Mercurial > hg > nginx
comparison src/mail/ngx_mail_ssl_module.c @ 2996:d6285ff81d35
delete OpenSSL pre-0.9.7 compatibility: the sources were not actually
compatible with OpenSSL 0.9.6 since ssl_session_cache introduction
author | Igor Sysoev <igor@sysoev.ru> |
---|---|
date | Thu, 23 Jul 2009 12:54:20 +0000 |
parents | c7d57b539248 |
children | dd2ae3872634 966f9cf9c7da |
comparison
equal
deleted
inserted
replaced
2995:cc07d164f0dc | 2996:d6285ff81d35 |
---|---|
20 static char *ngx_mail_ssl_starttls(ngx_conf_t *cf, ngx_command_t *cmd, | 20 static char *ngx_mail_ssl_starttls(ngx_conf_t *cf, ngx_command_t *cmd, |
21 void *conf); | 21 void *conf); |
22 static char *ngx_mail_ssl_session_cache(ngx_conf_t *cf, ngx_command_t *cmd, | 22 static char *ngx_mail_ssl_session_cache(ngx_conf_t *cf, ngx_command_t *cmd, |
23 void *conf); | 23 void *conf); |
24 | 24 |
25 #if !defined (SSL_OP_CIPHER_SERVER_PREFERENCE) | |
26 | |
27 static char *ngx_mail_ssl_nosupported(ngx_conf_t *cf, ngx_command_t *cmd, | |
28 void *conf); | |
29 | |
30 static char ngx_mail_ssl_openssl097[] = "OpenSSL 0.9.7 and higher"; | |
31 | |
32 #endif | |
33 | |
34 | 25 |
35 static ngx_conf_enum_t ngx_http_starttls_state[] = { | 26 static ngx_conf_enum_t ngx_http_starttls_state[] = { |
36 { ngx_string("off"), NGX_MAIL_STARTTLS_OFF }, | 27 { ngx_string("off"), NGX_MAIL_STARTTLS_OFF }, |
37 { ngx_string("on"), NGX_MAIL_STARTTLS_ON }, | 28 { ngx_string("on"), NGX_MAIL_STARTTLS_ON }, |
38 { ngx_string("only"), NGX_MAIL_STARTTLS_ONLY }, | 29 { ngx_string("only"), NGX_MAIL_STARTTLS_ONLY }, |
100 offsetof(ngx_mail_ssl_conf_t, ciphers), | 91 offsetof(ngx_mail_ssl_conf_t, ciphers), |
101 NULL }, | 92 NULL }, |
102 | 93 |
103 { ngx_string("ssl_prefer_server_ciphers"), | 94 { ngx_string("ssl_prefer_server_ciphers"), |
104 NGX_MAIL_MAIN_CONF|NGX_MAIL_SRV_CONF|NGX_CONF_FLAG, | 95 NGX_MAIL_MAIN_CONF|NGX_MAIL_SRV_CONF|NGX_CONF_FLAG, |
105 #ifdef SSL_OP_CIPHER_SERVER_PREFERENCE | |
106 ngx_conf_set_flag_slot, | 96 ngx_conf_set_flag_slot, |
107 NGX_MAIL_SRV_CONF_OFFSET, | 97 NGX_MAIL_SRV_CONF_OFFSET, |
108 offsetof(ngx_mail_ssl_conf_t, prefer_server_ciphers), | 98 offsetof(ngx_mail_ssl_conf_t, prefer_server_ciphers), |
109 NULL }, | 99 NULL }, |
110 #else | |
111 ngx_mail_ssl_nosupported, 0, 0, ngx_mail_ssl_openssl097 }, | |
112 #endif | |
113 | 100 |
114 { ngx_string("ssl_session_cache"), | 101 { ngx_string("ssl_session_cache"), |
115 NGX_MAIL_MAIN_CONF|NGX_MAIL_SRV_CONF|NGX_CONF_TAKE12, | 102 NGX_MAIL_MAIN_CONF|NGX_MAIL_SRV_CONF|NGX_CONF_TAKE12, |
116 ngx_mail_ssl_session_cache, | 103 ngx_mail_ssl_session_cache, |
117 NGX_MAIL_SRV_CONF_OFFSET, | 104 NGX_MAIL_SRV_CONF_OFFSET, |
295 "SSL_CTX_set_cipher_list(\"%V\") failed", | 282 "SSL_CTX_set_cipher_list(\"%V\") failed", |
296 &conf->ciphers); | 283 &conf->ciphers); |
297 } | 284 } |
298 } | 285 } |
299 | 286 |
300 #ifdef SSL_OP_CIPHER_SERVER_PREFERENCE | |
301 | |
302 if (conf->prefer_server_ciphers) { | 287 if (conf->prefer_server_ciphers) { |
303 SSL_CTX_set_options(conf->ssl.ctx, SSL_OP_CIPHER_SERVER_PREFERENCE); | 288 SSL_CTX_set_options(conf->ssl.ctx, SSL_OP_CIPHER_SERVER_PREFERENCE); |
304 } | 289 } |
305 | |
306 #endif | |
307 | 290 |
308 if (ngx_ssl_generate_rsa512_key(&conf->ssl) != NGX_OK) { | 291 if (ngx_ssl_generate_rsa512_key(&conf->ssl) != NGX_OK) { |
309 return NGX_CONF_ERROR; | 292 return NGX_CONF_ERROR; |
310 } | 293 } |
311 | 294 |
490 ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, | 473 ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, |
491 "invalid session cache \"%V\"", &value[i]); | 474 "invalid session cache \"%V\"", &value[i]); |
492 | 475 |
493 return NGX_CONF_ERROR; | 476 return NGX_CONF_ERROR; |
494 } | 477 } |
495 | |
496 | |
497 #if !defined (SSL_OP_CIPHER_SERVER_PREFERENCE) | |
498 | |
499 static char * | |
500 ngx_mail_ssl_nosupported(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) | |
501 { | |
502 ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, | |
503 "\"%V\" directive is available only in %s,", | |
504 &cmd->name, cmd->post); | |
505 | |
506 return NGX_CONF_ERROR; | |
507 } | |
508 | |
509 #endif |