nginx: src/mail/ngx_mail_ssl

annotate src/mail/ngx_mail_ssl_module.c @ 9263:388a801e9bb9 default tip

Request body: discarded body now treated as no body. Notably, proxying of such requests now uses no Content-Length instead of "Content-Length: 0", and the $content_length variable is empty (instead of "0"). This might be beneficial from correctness point of view, since requests with discarded body, such as during processing of error pages, do not pretend there is a zero-length body, but instead do not contain body at all. For example, this might be important for PUT requests, where a zero-length body could be incorrectly interpreted as a real request body. This also slightly simplifies the code.

author	Maxim Dounin <mdounin@mdounin.ru>
date	Sat, 27 Apr 2024 18:23:52 +0300
parents	0aaa09927703
children

rev	line source
539 371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	1
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	2 /*
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	3 * Copyright (C) Igor Sysoev
4412 d620f497c50f Copyright updated. Maxim Konovalov <maxim@nginx.com> parents: 4400 diff changeset	4 * Copyright (C) Nginx, Inc.
539 371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	5 */
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	6
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	7
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	8 #include <ngx_config.h>
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	9 #include <ngx_core.h>
1136 68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	10 #include <ngx_mail.h>
539 371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	11
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	12
3960 0832a6997227 ECDHE support Igor Sysoev <igor@sysoev.ru> parents: 3959 diff changeset	13 #define NGX_DEFAULT_CIPHERS "HIGH:!aNULL:!MD5"
6553 2014ed60f17f SSL: support for multiple curves (ticket #885). Maxim Dounin <mdounin@mdounin.ru> parents: 6550 diff changeset	14 #define NGX_DEFAULT_ECDH_CURVE "auto"
539 371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	15
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	16
7938 dc955d274130 Mail: connections with wrong ALPN protocols are now rejected. Vladimir Homutov <vl@nginx.com> parents: 7904 diff changeset	17 #ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
dc955d274130 Mail: connections with wrong ALPN protocols are now rejected. Vladimir Homutov <vl@nginx.com> parents: 7904 diff changeset	18 static int ngx_mail_ssl_alpn_select(ngx_ssl_conn_t *ssl_conn,
dc955d274130 Mail: connections with wrong ALPN protocols are now rejected. Vladimir Homutov <vl@nginx.com> parents: 7904 diff changeset	19 const unsigned char *out, unsigned char outlen,
dc955d274130 Mail: connections with wrong ALPN protocols are now rejected. Vladimir Homutov <vl@nginx.com> parents: 7904 diff changeset	20 const unsigned char in, unsigned int inlen, void arg);
dc955d274130 Mail: connections with wrong ALPN protocols are now rejected. Vladimir Homutov <vl@nginx.com> parents: 7904 diff changeset	21 #endif
dc955d274130 Mail: connections with wrong ALPN protocols are now rejected. Vladimir Homutov <vl@nginx.com> parents: 7904 diff changeset	22
1136 68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	23 static void ngx_mail_ssl_create_conf(ngx_conf_t cf);
68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	24 static char ngx_mail_ssl_merge_conf(ngx_conf_t cf, void parent, void child);
2224 109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	25
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	26 static char ngx_mail_ssl_starttls(ngx_conf_t cf, ngx_command_t *cmd,
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	27 void *conf);
5744 42114bf12da0 SSL: the "ssl_password_file" directive. Valentin Bartenev <vbart@nginx.com> parents: 5503 diff changeset	28 static char ngx_mail_ssl_password_file(ngx_conf_t cf, ngx_command_t *cmd,
42114bf12da0 SSL: the "ssl_password_file" directive. Valentin Bartenev <vbart@nginx.com> parents: 5503 diff changeset	29 void *conf);
1136 68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	30 static char ngx_mail_ssl_session_cache(ngx_conf_t cf, ngx_command_t *cmd,
976 b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	31 void *conf);
539 371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	32
7729 3bff3f397c05 SSL: ssl_conf_command directive. Maxim Dounin <mdounin@mdounin.ru> parents: 7567 diff changeset	33 static char ngx_mail_ssl_conf_command_check(ngx_conf_t cf, void *post,
3bff3f397c05 SSL: ssl_conf_command directive. Maxim Dounin <mdounin@mdounin.ru> parents: 7567 diff changeset	34 void *data);
3bff3f397c05 SSL: ssl_conf_command directive. Maxim Dounin <mdounin@mdounin.ru> parents: 7567 diff changeset	35
539 371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	36
5222 23a186e8ca45 Style: remove unnecessary references to HTTP from non-HTTP modules. Piotr Sikora <piotr@cloudflare.com> parents: 5219 diff changeset	37 static ngx_conf_enum_t ngx_mail_starttls_state[] = {
1136 68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	38 { ngx_string("off"), NGX_MAIL_STARTTLS_OFF },
68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	39 { ngx_string("on"), NGX_MAIL_STARTTLS_ON },
68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	40 { ngx_string("only"), NGX_MAIL_STARTTLS_ONLY },
583 4e296b7d25bf nginx-0.3.13-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 577 diff changeset	41 { ngx_null_string, 0 }
4e296b7d25bf nginx-0.3.13-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 577 diff changeset	42 };
4e296b7d25bf nginx-0.3.13-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 577 diff changeset	43
4e296b7d25bf nginx-0.3.13-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 577 diff changeset	44
4e296b7d25bf nginx-0.3.13-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 577 diff changeset	45
1136 68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	46 static ngx_conf_bitmask_t ngx_mail_ssl_protocols[] = {
547 818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	47 { ngx_string("SSLv2"), NGX_SSL_SSLv2 },
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	48 { ngx_string("SSLv3"), NGX_SSL_SSLv3 },
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	49 { ngx_string("TLSv1"), NGX_SSL_TLSv1 },
4400 a0505851e70c Added support for TLSv1.1, TLSv1.2 in ssl_protocols directive. Maxim Dounin <mdounin@mdounin.ru> parents: 4153 diff changeset	50 { ngx_string("TLSv1.1"), NGX_SSL_TLSv1_1 },
a0505851e70c Added support for TLSv1.1, TLSv1.2 in ssl_protocols directive. Maxim Dounin <mdounin@mdounin.ru> parents: 4153 diff changeset	51 { ngx_string("TLSv1.2"), NGX_SSL_TLSv1_2 },
6981 08dc60979133 SSL: added support for TLSv1.3 in ssl_protocols directive. Sergey Kandaurov <pluknet@nginx.com> parents: 6699 diff changeset	52 { ngx_string("TLSv1.3"), NGX_SSL_TLSv1_3 },
547 818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	53 { ngx_null_string, 0 }
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	54 };
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	55
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	56
5989 ec01b1d1fff1 Mail: client SSL certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 5744 diff changeset	57 static ngx_conf_enum_t ngx_mail_ssl_verify[] = {
ec01b1d1fff1 Mail: client SSL certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 5744 diff changeset	58 { ngx_string("off"), 0 },
ec01b1d1fff1 Mail: client SSL certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 5744 diff changeset	59 { ngx_string("on"), 1 },
ec01b1d1fff1 Mail: client SSL certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 5744 diff changeset	60 { ngx_string("optional"), 2 },
ec01b1d1fff1 Mail: client SSL certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 5744 diff changeset	61 { ngx_string("optional_no_ca"), 3 },
ec01b1d1fff1 Mail: client SSL certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 5744 diff changeset	62 { ngx_null_string, 0 }
ec01b1d1fff1 Mail: client SSL certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 5744 diff changeset	63 };
ec01b1d1fff1 Mail: client SSL certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 5744 diff changeset	64
ec01b1d1fff1 Mail: client SSL certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 5744 diff changeset	65
7729 3bff3f397c05 SSL: ssl_conf_command directive. Maxim Dounin <mdounin@mdounin.ru> parents: 7567 diff changeset	66 static ngx_conf_post_t ngx_mail_ssl_conf_command_post =
3bff3f397c05 SSL: ssl_conf_command directive. Maxim Dounin <mdounin@mdounin.ru> parents: 7567 diff changeset	67 { ngx_mail_ssl_conf_command_check };
3bff3f397c05 SSL: ssl_conf_command directive. Maxim Dounin <mdounin@mdounin.ru> parents: 7567 diff changeset	68
3bff3f397c05 SSL: ssl_conf_command directive. Maxim Dounin <mdounin@mdounin.ru> parents: 7567 diff changeset	69
1136 68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	70 static ngx_command_t ngx_mail_ssl_commands[] = {
539 371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	71
583 4e296b7d25bf nginx-0.3.13-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 577 diff changeset	72 { ngx_string("starttls"),
1136 68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	73 NGX_MAIL_MAIN_CONF\|NGX_MAIL_SRV_CONF\|NGX_CONF_TAKE1,
2224 109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	74 ngx_mail_ssl_starttls,
1136 68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	75 NGX_MAIL_SRV_CONF_OFFSET,
68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	76 offsetof(ngx_mail_ssl_conf_t, starttls),
5222 23a186e8ca45 Style: remove unnecessary references to HTTP from non-HTTP modules. Piotr Sikora <piotr@cloudflare.com> parents: 5219 diff changeset	77 ngx_mail_starttls_state },
583 4e296b7d25bf nginx-0.3.13-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 577 diff changeset	78
539 371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	79 { ngx_string("ssl_certificate"),
1136 68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	80 NGX_MAIL_MAIN_CONF\|NGX_MAIL_SRV_CONF\|NGX_CONF_TAKE1,
6550 51e1f047d15d SSL: support for multiple certificates (ticket #814). Maxim Dounin <mdounin@mdounin.ru> parents: 6489 diff changeset	81 ngx_conf_set_str_array_slot,
1136 68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	82 NGX_MAIL_SRV_CONF_OFFSET,
6550 51e1f047d15d SSL: support for multiple certificates (ticket #814). Maxim Dounin <mdounin@mdounin.ru> parents: 6489 diff changeset	83 offsetof(ngx_mail_ssl_conf_t, certificates),
539 371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	84 NULL },
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	85
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	86 { ngx_string("ssl_certificate_key"),
1136 68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	87 NGX_MAIL_MAIN_CONF\|NGX_MAIL_SRV_CONF\|NGX_CONF_TAKE1,
6550 51e1f047d15d SSL: support for multiple certificates (ticket #814). Maxim Dounin <mdounin@mdounin.ru> parents: 6489 diff changeset	88 ngx_conf_set_str_array_slot,
1136 68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	89 NGX_MAIL_SRV_CONF_OFFSET,
6550 51e1f047d15d SSL: support for multiple certificates (ticket #814). Maxim Dounin <mdounin@mdounin.ru> parents: 6489 diff changeset	90 offsetof(ngx_mail_ssl_conf_t, certificate_keys),
539 371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	91 NULL },
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	92
5744 42114bf12da0 SSL: the "ssl_password_file" directive. Valentin Bartenev <vbart@nginx.com> parents: 5503 diff changeset	93 { ngx_string("ssl_password_file"),
42114bf12da0 SSL: the "ssl_password_file" directive. Valentin Bartenev <vbart@nginx.com> parents: 5503 diff changeset	94 NGX_MAIL_MAIN_CONF\|NGX_MAIL_SRV_CONF\|NGX_CONF_TAKE1,
42114bf12da0 SSL: the "ssl_password_file" directive. Valentin Bartenev <vbart@nginx.com> parents: 5503 diff changeset	95 ngx_mail_ssl_password_file,
42114bf12da0 SSL: the "ssl_password_file" directive. Valentin Bartenev <vbart@nginx.com> parents: 5503 diff changeset	96 NGX_MAIL_SRV_CONF_OFFSET,
42114bf12da0 SSL: the "ssl_password_file" directive. Valentin Bartenev <vbart@nginx.com> parents: 5503 diff changeset	97 0,
42114bf12da0 SSL: the "ssl_password_file" directive. Valentin Bartenev <vbart@nginx.com> parents: 5503 diff changeset	98 NULL },
42114bf12da0 SSL: the "ssl_password_file" directive. Valentin Bartenev <vbart@nginx.com> parents: 5503 diff changeset	99
2044 f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	100 { ngx_string("ssl_dhparam"),
f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	101 NGX_MAIL_MAIN_CONF\|NGX_MAIL_SRV_CONF\|NGX_CONF_TAKE1,
f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	102 ngx_conf_set_str_slot,
f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	103 NGX_MAIL_SRV_CONF_OFFSET,
f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	104 offsetof(ngx_mail_ssl_conf_t, dhparam),
f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	105 NULL },
f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	106
3960 0832a6997227 ECDHE support Igor Sysoev <igor@sysoev.ru> parents: 3959 diff changeset	107 { ngx_string("ssl_ecdh_curve"),
0832a6997227 ECDHE support Igor Sysoev <igor@sysoev.ru> parents: 3959 diff changeset	108 NGX_MAIL_MAIN_CONF\|NGX_MAIL_SRV_CONF\|NGX_CONF_TAKE1,
0832a6997227 ECDHE support Igor Sysoev <igor@sysoev.ru> parents: 3959 diff changeset	109 ngx_conf_set_str_slot,
0832a6997227 ECDHE support Igor Sysoev <igor@sysoev.ru> parents: 3959 diff changeset	110 NGX_MAIL_SRV_CONF_OFFSET,
0832a6997227 ECDHE support Igor Sysoev <igor@sysoev.ru> parents: 3959 diff changeset	111 offsetof(ngx_mail_ssl_conf_t, ecdh_curve),
0832a6997227 ECDHE support Igor Sysoev <igor@sysoev.ru> parents: 3959 diff changeset	112 NULL },
0832a6997227 ECDHE support Igor Sysoev <igor@sysoev.ru> parents: 3959 diff changeset	113
547 818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	114 { ngx_string("ssl_protocols"),
1136 68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	115 NGX_MAIL_MAIN_CONF\|NGX_MAIL_SRV_CONF\|NGX_CONF_1MORE,
547 818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	116 ngx_conf_set_bitmask_slot,
1136 68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	117 NGX_MAIL_SRV_CONF_OFFSET,
68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	118 offsetof(ngx_mail_ssl_conf_t, protocols),
68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	119 &ngx_mail_ssl_protocols },
547 818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	120
539 371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	121 { ngx_string("ssl_ciphers"),
1136 68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	122 NGX_MAIL_MAIN_CONF\|NGX_MAIL_SRV_CONF\|NGX_CONF_TAKE1,
539 371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	123 ngx_conf_set_str_slot,
1136 68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	124 NGX_MAIL_SRV_CONF_OFFSET,
68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	125 offsetof(ngx_mail_ssl_conf_t, ciphers),
539 371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	126 NULL },
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	127
547 818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	128 { ngx_string("ssl_prefer_server_ciphers"),
1136 68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	129 NGX_MAIL_MAIN_CONF\|NGX_MAIL_SRV_CONF\|NGX_CONF_FLAG,
547 818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	130 ngx_conf_set_flag_slot,
1136 68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	131 NGX_MAIL_SRV_CONF_OFFSET,
68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	132 offsetof(ngx_mail_ssl_conf_t, prefer_server_ciphers),
547 818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	133 NULL },
563 9c2f3ed7a247 nginx-0.3.3-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 547 diff changeset	134
976 b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	135 { ngx_string("ssl_session_cache"),
1136 68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	136 NGX_MAIL_MAIN_CONF\|NGX_MAIL_SRV_CONF\|NGX_CONF_TAKE12,
68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	137 ngx_mail_ssl_session_cache,
68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	138 NGX_MAIL_SRV_CONF_OFFSET,
976 b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	139 0,
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	140 NULL },
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	141
5503 d049b0ea00a3 SSL: ssl_session_tickets directive. Dirkjan Bussink <d.bussink@gmail.com> parents: 5425 diff changeset	142 { ngx_string("ssl_session_tickets"),
d049b0ea00a3 SSL: ssl_session_tickets directive. Dirkjan Bussink <d.bussink@gmail.com> parents: 5425 diff changeset	143 NGX_MAIL_MAIN_CONF\|NGX_MAIL_SRV_CONF\|NGX_CONF_FLAG,
d049b0ea00a3 SSL: ssl_session_tickets directive. Dirkjan Bussink <d.bussink@gmail.com> parents: 5425 diff changeset	144 ngx_conf_set_flag_slot,
d049b0ea00a3 SSL: ssl_session_tickets directive. Dirkjan Bussink <d.bussink@gmail.com> parents: 5425 diff changeset	145 NGX_MAIL_SRV_CONF_OFFSET,
d049b0ea00a3 SSL: ssl_session_tickets directive. Dirkjan Bussink <d.bussink@gmail.com> parents: 5425 diff changeset	146 offsetof(ngx_mail_ssl_conf_t, session_tickets),
d049b0ea00a3 SSL: ssl_session_tickets directive. Dirkjan Bussink <d.bussink@gmail.com> parents: 5425 diff changeset	147 NULL },
d049b0ea00a3 SSL: ssl_session_tickets directive. Dirkjan Bussink <d.bussink@gmail.com> parents: 5425 diff changeset	148
5425 1356a3b96924 SSL: added ability to set keys used for Session Tickets (RFC5077). Piotr Sikora <piotr@cloudflare.com> parents: 5401 diff changeset	149 { ngx_string("ssl_session_ticket_key"),
1356a3b96924 SSL: added ability to set keys used for Session Tickets (RFC5077). Piotr Sikora <piotr@cloudflare.com> parents: 5401 diff changeset	150 NGX_MAIL_MAIN_CONF\|NGX_MAIL_SRV_CONF\|NGX_CONF_TAKE1,
1356a3b96924 SSL: added ability to set keys used for Session Tickets (RFC5077). Piotr Sikora <piotr@cloudflare.com> parents: 5401 diff changeset	151 ngx_conf_set_str_array_slot,
1356a3b96924 SSL: added ability to set keys used for Session Tickets (RFC5077). Piotr Sikora <piotr@cloudflare.com> parents: 5401 diff changeset	152 NGX_MAIL_SRV_CONF_OFFSET,
1356a3b96924 SSL: added ability to set keys used for Session Tickets (RFC5077). Piotr Sikora <piotr@cloudflare.com> parents: 5401 diff changeset	153 offsetof(ngx_mail_ssl_conf_t, session_ticket_keys),
1356a3b96924 SSL: added ability to set keys used for Session Tickets (RFC5077). Piotr Sikora <piotr@cloudflare.com> parents: 5401 diff changeset	154 NULL },
1356a3b96924 SSL: added ability to set keys used for Session Tickets (RFC5077). Piotr Sikora <piotr@cloudflare.com> parents: 5401 diff changeset	155
573 58475592100c nginx-0.3.8-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 563 diff changeset	156 { ngx_string("ssl_session_timeout"),
1136 68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	157 NGX_MAIL_MAIN_CONF\|NGX_MAIL_SRV_CONF\|NGX_CONF_TAKE1,
573 58475592100c nginx-0.3.8-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 563 diff changeset	158 ngx_conf_set_sec_slot,
1136 68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	159 NGX_MAIL_SRV_CONF_OFFSET,
68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	160 offsetof(ngx_mail_ssl_conf_t, session_timeout),
573 58475592100c nginx-0.3.8-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 563 diff changeset	161 NULL },
547 818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	162
5989 ec01b1d1fff1 Mail: client SSL certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 5744 diff changeset	163 { ngx_string("ssl_verify_client"),
ec01b1d1fff1 Mail: client SSL certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 5744 diff changeset	164 NGX_MAIL_MAIN_CONF\|NGX_MAIL_SRV_CONF\|NGX_CONF_TAKE1,
ec01b1d1fff1 Mail: client SSL certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 5744 diff changeset	165 ngx_conf_set_enum_slot,
ec01b1d1fff1 Mail: client SSL certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 5744 diff changeset	166 NGX_MAIL_SRV_CONF_OFFSET,
ec01b1d1fff1 Mail: client SSL certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 5744 diff changeset	167 offsetof(ngx_mail_ssl_conf_t, verify),
ec01b1d1fff1 Mail: client SSL certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 5744 diff changeset	168 &ngx_mail_ssl_verify },
ec01b1d1fff1 Mail: client SSL certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 5744 diff changeset	169
ec01b1d1fff1 Mail: client SSL certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 5744 diff changeset	170 { ngx_string("ssl_verify_depth"),
ec01b1d1fff1 Mail: client SSL certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 5744 diff changeset	171 NGX_MAIL_MAIN_CONF\|NGX_MAIL_SRV_CONF\|NGX_CONF_TAKE1,
ec01b1d1fff1 Mail: client SSL certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 5744 diff changeset	172 ngx_conf_set_num_slot,
ec01b1d1fff1 Mail: client SSL certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 5744 diff changeset	173 NGX_MAIL_SRV_CONF_OFFSET,
ec01b1d1fff1 Mail: client SSL certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 5744 diff changeset	174 offsetof(ngx_mail_ssl_conf_t, verify_depth),
ec01b1d1fff1 Mail: client SSL certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 5744 diff changeset	175 NULL },
ec01b1d1fff1 Mail: client SSL certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 5744 diff changeset	176
ec01b1d1fff1 Mail: client SSL certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 5744 diff changeset	177 { ngx_string("ssl_client_certificate"),
ec01b1d1fff1 Mail: client SSL certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 5744 diff changeset	178 NGX_MAIL_MAIN_CONF\|NGX_MAIL_SRV_CONF\|NGX_CONF_TAKE1,
ec01b1d1fff1 Mail: client SSL certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 5744 diff changeset	179 ngx_conf_set_str_slot,
ec01b1d1fff1 Mail: client SSL certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 5744 diff changeset	180 NGX_MAIL_SRV_CONF_OFFSET,
ec01b1d1fff1 Mail: client SSL certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 5744 diff changeset	181 offsetof(ngx_mail_ssl_conf_t, client_certificate),
ec01b1d1fff1 Mail: client SSL certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 5744 diff changeset	182 NULL },
ec01b1d1fff1 Mail: client SSL certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 5744 diff changeset	183
ec01b1d1fff1 Mail: client SSL certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 5744 diff changeset	184 { ngx_string("ssl_trusted_certificate"),
ec01b1d1fff1 Mail: client SSL certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 5744 diff changeset	185 NGX_MAIL_MAIN_CONF\|NGX_MAIL_SRV_CONF\|NGX_CONF_TAKE1,
ec01b1d1fff1 Mail: client SSL certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 5744 diff changeset	186 ngx_conf_set_str_slot,
ec01b1d1fff1 Mail: client SSL certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 5744 diff changeset	187 NGX_MAIL_SRV_CONF_OFFSET,
ec01b1d1fff1 Mail: client SSL certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 5744 diff changeset	188 offsetof(ngx_mail_ssl_conf_t, trusted_certificate),
ec01b1d1fff1 Mail: client SSL certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 5744 diff changeset	189 NULL },
ec01b1d1fff1 Mail: client SSL certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 5744 diff changeset	190
ec01b1d1fff1 Mail: client SSL certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 5744 diff changeset	191 { ngx_string("ssl_crl"),
ec01b1d1fff1 Mail: client SSL certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 5744 diff changeset	192 NGX_MAIL_MAIN_CONF\|NGX_MAIL_SRV_CONF\|NGX_CONF_TAKE1,
ec01b1d1fff1 Mail: client SSL certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 5744 diff changeset	193 ngx_conf_set_str_slot,
ec01b1d1fff1 Mail: client SSL certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 5744 diff changeset	194 NGX_MAIL_SRV_CONF_OFFSET,
ec01b1d1fff1 Mail: client SSL certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 5744 diff changeset	195 offsetof(ngx_mail_ssl_conf_t, crl),
ec01b1d1fff1 Mail: client SSL certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 5744 diff changeset	196 NULL },
ec01b1d1fff1 Mail: client SSL certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 5744 diff changeset	197
7729 3bff3f397c05 SSL: ssl_conf_command directive. Maxim Dounin <mdounin@mdounin.ru> parents: 7567 diff changeset	198 { ngx_string("ssl_conf_command"),
3bff3f397c05 SSL: ssl_conf_command directive. Maxim Dounin <mdounin@mdounin.ru> parents: 7567 diff changeset	199 NGX_MAIL_MAIN_CONF\|NGX_MAIL_SRV_CONF\|NGX_CONF_TAKE2,
3bff3f397c05 SSL: ssl_conf_command directive. Maxim Dounin <mdounin@mdounin.ru> parents: 7567 diff changeset	200 ngx_conf_set_keyval_slot,
3bff3f397c05 SSL: ssl_conf_command directive. Maxim Dounin <mdounin@mdounin.ru> parents: 7567 diff changeset	201 NGX_MAIL_SRV_CONF_OFFSET,
3bff3f397c05 SSL: ssl_conf_command directive. Maxim Dounin <mdounin@mdounin.ru> parents: 7567 diff changeset	202 offsetof(ngx_mail_ssl_conf_t, conf_commands),
3bff3f397c05 SSL: ssl_conf_command directive. Maxim Dounin <mdounin@mdounin.ru> parents: 7567 diff changeset	203 &ngx_mail_ssl_conf_command_post },
3bff3f397c05 SSL: ssl_conf_command directive. Maxim Dounin <mdounin@mdounin.ru> parents: 7567 diff changeset	204
539 371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	205 ngx_null_command
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	206 };
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	207
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	208
1136 68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	209 static ngx_mail_module_t ngx_mail_ssl_module_ctx = {
1487 f69493e8faab ngx_mail_pop3_module, ngx_mail_imap_module, and ngx_mail_smtp_module Igor Sysoev <igor@sysoev.ru> parents: 1136 diff changeset	210 NULL, /* protocol */
f69493e8faab ngx_mail_pop3_module, ngx_mail_imap_module, and ngx_mail_smtp_module Igor Sysoev <igor@sysoev.ru> parents: 1136 diff changeset	211
539 371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	212 NULL, /* create main configuration */
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	213 NULL, /* init main configuration */
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	214
1136 68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	215 ngx_mail_ssl_create_conf, /* create server configuration */
68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	216 ngx_mail_ssl_merge_conf /* merge server configuration */
539 371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	217 };
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	218
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	219
1136 68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	220 ngx_module_t ngx_mail_ssl_module = {
539 371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	221 NGX_MODULE_V1,
1136 68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	222 &ngx_mail_ssl_module_ctx, /* module context */
68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	223 ngx_mail_ssl_commands, /* module directives */
68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	224 NGX_MAIL_MODULE, /* module type */
541 b09ee85d0ac8 nginx-0.1.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 539 diff changeset	225 NULL, /* init master */
539 371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	226 NULL, /* init module */
541 b09ee85d0ac8 nginx-0.1.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 539 diff changeset	227 NULL, /* init process */
b09ee85d0ac8 nginx-0.1.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 539 diff changeset	228 NULL, /* init thread */
b09ee85d0ac8 nginx-0.1.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 539 diff changeset	229 NULL, /* exit thread */
b09ee85d0ac8 nginx-0.1.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 539 diff changeset	230 NULL, /* exit process */
b09ee85d0ac8 nginx-0.1.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 539 diff changeset	231 NULL, /* exit master */
b09ee85d0ac8 nginx-0.1.45-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 539 diff changeset	232 NGX_MODULE_V1_PADDING
539 371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	233 };
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	234
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	235
1136 68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	236 static ngx_str_t ngx_mail_ssl_sess_id_ctx = ngx_string("MAIL");
543 511a89da35ad nginx-0.2.0-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 541 diff changeset	237
511a89da35ad nginx-0.2.0-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 541 diff changeset	238
7938 dc955d274130 Mail: connections with wrong ALPN protocols are now rejected. Vladimir Homutov <vl@nginx.com> parents: 7904 diff changeset	239 #ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
dc955d274130 Mail: connections with wrong ALPN protocols are now rejected. Vladimir Homutov <vl@nginx.com> parents: 7904 diff changeset	240
dc955d274130 Mail: connections with wrong ALPN protocols are now rejected. Vladimir Homutov <vl@nginx.com> parents: 7904 diff changeset	241 static int
dc955d274130 Mail: connections with wrong ALPN protocols are now rejected. Vladimir Homutov <vl@nginx.com> parents: 7904 diff changeset	242 ngx_mail_ssl_alpn_select(ngx_ssl_conn_t ssl_conn, const unsigned char *out,
dc955d274130 Mail: connections with wrong ALPN protocols are now rejected. Vladimir Homutov <vl@nginx.com> parents: 7904 diff changeset	243 unsigned char outlen, const unsigned char in, unsigned int inlen,
dc955d274130 Mail: connections with wrong ALPN protocols are now rejected. Vladimir Homutov <vl@nginx.com> parents: 7904 diff changeset	244 void *arg)
dc955d274130 Mail: connections with wrong ALPN protocols are now rejected. Vladimir Homutov <vl@nginx.com> parents: 7904 diff changeset	245 {
dc955d274130 Mail: connections with wrong ALPN protocols are now rejected. Vladimir Homutov <vl@nginx.com> parents: 7904 diff changeset	246 unsigned int srvlen;
dc955d274130 Mail: connections with wrong ALPN protocols are now rejected. Vladimir Homutov <vl@nginx.com> parents: 7904 diff changeset	247 unsigned char *srv;
dc955d274130 Mail: connections with wrong ALPN protocols are now rejected. Vladimir Homutov <vl@nginx.com> parents: 7904 diff changeset	248 ngx_connection_t *c;
dc955d274130 Mail: connections with wrong ALPN protocols are now rejected. Vladimir Homutov <vl@nginx.com> parents: 7904 diff changeset	249 ngx_mail_session_t *s;
dc955d274130 Mail: connections with wrong ALPN protocols are now rejected. Vladimir Homutov <vl@nginx.com> parents: 7904 diff changeset	250 ngx_mail_core_srv_conf_t *cscf;
dc955d274130 Mail: connections with wrong ALPN protocols are now rejected. Vladimir Homutov <vl@nginx.com> parents: 7904 diff changeset	251 #if (NGX_DEBUG)
dc955d274130 Mail: connections with wrong ALPN protocols are now rejected. Vladimir Homutov <vl@nginx.com> parents: 7904 diff changeset	252 unsigned int i;
dc955d274130 Mail: connections with wrong ALPN protocols are now rejected. Vladimir Homutov <vl@nginx.com> parents: 7904 diff changeset	253 #endif
dc955d274130 Mail: connections with wrong ALPN protocols are now rejected. Vladimir Homutov <vl@nginx.com> parents: 7904 diff changeset	254
dc955d274130 Mail: connections with wrong ALPN protocols are now rejected. Vladimir Homutov <vl@nginx.com> parents: 7904 diff changeset	255 c = ngx_ssl_get_connection(ssl_conn);
dc955d274130 Mail: connections with wrong ALPN protocols are now rejected. Vladimir Homutov <vl@nginx.com> parents: 7904 diff changeset	256 s = c->data;
dc955d274130 Mail: connections with wrong ALPN protocols are now rejected. Vladimir Homutov <vl@nginx.com> parents: 7904 diff changeset	257
dc955d274130 Mail: connections with wrong ALPN protocols are now rejected. Vladimir Homutov <vl@nginx.com> parents: 7904 diff changeset	258 #if (NGX_DEBUG)
dc955d274130 Mail: connections with wrong ALPN protocols are now rejected. Vladimir Homutov <vl@nginx.com> parents: 7904 diff changeset	259 for (i = 0; i < inlen; i += in[i] + 1) {
dc955d274130 Mail: connections with wrong ALPN protocols are now rejected. Vladimir Homutov <vl@nginx.com> parents: 7904 diff changeset	260 ngx_log_debug2(NGX_LOG_DEBUG_MAIL, c->log, 0,
dc955d274130 Mail: connections with wrong ALPN protocols are now rejected. Vladimir Homutov <vl@nginx.com> parents: 7904 diff changeset	261 "SSL ALPN supported by client: %*s",
dc955d274130 Mail: connections with wrong ALPN protocols are now rejected. Vladimir Homutov <vl@nginx.com> parents: 7904 diff changeset	262 (size_t) in[i], &in[i + 1]);
dc955d274130 Mail: connections with wrong ALPN protocols are now rejected. Vladimir Homutov <vl@nginx.com> parents: 7904 diff changeset	263 }
dc955d274130 Mail: connections with wrong ALPN protocols are now rejected. Vladimir Homutov <vl@nginx.com> parents: 7904 diff changeset	264 #endif
dc955d274130 Mail: connections with wrong ALPN protocols are now rejected. Vladimir Homutov <vl@nginx.com> parents: 7904 diff changeset	265
dc955d274130 Mail: connections with wrong ALPN protocols are now rejected. Vladimir Homutov <vl@nginx.com> parents: 7904 diff changeset	266 cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module);
dc955d274130 Mail: connections with wrong ALPN protocols are now rejected. Vladimir Homutov <vl@nginx.com> parents: 7904 diff changeset	267
dc955d274130 Mail: connections with wrong ALPN protocols are now rejected. Vladimir Homutov <vl@nginx.com> parents: 7904 diff changeset	268 srv = cscf->protocol->alpn.data;
dc955d274130 Mail: connections with wrong ALPN protocols are now rejected. Vladimir Homutov <vl@nginx.com> parents: 7904 diff changeset	269 srvlen = cscf->protocol->alpn.len;
dc955d274130 Mail: connections with wrong ALPN protocols are now rejected. Vladimir Homutov <vl@nginx.com> parents: 7904 diff changeset	270
dc955d274130 Mail: connections with wrong ALPN protocols are now rejected. Vladimir Homutov <vl@nginx.com> parents: 7904 diff changeset	271 if (SSL_select_next_proto((unsigned char **) out, outlen, srv, srvlen,
dc955d274130 Mail: connections with wrong ALPN protocols are now rejected. Vladimir Homutov <vl@nginx.com> parents: 7904 diff changeset	272 in, inlen)
dc955d274130 Mail: connections with wrong ALPN protocols are now rejected. Vladimir Homutov <vl@nginx.com> parents: 7904 diff changeset	273 != OPENSSL_NPN_NEGOTIATED)
dc955d274130 Mail: connections with wrong ALPN protocols are now rejected. Vladimir Homutov <vl@nginx.com> parents: 7904 diff changeset	274 {
dc955d274130 Mail: connections with wrong ALPN protocols are now rejected. Vladimir Homutov <vl@nginx.com> parents: 7904 diff changeset	275 return SSL_TLSEXT_ERR_ALERT_FATAL;
dc955d274130 Mail: connections with wrong ALPN protocols are now rejected. Vladimir Homutov <vl@nginx.com> parents: 7904 diff changeset	276 }
dc955d274130 Mail: connections with wrong ALPN protocols are now rejected. Vladimir Homutov <vl@nginx.com> parents: 7904 diff changeset	277
dc955d274130 Mail: connections with wrong ALPN protocols are now rejected. Vladimir Homutov <vl@nginx.com> parents: 7904 diff changeset	278 ngx_log_debug2(NGX_LOG_DEBUG_MAIL, c->log, 0,
dc955d274130 Mail: connections with wrong ALPN protocols are now rejected. Vladimir Homutov <vl@nginx.com> parents: 7904 diff changeset	279 "SSL ALPN selected: %s", (size_t) outlen, *out);
dc955d274130 Mail: connections with wrong ALPN protocols are now rejected. Vladimir Homutov <vl@nginx.com> parents: 7904 diff changeset	280
dc955d274130 Mail: connections with wrong ALPN protocols are now rejected. Vladimir Homutov <vl@nginx.com> parents: 7904 diff changeset	281 return SSL_TLSEXT_ERR_OK;
dc955d274130 Mail: connections with wrong ALPN protocols are now rejected. Vladimir Homutov <vl@nginx.com> parents: 7904 diff changeset	282 }
dc955d274130 Mail: connections with wrong ALPN protocols are now rejected. Vladimir Homutov <vl@nginx.com> parents: 7904 diff changeset	283
dc955d274130 Mail: connections with wrong ALPN protocols are now rejected. Vladimir Homutov <vl@nginx.com> parents: 7904 diff changeset	284 #endif
dc955d274130 Mail: connections with wrong ALPN protocols are now rejected. Vladimir Homutov <vl@nginx.com> parents: 7904 diff changeset	285
dc955d274130 Mail: connections with wrong ALPN protocols are now rejected. Vladimir Homutov <vl@nginx.com> parents: 7904 diff changeset	286
539 371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	287 static void *
1136 68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	288 ngx_mail_ssl_create_conf(ngx_conf_t *cf)
577 4d9ea73a627a nginx-0.3.10-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 573 diff changeset	289 {
1136 68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	290 ngx_mail_ssl_conf_t *scf;
577 4d9ea73a627a nginx-0.3.10-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 573 diff changeset	291
1136 68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	292 scf = ngx_pcalloc(cf->pool, sizeof(ngx_mail_ssl_conf_t));
539 371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	293 if (scf == NULL) {
2912 c7d57b539248 return NULL instead of NGX_CONF_ERROR on a create conf failure Igor Sysoev <igor@sysoev.ru> parents: 2759 diff changeset	294 return NULL;
539 371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	295 }
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	296
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	297 /*
577 4d9ea73a627a nginx-0.3.10-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 573 diff changeset	298 * set by ngx_pcalloc():
539 371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	299 *
7269 7f955d3b9a0d SSL: detect "listen ... ssl" without certificates (ticket #178). Maxim Dounin <mdounin@mdounin.ru> parents: 7268 diff changeset	300 * scf->listen = 0;
547 818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	301 * scf->protocols = 0;
2044 f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	302 * scf->dhparam = { 0, NULL };
3960 0832a6997227 ECDHE support Igor Sysoev <igor@sysoev.ru> parents: 3959 diff changeset	303 * scf->ecdh_curve = { 0, NULL };
5989 ec01b1d1fff1 Mail: client SSL certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 5744 diff changeset	304 * scf->client_certificate = { 0, NULL };
ec01b1d1fff1 Mail: client SSL certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 5744 diff changeset	305 * scf->trusted_certificate = { 0, NULL };
ec01b1d1fff1 Mail: client SSL certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 5744 diff changeset	306 * scf->crl = { 0, NULL };
3516 dd1570b6f237 ngx_str_set() and ngx_str_null() Igor Sysoev <igor@sysoev.ru> parents: 3196 diff changeset	307 * scf->ciphers = { 0, NULL };
976 b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	308 * scf->shm_zone = NULL;
539 371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	309 */
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	310
2759 38cb2238db13 fix building by MSVC8 Igor Sysoev <igor@sysoev.ru> parents: 2224 diff changeset	311 scf->starttls = NGX_CONF_UNSET_UINT;
6550 51e1f047d15d SSL: support for multiple certificates (ticket #814). Maxim Dounin <mdounin@mdounin.ru> parents: 6489 diff changeset	312 scf->certificates = NGX_CONF_UNSET_PTR;
51e1f047d15d SSL: support for multiple certificates (ticket #814). Maxim Dounin <mdounin@mdounin.ru> parents: 6489 diff changeset	313 scf->certificate_keys = NGX_CONF_UNSET_PTR;
5744 42114bf12da0 SSL: the "ssl_password_file" directive. Valentin Bartenev <vbart@nginx.com> parents: 5503 diff changeset	314 scf->passwords = NGX_CONF_UNSET_PTR;
7729 3bff3f397c05 SSL: ssl_conf_command directive. Maxim Dounin <mdounin@mdounin.ru> parents: 7567 diff changeset	315 scf->conf_commands = NGX_CONF_UNSET_PTR;
976 b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	316 scf->prefer_server_ciphers = NGX_CONF_UNSET;
5989 ec01b1d1fff1 Mail: client SSL certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 5744 diff changeset	317 scf->verify = NGX_CONF_UNSET_UINT;
ec01b1d1fff1 Mail: client SSL certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 5744 diff changeset	318 scf->verify_depth = NGX_CONF_UNSET_UINT;
976 b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	319 scf->builtin_session_cache = NGX_CONF_UNSET;
573 58475592100c nginx-0.3.8-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 563 diff changeset	320 scf->session_timeout = NGX_CONF_UNSET;
5503 d049b0ea00a3 SSL: ssl_session_tickets directive. Dirkjan Bussink <d.bussink@gmail.com> parents: 5425 diff changeset	321 scf->session_tickets = NGX_CONF_UNSET;
5425 1356a3b96924 SSL: added ability to set keys used for Session Tickets (RFC5077). Piotr Sikora <piotr@cloudflare.com> parents: 5401 diff changeset	322 scf->session_ticket_keys = NGX_CONF_UNSET_PTR;
539 371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	323
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	324 return scf;
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	325 }
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	326
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	327
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	328 static char *
1136 68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	329 ngx_mail_ssl_merge_conf(ngx_conf_t cf, void parent, void *child)
539 371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	330 {
1136 68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	331 ngx_mail_ssl_conf_t *prev = parent;
68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	332 ngx_mail_ssl_conf_t *conf = child;
539 371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	333
2224 109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	334 char *mode;
563 9c2f3ed7a247 nginx-0.3.3-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 547 diff changeset	335 ngx_pool_cleanup_t *cln;
9c2f3ed7a247 nginx-0.3.3-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 547 diff changeset	336
2224 109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	337 ngx_conf_merge_uint_value(conf->starttls, prev->starttls,
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	338 NGX_MAIL_STARTTLS_OFF);
539 371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	339
573 58475592100c nginx-0.3.8-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 563 diff changeset	340 ngx_conf_merge_value(conf->session_timeout,
58475592100c nginx-0.3.8-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 563 diff changeset	341 prev->session_timeout, 300);
58475592100c nginx-0.3.8-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 563 diff changeset	342
547 818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	343 ngx_conf_merge_value(conf->prefer_server_ciphers,
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	344 prev->prefer_server_ciphers, 0);
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	345
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	346 ngx_conf_merge_bitmask_value(conf->protocols, prev->protocols,
8152 d1cf09451ae8 SSL: enabled TLSv1.3 by default. Maxim Dounin <mdounin@mdounin.ru> parents: 8088 diff changeset	347 (NGX_CONF_BITMASK_SET
d1cf09451ae8 SSL: enabled TLSv1.3 by default. Maxim Dounin <mdounin@mdounin.ru> parents: 8088 diff changeset	348 \|NGX_SSL_TLSv1\|NGX_SSL_TLSv1_1
d1cf09451ae8 SSL: enabled TLSv1.3 by default. Maxim Dounin <mdounin@mdounin.ru> parents: 8088 diff changeset	349 \|NGX_SSL_TLSv1_2\|NGX_SSL_TLSv1_3));
547 818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	350
5989 ec01b1d1fff1 Mail: client SSL certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 5744 diff changeset	351 ngx_conf_merge_uint_value(conf->verify, prev->verify, 0);
ec01b1d1fff1 Mail: client SSL certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 5744 diff changeset	352 ngx_conf_merge_uint_value(conf->verify_depth, prev->verify_depth, 1);
ec01b1d1fff1 Mail: client SSL certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 5744 diff changeset	353
6550 51e1f047d15d SSL: support for multiple certificates (ticket #814). Maxim Dounin <mdounin@mdounin.ru> parents: 6489 diff changeset	354 ngx_conf_merge_ptr_value(conf->certificates, prev->certificates, NULL);
51e1f047d15d SSL: support for multiple certificates (ticket #814). Maxim Dounin <mdounin@mdounin.ru> parents: 6489 diff changeset	355 ngx_conf_merge_ptr_value(conf->certificate_keys, prev->certificate_keys,
51e1f047d15d SSL: support for multiple certificates (ticket #814). Maxim Dounin <mdounin@mdounin.ru> parents: 6489 diff changeset	356 NULL);
539 371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	357
5744 42114bf12da0 SSL: the "ssl_password_file" directive. Valentin Bartenev <vbart@nginx.com> parents: 5503 diff changeset	358 ngx_conf_merge_ptr_value(conf->passwords, prev->passwords, NULL);
42114bf12da0 SSL: the "ssl_password_file" directive. Valentin Bartenev <vbart@nginx.com> parents: 5503 diff changeset	359
2044 f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	360 ngx_conf_merge_str_value(conf->dhparam, prev->dhparam, "");
f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	361
3960 0832a6997227 ECDHE support Igor Sysoev <igor@sysoev.ru> parents: 3959 diff changeset	362 ngx_conf_merge_str_value(conf->ecdh_curve, prev->ecdh_curve,
0832a6997227 ECDHE support Igor Sysoev <igor@sysoev.ru> parents: 3959 diff changeset	363 NGX_DEFAULT_ECDH_CURVE);
0832a6997227 ECDHE support Igor Sysoev <igor@sysoev.ru> parents: 3959 diff changeset	364
5989 ec01b1d1fff1 Mail: client SSL certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 5744 diff changeset	365 ngx_conf_merge_str_value(conf->client_certificate,
ec01b1d1fff1 Mail: client SSL certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 5744 diff changeset	366 prev->client_certificate, "");
ec01b1d1fff1 Mail: client SSL certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 5744 diff changeset	367 ngx_conf_merge_str_value(conf->trusted_certificate,
ec01b1d1fff1 Mail: client SSL certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 5744 diff changeset	368 prev->trusted_certificate, "");
ec01b1d1fff1 Mail: client SSL certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 5744 diff changeset	369 ngx_conf_merge_str_value(conf->crl, prev->crl, "");
ec01b1d1fff1 Mail: client SSL certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 5744 diff changeset	370
2124 e0b424b98f24 fix typo Igor Sysoev <igor@sysoev.ru> parents: 2044 diff changeset	371 ngx_conf_merge_str_value(conf->ciphers, prev->ciphers, NGX_DEFAULT_CIPHERS);
539 371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	372
7729 3bff3f397c05 SSL: ssl_conf_command directive. Maxim Dounin <mdounin@mdounin.ru> parents: 7567 diff changeset	373 ngx_conf_merge_ptr_value(conf->conf_commands, prev->conf_commands, NULL);
3bff3f397c05 SSL: ssl_conf_command directive. Maxim Dounin <mdounin@mdounin.ru> parents: 7567 diff changeset	374
539 371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	375
547 818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	376 conf->ssl.log = cf->log;
539 371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	377
7269 7f955d3b9a0d SSL: detect "listen ... ssl" without certificates (ticket #178). Maxim Dounin <mdounin@mdounin.ru> parents: 7268 diff changeset	378 if (conf->listen) {
7f955d3b9a0d SSL: detect "listen ... ssl" without certificates (ticket #178). Maxim Dounin <mdounin@mdounin.ru> parents: 7268 diff changeset	379 mode = "listen ... ssl";
7f955d3b9a0d SSL: detect "listen ... ssl" without certificates (ticket #178). Maxim Dounin <mdounin@mdounin.ru> parents: 7268 diff changeset	380
2224 109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	381 } else if (conf->starttls != NGX_MAIL_STARTTLS_OFF) {
6474 2cd019520210 Style. Ruslan Ermilov <ru@nginx.com> parents: 6157 diff changeset	382 mode = "starttls";
2224 109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	383
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	384 } else {
7269 7f955d3b9a0d SSL: detect "listen ... ssl" without certificates (ticket #178). Maxim Dounin <mdounin@mdounin.ru> parents: 7268 diff changeset	385 return NGX_CONF_OK;
2224 109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	386 }
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	387
5401 09fc4598fc8e Mail: fixed segfault with ssl/starttls at mail{} level and no cert. Maxim Dounin <mdounin@mdounin.ru> parents: 5387 diff changeset	388 if (conf->file == NULL) {
09fc4598fc8e Mail: fixed segfault with ssl/starttls at mail{} level and no cert. Maxim Dounin <mdounin@mdounin.ru> parents: 5387 diff changeset	389 conf->file = prev->file;
09fc4598fc8e Mail: fixed segfault with ssl/starttls at mail{} level and no cert. Maxim Dounin <mdounin@mdounin.ru> parents: 5387 diff changeset	390 conf->line = prev->line;
09fc4598fc8e Mail: fixed segfault with ssl/starttls at mail{} level and no cert. Maxim Dounin <mdounin@mdounin.ru> parents: 5387 diff changeset	391 }
09fc4598fc8e Mail: fixed segfault with ssl/starttls at mail{} level and no cert. Maxim Dounin <mdounin@mdounin.ru> parents: 5387 diff changeset	392
7269 7f955d3b9a0d SSL: detect "listen ... ssl" without certificates (ticket #178). Maxim Dounin <mdounin@mdounin.ru> parents: 7268 diff changeset	393 if (conf->certificates == NULL) {
7f955d3b9a0d SSL: detect "listen ... ssl" without certificates (ticket #178). Maxim Dounin <mdounin@mdounin.ru> parents: 7268 diff changeset	394 ngx_log_error(NGX_LOG_EMERG, cf->log, 0,
7f955d3b9a0d SSL: detect "listen ... ssl" without certificates (ticket #178). Maxim Dounin <mdounin@mdounin.ru> parents: 7268 diff changeset	395 "no \"ssl_certificate\" is defined for "
7f955d3b9a0d SSL: detect "listen ... ssl" without certificates (ticket #178). Maxim Dounin <mdounin@mdounin.ru> parents: 7268 diff changeset	396 "the \"%s\" directive in %s:%ui",
7f955d3b9a0d SSL: detect "listen ... ssl" without certificates (ticket #178). Maxim Dounin <mdounin@mdounin.ru> parents: 7268 diff changeset	397 mode, conf->file, conf->line);
7f955d3b9a0d SSL: detect "listen ... ssl" without certificates (ticket #178). Maxim Dounin <mdounin@mdounin.ru> parents: 7268 diff changeset	398 return NGX_CONF_ERROR;
7f955d3b9a0d SSL: detect "listen ... ssl" without certificates (ticket #178). Maxim Dounin <mdounin@mdounin.ru> parents: 7268 diff changeset	399 }
2224 109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	400
7269 7f955d3b9a0d SSL: detect "listen ... ssl" without certificates (ticket #178). Maxim Dounin <mdounin@mdounin.ru> parents: 7268 diff changeset	401 if (conf->certificate_keys == NULL) {
7f955d3b9a0d SSL: detect "listen ... ssl" without certificates (ticket #178). Maxim Dounin <mdounin@mdounin.ru> parents: 7268 diff changeset	402 ngx_log_error(NGX_LOG_EMERG, cf->log, 0,
7f955d3b9a0d SSL: detect "listen ... ssl" without certificates (ticket #178). Maxim Dounin <mdounin@mdounin.ru> parents: 7268 diff changeset	403 "no \"ssl_certificate_key\" is defined for "
7f955d3b9a0d SSL: detect "listen ... ssl" without certificates (ticket #178). Maxim Dounin <mdounin@mdounin.ru> parents: 7268 diff changeset	404 "the \"%s\" directive in %s:%ui",
7f955d3b9a0d SSL: detect "listen ... ssl" without certificates (ticket #178). Maxim Dounin <mdounin@mdounin.ru> parents: 7268 diff changeset	405 mode, conf->file, conf->line);
7f955d3b9a0d SSL: detect "listen ... ssl" without certificates (ticket #178). Maxim Dounin <mdounin@mdounin.ru> parents: 7268 diff changeset	406 return NGX_CONF_ERROR;
7f955d3b9a0d SSL: detect "listen ... ssl" without certificates (ticket #178). Maxim Dounin <mdounin@mdounin.ru> parents: 7268 diff changeset	407 }
2224 109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	408
7269 7f955d3b9a0d SSL: detect "listen ... ssl" without certificates (ticket #178). Maxim Dounin <mdounin@mdounin.ru> parents: 7268 diff changeset	409 if (conf->certificate_keys->nelts < conf->certificates->nelts) {
7f955d3b9a0d SSL: detect "listen ... ssl" without certificates (ticket #178). Maxim Dounin <mdounin@mdounin.ru> parents: 7268 diff changeset	410 ngx_log_error(NGX_LOG_EMERG, cf->log, 0,
7f955d3b9a0d SSL: detect "listen ... ssl" without certificates (ticket #178). Maxim Dounin <mdounin@mdounin.ru> parents: 7268 diff changeset	411 "no \"ssl_certificate_key\" is defined "
7f955d3b9a0d SSL: detect "listen ... ssl" without certificates (ticket #178). Maxim Dounin <mdounin@mdounin.ru> parents: 7268 diff changeset	412 "for certificate \"%V\" and "
7f955d3b9a0d SSL: detect "listen ... ssl" without certificates (ticket #178). Maxim Dounin <mdounin@mdounin.ru> parents: 7268 diff changeset	413 "the \"%s\" directive in %s:%ui",
7f955d3b9a0d SSL: detect "listen ... ssl" without certificates (ticket #178). Maxim Dounin <mdounin@mdounin.ru> parents: 7268 diff changeset	414 ((ngx_str_t *) conf->certificates->elts)
7f955d3b9a0d SSL: detect "listen ... ssl" without certificates (ticket #178). Maxim Dounin <mdounin@mdounin.ru> parents: 7268 diff changeset	415 + conf->certificates->nelts - 1,
7f955d3b9a0d SSL: detect "listen ... ssl" without certificates (ticket #178). Maxim Dounin <mdounin@mdounin.ru> parents: 7268 diff changeset	416 mode, conf->file, conf->line);
7f955d3b9a0d SSL: detect "listen ... ssl" without certificates (ticket #178). Maxim Dounin <mdounin@mdounin.ru> parents: 7268 diff changeset	417 return NGX_CONF_ERROR;
2224 109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	418 }
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	419
969 065b39794fff ngx_ssl_get_server_conf() Igor Sysoev <igor@sysoev.ru> parents: 583 diff changeset	420 if (ngx_ssl_create(&conf->ssl, conf->protocols, NULL) != NGX_OK) {
539 371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	421 return NGX_CONF_ERROR;
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	422 }
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	423
563 9c2f3ed7a247 nginx-0.3.3-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 547 diff changeset	424 cln = ngx_pool_cleanup_add(cf->pool, 0);
9c2f3ed7a247 nginx-0.3.3-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 547 diff changeset	425 if (cln == NULL) {
7473 8981dbb12254 SSL: fixed potential leak on memory allocation errors. Maxim Dounin <mdounin@mdounin.ru> parents: 7465 diff changeset	426 ngx_ssl_cleanup_ctx(&conf->ssl);
539 371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	427 return NGX_CONF_ERROR;
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	428 }
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	429
563 9c2f3ed7a247 nginx-0.3.3-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 547 diff changeset	430 cln->handler = ngx_ssl_cleanup_ctx;
9c2f3ed7a247 nginx-0.3.3-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 547 diff changeset	431 cln->data = &conf->ssl;
9c2f3ed7a247 nginx-0.3.3-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 547 diff changeset	432
7938 dc955d274130 Mail: connections with wrong ALPN protocols are now rejected. Vladimir Homutov <vl@nginx.com> parents: 7904 diff changeset	433 #ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
dc955d274130 Mail: connections with wrong ALPN protocols are now rejected. Vladimir Homutov <vl@nginx.com> parents: 7904 diff changeset	434 SSL_CTX_set_alpn_select_cb(conf->ssl.ctx, ngx_mail_ssl_alpn_select, NULL);
dc955d274130 Mail: connections with wrong ALPN protocols are now rejected. Vladimir Homutov <vl@nginx.com> parents: 7904 diff changeset	435 #endif
dc955d274130 Mail: connections with wrong ALPN protocols are now rejected. Vladimir Homutov <vl@nginx.com> parents: 7904 diff changeset	436
7904 419c066cb710 SSL: ciphers now set before loading certificates (ticket #2035). Maxim Dounin <mdounin@mdounin.ru> parents: 7787 diff changeset	437 if (ngx_ssl_ciphers(cf, &conf->ssl, &conf->ciphers,
419c066cb710 SSL: ciphers now set before loading certificates (ticket #2035). Maxim Dounin <mdounin@mdounin.ru> parents: 7787 diff changeset	438 conf->prefer_server_ciphers)
419c066cb710 SSL: ciphers now set before loading certificates (ticket #2035). Maxim Dounin <mdounin@mdounin.ru> parents: 7787 diff changeset	439 != NGX_OK)
419c066cb710 SSL: ciphers now set before loading certificates (ticket #2035). Maxim Dounin <mdounin@mdounin.ru> parents: 7787 diff changeset	440 {
419c066cb710 SSL: ciphers now set before loading certificates (ticket #2035). Maxim Dounin <mdounin@mdounin.ru> parents: 7787 diff changeset	441 return NGX_CONF_ERROR;
419c066cb710 SSL: ciphers now set before loading certificates (ticket #2035). Maxim Dounin <mdounin@mdounin.ru> parents: 7787 diff changeset	442 }
419c066cb710 SSL: ciphers now set before loading certificates (ticket #2035). Maxim Dounin <mdounin@mdounin.ru> parents: 7787 diff changeset	443
6550 51e1f047d15d SSL: support for multiple certificates (ticket #814). Maxim Dounin <mdounin@mdounin.ru> parents: 6489 diff changeset	444 if (ngx_ssl_certificates(cf, &conf->ssl, conf->certificates,
51e1f047d15d SSL: support for multiple certificates (ticket #814). Maxim Dounin <mdounin@mdounin.ru> parents: 6489 diff changeset	445 conf->certificate_keys, conf->passwords)
563 9c2f3ed7a247 nginx-0.3.3-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 547 diff changeset	446 != NGX_OK)
547 818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	447 {
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	448 return NGX_CONF_ERROR;
818fbd4750b9 nginx-0.2.2-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 543 diff changeset	449 }
539 371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	450
5989 ec01b1d1fff1 Mail: client SSL certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 5744 diff changeset	451 if (conf->verify) {
ec01b1d1fff1 Mail: client SSL certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 5744 diff changeset	452
ec01b1d1fff1 Mail: client SSL certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 5744 diff changeset	453 if (conf->client_certificate.len == 0 && conf->verify != 3) {
ec01b1d1fff1 Mail: client SSL certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 5744 diff changeset	454 ngx_log_error(NGX_LOG_EMERG, cf->log, 0,
7567 ef7ee19776db SSL: fixed ssl_verify_client error message. Sergey Kandaurov <pluknet@nginx.com> parents: 7473 diff changeset	455 "no ssl_client_certificate for ssl_verify_client");
5989 ec01b1d1fff1 Mail: client SSL certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 5744 diff changeset	456 return NGX_CONF_ERROR;
ec01b1d1fff1 Mail: client SSL certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 5744 diff changeset	457 }
ec01b1d1fff1 Mail: client SSL certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 5744 diff changeset	458
ec01b1d1fff1 Mail: client SSL certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 5744 diff changeset	459 if (ngx_ssl_client_certificate(cf, &conf->ssl,
ec01b1d1fff1 Mail: client SSL certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 5744 diff changeset	460 &conf->client_certificate,
ec01b1d1fff1 Mail: client SSL certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 5744 diff changeset	461 conf->verify_depth)
ec01b1d1fff1 Mail: client SSL certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 5744 diff changeset	462 != NGX_OK)
ec01b1d1fff1 Mail: client SSL certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 5744 diff changeset	463 {
ec01b1d1fff1 Mail: client SSL certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 5744 diff changeset	464 return NGX_CONF_ERROR;
ec01b1d1fff1 Mail: client SSL certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 5744 diff changeset	465 }
ec01b1d1fff1 Mail: client SSL certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 5744 diff changeset	466
ec01b1d1fff1 Mail: client SSL certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 5744 diff changeset	467 if (ngx_ssl_trusted_certificate(cf, &conf->ssl,
ec01b1d1fff1 Mail: client SSL certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 5744 diff changeset	468 &conf->trusted_certificate,
ec01b1d1fff1 Mail: client SSL certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 5744 diff changeset	469 conf->verify_depth)
ec01b1d1fff1 Mail: client SSL certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 5744 diff changeset	470 != NGX_OK)
ec01b1d1fff1 Mail: client SSL certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 5744 diff changeset	471 {
ec01b1d1fff1 Mail: client SSL certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 5744 diff changeset	472 return NGX_CONF_ERROR;
ec01b1d1fff1 Mail: client SSL certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 5744 diff changeset	473 }
ec01b1d1fff1 Mail: client SSL certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 5744 diff changeset	474
ec01b1d1fff1 Mail: client SSL certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 5744 diff changeset	475 if (ngx_ssl_crl(cf, &conf->ssl, &conf->crl) != NGX_OK) {
ec01b1d1fff1 Mail: client SSL certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 5744 diff changeset	476 return NGX_CONF_ERROR;
ec01b1d1fff1 Mail: client SSL certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 5744 diff changeset	477 }
ec01b1d1fff1 Mail: client SSL certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 5744 diff changeset	478 }
ec01b1d1fff1 Mail: client SSL certificates support. Maxim Dounin <mdounin@mdounin.ru> parents: 5744 diff changeset	479
2044 f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	480 if (ngx_ssl_dhparam(cf, &conf->ssl, &conf->dhparam) != NGX_OK) {
f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	481 return NGX_CONF_ERROR;
f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	482 }
f45cec1cd270 DH parameters, ssl_dhparam Igor Sysoev <igor@sysoev.ru> parents: 2032 diff changeset	483
5219 32fe021911c9 Mail: missing ngx_ssl_ecdh_curve() call. F. da Silva <fdasilvayy@gmail.com> parents: 4412 diff changeset	484 if (ngx_ssl_ecdh_curve(cf, &conf->ssl, &conf->ecdh_curve) != NGX_OK) {
32fe021911c9 Mail: missing ngx_ssl_ecdh_curve() call. F. da Silva <fdasilvayy@gmail.com> parents: 4412 diff changeset	485 return NGX_CONF_ERROR;
32fe021911c9 Mail: missing ngx_ssl_ecdh_curve() call. F. da Silva <fdasilvayy@gmail.com> parents: 4412 diff changeset	486 }
32fe021911c9 Mail: missing ngx_ssl_ecdh_curve() call. F. da Silva <fdasilvayy@gmail.com> parents: 4412 diff changeset	487
976 b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	488 ngx_conf_merge_value(conf->builtin_session_cache,
2032 12b3ad3353f9 ssl_session_cache none Igor Sysoev <igor@sysoev.ru> parents: 1778 diff changeset	489 prev->builtin_session_cache, NGX_SSL_NONE_SCACHE);
976 b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	490
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	491 if (conf->shm_zone == NULL) {
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	492 conf->shm_zone = prev->shm_zone;
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	493 }
539 371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	494
1136 68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	495 if (ngx_ssl_session_cache(&conf->ssl, &ngx_mail_ssl_sess_id_ctx,
7465 6708bec13757 SSL: adjusted session id context with dynamic certificates. Maxim Dounin <mdounin@mdounin.ru> parents: 7270 diff changeset	496 conf->certificates, conf->builtin_session_cache,
976 b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	497 conf->shm_zone, conf->session_timeout)
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	498 != NGX_OK)
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	499 {
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	500 return NGX_CONF_ERROR;
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	501 }
573 58475592100c nginx-0.3.8-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 563 diff changeset	502
5503 d049b0ea00a3 SSL: ssl_session_tickets directive. Dirkjan Bussink <d.bussink@gmail.com> parents: 5425 diff changeset	503 ngx_conf_merge_value(conf->session_tickets,
d049b0ea00a3 SSL: ssl_session_tickets directive. Dirkjan Bussink <d.bussink@gmail.com> parents: 5425 diff changeset	504 prev->session_tickets, 1);
d049b0ea00a3 SSL: ssl_session_tickets directive. Dirkjan Bussink <d.bussink@gmail.com> parents: 5425 diff changeset	505
d049b0ea00a3 SSL: ssl_session_tickets directive. Dirkjan Bussink <d.bussink@gmail.com> parents: 5425 diff changeset	506 #ifdef SSL_OP_NO_TICKET
d049b0ea00a3 SSL: ssl_session_tickets directive. Dirkjan Bussink <d.bussink@gmail.com> parents: 5425 diff changeset	507 if (!conf->session_tickets) {
d049b0ea00a3 SSL: ssl_session_tickets directive. Dirkjan Bussink <d.bussink@gmail.com> parents: 5425 diff changeset	508 SSL_CTX_set_options(conf->ssl.ctx, SSL_OP_NO_TICKET);
d049b0ea00a3 SSL: ssl_session_tickets directive. Dirkjan Bussink <d.bussink@gmail.com> parents: 5425 diff changeset	509 }
d049b0ea00a3 SSL: ssl_session_tickets directive. Dirkjan Bussink <d.bussink@gmail.com> parents: 5425 diff changeset	510 #endif
d049b0ea00a3 SSL: ssl_session_tickets directive. Dirkjan Bussink <d.bussink@gmail.com> parents: 5425 diff changeset	511
5425 1356a3b96924 SSL: added ability to set keys used for Session Tickets (RFC5077). Piotr Sikora <piotr@cloudflare.com> parents: 5401 diff changeset	512 ngx_conf_merge_ptr_value(conf->session_ticket_keys,
1356a3b96924 SSL: added ability to set keys used for Session Tickets (RFC5077). Piotr Sikora <piotr@cloudflare.com> parents: 5401 diff changeset	513 prev->session_ticket_keys, NULL);
1356a3b96924 SSL: added ability to set keys used for Session Tickets (RFC5077). Piotr Sikora <piotr@cloudflare.com> parents: 5401 diff changeset	514
1356a3b96924 SSL: added ability to set keys used for Session Tickets (RFC5077). Piotr Sikora <piotr@cloudflare.com> parents: 5401 diff changeset	515 if (ngx_ssl_session_ticket_keys(cf, &conf->ssl, conf->session_ticket_keys)
1356a3b96924 SSL: added ability to set keys used for Session Tickets (RFC5077). Piotr Sikora <piotr@cloudflare.com> parents: 5401 diff changeset	516 != NGX_OK)
1356a3b96924 SSL: added ability to set keys used for Session Tickets (RFC5077). Piotr Sikora <piotr@cloudflare.com> parents: 5401 diff changeset	517 {
1356a3b96924 SSL: added ability to set keys used for Session Tickets (RFC5077). Piotr Sikora <piotr@cloudflare.com> parents: 5401 diff changeset	518 return NGX_CONF_ERROR;
1356a3b96924 SSL: added ability to set keys used for Session Tickets (RFC5077). Piotr Sikora <piotr@cloudflare.com> parents: 5401 diff changeset	519 }
1356a3b96924 SSL: added ability to set keys used for Session Tickets (RFC5077). Piotr Sikora <piotr@cloudflare.com> parents: 5401 diff changeset	520
7729 3bff3f397c05 SSL: ssl_conf_command directive. Maxim Dounin <mdounin@mdounin.ru> parents: 7567 diff changeset	521 if (ngx_ssl_conf_commands(cf, &conf->ssl, conf->conf_commands) != NGX_OK) {
3bff3f397c05 SSL: ssl_conf_command directive. Maxim Dounin <mdounin@mdounin.ru> parents: 7567 diff changeset	522 return NGX_CONF_ERROR;
3bff3f397c05 SSL: ssl_conf_command directive. Maxim Dounin <mdounin@mdounin.ru> parents: 7567 diff changeset	523 }
3bff3f397c05 SSL: ssl_conf_command directive. Maxim Dounin <mdounin@mdounin.ru> parents: 7567 diff changeset	524
539 371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	525 return NGX_CONF_OK;
371c1cee100d nginx-0.1.44-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	526 }
563 9c2f3ed7a247 nginx-0.3.3-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 547 diff changeset	527
577 4d9ea73a627a nginx-0.3.10-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 573 diff changeset	528
976 b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	529 static char *
2224 109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	530 ngx_mail_ssl_starttls(ngx_conf_t cf, ngx_command_t cmd, void *conf)
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	531 {
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	532 ngx_mail_ssl_conf_t *scf = conf;
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	533
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	534 char *rv;
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	535
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	536 rv = ngx_conf_set_enum_slot(cf, cmd, conf);
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	537
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	538 if (rv != NGX_CONF_OK) {
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	539 return rv;
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	540 }
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	541
7269 7f955d3b9a0d SSL: detect "listen ... ssl" without certificates (ticket #178). Maxim Dounin <mdounin@mdounin.ru> parents: 7268 diff changeset	542 if (!scf->listen) {
7f955d3b9a0d SSL: detect "listen ... ssl" without certificates (ticket #178). Maxim Dounin <mdounin@mdounin.ru> parents: 7268 diff changeset	543 scf->file = cf->conf_file->file.name.data;
7f955d3b9a0d SSL: detect "listen ... ssl" without certificates (ticket #178). Maxim Dounin <mdounin@mdounin.ru> parents: 7268 diff changeset	544 scf->line = cf->conf_file->line;
7f955d3b9a0d SSL: detect "listen ... ssl" without certificates (ticket #178). Maxim Dounin <mdounin@mdounin.ru> parents: 7268 diff changeset	545 }
2224 109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	546
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	547 return NGX_CONF_OK;
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	548 }
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	549
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	550
109849282793 ) listen ssl Igor Sysoev <igor@sysoev.ru>* parents: 2124 diff changeset	551 static char *
5744 42114bf12da0 SSL: the "ssl_password_file" directive. Valentin Bartenev <vbart@nginx.com> parents: 5503 diff changeset	552 ngx_mail_ssl_password_file(ngx_conf_t cf, ngx_command_t cmd, void *conf)
42114bf12da0 SSL: the "ssl_password_file" directive. Valentin Bartenev <vbart@nginx.com> parents: 5503 diff changeset	553 {
42114bf12da0 SSL: the "ssl_password_file" directive. Valentin Bartenev <vbart@nginx.com> parents: 5503 diff changeset	554 ngx_mail_ssl_conf_t *scf = conf;
42114bf12da0 SSL: the "ssl_password_file" directive. Valentin Bartenev <vbart@nginx.com> parents: 5503 diff changeset	555
42114bf12da0 SSL: the "ssl_password_file" directive. Valentin Bartenev <vbart@nginx.com> parents: 5503 diff changeset	556 ngx_str_t *value;
42114bf12da0 SSL: the "ssl_password_file" directive. Valentin Bartenev <vbart@nginx.com> parents: 5503 diff changeset	557
42114bf12da0 SSL: the "ssl_password_file" directive. Valentin Bartenev <vbart@nginx.com> parents: 5503 diff changeset	558 if (scf->passwords != NGX_CONF_UNSET_PTR) {
42114bf12da0 SSL: the "ssl_password_file" directive. Valentin Bartenev <vbart@nginx.com> parents: 5503 diff changeset	559 return "is duplicate";
42114bf12da0 SSL: the "ssl_password_file" directive. Valentin Bartenev <vbart@nginx.com> parents: 5503 diff changeset	560 }
42114bf12da0 SSL: the "ssl_password_file" directive. Valentin Bartenev <vbart@nginx.com> parents: 5503 diff changeset	561
42114bf12da0 SSL: the "ssl_password_file" directive. Valentin Bartenev <vbart@nginx.com> parents: 5503 diff changeset	562 value = cf->args->elts;
42114bf12da0 SSL: the "ssl_password_file" directive. Valentin Bartenev <vbart@nginx.com> parents: 5503 diff changeset	563
42114bf12da0 SSL: the "ssl_password_file" directive. Valentin Bartenev <vbart@nginx.com> parents: 5503 diff changeset	564 scf->passwords = ngx_ssl_read_password_file(cf, &value[1]);
42114bf12da0 SSL: the "ssl_password_file" directive. Valentin Bartenev <vbart@nginx.com> parents: 5503 diff changeset	565
42114bf12da0 SSL: the "ssl_password_file" directive. Valentin Bartenev <vbart@nginx.com> parents: 5503 diff changeset	566 if (scf->passwords == NULL) {
42114bf12da0 SSL: the "ssl_password_file" directive. Valentin Bartenev <vbart@nginx.com> parents: 5503 diff changeset	567 return NGX_CONF_ERROR;
42114bf12da0 SSL: the "ssl_password_file" directive. Valentin Bartenev <vbart@nginx.com> parents: 5503 diff changeset	568 }
42114bf12da0 SSL: the "ssl_password_file" directive. Valentin Bartenev <vbart@nginx.com> parents: 5503 diff changeset	569
42114bf12da0 SSL: the "ssl_password_file" directive. Valentin Bartenev <vbart@nginx.com> parents: 5503 diff changeset	570 return NGX_CONF_OK;
42114bf12da0 SSL: the "ssl_password_file" directive. Valentin Bartenev <vbart@nginx.com> parents: 5503 diff changeset	571 }
42114bf12da0 SSL: the "ssl_password_file" directive. Valentin Bartenev <vbart@nginx.com> parents: 5503 diff changeset	572
42114bf12da0 SSL: the "ssl_password_file" directive. Valentin Bartenev <vbart@nginx.com> parents: 5503 diff changeset	573
42114bf12da0 SSL: the "ssl_password_file" directive. Valentin Bartenev <vbart@nginx.com> parents: 5503 diff changeset	574 static char *
1136 68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	575 ngx_mail_ssl_session_cache(ngx_conf_t cf, ngx_command_t cmd, void *conf)
976 b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	576 {
1136 68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	577 ngx_mail_ssl_conf_t *scf = conf;
976 b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	578
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	579 size_t len;
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	580 ngx_str_t *value, name, size;
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	581 ngx_int_t n;
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	582 ngx_uint_t i, j;
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	583
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	584 value = cf->args->elts;
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	585
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	586 for (i = 1; i < cf->args->nelts; i++) {
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	587
1778 14510c3cc6cb ssl_session_cache off Igor Sysoev <igor@sysoev.ru> parents: 1487 diff changeset	588 if (ngx_strcmp(value[i].data, "off") == 0) {
14510c3cc6cb ssl_session_cache off Igor Sysoev <igor@sysoev.ru> parents: 1487 diff changeset	589 scf->builtin_session_cache = NGX_SSL_NO_SCACHE;
14510c3cc6cb ssl_session_cache off Igor Sysoev <igor@sysoev.ru> parents: 1487 diff changeset	590 continue;
14510c3cc6cb ssl_session_cache off Igor Sysoev <igor@sysoev.ru> parents: 1487 diff changeset	591 }
14510c3cc6cb ssl_session_cache off Igor Sysoev <igor@sysoev.ru> parents: 1487 diff changeset	592
2032 12b3ad3353f9 ssl_session_cache none Igor Sysoev <igor@sysoev.ru> parents: 1778 diff changeset	593 if (ngx_strcmp(value[i].data, "none") == 0) {
12b3ad3353f9 ssl_session_cache none Igor Sysoev <igor@sysoev.ru> parents: 1778 diff changeset	594 scf->builtin_session_cache = NGX_SSL_NONE_SCACHE;
12b3ad3353f9 ssl_session_cache none Igor Sysoev <igor@sysoev.ru> parents: 1778 diff changeset	595 continue;
12b3ad3353f9 ssl_session_cache none Igor Sysoev <igor@sysoev.ru> parents: 1778 diff changeset	596 }
12b3ad3353f9 ssl_session_cache none Igor Sysoev <igor@sysoev.ru> parents: 1778 diff changeset	597
976 b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	598 if (ngx_strcmp(value[i].data, "builtin") == 0) {
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	599 scf->builtin_session_cache = NGX_SSL_DFLT_BUILTIN_SCACHE;
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	600 continue;
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	601 }
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	602
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	603 if (value[i].len > sizeof("builtin:") - 1
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	604 && ngx_strncmp(value[i].data, "builtin:", sizeof("builtin:") - 1)
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	605 == 0)
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	606 {
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	607 n = ngx_atoi(value[i].data + sizeof("builtin:") - 1,
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	608 value[i].len - (sizeof("builtin:") - 1));
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	609
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	610 if (n == NGX_ERROR) {
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	611 goto invalid;
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	612 }
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	613
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	614 scf->builtin_session_cache = n;
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	615
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	616 continue;
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	617 }
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	618
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	619 if (value[i].len > sizeof("shared:") - 1
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	620 && ngx_strncmp(value[i].data, "shared:", sizeof("shared:") - 1)
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	621 == 0)
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	622 {
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	623 len = 0;
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	624
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	625 for (j = sizeof("shared:") - 1; j < value[i].len; j++) {
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	626 if (value[i].data[j] == ':') {
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	627 break;
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	628 }
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	629
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	630 len++;
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	631 }
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	632
8088 e32b48848add SSL: improved validation of ssl_session_cache and ssl_ocsp_cache. Sergey Kandaurov <pluknet@nginx.com> parents: 7938 diff changeset	633 if (len == 0 \|\| j == value[i].len) {
976 b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	634 goto invalid;
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	635 }
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	636
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	637 name.len = len;
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	638 name.data = value[i].data + sizeof("shared:") - 1;
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	639
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	640 size.len = value[i].len - j - 1;
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	641 size.data = name.data + len + 1;
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	642
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	643 n = ngx_parse_size(&size);
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	644
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	645 if (n == NGX_ERROR) {
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	646 goto invalid;
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	647 }
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	648
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	649 if (n < (ngx_int_t) (8 * ngx_pagesize)) {
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	650 ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	651 "session cache \"%V\" is too small",
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	652 &value[i]);
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	653
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	654 return NGX_CONF_ERROR;
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	655 }
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	656
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	657 scf->shm_zone = ngx_shared_memory_add(cf, &name, n,
1136 68f30ab68bb7 Many changes: Igor Sysoev <igor@sysoev.ru> parents: 976 diff changeset	658 &ngx_mail_ssl_module);
976 b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	659 if (scf->shm_zone == NULL) {
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	660 return NGX_CONF_ERROR;
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	661 }
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	662
4153 7de74ed694c8 Fix for "ssl_session_cache builtin" (broken since 1.1.1, r3993). Maxim Dounin <mdounin@mdounin.ru> parents: 3992 diff changeset	663 scf->shm_zone->init = ngx_ssl_session_cache_init;
7de74ed694c8 Fix for "ssl_session_cache builtin" (broken since 1.1.1, r3993). Maxim Dounin <mdounin@mdounin.ru> parents: 3992 diff changeset	664
976 b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	665 continue;
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	666 }
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	667
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	668 goto invalid;
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	669 }
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	670
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	671 if (scf->shm_zone && scf->builtin_session_cache == NGX_CONF_UNSET) {
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	672 scf->builtin_session_cache = NGX_SSL_NO_BUILTIN_SCACHE;
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	673 }
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	674
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	675 return NGX_CONF_OK;
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	676
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	677 invalid:
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	678
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	679 ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	680 "invalid session cache \"%V\"", &value[i]);
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	681
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	682 return NGX_CONF_ERROR;
b1431c191cf5 IMAP ssl_session_cache Igor Sysoev <igor@sysoev.ru> parents: 969 diff changeset	683 }
7729 3bff3f397c05 SSL: ssl_conf_command directive. Maxim Dounin <mdounin@mdounin.ru> parents: 7567 diff changeset	684
3bff3f397c05 SSL: ssl_conf_command directive. Maxim Dounin <mdounin@mdounin.ru> parents: 7567 diff changeset	685
3bff3f397c05 SSL: ssl_conf_command directive. Maxim Dounin <mdounin@mdounin.ru> parents: 7567 diff changeset	686 static char *
3bff3f397c05 SSL: ssl_conf_command directive. Maxim Dounin <mdounin@mdounin.ru> parents: 7567 diff changeset	687 ngx_mail_ssl_conf_command_check(ngx_conf_t cf, void post, void *data)
3bff3f397c05 SSL: ssl_conf_command directive. Maxim Dounin <mdounin@mdounin.ru> parents: 7567 diff changeset	688 {
3bff3f397c05 SSL: ssl_conf_command directive. Maxim Dounin <mdounin@mdounin.ru> parents: 7567 diff changeset	689 #ifndef SSL_CONF_FLAG_FILE
3bff3f397c05 SSL: ssl_conf_command directive. Maxim Dounin <mdounin@mdounin.ru> parents: 7567 diff changeset	690 return "is not supported on this platform";
7787 7ce28b4cc57e SSL: fixed build by Sun C with old OpenSSL versions. Maxim Dounin <mdounin@mdounin.ru> parents: 7729 diff changeset	691 #else
7ce28b4cc57e SSL: fixed build by Sun C with old OpenSSL versions. Maxim Dounin <mdounin@mdounin.ru> parents: 7729 diff changeset	692 return NGX_CONF_OK;
7729 3bff3f397c05 SSL: ssl_conf_command directive. Maxim Dounin <mdounin@mdounin.ru> parents: 7567 diff changeset	693 #endif
3bff3f397c05 SSL: ssl_conf_command directive. Maxim Dounin <mdounin@mdounin.ru> parents: 7567 diff changeset	694 }

Mercurial > hg > nginx

annotate src/mail/ngx_mail_ssl_module.c @ 9263:388a801e9bb9 default tip