 09 Jul 2012 14:53:42 +0000
parents	d620f497c50f
children	32fe021911c9 3ff1e663fa08

rev	line source
539 371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	1
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	2 /*
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	3 * Copyright (C) Igor Sysoev
4412 d620f497c50f Copyright updated. Maxim Konovalov <maxim@nginx.com> parents: 4400 diff changeset	4 * Copyright (C) Nginx, Inc.
539 371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	5 */
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	6
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	7
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	8 #include <ngx_config.h>
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	9 #include <ngx_core.h>
1136 68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	10 #include <ngx_mail.h>
539 371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	11
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	12
3960 0832a6997227 ECDHE support Igor Sysoev <igor@sysoev.ru> parents: 3959 diff changeset	13 #define NGX_DEFAULT_CIPHERS "HIGH:!aNULL:!MD5"
0832a6997227 ECDHE support Igor Sysoev <igor@sysoev.ru> parents: 3959 diff changeset	14 #define NGX_DEFAULT_ECDH_CURVE "prime256v1"
539 371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	15
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	16
1136 68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	17 static void ngx_mail_ssl_create_conf(ngx_conf_t cf);
68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	18 static char ngx_mail_ssl_merge_conf(ngx_conf_t cf, void parent, void child);
2224 109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	19
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	20 static char ngx_mail_ssl_enable(ngx_conf_t cf, ngx_command_t *cmd,
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	21 void *conf);
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	22 static char ngx_mail_ssl_starttls(ngx_conf_t cf, ngx_command_t *cmd,
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	23 void *conf);
1136 68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	24 static char ngx_mail_ssl_session_cache(ngx_conf_t cf, ngx_command_t *cmd,
976 b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	25 void *conf);
539 371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	26
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	27
583 4e296b7d25bf nginx-0.3.13-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 577 diff changeset	28 static ngx_conf_enum_t ngx_http_starttls_state[] = {
1136 68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	29 { ngx_string("off"), NGX_MAIL_STARTTLS_OFF },
68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	30 { ngx_string("on"), NGX_MAIL_STARTTLS_ON },
68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	31 { ngx_string("only"), NGX_MAIL_STARTTLS_ONLY },
583 4e296b7d25bf nginx-0.3.13-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 577 diff changeset	32 { ngx_null_string, 0 }
4e296b7d25bf nginx-0.3.13-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 577 diff changeset	33 };
4e296b7d25bf nginx-0.3.13-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 577 diff changeset	34
4e296b7d25bf nginx-0.3.13-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 577 diff changeset	35
4e296b7d25bf nginx-0.3.13-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 577 diff changeset	36
1136 68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	37 static ngx_conf_bitmask_t ngx_mail_ssl_protocols[] = {
547 818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	38 { ngx_string("SSLv2"), NGX_SSL_SSLv2 },
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	39 { ngx_string("SSLv3"), NGX_SSL_SSLv3 },
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	40 { ngx_string("TLSv1"), NGX_SSL_TLSv1 },
4400 a0505851e70c Added support for TLSv1.1, TLSv1.2 in ssl_protocols directive. Maxim Dounin <mdounin@mdounin.ru> parents: 4153 diff changeset	41 { ngx_string("TLSv1.1"), NGX_SSL_TLSv1_1 },
a0505851e70c Added support for TLSv1.1, TLSv1.2 in ssl_protocols directive. Maxim Dounin <mdounin@mdounin.ru> parents: 4153 diff changeset	42 { ngx_string("TLSv1.2"), NGX_SSL_TLSv1_2 },
547 818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	43 { ngx_null_string, 0 }
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	44 };
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	45
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	46
1136 68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	47 static ngx_command_t ngx_mail_ssl_commands[] = {
539 371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	48
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	49 { ngx_string("ssl"),
1136 68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	50 NGX_MAIL_MAIN_CONF\|NGX_MAIL_SRV_CONF\|NGX_CONF_FLAG,
2224 109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	51 ngx_mail_ssl_enable,
1136 68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	52 NGX_MAIL_SRV_CONF_OFFSET,
68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	53 offsetof(ngx_mail_ssl_conf_t, enable),
539 371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	54 NULL },
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	55
583 4e296b7d25bf nginx-0.3.13-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 577 diff changeset	56 { ngx_string("starttls"),
1136 68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	57 NGX_MAIL_MAIN_CONF\|NGX_MAIL_SRV_CONF\|NGX_CONF_TAKE1,
2224 109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	58 ngx_mail_ssl_starttls,
1136 68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	59 NGX_MAIL_SRV_CONF_OFFSET,
68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	60 offsetof(ngx_mail_ssl_conf_t, starttls),
583 4e296b7d25bf nginx-0.3.13-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 577 diff changeset	61 ngx_http_starttls_state },
4e296b7d25bf nginx-0.3.13-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 577 diff changeset	62
539 371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	63 { ngx_string("ssl_certificate"),
1136 68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	64 NGX_MAIL_MAIN_CONF\|NGX_MAIL_SRV_CONF\|NGX_CONF_TAKE1,
539 371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	65 ngx_conf_set_str_slot,
1136 68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	66 NGX_MAIL_SRV_CONF_OFFSET,
68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	67 offsetof(ngx_mail_ssl_conf_t, certificate),
539 371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	68 NULL },
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	69
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	70 { ngx_string("ssl_certificate_key"),
1136 68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	71 NGX_MAIL_MAIN_CONF\|NGX_MAIL_SRV_CONF\|NGX_CONF_TAKE1,
539 371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	72 ngx_conf_set_str_slot,
1136 68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	73 NGX_MAIL_SRV_CONF_OFFSET,
68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	74 offsetof(ngx_mail_ssl_conf_t, certificate_key),
539 371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	75 NULL },
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	76
2044 f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	77 { ngx_string("ssl_dhparam"),
f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	78 NGX_MAIL_MAIN_CONF\|NGX_MAIL_SRV_CONF\|NGX_CONF_TAKE1,
f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	79 ngx_conf_set_str_slot,
f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	80 NGX_MAIL_SRV_CONF_OFFSET,
f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	81 offsetof(ngx_mail_ssl_conf_t, dhparam),
f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	82 NULL },
f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	83
3960 0832a6997227 ECDHE support Igor Sysoev <igor@sysoev.ru> parents: 3959 diff changeset	84 { ngx_string("ssl_ecdh_curve"),
0832a6997227 ECDHE support Igor Sysoev <igor@sysoev.ru> parents: 3959 diff changeset	85 NGX_MAIL_MAIN_CONF\|NGX_MAIL_SRV_CONF\|NGX_CONF_TAKE1,
0832a6997227 ECDHE support Igor Sysoev <igor@sysoev.ru> parents: 3959 diff changeset	86 ngx_conf_set_str_slot,
0832a6997227 ECDHE support Igor Sysoev <igor@sysoev.ru> parents: 3959 diff changeset	87 NGX_MAIL_SRV_CONF_OFFSET,
0832a6997227 ECDHE support Igor Sysoev <igor@sysoev.ru> parents: 3959 diff changeset	88 offsetof(ngx_mail_ssl_conf_t, ecdh_curve),
0832a6997227 ECDHE support Igor Sysoev <igor@sysoev.ru> parents: 3959 diff changeset	89 NULL },
0832a6997227 ECDHE support Igor Sysoev <igor@sysoev.ru> parents: 3959 diff changeset	90
547 818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	91 { ngx_string("ssl_protocols"),
1136 68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	92 NGX_MAIL_MAIN_CONF\|NGX_MAIL_SRV_CONF\|NGX_CONF_1MORE,
547 818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	93 ngx_conf_set_bitmask_slot,
1136 68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	94 NGX_MAIL_SRV_CONF_OFFSET,
68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	95 offsetof(ngx_mail_ssl_conf_t, protocols),
68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	96 &ngx_mail_ssl_protocols },
547 818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	97
539 371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	98 { ngx_string("ssl_ciphers"),
1136 68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	99 NGX_MAIL_MAIN_CONF\|NGX_MAIL_SRV_CONF\|NGX_CONF_TAKE1,
539 371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	100 ngx_conf_set_str_slot,
1136 68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	101 NGX_MAIL_SRV_CONF_OFFSET,
68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	102 offsetof(ngx_mail_ssl_conf_t, ciphers),
539 371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	103 NULL },
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	104
547 818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	105 { ngx_string("ssl_prefer_server_ciphers"),
1136 68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	106 NGX_MAIL_MAIN_CONF\|NGX_MAIL_SRV_CONF\|NGX_CONF_FLAG,
547 818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	107 ngx_conf_set_flag_slot,
1136 68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	108 NGX_MAIL_SRV_CONF_OFFSET,
68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	109 offsetof(ngx_mail_ssl_conf_t, prefer_server_ciphers),
547 818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	110 NULL },
563 9c2f3ed7a247 nginx-0.3.3-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 547 diff changeset	111
976 b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	112 { ngx_string("ssl_session_cache"),
1136 68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	113 NGX_MAIL_MAIN_CONF\|NGX_MAIL_SRV_CONF\|NGX_CONF_TAKE12,
68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	114 ngx_mail_ssl_session_cache,
68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	115 NGX_MAIL_SRV_CONF_OFFSET,
976 b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	116 0,
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	117 NULL },
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	118
573 58475592100c nginx-0.3.8-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 563 diff changeset	119 { ngx_string("ssl_session_timeout"),
1136 68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	120 NGX_MAIL_MAIN_CONF\|NGX_MAIL_SRV_CONF\|NGX_CONF_TAKE1,
573 58475592100c nginx-0.3.8-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 563 diff changeset	121 ngx_conf_set_sec_slot,
1136 68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	122 NGX_MAIL_SRV_CONF_OFFSET,
68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	123 offsetof(ngx_mail_ssl_conf_t, session_timeout),
573 58475592100c nginx-0.3.8-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 563 diff changeset	124 NULL },
547 818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	125
539 371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	126 ngx_null_command
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	127 };
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	128
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	129
1136 68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	130 static ngx_mail_module_t ngx_mail_ssl_module_ctx = {
1487 f69493e8faab ngx_mail_pop3_module, ngx_mail_imap_module, and ngx_mail_smtp_module Igor Sysoev <igor@sysoev.ru> parents: 1136 diff changeset	131 NULL, /* protocol */
f69493e8faab ngx_mail_pop3_module, ngx_mail_imap_module, and ngx_mail_smtp_module Igor Sysoev <igor@sysoev.ru> parents: 1136 diff changeset	132
539 371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	133 NULL, /* create main configuration */
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	134 NULL, /* init main configuration */
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	135
1136 68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	136 ngx_mail_ssl_create_conf, /* create server configuration */
68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	137 ngx_mail_ssl_merge_conf /* merge server configuration */
539 371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	138 };
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	139
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	140
1136 68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	141 ngx_module_t ngx_mail_ssl_module = {
539 371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	142 NGX_MODULE_V1,
1136 68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	143 &ngx_mail_ssl_module_ctx, /* module context */
68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	144 ngx_mail_ssl_commands, /* module directives */
68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	145 NGX_MAIL_MODULE, /* module type */
541 b09ee85d0ac8 nginx-0.1.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 539 diff changeset	146 NULL, /* init master */
539 371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	147 NULL, /* init module */
541 b09ee85d0ac8 nginx-0.1.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 539 diff changeset	148 NULL, /* init process */
b09ee85d0ac8 nginx-0.1.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 539 diff changeset	149 NULL, /* init thread */
b09ee85d0ac8 nginx-0.1.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 539 diff changeset	150 NULL, /* exit thread */
b09ee85d0ac8 nginx-0.1.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 539 diff changeset	151 NULL, /* exit process */
b09ee85d0ac8 nginx-0.1.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 539 diff changeset	152 NULL, /* exit master */
b09ee85d0ac8 nginx-0.1.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 539 diff changeset	153 NGX_MODULE_V1_PADDING
539 371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	154 };
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	155
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	156
1136 68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	157 static ngx_str_t ngx_mail_ssl_sess_id_ctx = ngx_string("MAIL");
543 511a89da35ad nginx-0.2.0-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 541 diff changeset	158
511a89da35ad nginx-0.2.0-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 541 diff changeset	159
539 371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	160 static void *
1136 68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	161 ngx_mail_ssl_create_conf(ngx_conf_t *cf)
577 4d9ea73a627a nginx-0.3.10-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 573 diff changeset	162 {
1136 68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	163 ngx_mail_ssl_conf_t *scf;
577 4d9ea73a627a nginx-0.3.10-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 573 diff changeset	164
1136 68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	165 scf = ngx_pcalloc(cf->pool, sizeof(ngx_mail_ssl_conf_t));
539 371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	166 if (scf == NULL) {
2912 c7d57b539248 return NULL instead of NGX_CONF_ERROR on a create conf failure Igor Sysoev <igor@sysoev.ru> parents: 2759 diff changeset	167 return NULL;
539 371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	168 }
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	169
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	170 /*
577 4d9ea73a627a nginx-0.3.10-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 573 diff changeset	171 * set by ngx_pcalloc():
539 371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	172 *
547 818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	173 * scf->protocols = 0;
2044 f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	174 * scf->certificate = { 0, NULL };
f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	175 * scf->certificate_key = { 0, NULL };
f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	176 * scf->dhparam = { 0, NULL };
3960 0832a6997227 ECDHE support Igor Sysoev <igor@sysoev.ru> parents: 3959 diff changeset	177 * scf->ecdh_curve = { 0, NULL };
3516 dd1570b6f237 ngx_str_set() and ngx_str_null() Igor Sysoev <igor@sysoev.ru> parents: 3196 diff changeset	178 * scf->ciphers = { 0, NULL };
976 b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	179 * scf->shm_zone = NULL;
539 371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	180 */
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	181
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	182 scf->enable = NGX_CONF_UNSET;
2759 38cb2238db13 fix building by MSVC8 Igor Sysoev <igor@sysoev.ru> parents: 2224 diff changeset	183 scf->starttls = NGX_CONF_UNSET_UINT;
976 b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	184 scf->prefer_server_ciphers = NGX_CONF_UNSET;
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	185 scf->builtin_session_cache = NGX_CONF_UNSET;
573 58475592100c nginx-0.3.8-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 563 diff changeset	186 scf->session_timeout = NGX_CONF_UNSET;
539 371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	187
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	188 return scf;
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	189 }
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	190
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	191
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	192 static char *
1136 68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	193 ngx_mail_ssl_merge_conf(ngx_conf_t cf, void parent, void *child)
539 371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	194 {
1136 68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	195 ngx_mail_ssl_conf_t *prev = parent;
68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	196 ngx_mail_ssl_conf_t *conf = child;
539 371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	197
2224 109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	198 char *mode;
563 9c2f3ed7a247 nginx-0.3.3-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 547 diff changeset	199 ngx_pool_cleanup_t *cln;
9c2f3ed7a247 nginx-0.3.3-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 547 diff changeset	200
539 371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	201 ngx_conf_merge_value(conf->enable, prev->enable, 0);
2224 109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	202 ngx_conf_merge_uint_value(conf->starttls, prev->starttls,
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	203 NGX_MAIL_STARTTLS_OFF);
539 371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	204
573 58475592100c nginx-0.3.8-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 563 diff changeset	205 ngx_conf_merge_value(conf->session_timeout,
58475592100c nginx-0.3.8-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 563 diff changeset	206 prev->session_timeout, 300);
58475592100c nginx-0.3.8-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 563 diff changeset	207
547 818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	208 ngx_conf_merge_value(conf->prefer_server_ciphers,
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	209 prev->prefer_server_ciphers, 0);
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	210
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	211 ngx_conf_merge_bitmask_value(conf->protocols, prev->protocols,
4400 a0505851e70c Added support for TLSv1.1, TLSv1.2 in ssl_protocols directive. Maxim Dounin <mdounin@mdounin.ru> parents: 4153 diff changeset	212 (NGX_CONF_BITMASK_SET\|NGX_SSL_SSLv3\|NGX_SSL_TLSv1
a0505851e70c Added support for TLSv1.1, TLSv1.2 in ssl_protocols directive. Maxim Dounin <mdounin@mdounin.ru> parents: 4153 diff changeset	213 \|NGX_SSL_TLSv1_1\|NGX_SSL_TLSv1_2));
547 818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	214
2224 109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	215 ngx_conf_merge_str_value(conf->certificate, prev->certificate, "");
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	216 ngx_conf_merge_str_value(conf->certificate_key, prev->certificate_key, "");
539 371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	217
2044 f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	218 ngx_conf_merge_str_value(conf->dhparam, prev->dhparam, "");
f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	219
3960 0832a6997227 ECDHE support Igor Sysoev <igor@sysoev.ru> parents: 3959 diff changeset	220 ngx_conf_merge_str_value(conf->ecdh_curve, prev->ecdh_curve,
0832a6997227 ECDHE support Igor Sysoev <igor@sysoev.ru> parents: 3959 diff changeset	221 NGX_DEFAULT_ECDH_CURVE);
0832a6997227 ECDHE support Igor Sysoev <igor@sysoev.ru> parents: 3959 diff changeset	222
2124 e0b424b98f24 fix typo Igor Sysoev <igor@sysoev.ru> parents: 2044 diff changeset	223 ngx_conf_merge_str_value(conf->ciphers, prev->ciphers, NGX_DEFAULT_CIPHERS);
539 371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	224
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	225
547 818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	226 conf->ssl.log = cf->log;
539 371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	227
2224 109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	228 if (conf->enable) {
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	229 mode = "ssl";
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	230
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	231 } else if (conf->starttls != NGX_MAIL_STARTTLS_OFF) {
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	232 mode = "starttls";
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	233
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	234 } else {
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	235 mode = "";
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	236 }
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	237
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	238 if (*mode) {
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	239
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	240 if (conf->certificate.len == 0) {
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	241 ngx_log_error(NGX_LOG_EMERG, cf->log, 0,
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	242 "no \"ssl_certificate\" is defined for "
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	243 "the \"%s\" directive in %s:%ui",
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	244 mode, conf->file, conf->line);
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	245 return NGX_CONF_ERROR;
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	246 }
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	247
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	248 if (conf->certificate_key.len == 0) {
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	249 ngx_log_error(NGX_LOG_EMERG, cf->log, 0,
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	250 "no \"ssl_certificate_key\" is defined for "
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	251 "the \"%s\" directive in %s:%ui",
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	252 mode, conf->file, conf->line);
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	253 return NGX_CONF_ERROR;
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	254 }
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	255
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	256 } else {
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	257
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	258 if (conf->certificate.len == 0) {
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	259 return NGX_CONF_OK;
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	260 }
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	261
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	262 if (conf->certificate_key.len == 0) {
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	263 ngx_log_error(NGX_LOG_EMERG, cf->log, 0,
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	264 "no \"ssl_certificate_key\" is defined "
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	265 "for certificate \"%V\"",
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	266 &conf->certificate);
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	267 return NGX_CONF_ERROR;
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	268 }
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	269 }
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	270
969 065b39794fff ngx_ssl_get_server_conf() Igor Sysoev <igor@sysoev.ru> parents: 583 diff changeset	271 if (ngx_ssl_create(&conf->ssl, conf->protocols, NULL) != NGX_OK) {
539 371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	272 return NGX_CONF_ERROR;
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	273 }
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	274
563 9c2f3ed7a247 nginx-0.3.3-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 547 diff changeset	275 cln = ngx_pool_cleanup_add(cf->pool, 0);
9c2f3ed7a247 nginx-0.3.3-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 547 diff changeset	276 if (cln == NULL) {
539 371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	277 return NGX_CONF_ERROR;
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	278 }
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	279
563 9c2f3ed7a247 nginx-0.3.3-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 547 diff changeset	280 cln->handler = ngx_ssl_cleanup_ctx;
9c2f3ed7a247 nginx-0.3.3-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 547 diff changeset	281 cln->data = &conf->ssl;
9c2f3ed7a247 nginx-0.3.3-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 547 diff changeset	282
9c2f3ed7a247 nginx-0.3.3-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 547 diff changeset	283 if (ngx_ssl_certificate(cf, &conf->ssl, &conf->certificate,
9c2f3ed7a247 nginx-0.3.3-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 547 diff changeset	284 &conf->certificate_key)
9c2f3ed7a247 nginx-0.3.3-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 547 diff changeset	285 != NGX_OK)
547 818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	286 {
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	287 return NGX_CONF_ERROR;
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	288 }
539 371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	289
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	290 if (conf->ciphers.len) {
547 818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	291 if (SSL_CTX_set_cipher_list(conf->ssl.ctx,
563 9c2f3ed7a247 nginx-0.3.3-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 547 diff changeset	292 (const char *) conf->ciphers.data)
9c2f3ed7a247 nginx-0.3.3-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 547 diff changeset	293 == 0)
539 371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	294 {
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	295 ngx_ssl_error(NGX_LOG_EMERG, cf->log, 0,
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	296 "SSL_CTX_set_cipher_list(\"%V\") failed",
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	297 &conf->ciphers);
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	298 }
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	299 }
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	300
563 9c2f3ed7a247 nginx-0.3.3-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 547 diff changeset	301 if (conf->prefer_server_ciphers) {
9c2f3ed7a247 nginx-0.3.3-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 547 diff changeset	302 SSL_CTX_set_options(conf->ssl.ctx, SSL_OP_CIPHER_SERVER_PREFERENCE);
9c2f3ed7a247 nginx-0.3.3-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 547 diff changeset	303 }
9c2f3ed7a247 nginx-0.3.3-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 547 diff changeset	304
3959 b1f48fa31e6c MSIE export versions are rare now, so RSA 512 key is generated on demand Igor Sysoev <igor@sysoev.ru> parents: 3938 diff changeset	305 SSL_CTX_set_tmp_rsa_callback(conf->ssl.ctx, ngx_ssl_rsa512_key_callback);
539 371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	306
2044 f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	307 if (ngx_ssl_dhparam(cf, &conf->ssl, &conf->dhparam) != NGX_OK) {
f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	308 return NGX_CONF_ERROR;
f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	309 }
f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	310
976 b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	311 ngx_conf_merge_value(conf->builtin_session_cache,
2032 12b3ad3353f9 ssl_session_cache none Igor Sysoev <igor@sysoev.ru> parents: 1778 diff changeset	312 prev->builtin_session_cache, NGX_SSL_NONE_SCACHE);
976 b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	313
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	314 if (conf->shm_zone == NULL) {
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	315 conf->shm_zone = prev->shm_zone;
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	316 }
539 371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	317
1136 68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	318 if (ngx_ssl_session_cache(&conf->ssl, &ngx_mail_ssl_sess_id_ctx,
976 b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	319 conf->builtin_session_cache,
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	320 conf->shm_zone, conf->session_timeout)
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	321 != NGX_OK)
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	322 {
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	323 return NGX_CONF_ERROR;
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	324 }
573 58475592100c nginx-0.3.8-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 563 diff changeset	325
539 371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	326 return NGX_CONF_OK;
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	327 }
563 9c2f3ed7a247 nginx-0.3.3-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 547 diff changeset	328
577 4d9ea73a627a nginx-0.3.10-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 573 diff changeset	329
976 b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	330 static char *
2224 109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	331 ngx_mail_ssl_enable(ngx_conf_t cf, ngx_command_t cmd, void *conf)
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	332 {
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	333 ngx_mail_ssl_conf_t *scf = conf;
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	334
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	335 char *rv;
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	336
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	337 rv = ngx_conf_set_flag_slot(cf, cmd, conf);
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	338
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	339 if (rv != NGX_CONF_OK) {
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	340 return rv;
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	341 }
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	342
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	343 if (scf->enable && (ngx_int_t) scf->starttls > NGX_MAIL_STARTTLS_OFF) {
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	344 ngx_conf_log_error(NGX_LOG_WARN, cf, 0,
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	345 "\"starttls\" directive conflicts with \"ssl on\"");
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	346 return NGX_CONF_ERROR;
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	347 }
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	348
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	349 scf->file = cf->conf_file->file.name.data;
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	350 scf->line = cf->conf_file->line;
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	351
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	352 return NGX_CONF_OK;
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	353 }
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	354
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	355
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	356 static char *
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	357 ngx_mail_ssl_starttls(ngx_conf_t cf, ngx_command_t cmd, void *conf)
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	358 {
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	359 ngx_mail_ssl_conf_t *scf = conf;
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	360
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	361 char *rv;
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	362
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	363 rv = ngx_conf_set_enum_slot(cf, cmd, conf);
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	364
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	365 if (rv != NGX_CONF_OK) {
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	366 return rv;
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	367 }
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	368
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	369 if (scf->enable == 1 && (ngx_int_t) scf->starttls > NGX_MAIL_STARTTLS_OFF) {
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	370 ngx_conf_log_error(NGX_LOG_WARN, cf, 0,
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	371 "\"ssl\" directive conflicts with \"starttls\"");
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	372 return NGX_CONF_ERROR;
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	373 }
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	374
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	375 scf->file = cf->conf_file->file.name.data;
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	376 scf->line = cf->conf_file->line;
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	377
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	378 return NGX_CONF_OK;
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	379 }
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	380
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	381
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	382 static char *
1136 68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	383 ngx_mail_ssl_session_cache(ngx_conf_t cf, ngx_command_t cmd, void *conf)
976 b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	384 {
1136 68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	385 ngx_mail_ssl_conf_t *scf = conf;
976 b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	386
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	387 size_t len;
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	388 ngx_str_t *value, name, size;
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	389 ngx_int_t n;
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	390 ngx_uint_t i, j;
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	391
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	392 value = cf->args->elts;
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	393
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	394 for (i = 1; i < cf->args->nelts; i++) {
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	395
1778 14510c3cc6cb ssl_session_cache off Igor Sysoev <igor@sysoev.ru> parents: 1487 diff changeset	396 if (ngx_strcmp(value[i].data, "off") == 0) {
14510c3cc6cb ssl_session_cache off Igor Sysoev <igor@sysoev.ru> parents: 1487 diff changeset	397 scf->builtin_session_cache = NGX_SSL_NO_SCACHE;
14510c3cc6cb ssl_session_cache off Igor Sysoev <igor@sysoev.ru> parents: 1487 diff changeset	398 continue;
14510c3cc6cb ssl_session_cache off Igor Sysoev <igor@sysoev.ru> parents: 1487 diff changeset	399 }
14510c3cc6cb ssl_session_cache off Igor Sysoev <igor@sysoev.ru> parents: 1487 diff changeset	400
2032 12b3ad3353f9 ssl_session_cache none Igor Sysoev <igor@sysoev.ru> parents: 1778 diff changeset	401 if (ngx_strcmp(value[i].data, "none") == 0) {
12b3ad3353f9 ssl_session_cache none Igor Sysoev <igor@sysoev.ru> parents: 1778 diff changeset	402 scf->builtin_session_cache = NGX_SSL_NONE_SCACHE;
12b3ad3353f9 ssl_session_cache none Igor Sysoev <igor@sysoev.ru> parents: 1778 diff changeset	403 continue;
12b3ad3353f9 ssl_session_cache none Igor Sysoev <igor@sysoev.ru> parents: 1778 diff changeset	404 }
12b3ad3353f9 ssl_session_cache none Igor Sysoev <igor@sysoev.ru> parents: 1778 diff changeset	405
976 b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	406 if (ngx_strcmp(value[i].data, "builtin") == 0) {
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	407 scf->builtin_session_cache = NGX_SSL_DFLT_BUILTIN_SCACHE;
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	408 continue;
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	409 }
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	410
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	411 if (value[i].len > sizeof("builtin:") - 1
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	412 && ngx_strncmp(value[i].data, "builtin:", sizeof("builtin:") - 1)
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	413 == 0)
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	414 {
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	415 n = ngx_atoi(value[i].data + sizeof("builtin:") - 1,
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	416 value[i].len - (sizeof("builtin:") - 1));
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	417
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	418 if (n == NGX_ERROR) {
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	419 goto invalid;
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	420 }
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	421
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	422 scf->builtin_session_cache = n;
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	423
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	424 continue;
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	425 }
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	426
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	427 if (value[i].len > sizeof("shared:") - 1
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	428 && ngx_strncmp(value[i].data, "shared:", sizeof("shared:") - 1)
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	429 == 0)
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	430 {
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	431 len = 0;
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	432
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	433 for (j = sizeof("shared:") - 1; j < value[i].len; j++) {
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	434 if (value[i].data[j] == ':') {
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	435 break;
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	436 }
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	437
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	438 len++;
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	439 }
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	440
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	441 if (len == 0) {
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	442 goto invalid;
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	443 }
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	444
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	445 name.len = len;
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	446 name.data = value[i].data + sizeof("shared:") - 1;
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	447
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	448 size.len = value[i].len - j - 1;
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	449 size.data = name.data + len + 1;
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	450
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	451 n = ngx_parse_size(&size);
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	452
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	453 if (n == NGX_ERROR) {
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	454 goto invalid;
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	455 }
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	456
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	457 if (n < (ngx_int_t) (8 * ngx_pagesize)) {
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	458 ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	459 "session cache \"%V\" is too small",
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	460 &value[i]);
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	461
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	462 return NGX_CONF_ERROR;
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	463 }
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	464
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	465 scf->shm_zone = ngx_shared_memory_add(cf, &name, n,
1136 68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	466 &ngx_mail_ssl_module);
976 b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	467 if (scf->shm_zone == NULL) {
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	468 return NGX_CONF_ERROR;
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	469 }
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	470
4153 7de74ed694c8 Fix for "ssl_session_cache builtin" (broken since 1.1.1, r3993). Maxim Dounin <mdounin@mdounin.ru> parents: 3992 diff changeset	471 scf->shm_zone->init = ngx_ssl_session_cache_init;
7de74ed694c8 Fix for "ssl_session_cache builtin" (broken since 1.1.1, r3993). Maxim Dounin <mdounin@mdounin.ru> parents: 3992 diff changeset	472
976 b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	473 continue;
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	474 }
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	475
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	476 goto invalid;
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	477 }
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	478
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	479 if (scf->shm_zone && scf->builtin_session_cache == NGX_CONF_UNSET) {
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	480 scf->builtin_session_cache = NGX_SSL_NO_BUILTIN_SCACHE;
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	481 }
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	482
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	483 return NGX_CONF_OK;
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	484
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	485 invalid:
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	486
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	487 ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	488 "invalid session cache \"%V\"", &value[i]);
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	489
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	490 return NGX_CONF_ERROR;
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	491 }

Mercurial > hg > nginx

annotate src/mail/ngx_mail_ssl_module.c @ 4749:613750237b36