Mercurial > hg > nginx

comparison src/event/ngx_event_openssl.c @ 6591:04d8d1f85649

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
SSL: ngx_ssl_ciphers() to set list of ciphers. This patch moves various OpenSSL-specific function calls into the OpenSSL module and introduces ngx_ssl_ciphers() to make nginx more crypto-library-agnostic.
author Tim Taubert <tim@timtaubert.de>
date Wed, 15 Jun 2016 21:05:30 +0100
parents 1aa9650a8154
children 1891b2892b68
comparison
equal deleted inserted replaced
6590:d375f4210e41 6591:04d8d1f85649
586 } 586 }
587 587
588 ngx_memcpy(buf, pwd->data, size); 588 ngx_memcpy(buf, pwd->data, size);
589 589
590 return size; 590 return size;
591 }
592
593
594 ngx_int_t
595 ngx_ssl_ciphers(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *ciphers,
596 ngx_uint_t prefer_server_ciphers)
597 {
598 if (SSL_CTX_set_cipher_list(ssl->ctx, (char *) ciphers->data) == 0) {
599 ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0,
600 "SSL_CTX_set_cipher_list(\"%V\") failed",
601 ciphers);
602 return NGX_ERROR;
603 }
604
605 if (prefer_server_ciphers) {
606 SSL_CTX_set_options(ssl->ctx, SSL_OP_CIPHER_SERVER_PREFERENCE);
607 }
608
609 #if (OPENSSL_VERSION_NUMBER < 0x10100001L && !defined LIBRESSL_VERSION_NUMBER)
610 /* a temporary 512-bit RSA key is required for export versions of MSIE */
611 SSL_CTX_set_tmp_rsa_callback(ssl->ctx, ngx_ssl_rsa512_key_callback);
612 #endif
613
614 return NGX_OK;
591 } 615 }
592 616
593 617
594 ngx_int_t 618 ngx_int_t
595 ngx_ssl_client_certificate(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *cert, 619 ngx_ssl_client_certificate(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *cert,