nginx: src/mail/ngx_mail_ssl

annotate src/mail/ngx_mail_ssl_module.h @ 6749:f88a145b093e stable-1.10

HTTP/2: the "421 Misdirected Request" response (closes #848). Since 4fbef397c753 nginx rejects with the 400 error any attempts of requesting different host over the same connection, if the relevant virtual server requires verification of a client certificate. While requesting hosts other than negotiated isn't something legal in HTTP/1.x, the HTTP/2 specification explicitly permits such requests for connection reuse and has introduced a special response code 421. According to RFC 7540 Section 9.1.2 this code can be sent by a server that is not configured to produce responses for the combination of scheme and authority that are included in the request URI. And the client may retry the request over a different connection. Now this code is used for requests that aren't authorized in current connection. After receiving the 421 response a client will be able to open a new connection, provide the required certificate and retry the request. Unfortunately, not all clients currently are able to handle it well. Notably Chrome just shows an error, while at least the latest version of Firefox retries the request over a new connection.

author	Valentin Bartenev <vbart@nginx.com>
date	Fri, 20 May 2016 18:41:17 +0300
parents	ec01b1d1fff1
children	51e1f047d15d

rev	line source
539 371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	1
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	2 /*
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	3 * Copyright (C) Igor Sysoev
4412 d620f497c50f Copyright updated. Maxim Konovalov <maxim@nginx.com> parents: 3960 diff changeset	4 * Copyright (C) Nginx, Inc.
539 371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	5 */
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	6
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	7
1136 68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	8 #ifndef _NGX_MAIL_SSL_H_INCLUDED_
68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	9 #define _NGX_MAIL_SSL_H_INCLUDED_
539 371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	10
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	11
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	12 #include <ngx_config.h>
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	13 #include <ngx_core.h>
1136 68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	14 #include <ngx_mail.h>
539 371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	15
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	16
1136 68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	17 #define NGX_MAIL_STARTTLS_OFF 0
68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	18 #define NGX_MAIL_STARTTLS_ON 1
68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	19 #define NGX_MAIL_STARTTLS_ONLY 2
583 4e296b7d25bf nginx-0.3.13-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 573 diff changeset	20
4e296b7d25bf nginx-0.3.13-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 573 diff changeset	21
539 371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	22 typedef struct {
976 b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 583 diff changeset	23 ngx_flag_t enable;
2224 109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2044 diff changeset	24 ngx_flag_t prefer_server_ciphers;
976 b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 583 diff changeset	25
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 583 diff changeset	26 ngx_ssl_t ssl;
547 818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 539 diff changeset	27
2224 109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2044 diff changeset	28 ngx_uint_t starttls;
976 b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 583 diff changeset	29 ngx_uint_t protocols;
547 818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 539 diff changeset	30
5989 ec01b1d1fff1 Mail: client SSL certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 5744 diff changeset	31 ngx_uint_t verify;
ec01b1d1fff1 Mail: client SSL certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 5744 diff changeset	32 ngx_uint_t verify_depth;
ec01b1d1fff1 Mail: client SSL certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 5744 diff changeset	33
976 b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 583 diff changeset	34 ssize_t builtin_session_cache;
547 818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 539 diff changeset	35
976 b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 583 diff changeset	36 time_t session_timeout;
573 58475592100c nginx-0.3.8-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 547 diff changeset	37
976 b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 583 diff changeset	38 ngx_str_t certificate;
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 583 diff changeset	39 ngx_str_t certificate_key;
2044 f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 1136 diff changeset	40 ngx_str_t dhparam;
3960 0832a6997227 ECDHE support Igor Sysoev <igor@sysoev.ru> parents: 2224 diff changeset	41 ngx_str_t ecdh_curve;
5989 ec01b1d1fff1 Mail: client SSL certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 5744 diff changeset	42 ngx_str_t client_certificate;
ec01b1d1fff1 Mail: client SSL certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 5744 diff changeset	43 ngx_str_t trusted_certificate;
ec01b1d1fff1 Mail: client SSL certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 5744 diff changeset	44 ngx_str_t crl;
539 371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	45
976 b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 583 diff changeset	46 ngx_str_t ciphers;
539 371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	47
5744 42114bf12da0 SSL: the "ssl_password_file" directive. Valentin Bartenev <vbart@nginx.com> parents: 5503 diff changeset	48 ngx_array_t *passwords;
42114bf12da0 SSL: the "ssl_password_file" directive. Valentin Bartenev <vbart@nginx.com> parents: 5503 diff changeset	49
976 b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 583 diff changeset	50 ngx_shm_zone_t *shm_zone;
2224 109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2044 diff changeset	51
5503 d049b0ea00a3 SSL: ssl_session_tickets directive. Dirkjan Bussink <d.bussink@gmail.com> parents: 5425 diff changeset	52 ngx_flag_t session_tickets;
5425 1356a3b96924 SSL: added ability to set keys used for Session Tickets (RFC5077). Piotr Sikora <piotr@cloudflare.com> parents: 4412 diff changeset	53 ngx_array_t *session_ticket_keys;
1356a3b96924 SSL: added ability to set keys used for Session Tickets (RFC5077). Piotr Sikora <piotr@cloudflare.com> parents: 4412 diff changeset	54
2224 109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2044 diff changeset	55 u_char *file;
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2044 diff changeset	56 ngx_uint_t line;
1136 68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	57 } ngx_mail_ssl_conf_t;
539 371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	58
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	59
1136 68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	60 extern ngx_module_t ngx_mail_ssl_module;
539 371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	61
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	62
1136 68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	63 #endif /* _NGX_MAIL_SSL_H_INCLUDED_ */

Mercurial > hg > nginx

annotate src/mail/ngx_mail_ssl_module.h @ 6749:f88a145b093e stable-1.10