annotate src/mail/ngx_mail_ssl_module.h @ 6774:bcb107bb89cd

Mail: support SASL EXTERNAL (RFC 4422). This is needed to allow TLS client certificate auth to work. With ssl_verify_client configured, the auth daemon can choose to allow the connection to proceed based on the certificate data. This has been tested with Thunderbird for IMAP only. I've not yet found a client that will do client certificate auth for POP3 or SMTP, and the method is not really documented anywhere that I can find. That said, its simple enough that the way I've done is probably right.
author Rob N ★ <robn@fastmail.com>
date Sat, 08 Oct 2016 18:05:00 +1100
parents 51e1f047d15d
children 7f955d3b9a0d
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
539
371c1cee100d nginx-0.1.44-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
1
371c1cee100d nginx-0.1.44-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
2 /*
371c1cee100d nginx-0.1.44-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
3 * Copyright (C) Igor Sysoev
4412
d620f497c50f Copyright updated.
Maxim Konovalov <maxim@nginx.com>
parents: 3960
diff changeset
4 * Copyright (C) Nginx, Inc.
539
371c1cee100d nginx-0.1.44-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
5 */
371c1cee100d nginx-0.1.44-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
6
371c1cee100d nginx-0.1.44-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
7
1136
68f30ab68bb7 Many changes:
Igor Sysoev <igor@sysoev.ru>
parents: 976
diff changeset
8 #ifndef _NGX_MAIL_SSL_H_INCLUDED_
68f30ab68bb7 Many changes:
Igor Sysoev <igor@sysoev.ru>
parents: 976
diff changeset
9 #define _NGX_MAIL_SSL_H_INCLUDED_
539
371c1cee100d nginx-0.1.44-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
10
371c1cee100d nginx-0.1.44-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
11
371c1cee100d nginx-0.1.44-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
12 #include <ngx_config.h>
371c1cee100d nginx-0.1.44-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
13 #include <ngx_core.h>
1136
68f30ab68bb7 Many changes:
Igor Sysoev <igor@sysoev.ru>
parents: 976
diff changeset
14 #include <ngx_mail.h>
539
371c1cee100d nginx-0.1.44-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
15
371c1cee100d nginx-0.1.44-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
16
1136
68f30ab68bb7 Many changes:
Igor Sysoev <igor@sysoev.ru>
parents: 976
diff changeset
17 #define NGX_MAIL_STARTTLS_OFF 0
68f30ab68bb7 Many changes:
Igor Sysoev <igor@sysoev.ru>
parents: 976
diff changeset
18 #define NGX_MAIL_STARTTLS_ON 1
68f30ab68bb7 Many changes:
Igor Sysoev <igor@sysoev.ru>
parents: 976
diff changeset
19 #define NGX_MAIL_STARTTLS_ONLY 2
583
4e296b7d25bf nginx-0.3.13-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 573
diff changeset
20
4e296b7d25bf nginx-0.3.13-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 573
diff changeset
21
539
371c1cee100d nginx-0.1.44-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
22 typedef struct {
976
b1431c191cf5 IMAP ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 583
diff changeset
23 ngx_flag_t enable;
2224
109849282793 *) listen ssl
Igor Sysoev <igor@sysoev.ru>
parents: 2044
diff changeset
24 ngx_flag_t prefer_server_ciphers;
976
b1431c191cf5 IMAP ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 583
diff changeset
25
b1431c191cf5 IMAP ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 583
diff changeset
26 ngx_ssl_t ssl;
547
818fbd4750b9 nginx-0.2.2-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 539
diff changeset
27
2224
109849282793 *) listen ssl
Igor Sysoev <igor@sysoev.ru>
parents: 2044
diff changeset
28 ngx_uint_t starttls;
976
b1431c191cf5 IMAP ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 583
diff changeset
29 ngx_uint_t protocols;
547
818fbd4750b9 nginx-0.2.2-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 539
diff changeset
30
5989
ec01b1d1fff1 Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents: 5744
diff changeset
31 ngx_uint_t verify;
ec01b1d1fff1 Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents: 5744
diff changeset
32 ngx_uint_t verify_depth;
ec01b1d1fff1 Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents: 5744
diff changeset
33
976
b1431c191cf5 IMAP ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 583
diff changeset
34 ssize_t builtin_session_cache;
547
818fbd4750b9 nginx-0.2.2-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 539
diff changeset
35
976
b1431c191cf5 IMAP ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 583
diff changeset
36 time_t session_timeout;
573
58475592100c nginx-0.3.8-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents: 547
diff changeset
37
6550
51e1f047d15d SSL: support for multiple certificates (ticket #814).
Maxim Dounin <mdounin@mdounin.ru>
parents: 5989
diff changeset
38 ngx_array_t *certificates;
51e1f047d15d SSL: support for multiple certificates (ticket #814).
Maxim Dounin <mdounin@mdounin.ru>
parents: 5989
diff changeset
39 ngx_array_t *certificate_keys;
51e1f047d15d SSL: support for multiple certificates (ticket #814).
Maxim Dounin <mdounin@mdounin.ru>
parents: 5989
diff changeset
40
2044
f45cec1cd270 DH parameters, ssl_dhparam
Igor Sysoev <igor@sysoev.ru>
parents: 1136
diff changeset
41 ngx_str_t dhparam;
3960
0832a6997227 ECDHE support
Igor Sysoev <igor@sysoev.ru>
parents: 2224
diff changeset
42 ngx_str_t ecdh_curve;
5989
ec01b1d1fff1 Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents: 5744
diff changeset
43 ngx_str_t client_certificate;
ec01b1d1fff1 Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents: 5744
diff changeset
44 ngx_str_t trusted_certificate;
ec01b1d1fff1 Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents: 5744
diff changeset
45 ngx_str_t crl;
539
371c1cee100d nginx-0.1.44-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
46
976
b1431c191cf5 IMAP ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 583
diff changeset
47 ngx_str_t ciphers;
539
371c1cee100d nginx-0.1.44-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
48
5744
42114bf12da0 SSL: the "ssl_password_file" directive.
Valentin Bartenev <vbart@nginx.com>
parents: 5503
diff changeset
49 ngx_array_t *passwords;
42114bf12da0 SSL: the "ssl_password_file" directive.
Valentin Bartenev <vbart@nginx.com>
parents: 5503
diff changeset
50
976
b1431c191cf5 IMAP ssl_session_cache
Igor Sysoev <igor@sysoev.ru>
parents: 583
diff changeset
51 ngx_shm_zone_t *shm_zone;
2224
109849282793 *) listen ssl
Igor Sysoev <igor@sysoev.ru>
parents: 2044
diff changeset
52
5503
d049b0ea00a3 SSL: ssl_session_tickets directive.
Dirkjan Bussink <d.bussink@gmail.com>
parents: 5425
diff changeset
53 ngx_flag_t session_tickets;
5425
1356a3b96924 SSL: added ability to set keys used for Session Tickets (RFC5077).
Piotr Sikora <piotr@cloudflare.com>
parents: 4412
diff changeset
54 ngx_array_t *session_ticket_keys;
1356a3b96924 SSL: added ability to set keys used for Session Tickets (RFC5077).
Piotr Sikora <piotr@cloudflare.com>
parents: 4412
diff changeset
55
2224
109849282793 *) listen ssl
Igor Sysoev <igor@sysoev.ru>
parents: 2044
diff changeset
56 u_char *file;
109849282793 *) listen ssl
Igor Sysoev <igor@sysoev.ru>
parents: 2044
diff changeset
57 ngx_uint_t line;
1136
68f30ab68bb7 Many changes:
Igor Sysoev <igor@sysoev.ru>
parents: 976
diff changeset
58 } ngx_mail_ssl_conf_t;
539
371c1cee100d nginx-0.1.44-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
59
371c1cee100d nginx-0.1.44-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
60
1136
68f30ab68bb7 Many changes:
Igor Sysoev <igor@sysoev.ru>
parents: 976
diff changeset
61 extern ngx_module_t ngx_mail_ssl_module;
539
371c1cee100d nginx-0.1.44-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
62
371c1cee100d nginx-0.1.44-RELEASE import
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
63
1136
68f30ab68bb7 Many changes:
Igor Sysoev <igor@sysoev.ru>
parents: 976
diff changeset
64 #endif /* _NGX_MAIL_SSL_H_INCLUDED_ */