Mercurial > hg > nginx
comparison src/mail/ngx_mail_handler.c @ 7269:7f955d3b9a0d
SSL: detect "listen ... ssl" without certificates (ticket #178).
In mail and stream modules, no certificate provided is a fatal condition,
much like with the "ssl" and "starttls" directives.
In http, "listen ... ssl" can be used in a non-default server without
certificates as long as there is a certificate in the default one, so
missing certificate is only fatal for default servers.
| author | Maxim Dounin <mdounin@mdounin.ru> |
|---|---|
| date | Tue, 24 Apr 2018 15:29:01 +0300 |
| parents | 9d14931cec8c |
| children | da0a85e91587 |
comparison
equal
deleted
inserted
replaced
| 7268:0d8c72ff62dd | 7269:7f955d3b9a0d |
|---|---|
| 163 { | 163 { |
| 164 ngx_mail_ssl_conf_t *sslcf; | 164 ngx_mail_ssl_conf_t *sslcf; |
| 165 | 165 |
| 166 sslcf = ngx_mail_get_module_srv_conf(s, ngx_mail_ssl_module); | 166 sslcf = ngx_mail_get_module_srv_conf(s, ngx_mail_ssl_module); |
| 167 | 167 |
| 168 if (sslcf->enable) { | 168 if (sslcf->enable || addr_conf->ssl) { |
| 169 c->log->action = "SSL handshaking"; | 169 c->log->action = "SSL handshaking"; |
| 170 | |
| 171 ngx_mail_ssl_init_connection(&sslcf->ssl, c); | |
| 172 return; | |
| 173 } | |
| 174 | |
| 175 if (addr_conf->ssl) { | |
| 176 | |
| 177 c->log->action = "SSL handshaking"; | |
| 178 | |
| 179 if (sslcf->ssl.ctx == NULL) { | |
| 180 ngx_log_error(NGX_LOG_ERR, c->log, 0, | |
| 181 "no \"ssl_certificate\" is defined " | |
| 182 "in server listening on SSL port"); | |
| 183 ngx_mail_close_connection(c); | |
| 184 return; | |
| 185 } | |
| 186 | 170 |
| 187 ngx_mail_ssl_init_connection(&sslcf->ssl, c); | 171 ngx_mail_ssl_init_connection(&sslcf->ssl, c); |
| 188 return; | 172 return; |
| 189 } | 173 } |
| 190 | 174 |