nginx: src/mail/ngx_mail_ssl

annotate src/mail/ngx_mail_ssl_module.h @ 6774:bcb107bb89cd

Mail: support SASL EXTERNAL (RFC 4422). This is needed to allow TLS client certificate auth to work. With ssl_verify_client configured, the auth daemon can choose to allow the connection to proceed based on the certificate data. This has been tested with Thunderbird for IMAP only. I've not yet found a client that will do client certificate auth for POP3 or SMTP, and the method is not really documented anywhere that I can find. That said, its simple enough that the way I've done is probably right.

author	Rob N ★ <robn@fastmail.com>
date	Sat, 08 Oct 2016 18:05:00 +1100
parents	51e1f047d15d
children	7f955d3b9a0d

rev	line source
539 371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	1
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	2 /*
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	3 * Copyright (C) Igor Sysoev
4412 d620f497c50f Copyright updated. Maxim Konovalov <maxim@nginx.com> parents: 3960 diff changeset	4 * Copyright (C) Nginx, Inc.
539 371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	5 */
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	6
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	7
1136 68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	8 #ifndef _NGX_MAIL_SSL_H_INCLUDED_
68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	9 #define _NGX_MAIL_SSL_H_INCLUDED_
539 371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	10
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	11
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	12 #include <ngx_config.h>
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	13 #include <ngx_core.h>
1136 68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	14 #include <ngx_mail.h>
539 371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	15
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	16
1136 68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	17 #define NGX_MAIL_STARTTLS_OFF 0
68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	18 #define NGX_MAIL_STARTTLS_ON 1
68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	19 #define NGX_MAIL_STARTTLS_ONLY 2
583 4e296b7d25bf nginx-0.3.13-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 573 diff changeset	20
4e296b7d25bf nginx-0.3.13-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 573 diff changeset	21
539 371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	22 typedef struct {
976 b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 583 diff changeset	23 ngx_flag_t enable;
2224 109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2044 diff changeset	24 ngx_flag_t prefer_server_ciphers;
976 b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 583 diff changeset	25
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 583 diff changeset	26 ngx_ssl_t ssl;
547 818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 539 diff changeset	27
2224 109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2044 diff changeset	28 ngx_uint_t starttls;
976 b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 583 diff changeset	29 ngx_uint_t protocols;
547 818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 539 diff changeset	30
5989 ec01b1d1fff1 Mail: client SSL certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 5744 diff changeset	31 ngx_uint_t verify;
ec01b1d1fff1 Mail: client SSL certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 5744 diff changeset	32 ngx_uint_t verify_depth;
ec01b1d1fff1 Mail: client SSL certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 5744 diff changeset	33
976 b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 583 diff changeset	34 ssize_t builtin_session_cache;
547 818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 539 diff changeset	35
976 b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 583 diff changeset	36 time_t session_timeout;
573 58475592100c nginx-0.3.8-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 547 diff changeset	37
6550 51e1f047d15d SSL: support for multiple certificates (ticket #814). Maxim Dounin <mdounin@mdounin.ru> parents: 5989 diff changeset	38 ngx_array_t *certificates;
51e1f047d15d SSL: support for multiple certificates (ticket #814). Maxim Dounin <mdounin@mdounin.ru> parents: 5989 diff changeset	39 ngx_array_t *certificate_keys;
51e1f047d15d SSL: support for multiple certificates (ticket #814). Maxim Dounin <mdounin@mdounin.ru> parents: 5989 diff changeset	40
2044 f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 1136 diff changeset	41 ngx_str_t dhparam;
3960 0832a6997227 ECDHE support Igor Sysoev <igor@sysoev.ru> parents: 2224 diff changeset	42 ngx_str_t ecdh_curve;
5989 ec01b1d1fff1 Mail: client SSL certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 5744 diff changeset	43 ngx_str_t client_certificate;
ec01b1d1fff1 Mail: client SSL certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 5744 diff changeset	44 ngx_str_t trusted_certificate;
ec01b1d1fff1 Mail: client SSL certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 5744 diff changeset	45 ngx_str_t crl;
539 371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	46
976 b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 583 diff changeset	47 ngx_str_t ciphers;
539 371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	48
5744 42114bf12da0 SSL: the "ssl_password_file" directive. Valentin Bartenev <vbart@nginx.com> parents: 5503 diff changeset	49 ngx_array_t *passwords;
42114bf12da0 SSL: the "ssl_password_file" directive. Valentin Bartenev <vbart@nginx.com> parents: 5503 diff changeset	50
976 b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 583 diff changeset	51 ngx_shm_zone_t *shm_zone;
2224 109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2044 diff changeset	52
5503 d049b0ea00a3 SSL: ssl_session_tickets directive. Dirkjan Bussink <d.bussink@gmail.com> parents: 5425 diff changeset	53 ngx_flag_t session_tickets;
5425 1356a3b96924 SSL: added ability to set keys used for Session Tickets (RFC5077). Piotr Sikora <piotr@cloudflare.com> parents: 4412 diff changeset	54 ngx_array_t *session_ticket_keys;
1356a3b96924 SSL: added ability to set keys used for Session Tickets (RFC5077). Piotr Sikora <piotr@cloudflare.com> parents: 4412 diff changeset	55
2224 109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2044 diff changeset	56 u_char *file;
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2044 diff changeset	57 ngx_uint_t line;
1136 68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	58 } ngx_mail_ssl_conf_t;
539 371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	59
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	60
1136 68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	61 extern ngx_module_t ngx_mail_ssl_module;
539 371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	62
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	63
1136 68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	64 #endif /* _NGX_MAIL_SSL_H_INCLUDED_ */

Mercurial > hg > nginx

annotate src/mail/ngx_mail_ssl_module.h @ 6774:bcb107bb89cd