Mercurial > hg > nginx
comparison src/mail/ngx_mail_ssl_module.c @ 2224:109849282793
*) listen ssl
*) no default ssl_cetificate and ssl_cetificate_key
author | Igor Sysoev <igor@sysoev.ru> |
---|---|
date | Mon, 01 Sep 2008 14:19:01 +0000 |
parents | e0b424b98f24 |
children | 38cb2238db13 |
comparison
equal
deleted
inserted
replaced
2223:005fc65f7ce7 | 2224:109849282793 |
---|---|
7 #include <ngx_config.h> | 7 #include <ngx_config.h> |
8 #include <ngx_core.h> | 8 #include <ngx_core.h> |
9 #include <ngx_mail.h> | 9 #include <ngx_mail.h> |
10 | 10 |
11 | 11 |
12 #define NGX_DEFAULT_CERTIFICATE "cert.pem" | |
13 #define NGX_DEFAULT_CERTIFICATE_KEY "cert.pem" | |
14 #define NGX_DEFAULT_CIPHERS "ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP" | 12 #define NGX_DEFAULT_CIPHERS "ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP" |
15 | 13 |
16 | 14 |
17 static void *ngx_mail_ssl_create_conf(ngx_conf_t *cf); | 15 static void *ngx_mail_ssl_create_conf(ngx_conf_t *cf); |
18 static char *ngx_mail_ssl_merge_conf(ngx_conf_t *cf, void *parent, void *child); | 16 static char *ngx_mail_ssl_merge_conf(ngx_conf_t *cf, void *parent, void *child); |
17 | |
18 static char *ngx_mail_ssl_enable(ngx_conf_t *cf, ngx_command_t *cmd, | |
19 void *conf); | |
20 static char *ngx_mail_ssl_starttls(ngx_conf_t *cf, ngx_command_t *cmd, | |
21 void *conf); | |
19 static char *ngx_mail_ssl_session_cache(ngx_conf_t *cf, ngx_command_t *cmd, | 22 static char *ngx_mail_ssl_session_cache(ngx_conf_t *cf, ngx_command_t *cmd, |
20 void *conf); | 23 void *conf); |
21 | 24 |
22 #if !defined (SSL_OP_CIPHER_SERVER_PREFERENCE) | 25 #if !defined (SSL_OP_CIPHER_SERVER_PREFERENCE) |
23 | 26 |
48 | 51 |
49 static ngx_command_t ngx_mail_ssl_commands[] = { | 52 static ngx_command_t ngx_mail_ssl_commands[] = { |
50 | 53 |
51 { ngx_string("ssl"), | 54 { ngx_string("ssl"), |
52 NGX_MAIL_MAIN_CONF|NGX_MAIL_SRV_CONF|NGX_CONF_FLAG, | 55 NGX_MAIL_MAIN_CONF|NGX_MAIL_SRV_CONF|NGX_CONF_FLAG, |
53 ngx_conf_set_flag_slot, | 56 ngx_mail_ssl_enable, |
54 NGX_MAIL_SRV_CONF_OFFSET, | 57 NGX_MAIL_SRV_CONF_OFFSET, |
55 offsetof(ngx_mail_ssl_conf_t, enable), | 58 offsetof(ngx_mail_ssl_conf_t, enable), |
56 NULL }, | 59 NULL }, |
57 | 60 |
58 { ngx_string("starttls"), | 61 { ngx_string("starttls"), |
59 NGX_MAIL_MAIN_CONF|NGX_MAIL_SRV_CONF|NGX_CONF_TAKE1, | 62 NGX_MAIL_MAIN_CONF|NGX_MAIL_SRV_CONF|NGX_CONF_TAKE1, |
60 ngx_conf_set_enum_slot, | 63 ngx_mail_ssl_starttls, |
61 NGX_MAIL_SRV_CONF_OFFSET, | 64 NGX_MAIL_SRV_CONF_OFFSET, |
62 offsetof(ngx_mail_ssl_conf_t, starttls), | 65 offsetof(ngx_mail_ssl_conf_t, starttls), |
63 ngx_http_starttls_state }, | 66 ngx_http_starttls_state }, |
64 | 67 |
65 { ngx_string("ssl_certificate"), | 68 { ngx_string("ssl_certificate"), |
192 ngx_mail_ssl_merge_conf(ngx_conf_t *cf, void *parent, void *child) | 195 ngx_mail_ssl_merge_conf(ngx_conf_t *cf, void *parent, void *child) |
193 { | 196 { |
194 ngx_mail_ssl_conf_t *prev = parent; | 197 ngx_mail_ssl_conf_t *prev = parent; |
195 ngx_mail_ssl_conf_t *conf = child; | 198 ngx_mail_ssl_conf_t *conf = child; |
196 | 199 |
200 char *mode; | |
197 ngx_pool_cleanup_t *cln; | 201 ngx_pool_cleanup_t *cln; |
198 | 202 |
199 ngx_conf_merge_value(conf->enable, prev->enable, 0); | 203 ngx_conf_merge_value(conf->enable, prev->enable, 0); |
200 ngx_conf_merge_value(conf->starttls, prev->starttls, NGX_MAIL_STARTTLS_OFF); | 204 ngx_conf_merge_uint_value(conf->starttls, prev->starttls, |
201 | 205 NGX_MAIL_STARTTLS_OFF); |
202 if (conf->enable == 0 && conf->starttls == NGX_MAIL_STARTTLS_OFF) { | |
203 return NGX_CONF_OK; | |
204 } | |
205 | 206 |
206 ngx_conf_merge_value(conf->session_timeout, | 207 ngx_conf_merge_value(conf->session_timeout, |
207 prev->session_timeout, 300); | 208 prev->session_timeout, 300); |
208 | 209 |
209 ngx_conf_merge_value(conf->prefer_server_ciphers, | 210 ngx_conf_merge_value(conf->prefer_server_ciphers, |
211 | 212 |
212 ngx_conf_merge_bitmask_value(conf->protocols, prev->protocols, | 213 ngx_conf_merge_bitmask_value(conf->protocols, prev->protocols, |
213 (NGX_CONF_BITMASK_SET | 214 (NGX_CONF_BITMASK_SET |
214 |NGX_SSL_SSLv2|NGX_SSL_SSLv3|NGX_SSL_TLSv1)); | 215 |NGX_SSL_SSLv2|NGX_SSL_SSLv3|NGX_SSL_TLSv1)); |
215 | 216 |
216 ngx_conf_merge_str_value(conf->certificate, prev->certificate, | 217 ngx_conf_merge_str_value(conf->certificate, prev->certificate, ""); |
217 NGX_DEFAULT_CERTIFICATE); | 218 ngx_conf_merge_str_value(conf->certificate_key, prev->certificate_key, ""); |
218 | |
219 ngx_conf_merge_str_value(conf->certificate_key, prev->certificate_key, | |
220 NGX_DEFAULT_CERTIFICATE_KEY); | |
221 | 219 |
222 ngx_conf_merge_str_value(conf->dhparam, prev->dhparam, ""); | 220 ngx_conf_merge_str_value(conf->dhparam, prev->dhparam, ""); |
223 | 221 |
224 ngx_conf_merge_str_value(conf->ciphers, prev->ciphers, NGX_DEFAULT_CIPHERS); | 222 ngx_conf_merge_str_value(conf->ciphers, prev->ciphers, NGX_DEFAULT_CIPHERS); |
225 | 223 |
226 | 224 |
227 conf->ssl.log = cf->log; | 225 conf->ssl.log = cf->log; |
226 | |
227 if (conf->enable) { | |
228 mode = "ssl"; | |
229 | |
230 } else if (conf->starttls != NGX_MAIL_STARTTLS_OFF) { | |
231 mode = "starttls"; | |
232 | |
233 } else { | |
234 mode = ""; | |
235 } | |
236 | |
237 if (*mode) { | |
238 | |
239 if (conf->certificate.len == 0) { | |
240 ngx_log_error(NGX_LOG_EMERG, cf->log, 0, | |
241 "no \"ssl_certificate\" is defined for " | |
242 "the \"%s\" directive in %s:%ui", | |
243 mode, conf->file, conf->line); | |
244 return NGX_CONF_ERROR; | |
245 } | |
246 | |
247 if (conf->certificate_key.len == 0) { | |
248 ngx_log_error(NGX_LOG_EMERG, cf->log, 0, | |
249 "no \"ssl_certificate_key\" is defined for " | |
250 "the \"%s\" directive in %s:%ui", | |
251 mode, conf->file, conf->line); | |
252 return NGX_CONF_ERROR; | |
253 } | |
254 | |
255 } else { | |
256 | |
257 if (conf->certificate.len == 0) { | |
258 return NGX_CONF_OK; | |
259 } | |
260 | |
261 if (conf->certificate_key.len == 0) { | |
262 ngx_log_error(NGX_LOG_EMERG, cf->log, 0, | |
263 "no \"ssl_certificate_key\" is defined " | |
264 "for certificate \"%V\"", | |
265 &conf->certificate); | |
266 return NGX_CONF_ERROR; | |
267 } | |
268 } | |
228 | 269 |
229 if (ngx_ssl_create(&conf->ssl, conf->protocols, NULL) != NGX_OK) { | 270 if (ngx_ssl_create(&conf->ssl, conf->protocols, NULL) != NGX_OK) { |
230 return NGX_CONF_ERROR; | 271 return NGX_CONF_ERROR; |
231 } | 272 } |
232 | 273 |
290 return NGX_CONF_OK; | 331 return NGX_CONF_OK; |
291 } | 332 } |
292 | 333 |
293 | 334 |
294 static char * | 335 static char * |
336 ngx_mail_ssl_enable(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) | |
337 { | |
338 ngx_mail_ssl_conf_t *scf = conf; | |
339 | |
340 char *rv; | |
341 | |
342 rv = ngx_conf_set_flag_slot(cf, cmd, conf); | |
343 | |
344 if (rv != NGX_CONF_OK) { | |
345 return rv; | |
346 } | |
347 | |
348 if (scf->enable && (ngx_int_t) scf->starttls > NGX_MAIL_STARTTLS_OFF) { | |
349 ngx_conf_log_error(NGX_LOG_WARN, cf, 0, | |
350 "\"starttls\" directive conflicts with \"ssl on\""); | |
351 return NGX_CONF_ERROR; | |
352 } | |
353 | |
354 scf->file = cf->conf_file->file.name.data; | |
355 scf->line = cf->conf_file->line; | |
356 | |
357 return NGX_CONF_OK; | |
358 } | |
359 | |
360 | |
361 static char * | |
362 ngx_mail_ssl_starttls(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) | |
363 { | |
364 ngx_mail_ssl_conf_t *scf = conf; | |
365 | |
366 char *rv; | |
367 | |
368 rv = ngx_conf_set_enum_slot(cf, cmd, conf); | |
369 | |
370 if (rv != NGX_CONF_OK) { | |
371 return rv; | |
372 } | |
373 | |
374 if (scf->enable == 1 && (ngx_int_t) scf->starttls > NGX_MAIL_STARTTLS_OFF) { | |
375 ngx_conf_log_error(NGX_LOG_WARN, cf, 0, | |
376 "\"ssl\" directive conflicts with \"starttls\""); | |
377 return NGX_CONF_ERROR; | |
378 } | |
379 | |
380 scf->file = cf->conf_file->file.name.data; | |
381 scf->line = cf->conf_file->line; | |
382 | |
383 return NGX_CONF_OK; | |
384 } | |
385 | |
386 | |
387 static char * | |
295 ngx_mail_ssl_session_cache(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) | 388 ngx_mail_ssl_session_cache(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) |
296 { | 389 { |
297 ngx_mail_ssl_conf_t *scf = conf; | 390 ngx_mail_ssl_conf_t *scf = conf; |
298 | 391 |
299 size_t len; | 392 size_t len; |