nginx-0.3.3-RELEASE importrelease-0.3.3

*) Change: the "bl" and "af" parameters of the "listen" directive was renamed to the "backlog" and "accept_filter". *) Feature: the "rcvbuf" and "sndbuf" parameters of the "listen" directive. *) Change: the "$msec" log parameter does not require now the additional the gettimeofday() system call. *) Feature: the -t switch now tests the "listen" directives. *) Bugfix: if the invalid address was specified in the "listen" directive, then after the -HUP signal nginx left an open socket in the CLOSED state. *) Bugfix: the mime type may be incorrectly set to default value for index file with variable in the name; the bug had appeared in 0.3.0. *) Feature: the "timer_resolution" directive. *) Feature: the millisecond "$upstream_response_time" log parameter. *) Bugfix: a temporary file with client request body now is removed just after the response header was transferred to a client. *) Bugfix: OpenSSL 0.9.6 compatibility. *) Bugfix: the SSL certificate and key file paths could not be relative. *) Bugfix: the "ssl_prefer_server_ciphers" directive did not work in the ngx_imap_ssl_module. *) Bugfix: the "ssl_protocols" directive allowed to specify the single protocol only.
author: Igor Sysoev <igor@sysoev.ru> 2005-10-19 12:33:58 +0000
committer: Igor Sysoev <igor@sysoev.ru> 2005-10-19 12:33:58 +0000
commit: c2068d08f097383b8eac508117e6d405627e6cef (patch)
tree: 06ca21df58481e97289a566f42703102c0b6583c /src/imap/ngx_imap_ssl_module.c
parent: 8743f92a1acd46c0a4b0df2bf6a80fc1b110affb (diff)
download: nginx-release-0.3.3.tar.gz
1 files changed, 50 insertions, 6 deletions
diff --git a/src/imap/ngx_imap_ssl_module.c b/src/imap/ngx_imap_ssl_module.c
index be6fca93b..d663e8850 100644
--- a/src/imap/ngx_imap_ssl_module.c
+++ b/src/imap/ngx_imap_ssl_module.c
@@ -17,6 +17,15 @@
 static void *ngx_imap_ssl_create_conf(ngx_conf_t *cf);
 static char *ngx_imap_ssl_merge_conf(ngx_conf_t *cf, void *parent, void *child);
 
+#if !defined (SSL_OP_CIPHER_SERVER_PREFERENCE)
+
+static char *ngx_imap_ssl_nosupported(ngx_conf_t *cf, ngx_command_t *cmd,
+    void *conf);
+
+static char  ngx_imap_ssl_openssl097[] = "OpenSSL 0.9.7 and higher";
+
+#endif
+
 
 static ngx_conf_bitmask_t  ngx_imap_ssl_protocols[] = { 
     { ngx_string("SSLv2"), NGX_SSL_SSLv2 },
@@ -50,7 +59,7 @@ static ngx_command_t  ngx_imap_ssl_commands[] = {
       NULL },
 
     { ngx_string("ssl_protocols"),
-      NGX_IMAP_MAIN_CONF|NGX_IMAP_SRV_CONF|NGX_CONF_TAKE1,
+      NGX_IMAP_MAIN_CONF|NGX_IMAP_SRV_CONF|NGX_CONF_1MORE,
       ngx_conf_set_bitmask_slot,
       NGX_IMAP_SRV_CONF_OFFSET,
       offsetof(ngx_imap_ssl_conf_t, protocols),
@@ -65,10 +74,15 @@ static ngx_command_t  ngx_imap_ssl_commands[] = {
 
     { ngx_string("ssl_prefer_server_ciphers"),
       NGX_IMAP_MAIN_CONF|NGX_IMAP_SRV_CONF|NGX_CONF_FLAG,
+#ifdef SSL_OP_CIPHER_SERVER_PREFERENCE
       ngx_conf_set_flag_slot,
       NGX_IMAP_SRV_CONF_OFFSET,
       offsetof(ngx_imap_ssl_conf_t, prefer_server_ciphers),
       NULL },
+#else
+      ngx_imap_ssl_nosupported, 0, 0, ngx_imap_ssl_openssl097 },
+#endif
+
 
       ngx_null_command
 };
@@ -138,6 +152,8 @@ ngx_imap_ssl_merge_conf(ngx_conf_t *cf, void *parent, void *child)
     ngx_imap_ssl_conf_t *prev = parent;
     ngx_imap_ssl_conf_t *conf = child;
 
+    ngx_pool_cleanup_t  *cln;
+
     ngx_conf_merge_value(conf->enable, prev->enable, 0);
 
     if (conf->enable == 0) {
@@ -166,20 +182,25 @@ ngx_imap_ssl_merge_conf(ngx_conf_t *cf, void *parent, void *child)
         return NGX_CONF_ERROR;
     }
 
-    if (ngx_pool_cleanup_add(cf->pool, ngx_ssl_cleanup_ctx, &conf->ssl) == NULL)
-    {
+    cln = ngx_pool_cleanup_add(cf->pool, 0);
+    if (cln == NULL) {
         return NGX_CONF_ERROR;
     }
 
-    if (ngx_ssl_certificate(&conf->ssl, conf->certificate.data,
-                            conf->certificate_key.data) != NGX_OK)
+    cln->handler = ngx_ssl_cleanup_ctx;
+    cln->data = &conf->ssl;
+
+    if (ngx_ssl_certificate(cf, &conf->ssl, &conf->certificate,
+                            &conf->certificate_key)
+        != NGX_OK)
     {
         return NGX_CONF_ERROR;
     }
 
     if (conf->ciphers.len) {
         if (SSL_CTX_set_cipher_list(conf->ssl.ctx,
-                                   (const char *) conf->ciphers.data) == 0)
+                                   (const char *) conf->ciphers.data)
+            == 0)
         {
             ngx_ssl_error(NGX_LOG_EMERG, cf->log, 0,
                           "SSL_CTX_set_cipher_list(\"%V\") failed",
@@ -187,6 +208,14 @@ ngx_imap_ssl_merge_conf(ngx_conf_t *cf, void *parent, void *child)
         }
     }
 
+#ifdef SSL_OP_CIPHER_SERVER_PREFERENCE
+
+    if (conf->prefer_server_ciphers) {
+        SSL_CTX_set_options(conf->ssl.ctx, SSL_OP_CIPHER_SERVER_PREFERENCE);
+    }
+
+#endif
+
     if (ngx_ssl_generate_rsa512_key(&conf->ssl) != NGX_OK) {
         return NGX_CONF_ERROR;
     }
@@ -198,3 +227,18 @@ ngx_imap_ssl_merge_conf(ngx_conf_t *cf, void *parent, void *child)
 
     return NGX_CONF_OK;
 }
+
+    
+#if !defined (SSL_OP_CIPHER_SERVER_PREFERENCE)
+    
+static char *
+ngx_imap_ssl_nosupported(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
+{   
+    ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
+                       "\"%V\" directive is available only in %s,",
+                       &cmd->name, cmd->post);
+
+    return NGX_CONF_ERROR;
+}
+
+#endif
author	Igor Sysoev <igor@sysoev.ru>	2005-10-19 12:33:58 +0000
committer	Igor Sysoev <igor@sysoev.ru>	2005-10-19 12:33:58 +0000
commit	c2068d08f097383b8eac508117e6d405627e6cef (patch)
tree	06ca21df58481e97289a566f42703102c0b6583c /src/imap/ngx_imap_ssl_module.c
parent	8743f92a1acd46c0a4b0df2bf6a80fc1b110affb (diff)
download	nginx-release-0.3.3.tar.gz