nginx: src/mail/ngx_mail_ssl

annotate src/mail/ngx_mail_ssl_module.c @ 3992:a1dd9dc754ab

A new fix for the case when ssl_session_cache defined, but ssl is not enabled in any server. The previous r1033 does not help when unused zone becomes used after reconfiguration, so it is backed out. The initial thought was to make SSL modules independed from SSL implementation and to keep OpenSSL code dependance as much as in separate files.

author	Igor Sysoev <igor@sysoev.ru>
date	Thu, 04 Aug 2011 11:12:30 +0000
parents	0832a6997227
children	7de74ed694c8

rev	line source
539 371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	1
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	2 /*
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	3 * Copyright (C) Igor Sysoev
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	4 */
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	5
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	6
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	7 #include <ngx_config.h>
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	8 #include <ngx_core.h>
1136 68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	9 #include <ngx_mail.h>
539 371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	10
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	11
3960 0832a6997227 ECDHE support Igor Sysoev <igor@sysoev.ru> parents: 3959 diff changeset	12 #define NGX_DEFAULT_CIPHERS "HIGH:!aNULL:!MD5"
0832a6997227 ECDHE support Igor Sysoev <igor@sysoev.ru> parents: 3959 diff changeset	13 #define NGX_DEFAULT_ECDH_CURVE "prime256v1"
539 371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	14
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	15
1136 68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	16 static void ngx_mail_ssl_create_conf(ngx_conf_t cf);
68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	17 static char ngx_mail_ssl_merge_conf(ngx_conf_t cf, void parent, void child);
2224 109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	18
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	19 static char ngx_mail_ssl_enable(ngx_conf_t cf, ngx_command_t *cmd,
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	20 void *conf);
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	21 static char ngx_mail_ssl_starttls(ngx_conf_t cf, ngx_command_t *cmd,
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	22 void *conf);
1136 68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	23 static char ngx_mail_ssl_session_cache(ngx_conf_t cf, ngx_command_t *cmd,
976 b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	24 void *conf);
539 371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	25
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	26
583 4e296b7d25bf nginx-0.3.13-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 577 diff changeset	27 static ngx_conf_enum_t ngx_http_starttls_state[] = {
1136 68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	28 { ngx_string("off"), NGX_MAIL_STARTTLS_OFF },
68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	29 { ngx_string("on"), NGX_MAIL_STARTTLS_ON },
68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	30 { ngx_string("only"), NGX_MAIL_STARTTLS_ONLY },
583 4e296b7d25bf nginx-0.3.13-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 577 diff changeset	31 { ngx_null_string, 0 }
4e296b7d25bf nginx-0.3.13-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 577 diff changeset	32 };
4e296b7d25bf nginx-0.3.13-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 577 diff changeset	33
4e296b7d25bf nginx-0.3.13-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 577 diff changeset	34
4e296b7d25bf nginx-0.3.13-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 577 diff changeset	35
1136 68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	36 static ngx_conf_bitmask_t ngx_mail_ssl_protocols[] = {
547 818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	37 { ngx_string("SSLv2"), NGX_SSL_SSLv2 },
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	38 { ngx_string("SSLv3"), NGX_SSL_SSLv3 },
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	39 { ngx_string("TLSv1"), NGX_SSL_TLSv1 },
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	40 { ngx_null_string, 0 }
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	41 };
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	42
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	43
1136 68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	44 static ngx_command_t ngx_mail_ssl_commands[] = {
539 371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	45
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	46 { ngx_string("ssl"),
1136 68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	47 NGX_MAIL_MAIN_CONF\|NGX_MAIL_SRV_CONF\|NGX_CONF_FLAG,
2224 109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	48 ngx_mail_ssl_enable,
1136 68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	49 NGX_MAIL_SRV_CONF_OFFSET,
68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	50 offsetof(ngx_mail_ssl_conf_t, enable),
539 371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	51 NULL },
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	52
583 4e296b7d25bf nginx-0.3.13-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 577 diff changeset	53 { ngx_string("starttls"),
1136 68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	54 NGX_MAIL_MAIN_CONF\|NGX_MAIL_SRV_CONF\|NGX_CONF_TAKE1,
2224 109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	55 ngx_mail_ssl_starttls,
1136 68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	56 NGX_MAIL_SRV_CONF_OFFSET,
68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	57 offsetof(ngx_mail_ssl_conf_t, starttls),
583 4e296b7d25bf nginx-0.3.13-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 577 diff changeset	58 ngx_http_starttls_state },
4e296b7d25bf nginx-0.3.13-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 577 diff changeset	59
539 371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	60 { ngx_string("ssl_certificate"),
1136 68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	61 NGX_MAIL_MAIN_CONF\|NGX_MAIL_SRV_CONF\|NGX_CONF_TAKE1,
539 371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	62 ngx_conf_set_str_slot,
1136 68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	63 NGX_MAIL_SRV_CONF_OFFSET,
68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	64 offsetof(ngx_mail_ssl_conf_t, certificate),
539 371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	65 NULL },
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	66
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	67 { ngx_string("ssl_certificate_key"),
1136 68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	68 NGX_MAIL_MAIN_CONF\|NGX_MAIL_SRV_CONF\|NGX_CONF_TAKE1,
539 371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	69 ngx_conf_set_str_slot,
1136 68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	70 NGX_MAIL_SRV_CONF_OFFSET,
68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	71 offsetof(ngx_mail_ssl_conf_t, certificate_key),
539 371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	72 NULL },
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	73
2044 f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	74 { ngx_string("ssl_dhparam"),
f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	75 NGX_MAIL_MAIN_CONF\|NGX_MAIL_SRV_CONF\|NGX_CONF_TAKE1,
f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	76 ngx_conf_set_str_slot,
f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	77 NGX_MAIL_SRV_CONF_OFFSET,
f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	78 offsetof(ngx_mail_ssl_conf_t, dhparam),
f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	79 NULL },
f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	80
3960 0832a6997227 ECDHE support Igor Sysoev <igor@sysoev.ru> parents: 3959 diff changeset	81 { ngx_string("ssl_ecdh_curve"),
0832a6997227 ECDHE support Igor Sysoev <igor@sysoev.ru> parents: 3959 diff changeset	82 NGX_MAIL_MAIN_CONF\|NGX_MAIL_SRV_CONF\|NGX_CONF_TAKE1,
0832a6997227 ECDHE support Igor Sysoev <igor@sysoev.ru> parents: 3959 diff changeset	83 ngx_conf_set_str_slot,
0832a6997227 ECDHE support Igor Sysoev <igor@sysoev.ru> parents: 3959 diff changeset	84 NGX_MAIL_SRV_CONF_OFFSET,
0832a6997227 ECDHE support Igor Sysoev <igor@sysoev.ru> parents: 3959 diff changeset	85 offsetof(ngx_mail_ssl_conf_t, ecdh_curve),
0832a6997227 ECDHE support Igor Sysoev <igor@sysoev.ru> parents: 3959 diff changeset	86 NULL },
0832a6997227 ECDHE support Igor Sysoev <igor@sysoev.ru> parents: 3959 diff changeset	87
547 818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	88 { ngx_string("ssl_protocols"),
1136 68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	89 NGX_MAIL_MAIN_CONF\|NGX_MAIL_SRV_CONF\|NGX_CONF_1MORE,
547 818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	90 ngx_conf_set_bitmask_slot,
1136 68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	91 NGX_MAIL_SRV_CONF_OFFSET,
68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	92 offsetof(ngx_mail_ssl_conf_t, protocols),
68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	93 &ngx_mail_ssl_protocols },
547 818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	94
539 371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	95 { ngx_string("ssl_ciphers"),
1136 68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	96 NGX_MAIL_MAIN_CONF\|NGX_MAIL_SRV_CONF\|NGX_CONF_TAKE1,
539 371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	97 ngx_conf_set_str_slot,
1136 68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	98 NGX_MAIL_SRV_CONF_OFFSET,
68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	99 offsetof(ngx_mail_ssl_conf_t, ciphers),
539 371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	100 NULL },
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	101
547 818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	102 { ngx_string("ssl_prefer_server_ciphers"),
1136 68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	103 NGX_MAIL_MAIN_CONF\|NGX_MAIL_SRV_CONF\|NGX_CONF_FLAG,
547 818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	104 ngx_conf_set_flag_slot,
1136 68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	105 NGX_MAIL_SRV_CONF_OFFSET,
68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	106 offsetof(ngx_mail_ssl_conf_t, prefer_server_ciphers),
547 818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	107 NULL },
563 9c2f3ed7a247 nginx-0.3.3-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 547 diff changeset	108
976 b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	109 { ngx_string("ssl_session_cache"),
1136 68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	110 NGX_MAIL_MAIN_CONF\|NGX_MAIL_SRV_CONF\|NGX_CONF_TAKE12,
68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	111 ngx_mail_ssl_session_cache,
68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	112 NGX_MAIL_SRV_CONF_OFFSET,
976 b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	113 0,
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	114 NULL },
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	115
573 58475592100c nginx-0.3.8-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 563 diff changeset	116 { ngx_string("ssl_session_timeout"),
1136 68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	117 NGX_MAIL_MAIN_CONF\|NGX_MAIL_SRV_CONF\|NGX_CONF_TAKE1,
573 58475592100c nginx-0.3.8-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 563 diff changeset	118 ngx_conf_set_sec_slot,
1136 68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	119 NGX_MAIL_SRV_CONF_OFFSET,
68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	120 offsetof(ngx_mail_ssl_conf_t, session_timeout),
573 58475592100c nginx-0.3.8-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 563 diff changeset	121 NULL },
547 818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	122
539 371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	123 ngx_null_command
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	124 };
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	125
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	126
1136 68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	127 static ngx_mail_module_t ngx_mail_ssl_module_ctx = {
1487 f69493e8faab ngx_mail_pop3_module, ngx_mail_imap_module, and ngx_mail_smtp_module Igor Sysoev <igor@sysoev.ru> parents: 1136 diff changeset	128 NULL, /* protocol */
f69493e8faab ngx_mail_pop3_module, ngx_mail_imap_module, and ngx_mail_smtp_module Igor Sysoev <igor@sysoev.ru> parents: 1136 diff changeset	129
539 371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	130 NULL, /* create main configuration */
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	131 NULL, /* init main configuration */
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	132
1136 68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	133 ngx_mail_ssl_create_conf, /* create server configuration */
68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	134 ngx_mail_ssl_merge_conf /* merge server configuration */
539 371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	135 };
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	136
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	137
1136 68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	138 ngx_module_t ngx_mail_ssl_module = {
539 371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	139 NGX_MODULE_V1,
1136 68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	140 &ngx_mail_ssl_module_ctx, /* module context */
68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	141 ngx_mail_ssl_commands, /* module directives */
68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	142 NGX_MAIL_MODULE, /* module type */
541 b09ee85d0ac8 nginx-0.1.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 539 diff changeset	143 NULL, /* init master */
539 371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	144 NULL, /* init module */
541 b09ee85d0ac8 nginx-0.1.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 539 diff changeset	145 NULL, /* init process */
b09ee85d0ac8 nginx-0.1.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 539 diff changeset	146 NULL, /* init thread */
b09ee85d0ac8 nginx-0.1.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 539 diff changeset	147 NULL, /* exit thread */
b09ee85d0ac8 nginx-0.1.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 539 diff changeset	148 NULL, /* exit process */
b09ee85d0ac8 nginx-0.1.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 539 diff changeset	149 NULL, /* exit master */
b09ee85d0ac8 nginx-0.1.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 539 diff changeset	150 NGX_MODULE_V1_PADDING
539 371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	151 };
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	152
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	153
1136 68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	154 static ngx_str_t ngx_mail_ssl_sess_id_ctx = ngx_string("MAIL");
543 511a89da35ad nginx-0.2.0-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 541 diff changeset	155
511a89da35ad nginx-0.2.0-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 541 diff changeset	156
539 371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	157 static void *
1136 68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	158 ngx_mail_ssl_create_conf(ngx_conf_t *cf)
577 4d9ea73a627a nginx-0.3.10-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 573 diff changeset	159 {
1136 68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	160 ngx_mail_ssl_conf_t *scf;
577 4d9ea73a627a nginx-0.3.10-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 573 diff changeset	161
1136 68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	162 scf = ngx_pcalloc(cf->pool, sizeof(ngx_mail_ssl_conf_t));
539 371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	163 if (scf == NULL) {
2912 c7d57b539248 return NULL instead of NGX_CONF_ERROR on a create conf failure Igor Sysoev <igor@sysoev.ru> parents: 2759 diff changeset	164 return NULL;
539 371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	165 }
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	166
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	167 /*
577 4d9ea73a627a nginx-0.3.10-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 573 diff changeset	168 * set by ngx_pcalloc():
539 371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	169 *
547 818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	170 * scf->protocols = 0;
2044 f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	171 * scf->certificate = { 0, NULL };
f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	172 * scf->certificate_key = { 0, NULL };
f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	173 * scf->dhparam = { 0, NULL };
3960 0832a6997227 ECDHE support Igor Sysoev <igor@sysoev.ru> parents: 3959 diff changeset	174 * scf->ecdh_curve = { 0, NULL };
3516 dd1570b6f237 ngx_str_set() and ngx_str_null() Igor Sysoev <igor@sysoev.ru> parents: 3196 diff changeset	175 * scf->ciphers = { 0, NULL };
976 b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	176 * scf->shm_zone = NULL;
539 371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	177 */
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	178
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	179 scf->enable = NGX_CONF_UNSET;
2759 38cb2238db13 fix building by MSVC8 Igor Sysoev <igor@sysoev.ru> parents: 2224 diff changeset	180 scf->starttls = NGX_CONF_UNSET_UINT;
976 b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	181 scf->prefer_server_ciphers = NGX_CONF_UNSET;
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	182 scf->builtin_session_cache = NGX_CONF_UNSET;
573 58475592100c nginx-0.3.8-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 563 diff changeset	183 scf->session_timeout = NGX_CONF_UNSET;
539 371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	184
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	185 return scf;
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	186 }
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	187
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	188
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	189 static char *
1136 68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	190 ngx_mail_ssl_merge_conf(ngx_conf_t cf, void parent, void *child)
539 371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	191 {
1136 68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	192 ngx_mail_ssl_conf_t *prev = parent;
68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	193 ngx_mail_ssl_conf_t *conf = child;
539 371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	194
2224 109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	195 char *mode;
563 9c2f3ed7a247 nginx-0.3.3-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 547 diff changeset	196 ngx_pool_cleanup_t *cln;
9c2f3ed7a247 nginx-0.3.3-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 547 diff changeset	197
539 371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	198 ngx_conf_merge_value(conf->enable, prev->enable, 0);
2224 109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	199 ngx_conf_merge_uint_value(conf->starttls, prev->starttls,
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	200 NGX_MAIL_STARTTLS_OFF);
539 371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	201
573 58475592100c nginx-0.3.8-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 563 diff changeset	202 ngx_conf_merge_value(conf->session_timeout,
58475592100c nginx-0.3.8-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 563 diff changeset	203 prev->session_timeout, 300);
58475592100c nginx-0.3.8-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 563 diff changeset	204
547 818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	205 ngx_conf_merge_value(conf->prefer_server_ciphers,
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	206 prev->prefer_server_ciphers, 0);
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	207
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	208 ngx_conf_merge_bitmask_value(conf->protocols, prev->protocols,
3190 dd2ae3872634 disable SSLv2 and low ciphers by default Igor Sysoev <igor@sysoev.ru> parents: 2996 diff changeset	209 (NGX_CONF_BITMASK_SET\|NGX_SSL_SSLv3\|NGX_SSL_TLSv1));
547 818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	210
2224 109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	211 ngx_conf_merge_str_value(conf->certificate, prev->certificate, "");
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	212 ngx_conf_merge_str_value(conf->certificate_key, prev->certificate_key, "");
539 371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	213
2044 f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	214 ngx_conf_merge_str_value(conf->dhparam, prev->dhparam, "");
f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	215
3960 0832a6997227 ECDHE support Igor Sysoev <igor@sysoev.ru> parents: 3959 diff changeset	216 ngx_conf_merge_str_value(conf->ecdh_curve, prev->ecdh_curve,
0832a6997227 ECDHE support Igor Sysoev <igor@sysoev.ru> parents: 3959 diff changeset	217 NGX_DEFAULT_ECDH_CURVE);
0832a6997227 ECDHE support Igor Sysoev <igor@sysoev.ru> parents: 3959 diff changeset	218
2124 e0b424b98f24 fix typo Igor Sysoev <igor@sysoev.ru> parents: 2044 diff changeset	219 ngx_conf_merge_str_value(conf->ciphers, prev->ciphers, NGX_DEFAULT_CIPHERS);
539 371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	220
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	221
547 818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	222 conf->ssl.log = cf->log;
539 371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	223
2224 109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	224 if (conf->enable) {
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	225 mode = "ssl";
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	226
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	227 } else if (conf->starttls != NGX_MAIL_STARTTLS_OFF) {
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	228 mode = "starttls";
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	229
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	230 } else {
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	231 mode = "";
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	232 }
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	233
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	234 if (*mode) {
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	235
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	236 if (conf->certificate.len == 0) {
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	237 ngx_log_error(NGX_LOG_EMERG, cf->log, 0,
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	238 "no \"ssl_certificate\" is defined for "
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	239 "the \"%s\" directive in %s:%ui",
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	240 mode, conf->file, conf->line);
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	241 return NGX_CONF_ERROR;
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	242 }
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	243
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	244 if (conf->certificate_key.len == 0) {
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	245 ngx_log_error(NGX_LOG_EMERG, cf->log, 0,
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	246 "no \"ssl_certificate_key\" is defined for "
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	247 "the \"%s\" directive in %s:%ui",
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	248 mode, conf->file, conf->line);
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	249 return NGX_CONF_ERROR;
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	250 }
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	251
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	252 } else {
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	253
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	254 if (conf->certificate.len == 0) {
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	255 return NGX_CONF_OK;
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	256 }
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	257
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	258 if (conf->certificate_key.len == 0) {
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	259 ngx_log_error(NGX_LOG_EMERG, cf->log, 0,
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	260 "no \"ssl_certificate_key\" is defined "
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	261 "for certificate \"%V\"",
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	262 &conf->certificate);
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	263 return NGX_CONF_ERROR;
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	264 }
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	265 }
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	266
969 065b39794fff ngx_ssl_get_server_conf() Igor Sysoev <igor@sysoev.ru> parents: 583 diff changeset	267 if (ngx_ssl_create(&conf->ssl, conf->protocols, NULL) != NGX_OK) {
539 371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	268 return NGX_CONF_ERROR;
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	269 }
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	270
563 9c2f3ed7a247 nginx-0.3.3-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 547 diff changeset	271 cln = ngx_pool_cleanup_add(cf->pool, 0);
9c2f3ed7a247 nginx-0.3.3-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 547 diff changeset	272 if (cln == NULL) {
539 371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	273 return NGX_CONF_ERROR;
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	274 }
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	275
563 9c2f3ed7a247 nginx-0.3.3-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 547 diff changeset	276 cln->handler = ngx_ssl_cleanup_ctx;
9c2f3ed7a247 nginx-0.3.3-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 547 diff changeset	277 cln->data = &conf->ssl;
9c2f3ed7a247 nginx-0.3.3-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 547 diff changeset	278
9c2f3ed7a247 nginx-0.3.3-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 547 diff changeset	279 if (ngx_ssl_certificate(cf, &conf->ssl, &conf->certificate,
9c2f3ed7a247 nginx-0.3.3-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 547 diff changeset	280 &conf->certificate_key)
9c2f3ed7a247 nginx-0.3.3-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 547 diff changeset	281 != NGX_OK)
547 818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	282 {
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	283 return NGX_CONF_ERROR;
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	284 }
539 371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	285
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	286 if (conf->ciphers.len) {
547 818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	287 if (SSL_CTX_set_cipher_list(conf->ssl.ctx,
563 9c2f3ed7a247 nginx-0.3.3-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 547 diff changeset	288 (const char *) conf->ciphers.data)
9c2f3ed7a247 nginx-0.3.3-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 547 diff changeset	289 == 0)
539 371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	290 {
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	291 ngx_ssl_error(NGX_LOG_EMERG, cf->log, 0,
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	292 "SSL_CTX_set_cipher_list(\"%V\") failed",
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	293 &conf->ciphers);
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	294 }
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	295 }
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	296
563 9c2f3ed7a247 nginx-0.3.3-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 547 diff changeset	297 if (conf->prefer_server_ciphers) {
9c2f3ed7a247 nginx-0.3.3-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 547 diff changeset	298 SSL_CTX_set_options(conf->ssl.ctx, SSL_OP_CIPHER_SERVER_PREFERENCE);
9c2f3ed7a247 nginx-0.3.3-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 547 diff changeset	299 }
9c2f3ed7a247 nginx-0.3.3-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 547 diff changeset	300
3959 b1f48fa31e6c MSIE export versions are rare now, so RSA 512 key is generated on demand Igor Sysoev <igor@sysoev.ru> parents: 3938 diff changeset	301 SSL_CTX_set_tmp_rsa_callback(conf->ssl.ctx, ngx_ssl_rsa512_key_callback);
539 371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	302
2044 f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	303 if (ngx_ssl_dhparam(cf, &conf->ssl, &conf->dhparam) != NGX_OK) {
f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	304 return NGX_CONF_ERROR;
f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	305 }
f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	306
976 b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	307 ngx_conf_merge_value(conf->builtin_session_cache,
2032 12b3ad3353f9 ssl_session_cache none Igor Sysoev <igor@sysoev.ru> parents: 1778 diff changeset	308 prev->builtin_session_cache, NGX_SSL_NONE_SCACHE);
976 b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	309
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	310 if (conf->shm_zone == NULL) {
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	311 conf->shm_zone = prev->shm_zone;
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	312 }
539 371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	313
1136 68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	314 if (ngx_ssl_session_cache(&conf->ssl, &ngx_mail_ssl_sess_id_ctx,
976 b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	315 conf->builtin_session_cache,
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	316 conf->shm_zone, conf->session_timeout)
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	317 != NGX_OK)
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	318 {
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	319 return NGX_CONF_ERROR;
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	320 }
573 58475592100c nginx-0.3.8-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 563 diff changeset	321
539 371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	322 return NGX_CONF_OK;
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	323 }
563 9c2f3ed7a247 nginx-0.3.3-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 547 diff changeset	324
577 4d9ea73a627a nginx-0.3.10-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 573 diff changeset	325
976 b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	326 static char *
2224 109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	327 ngx_mail_ssl_enable(ngx_conf_t cf, ngx_command_t cmd, void *conf)
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	328 {
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	329 ngx_mail_ssl_conf_t *scf = conf;
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	330
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	331 char *rv;
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	332
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	333 rv = ngx_conf_set_flag_slot(cf, cmd, conf);
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	334
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	335 if (rv != NGX_CONF_OK) {
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	336 return rv;
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	337 }
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	338
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	339 if (scf->enable && (ngx_int_t) scf->starttls > NGX_MAIL_STARTTLS_OFF) {
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	340 ngx_conf_log_error(NGX_LOG_WARN, cf, 0,
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	341 "\"starttls\" directive conflicts with \"ssl on\"");
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	342 return NGX_CONF_ERROR;
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	343 }
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	344
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	345 scf->file = cf->conf_file->file.name.data;
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	346 scf->line = cf->conf_file->line;
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	347
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	348 return NGX_CONF_OK;
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	349 }
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	350
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	351
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	352 static char *
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	353 ngx_mail_ssl_starttls(ngx_conf_t cf, ngx_command_t cmd, void *conf)
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	354 {
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	355 ngx_mail_ssl_conf_t *scf = conf;
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	356
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	357 char *rv;
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	358
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	359 rv = ngx_conf_set_enum_slot(cf, cmd, conf);
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	360
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	361 if (rv != NGX_CONF_OK) {
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	362 return rv;
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	363 }
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	364
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	365 if (scf->enable == 1 && (ngx_int_t) scf->starttls > NGX_MAIL_STARTTLS_OFF) {
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	366 ngx_conf_log_error(NGX_LOG_WARN, cf, 0,
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	367 "\"ssl\" directive conflicts with \"starttls\"");
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	368 return NGX_CONF_ERROR;
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	369 }
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	370
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	371 scf->file = cf->conf_file->file.name.data;
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	372 scf->line = cf->conf_file->line;
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	373
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	374 return NGX_CONF_OK;
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	375 }
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	376
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	377
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	378 static char *
1136 68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	379 ngx_mail_ssl_session_cache(ngx_conf_t cf, ngx_command_t cmd, void *conf)
976 b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	380 {
1136 68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	381 ngx_mail_ssl_conf_t *scf = conf;
976 b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	382
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	383 size_t len;
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	384 ngx_str_t *value, name, size;
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	385 ngx_int_t n;
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	386 ngx_uint_t i, j;
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	387
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	388 value = cf->args->elts;
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	389
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	390 for (i = 1; i < cf->args->nelts; i++) {
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	391
1778 14510c3cc6cb ssl_session_cache off Igor Sysoev <igor@sysoev.ru> parents: 1487 diff changeset	392 if (ngx_strcmp(value[i].data, "off") == 0) {
14510c3cc6cb ssl_session_cache off Igor Sysoev <igor@sysoev.ru> parents: 1487 diff changeset	393 scf->builtin_session_cache = NGX_SSL_NO_SCACHE;
14510c3cc6cb ssl_session_cache off Igor Sysoev <igor@sysoev.ru> parents: 1487 diff changeset	394 continue;
14510c3cc6cb ssl_session_cache off Igor Sysoev <igor@sysoev.ru> parents: 1487 diff changeset	395 }
14510c3cc6cb ssl_session_cache off Igor Sysoev <igor@sysoev.ru> parents: 1487 diff changeset	396
2032 12b3ad3353f9 ssl_session_cache none Igor Sysoev <igor@sysoev.ru> parents: 1778 diff changeset	397 if (ngx_strcmp(value[i].data, "none") == 0) {
12b3ad3353f9 ssl_session_cache none Igor Sysoev <igor@sysoev.ru> parents: 1778 diff changeset	398 scf->builtin_session_cache = NGX_SSL_NONE_SCACHE;
12b3ad3353f9 ssl_session_cache none Igor Sysoev <igor@sysoev.ru> parents: 1778 diff changeset	399 continue;
12b3ad3353f9 ssl_session_cache none Igor Sysoev <igor@sysoev.ru> parents: 1778 diff changeset	400 }
12b3ad3353f9 ssl_session_cache none Igor Sysoev <igor@sysoev.ru> parents: 1778 diff changeset	401
976 b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	402 if (ngx_strcmp(value[i].data, "builtin") == 0) {
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	403 scf->builtin_session_cache = NGX_SSL_DFLT_BUILTIN_SCACHE;
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	404 continue;
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	405 }
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	406
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	407 if (value[i].len > sizeof("builtin:") - 1
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	408 && ngx_strncmp(value[i].data, "builtin:", sizeof("builtin:") - 1)
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	409 == 0)
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	410 {
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	411 n = ngx_atoi(value[i].data + sizeof("builtin:") - 1,
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	412 value[i].len - (sizeof("builtin:") - 1));
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	413
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	414 if (n == NGX_ERROR) {
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	415 goto invalid;
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	416 }
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	417
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	418 scf->builtin_session_cache = n;
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	419
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	420 continue;
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	421 }
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	422
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	423 if (value[i].len > sizeof("shared:") - 1
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	424 && ngx_strncmp(value[i].data, "shared:", sizeof("shared:") - 1)
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	425 == 0)
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	426 {
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	427 len = 0;
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	428
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	429 for (j = sizeof("shared:") - 1; j < value[i].len; j++) {
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	430 if (value[i].data[j] == ':') {
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	431 break;
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	432 }
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	433
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	434 len++;
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	435 }
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	436
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	437 if (len == 0) {
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	438 goto invalid;
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	439 }
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	440
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	441 name.len = len;
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	442 name.data = value[i].data + sizeof("shared:") - 1;
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	443
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	444 size.len = value[i].len - j - 1;
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	445 size.data = name.data + len + 1;
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	446
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	447 n = ngx_parse_size(&size);
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	448
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	449 if (n == NGX_ERROR) {
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	450 goto invalid;
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	451 }
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	452
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	453 if (n < (ngx_int_t) (8 * ngx_pagesize)) {
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	454 ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	455 "session cache \"%V\" is too small",
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	456 &value[i]);
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	457
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	458 return NGX_CONF_ERROR;
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	459 }
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	460
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	461 scf->shm_zone = ngx_shared_memory_add(cf, &name, n,
1136 68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	462 &ngx_mail_ssl_module);
976 b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	463 if (scf->shm_zone == NULL) {
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	464 return NGX_CONF_ERROR;
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	465 }
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	466
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	467 continue;
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	468 }
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	469
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	470 goto invalid;
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	471 }
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	472
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	473 if (scf->shm_zone && scf->builtin_session_cache == NGX_CONF_UNSET) {
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	474 scf->builtin_session_cache = NGX_SSL_NO_BUILTIN_SCACHE;
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	475 }
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	476
3992 a1dd9dc754ab A new fix for the case when ssl_session_cache defined, but ssl is not Igor Sysoev <igor@sysoev.ru> parents: 3960 diff changeset	477 scf->shm_zone->init = ngx_ssl_session_cache_init;
a1dd9dc754ab A new fix for the case when ssl_session_cache defined, but ssl is not Igor Sysoev <igor@sysoev.ru> parents: 3960 diff changeset	478
976 b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	479 return NGX_CONF_OK;
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	480
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	481 invalid:
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	482
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	483 ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	484 "invalid session cache \"%V\"", &value[i]);
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	485
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	486 return NGX_CONF_ERROR;
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	487 }

Mercurial > hg > nginx

annotate src/mail/ngx_mail_ssl_module.c @ 3992:a1dd9dc754ab