nginx: src/mail/ngx_mail_ssl

annotate src/mail/ngx_mail_ssl_module.c @ 3959:b1f48fa31e6c

MSIE export versions are rare now, so RSA 512 key is generated on demand and is shared among all hosts instead of pregenerating for every HTTPS host on configuraiton phase. This decreases start time for configuration with large number of HTTPS hosts.

author	Igor Sysoev <igor@sysoev.ru>
date	Wed, 20 Jul 2011 12:59:24 +0000
parents	1e90599af73b
children	0832a6997227

rev	line source
539 371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	1
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	2 /*
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	3 * Copyright (C) Igor Sysoev
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	4 */
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	5
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	6
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	7 #include <ngx_config.h>
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	8 #include <ngx_core.h>
1136 68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	9 #include <ngx_mail.h>
539 371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	10
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	11
3938 1e90599af73b use !aNULL to disable all anonymous cipher suites Igor Sysoev <igor@sysoev.ru> parents: 3516 diff changeset	12 #define NGX_DEFAULT_CIPHERS "HIGH:!aNULL:!MD5"
539 371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	13
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	14
1136 68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	15 static void ngx_mail_ssl_create_conf(ngx_conf_t cf);
68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	16 static char ngx_mail_ssl_merge_conf(ngx_conf_t cf, void parent, void child);
2224 109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	17
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	18 static char ngx_mail_ssl_enable(ngx_conf_t cf, ngx_command_t *cmd,
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	19 void *conf);
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	20 static char ngx_mail_ssl_starttls(ngx_conf_t cf, ngx_command_t *cmd,
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	21 void *conf);
1136 68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	22 static char ngx_mail_ssl_session_cache(ngx_conf_t cf, ngx_command_t *cmd,
976 b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	23 void *conf);
539 371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	24
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	25
583 4e296b7d25bf nginx-0.3.13-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 577 diff changeset	26 static ngx_conf_enum_t ngx_http_starttls_state[] = {
1136 68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	27 { ngx_string("off"), NGX_MAIL_STARTTLS_OFF },
68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	28 { ngx_string("on"), NGX_MAIL_STARTTLS_ON },
68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	29 { ngx_string("only"), NGX_MAIL_STARTTLS_ONLY },
583 4e296b7d25bf nginx-0.3.13-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 577 diff changeset	30 { ngx_null_string, 0 }
4e296b7d25bf nginx-0.3.13-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 577 diff changeset	31 };
4e296b7d25bf nginx-0.3.13-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 577 diff changeset	32
4e296b7d25bf nginx-0.3.13-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 577 diff changeset	33
4e296b7d25bf nginx-0.3.13-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 577 diff changeset	34
1136 68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	35 static ngx_conf_bitmask_t ngx_mail_ssl_protocols[] = {
547 818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	36 { ngx_string("SSLv2"), NGX_SSL_SSLv2 },
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	37 { ngx_string("SSLv3"), NGX_SSL_SSLv3 },
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	38 { ngx_string("TLSv1"), NGX_SSL_TLSv1 },
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	39 { ngx_null_string, 0 }
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	40 };
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	41
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	42
1136 68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	43 static ngx_command_t ngx_mail_ssl_commands[] = {
539 371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	44
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	45 { ngx_string("ssl"),
1136 68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	46 NGX_MAIL_MAIN_CONF\|NGX_MAIL_SRV_CONF\|NGX_CONF_FLAG,
2224 109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	47 ngx_mail_ssl_enable,
1136 68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	48 NGX_MAIL_SRV_CONF_OFFSET,
68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	49 offsetof(ngx_mail_ssl_conf_t, enable),
539 371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	50 NULL },
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	51
583 4e296b7d25bf nginx-0.3.13-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 577 diff changeset	52 { ngx_string("starttls"),
1136 68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	53 NGX_MAIL_MAIN_CONF\|NGX_MAIL_SRV_CONF\|NGX_CONF_TAKE1,
2224 109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	54 ngx_mail_ssl_starttls,
1136 68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	55 NGX_MAIL_SRV_CONF_OFFSET,
68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	56 offsetof(ngx_mail_ssl_conf_t, starttls),
583 4e296b7d25bf nginx-0.3.13-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 577 diff changeset	57 ngx_http_starttls_state },
4e296b7d25bf nginx-0.3.13-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 577 diff changeset	58
539 371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	59 { ngx_string("ssl_certificate"),
1136 68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	60 NGX_MAIL_MAIN_CONF\|NGX_MAIL_SRV_CONF\|NGX_CONF_TAKE1,
539 371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	61 ngx_conf_set_str_slot,
1136 68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	62 NGX_MAIL_SRV_CONF_OFFSET,
68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	63 offsetof(ngx_mail_ssl_conf_t, certificate),
539 371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	64 NULL },
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	65
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	66 { ngx_string("ssl_certificate_key"),
1136 68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	67 NGX_MAIL_MAIN_CONF\|NGX_MAIL_SRV_CONF\|NGX_CONF_TAKE1,
539 371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	68 ngx_conf_set_str_slot,
1136 68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	69 NGX_MAIL_SRV_CONF_OFFSET,
68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	70 offsetof(ngx_mail_ssl_conf_t, certificate_key),
539 371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	71 NULL },
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	72
2044 f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	73 { ngx_string("ssl_dhparam"),
f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	74 NGX_MAIL_MAIN_CONF\|NGX_MAIL_SRV_CONF\|NGX_CONF_TAKE1,
f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	75 ngx_conf_set_str_slot,
f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	76 NGX_MAIL_SRV_CONF_OFFSET,
f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	77 offsetof(ngx_mail_ssl_conf_t, dhparam),
f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	78 NULL },
f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	79
547 818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	80 { ngx_string("ssl_protocols"),
1136 68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	81 NGX_MAIL_MAIN_CONF\|NGX_MAIL_SRV_CONF\|NGX_CONF_1MORE,
547 818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	82 ngx_conf_set_bitmask_slot,
1136 68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	83 NGX_MAIL_SRV_CONF_OFFSET,
68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	84 offsetof(ngx_mail_ssl_conf_t, protocols),
68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	85 &ngx_mail_ssl_protocols },
547 818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	86
539 371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	87 { ngx_string("ssl_ciphers"),
1136 68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	88 NGX_MAIL_MAIN_CONF\|NGX_MAIL_SRV_CONF\|NGX_CONF_TAKE1,
539 371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	89 ngx_conf_set_str_slot,
1136 68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	90 NGX_MAIL_SRV_CONF_OFFSET,
68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	91 offsetof(ngx_mail_ssl_conf_t, ciphers),
539 371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	92 NULL },
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	93
547 818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	94 { ngx_string("ssl_prefer_server_ciphers"),
1136 68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	95 NGX_MAIL_MAIN_CONF\|NGX_MAIL_SRV_CONF\|NGX_CONF_FLAG,
547 818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	96 ngx_conf_set_flag_slot,
1136 68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	97 NGX_MAIL_SRV_CONF_OFFSET,
68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	98 offsetof(ngx_mail_ssl_conf_t, prefer_server_ciphers),
547 818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	99 NULL },
563 9c2f3ed7a247 nginx-0.3.3-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 547 diff changeset	100
976 b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	101 { ngx_string("ssl_session_cache"),
1136 68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	102 NGX_MAIL_MAIN_CONF\|NGX_MAIL_SRV_CONF\|NGX_CONF_TAKE12,
68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	103 ngx_mail_ssl_session_cache,
68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	104 NGX_MAIL_SRV_CONF_OFFSET,
976 b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	105 0,
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	106 NULL },
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	107
573 58475592100c nginx-0.3.8-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 563 diff changeset	108 { ngx_string("ssl_session_timeout"),
1136 68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	109 NGX_MAIL_MAIN_CONF\|NGX_MAIL_SRV_CONF\|NGX_CONF_TAKE1,
573 58475592100c nginx-0.3.8-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 563 diff changeset	110 ngx_conf_set_sec_slot,
1136 68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	111 NGX_MAIL_SRV_CONF_OFFSET,
68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	112 offsetof(ngx_mail_ssl_conf_t, session_timeout),
573 58475592100c nginx-0.3.8-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 563 diff changeset	113 NULL },
547 818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	114
539 371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	115 ngx_null_command
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	116 };
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	117
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	118
1136 68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	119 static ngx_mail_module_t ngx_mail_ssl_module_ctx = {
1487 f69493e8faab ngx_mail_pop3_module, ngx_mail_imap_module, and ngx_mail_smtp_module Igor Sysoev <igor@sysoev.ru> parents: 1136 diff changeset	120 NULL, /* protocol */
f69493e8faab ngx_mail_pop3_module, ngx_mail_imap_module, and ngx_mail_smtp_module Igor Sysoev <igor@sysoev.ru> parents: 1136 diff changeset	121
539 371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	122 NULL, /* create main configuration */
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	123 NULL, /* init main configuration */
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	124
1136 68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	125 ngx_mail_ssl_create_conf, /* create server configuration */
68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	126 ngx_mail_ssl_merge_conf /* merge server configuration */
539 371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	127 };
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	128
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	129
1136 68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	130 ngx_module_t ngx_mail_ssl_module = {
539 371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	131 NGX_MODULE_V1,
1136 68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	132 &ngx_mail_ssl_module_ctx, /* module context */
68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	133 ngx_mail_ssl_commands, /* module directives */
68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	134 NGX_MAIL_MODULE, /* module type */
541 b09ee85d0ac8 nginx-0.1.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 539 diff changeset	135 NULL, /* init master */
539 371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	136 NULL, /* init module */
541 b09ee85d0ac8 nginx-0.1.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 539 diff changeset	137 NULL, /* init process */
b09ee85d0ac8 nginx-0.1.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 539 diff changeset	138 NULL, /* init thread */
b09ee85d0ac8 nginx-0.1.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 539 diff changeset	139 NULL, /* exit thread */
b09ee85d0ac8 nginx-0.1.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 539 diff changeset	140 NULL, /* exit process */
b09ee85d0ac8 nginx-0.1.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 539 diff changeset	141 NULL, /* exit master */
b09ee85d0ac8 nginx-0.1.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 539 diff changeset	142 NGX_MODULE_V1_PADDING
539 371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	143 };
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	144
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	145
1136 68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	146 static ngx_str_t ngx_mail_ssl_sess_id_ctx = ngx_string("MAIL");
543 511a89da35ad nginx-0.2.0-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 541 diff changeset	147
511a89da35ad nginx-0.2.0-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 541 diff changeset	148
539 371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	149 static void *
1136 68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	150 ngx_mail_ssl_create_conf(ngx_conf_t *cf)
577 4d9ea73a627a nginx-0.3.10-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 573 diff changeset	151 {
1136 68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	152 ngx_mail_ssl_conf_t *scf;
577 4d9ea73a627a nginx-0.3.10-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 573 diff changeset	153
1136 68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	154 scf = ngx_pcalloc(cf->pool, sizeof(ngx_mail_ssl_conf_t));
539 371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	155 if (scf == NULL) {
2912 c7d57b539248 return NULL instead of NGX_CONF_ERROR on a create conf failure Igor Sysoev <igor@sysoev.ru> parents: 2759 diff changeset	156 return NULL;
539 371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	157 }
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	158
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	159 /*
577 4d9ea73a627a nginx-0.3.10-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 573 diff changeset	160 * set by ngx_pcalloc():
539 371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	161 *
547 818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	162 * scf->protocols = 0;
2044 f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	163 * scf->certificate = { 0, NULL };
f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	164 * scf->certificate_key = { 0, NULL };
f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	165 * scf->dhparam = { 0, NULL };
3516 dd1570b6f237 ngx_str_set() and ngx_str_null() Igor Sysoev <igor@sysoev.ru> parents: 3196 diff changeset	166 * scf->ciphers = { 0, NULL };
976 b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	167 * scf->shm_zone = NULL;
539 371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	168 */
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	169
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	170 scf->enable = NGX_CONF_UNSET;
2759 38cb2238db13 fix building by MSVC8 Igor Sysoev <igor@sysoev.ru> parents: 2224 diff changeset	171 scf->starttls = NGX_CONF_UNSET_UINT;
976 b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	172 scf->prefer_server_ciphers = NGX_CONF_UNSET;
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	173 scf->builtin_session_cache = NGX_CONF_UNSET;
573 58475592100c nginx-0.3.8-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 563 diff changeset	174 scf->session_timeout = NGX_CONF_UNSET;
539 371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	175
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	176 return scf;
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	177 }
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	178
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	179
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	180 static char *
1136 68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	181 ngx_mail_ssl_merge_conf(ngx_conf_t cf, void parent, void *child)
539 371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	182 {
1136 68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	183 ngx_mail_ssl_conf_t *prev = parent;
68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	184 ngx_mail_ssl_conf_t *conf = child;
539 371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	185
2224 109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	186 char *mode;
563 9c2f3ed7a247 nginx-0.3.3-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 547 diff changeset	187 ngx_pool_cleanup_t *cln;
9c2f3ed7a247 nginx-0.3.3-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 547 diff changeset	188
539 371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	189 ngx_conf_merge_value(conf->enable, prev->enable, 0);
2224 109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	190 ngx_conf_merge_uint_value(conf->starttls, prev->starttls,
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	191 NGX_MAIL_STARTTLS_OFF);
539 371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	192
573 58475592100c nginx-0.3.8-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 563 diff changeset	193 ngx_conf_merge_value(conf->session_timeout,
58475592100c nginx-0.3.8-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 563 diff changeset	194 prev->session_timeout, 300);
58475592100c nginx-0.3.8-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 563 diff changeset	195
547 818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	196 ngx_conf_merge_value(conf->prefer_server_ciphers,
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	197 prev->prefer_server_ciphers, 0);
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	198
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	199 ngx_conf_merge_bitmask_value(conf->protocols, prev->protocols,
3190 dd2ae3872634 disable SSLv2 and low ciphers by default Igor Sysoev <igor@sysoev.ru> parents: 2996 diff changeset	200 (NGX_CONF_BITMASK_SET\|NGX_SSL_SSLv3\|NGX_SSL_TLSv1));
547 818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	201
2224 109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	202 ngx_conf_merge_str_value(conf->certificate, prev->certificate, "");
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	203 ngx_conf_merge_str_value(conf->certificate_key, prev->certificate_key, "");
539 371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	204
2044 f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	205 ngx_conf_merge_str_value(conf->dhparam, prev->dhparam, "");
f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	206
2124 e0b424b98f24 fix typo Igor Sysoev <igor@sysoev.ru> parents: 2044 diff changeset	207 ngx_conf_merge_str_value(conf->ciphers, prev->ciphers, NGX_DEFAULT_CIPHERS);
539 371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	208
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	209
547 818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	210 conf->ssl.log = cf->log;
539 371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	211
2224 109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	212 if (conf->enable) {
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	213 mode = "ssl";
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	214
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	215 } else if (conf->starttls != NGX_MAIL_STARTTLS_OFF) {
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	216 mode = "starttls";
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	217
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	218 } else {
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	219 mode = "";
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	220 }
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	221
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	222 if (*mode) {
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	223
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	224 if (conf->certificate.len == 0) {
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	225 ngx_log_error(NGX_LOG_EMERG, cf->log, 0,
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	226 "no \"ssl_certificate\" is defined for "
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	227 "the \"%s\" directive in %s:%ui",
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	228 mode, conf->file, conf->line);
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	229 return NGX_CONF_ERROR;
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	230 }
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	231
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	232 if (conf->certificate_key.len == 0) {
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	233 ngx_log_error(NGX_LOG_EMERG, cf->log, 0,
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	234 "no \"ssl_certificate_key\" is defined for "
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	235 "the \"%s\" directive in %s:%ui",
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	236 mode, conf->file, conf->line);
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	237 return NGX_CONF_ERROR;
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	238 }
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	239
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	240 } else {
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	241
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	242 if (conf->certificate.len == 0) {
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	243 return NGX_CONF_OK;
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	244 }
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	245
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	246 if (conf->certificate_key.len == 0) {
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	247 ngx_log_error(NGX_LOG_EMERG, cf->log, 0,
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	248 "no \"ssl_certificate_key\" is defined "
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	249 "for certificate \"%V\"",
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	250 &conf->certificate);
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	251 return NGX_CONF_ERROR;
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	252 }
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	253 }
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	254
969 065b39794fff ngx_ssl_get_server_conf() Igor Sysoev <igor@sysoev.ru> parents: 583 diff changeset	255 if (ngx_ssl_create(&conf->ssl, conf->protocols, NULL) != NGX_OK) {
539 371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	256 return NGX_CONF_ERROR;
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	257 }
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	258
563 9c2f3ed7a247 nginx-0.3.3-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 547 diff changeset	259 cln = ngx_pool_cleanup_add(cf->pool, 0);
9c2f3ed7a247 nginx-0.3.3-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 547 diff changeset	260 if (cln == NULL) {
539 371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	261 return NGX_CONF_ERROR;
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	262 }
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	263
563 9c2f3ed7a247 nginx-0.3.3-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 547 diff changeset	264 cln->handler = ngx_ssl_cleanup_ctx;
9c2f3ed7a247 nginx-0.3.3-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 547 diff changeset	265 cln->data = &conf->ssl;
9c2f3ed7a247 nginx-0.3.3-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 547 diff changeset	266
9c2f3ed7a247 nginx-0.3.3-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 547 diff changeset	267 if (ngx_ssl_certificate(cf, &conf->ssl, &conf->certificate,
9c2f3ed7a247 nginx-0.3.3-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 547 diff changeset	268 &conf->certificate_key)
9c2f3ed7a247 nginx-0.3.3-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 547 diff changeset	269 != NGX_OK)
547 818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	270 {
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	271 return NGX_CONF_ERROR;
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	272 }
539 371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	273
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	274 if (conf->ciphers.len) {
547 818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	275 if (SSL_CTX_set_cipher_list(conf->ssl.ctx,
563 9c2f3ed7a247 nginx-0.3.3-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 547 diff changeset	276 (const char *) conf->ciphers.data)
9c2f3ed7a247 nginx-0.3.3-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 547 diff changeset	277 == 0)
539 371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	278 {
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	279 ngx_ssl_error(NGX_LOG_EMERG, cf->log, 0,
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	280 "SSL_CTX_set_cipher_list(\"%V\") failed",
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	281 &conf->ciphers);
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	282 }
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	283 }
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	284
563 9c2f3ed7a247 nginx-0.3.3-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 547 diff changeset	285 if (conf->prefer_server_ciphers) {
9c2f3ed7a247 nginx-0.3.3-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 547 diff changeset	286 SSL_CTX_set_options(conf->ssl.ctx, SSL_OP_CIPHER_SERVER_PREFERENCE);
9c2f3ed7a247 nginx-0.3.3-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 547 diff changeset	287 }
9c2f3ed7a247 nginx-0.3.3-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 547 diff changeset	288
3959 b1f48fa31e6c MSIE export versions are rare now, so RSA 512 key is generated on demand Igor Sysoev <igor@sysoev.ru> parents: 3938 diff changeset	289 SSL_CTX_set_tmp_rsa_callback(conf->ssl.ctx, ngx_ssl_rsa512_key_callback);
539 371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	290
2044 f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	291 if (ngx_ssl_dhparam(cf, &conf->ssl, &conf->dhparam) != NGX_OK) {
f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	292 return NGX_CONF_ERROR;
f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	293 }
f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	294
976 b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	295 ngx_conf_merge_value(conf->builtin_session_cache,
2032 12b3ad3353f9 ssl_session_cache none Igor Sysoev <igor@sysoev.ru> parents: 1778 diff changeset	296 prev->builtin_session_cache, NGX_SSL_NONE_SCACHE);
976 b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	297
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	298 if (conf->shm_zone == NULL) {
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	299 conf->shm_zone = prev->shm_zone;
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	300 }
539 371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	301
1136 68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	302 if (ngx_ssl_session_cache(&conf->ssl, &ngx_mail_ssl_sess_id_ctx,
976 b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	303 conf->builtin_session_cache,
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	304 conf->shm_zone, conf->session_timeout)
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	305 != NGX_OK)
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	306 {
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	307 return NGX_CONF_ERROR;
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	308 }
573 58475592100c nginx-0.3.8-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 563 diff changeset	309
539 371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	310 return NGX_CONF_OK;
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	311 }
563 9c2f3ed7a247 nginx-0.3.3-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 547 diff changeset	312
577 4d9ea73a627a nginx-0.3.10-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 573 diff changeset	313
976 b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	314 static char *
2224 109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	315 ngx_mail_ssl_enable(ngx_conf_t cf, ngx_command_t cmd, void *conf)
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	316 {
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	317 ngx_mail_ssl_conf_t *scf = conf;
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	318
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	319 char *rv;
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	320
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	321 rv = ngx_conf_set_flag_slot(cf, cmd, conf);
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	322
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	323 if (rv != NGX_CONF_OK) {
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	324 return rv;
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	325 }
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	326
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	327 if (scf->enable && (ngx_int_t) scf->starttls > NGX_MAIL_STARTTLS_OFF) {
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	328 ngx_conf_log_error(NGX_LOG_WARN, cf, 0,
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	329 "\"starttls\" directive conflicts with \"ssl on\"");
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	330 return NGX_CONF_ERROR;
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	331 }
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	332
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	333 scf->file = cf->conf_file->file.name.data;
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	334 scf->line = cf->conf_file->line;
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	335
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	336 return NGX_CONF_OK;
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	337 }
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	338
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	339
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	340 static char *
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	341 ngx_mail_ssl_starttls(ngx_conf_t cf, ngx_command_t cmd, void *conf)
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	342 {
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	343 ngx_mail_ssl_conf_t *scf = conf;
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	344
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	345 char *rv;
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	346
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	347 rv = ngx_conf_set_enum_slot(cf, cmd, conf);
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	348
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	349 if (rv != NGX_CONF_OK) {
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	350 return rv;
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	351 }
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	352
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	353 if (scf->enable == 1 && (ngx_int_t) scf->starttls > NGX_MAIL_STARTTLS_OFF) {
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	354 ngx_conf_log_error(NGX_LOG_WARN, cf, 0,
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	355 "\"ssl\" directive conflicts with \"starttls\"");
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	356 return NGX_CONF_ERROR;
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	357 }
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	358
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	359 scf->file = cf->conf_file->file.name.data;
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	360 scf->line = cf->conf_file->line;
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	361
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	362 return NGX_CONF_OK;
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	363 }
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	364
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	365
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	366 static char *
1136 68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	367 ngx_mail_ssl_session_cache(ngx_conf_t cf, ngx_command_t cmd, void *conf)
976 b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	368 {
1136 68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	369 ngx_mail_ssl_conf_t *scf = conf;
976 b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	370
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	371 size_t len;
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	372 ngx_str_t *value, name, size;
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	373 ngx_int_t n;
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	374 ngx_uint_t i, j;
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	375
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	376 value = cf->args->elts;
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	377
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	378 for (i = 1; i < cf->args->nelts; i++) {
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	379
1778 14510c3cc6cb ssl_session_cache off Igor Sysoev <igor@sysoev.ru> parents: 1487 diff changeset	380 if (ngx_strcmp(value[i].data, "off") == 0) {
14510c3cc6cb ssl_session_cache off Igor Sysoev <igor@sysoev.ru> parents: 1487 diff changeset	381 scf->builtin_session_cache = NGX_SSL_NO_SCACHE;
14510c3cc6cb ssl_session_cache off Igor Sysoev <igor@sysoev.ru> parents: 1487 diff changeset	382 continue;
14510c3cc6cb ssl_session_cache off Igor Sysoev <igor@sysoev.ru> parents: 1487 diff changeset	383 }
14510c3cc6cb ssl_session_cache off Igor Sysoev <igor@sysoev.ru> parents: 1487 diff changeset	384
2032 12b3ad3353f9 ssl_session_cache none Igor Sysoev <igor@sysoev.ru> parents: 1778 diff changeset	385 if (ngx_strcmp(value[i].data, "none") == 0) {
12b3ad3353f9 ssl_session_cache none Igor Sysoev <igor@sysoev.ru> parents: 1778 diff changeset	386 scf->builtin_session_cache = NGX_SSL_NONE_SCACHE;
12b3ad3353f9 ssl_session_cache none Igor Sysoev <igor@sysoev.ru> parents: 1778 diff changeset	387 continue;
12b3ad3353f9 ssl_session_cache none Igor Sysoev <igor@sysoev.ru> parents: 1778 diff changeset	388 }
12b3ad3353f9 ssl_session_cache none Igor Sysoev <igor@sysoev.ru> parents: 1778 diff changeset	389
976 b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	390 if (ngx_strcmp(value[i].data, "builtin") == 0) {
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	391 scf->builtin_session_cache = NGX_SSL_DFLT_BUILTIN_SCACHE;
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	392 continue;
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	393 }
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	394
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	395 if (value[i].len > sizeof("builtin:") - 1
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	396 && ngx_strncmp(value[i].data, "builtin:", sizeof("builtin:") - 1)
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	397 == 0)
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	398 {
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	399 n = ngx_atoi(value[i].data + sizeof("builtin:") - 1,
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	400 value[i].len - (sizeof("builtin:") - 1));
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	401
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	402 if (n == NGX_ERROR) {
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	403 goto invalid;
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	404 }
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	405
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	406 scf->builtin_session_cache = n;
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	407
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	408 continue;
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	409 }
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	410
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	411 if (value[i].len > sizeof("shared:") - 1
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	412 && ngx_strncmp(value[i].data, "shared:", sizeof("shared:") - 1)
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	413 == 0)
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	414 {
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	415 len = 0;
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	416
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	417 for (j = sizeof("shared:") - 1; j < value[i].len; j++) {
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	418 if (value[i].data[j] == ':') {
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	419 break;
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	420 }
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	421
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	422 len++;
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	423 }
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	424
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	425 if (len == 0) {
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	426 goto invalid;
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	427 }
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	428
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	429 name.len = len;
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	430 name.data = value[i].data + sizeof("shared:") - 1;
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	431
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	432 size.len = value[i].len - j - 1;
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	433 size.data = name.data + len + 1;
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	434
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	435 n = ngx_parse_size(&size);
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	436
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	437 if (n == NGX_ERROR) {
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	438 goto invalid;
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	439 }
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	440
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	441 if (n < (ngx_int_t) (8 * ngx_pagesize)) {
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	442 ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	443 "session cache \"%V\" is too small",
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	444 &value[i]);
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	445
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	446 return NGX_CONF_ERROR;
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	447 }
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	448
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	449 scf->shm_zone = ngx_shared_memory_add(cf, &name, n,
1136 68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	450 &ngx_mail_ssl_module);
976 b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	451 if (scf->shm_zone == NULL) {
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	452 return NGX_CONF_ERROR;
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	453 }
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	454
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	455 continue;
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	456 }
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	457
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	458 goto invalid;
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	459 }
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	460
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	461 if (scf->shm_zone && scf->builtin_session_cache == NGX_CONF_UNSET) {
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	462 scf->builtin_session_cache = NGX_SSL_NO_BUILTIN_SCACHE;
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	463 }
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	464
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	465 return NGX_CONF_OK;
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	466
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	467 invalid:
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	468
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	469 ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	470 "invalid session cache \"%V\"", &value[i]);
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	471
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	472 return NGX_CONF_ERROR;
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	473 }

Mercurial > hg > nginx

annotate src/mail/ngx_mail_ssl_module.c @ 3959:b1f48fa31e6c