Mercurial > hg > nginx

comparison src/mail/ngx_mail_ssl_module.h @ 5989:ec01b1d1fff1

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Mail: client SSL certificates support. The "ssl_verify_client", "ssl_verify_depth", "ssl_client_certificate", "ssl_trusted_certificate", and "ssl_crl" directives introduced to control SSL client certificate verification in mail proxy module. If there is a certificate, detail of the certificate are passed to the auth_http script configured via Auth-SSL-Verify, Auth-SSL-Subject, Auth-SSL-Issuer, Auth-SSL-Serial, Auth-SSL-Fingerprint headers. If the auth_http_pass_client_cert directive is set, client certificate in PEM format will be passed in the Auth-SSL-Cert header (urlencoded). If there is no required certificate provided during an SSL handshake or certificate verification fails then a protocol-specific error is returned after the SSL handshake and the connection is closed. Based on previous work by Sven Peter, Franck Levionnois and Filipe Da Silva.
author Maxim Dounin <mdounin@mdounin.ru>
date Wed, 25 Feb 2015 17:48:05 +0300
parents 42114bf12da0
children 51e1f047d15d
comparison
equal deleted inserted replaced
5988:3b3f789655dc 5989:ec01b1d1fff1
26 ngx_ssl_t ssl; 26 ngx_ssl_t ssl;
27 27
28 ngx_uint_t starttls; 28 ngx_uint_t starttls;
29 ngx_uint_t protocols; 29 ngx_uint_t protocols;
30 30
31 ngx_uint_t verify;
32 ngx_uint_t verify_depth;
33
31 ssize_t builtin_session_cache; 34 ssize_t builtin_session_cache;
32 35
33 time_t session_timeout; 36 time_t session_timeout;
34 37
35 ngx_str_t certificate; 38 ngx_str_t certificate;
36 ngx_str_t certificate_key; 39 ngx_str_t certificate_key;
37 ngx_str_t dhparam; 40 ngx_str_t dhparam;
38 ngx_str_t ecdh_curve; 41 ngx_str_t ecdh_curve;
42 ngx_str_t client_certificate;
43 ngx_str_t trusted_certificate;
44 ngx_str_t crl;
39 45
40 ngx_str_t ciphers; 46 ngx_str_t ciphers;
41 47
42 ngx_array_t *passwords; 48 ngx_array_t *passwords;
43 49