Mercurial > hg > nginx
comparison src/mail/ngx_mail_handler.c @ 7269:7f955d3b9a0d
SSL: detect "listen ... ssl" without certificates (ticket #178).
In mail and stream modules, no certificate provided is a fatal condition,
much like with the "ssl" and "starttls" directives.
In http, "listen ... ssl" can be used in a non-default server without
certificates as long as there is a certificate in the default one, so
missing certificate is only fatal for default servers.
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Tue, 24 Apr 2018 15:29:01 +0300 |
parents | 9d14931cec8c |
children | da0a85e91587 |
comparison
equal
deleted
inserted
replaced
7268:0d8c72ff62dd | 7269:7f955d3b9a0d |
---|---|
163 { | 163 { |
164 ngx_mail_ssl_conf_t *sslcf; | 164 ngx_mail_ssl_conf_t *sslcf; |
165 | 165 |
166 sslcf = ngx_mail_get_module_srv_conf(s, ngx_mail_ssl_module); | 166 sslcf = ngx_mail_get_module_srv_conf(s, ngx_mail_ssl_module); |
167 | 167 |
168 if (sslcf->enable) { | 168 if (sslcf->enable || addr_conf->ssl) { |
169 c->log->action = "SSL handshaking"; | 169 c->log->action = "SSL handshaking"; |
170 | |
171 ngx_mail_ssl_init_connection(&sslcf->ssl, c); | |
172 return; | |
173 } | |
174 | |
175 if (addr_conf->ssl) { | |
176 | |
177 c->log->action = "SSL handshaking"; | |
178 | |
179 if (sslcf->ssl.ctx == NULL) { | |
180 ngx_log_error(NGX_LOG_ERR, c->log, 0, | |
181 "no \"ssl_certificate\" is defined " | |
182 "in server listening on SSL port"); | |
183 ngx_mail_close_connection(c); | |
184 return; | |
185 } | |
186 | 170 |
187 ngx_mail_ssl_init_connection(&sslcf->ssl, c); | 171 ngx_mail_ssl_init_connection(&sslcf->ssl, c); |
188 return; | 172 return; |
189 } | 173 } |
190 | 174 |