aboutsummaryrefslogtreecommitdiff
path: root/src/mail/ngx_mail_ssl_module.c
diff options
context:
space:
mode:
authorTim Taubert <tim@timtaubert.de>2016-06-15 21:05:30 +0100
committerTim Taubert <tim@timtaubert.de>2016-06-15 21:05:30 +0100
commit4f578bfcab740fcfbbb8824822803ad9b3f176cc (patch)
tree361da9087f06bd7eb328a82b691044a5c83a48fb /src/mail/ngx_mail_ssl_module.c
parent6e38998bacb77b1bcaa16a999a722c0c4f961b8e (diff)
downloadnginx-4f578bfcab740fcfbbb8824822803ad9b3f176cc.tar.gz
nginx-4f578bfcab740fcfbbb8824822803ad9b3f176cc.zip
SSL: ngx_ssl_ciphers() to set list of ciphers.
This patch moves various OpenSSL-specific function calls into the OpenSSL module and introduces ngx_ssl_ciphers() to make nginx more crypto-library-agnostic.
Diffstat (limited to 'src/mail/ngx_mail_ssl_module.c')
-rw-r--r--src/mail/ngx_mail_ssl_module.c17
1 files changed, 3 insertions, 14 deletions
diff --git a/src/mail/ngx_mail_ssl_module.c b/src/mail/ngx_mail_ssl_module.c
index 83cffb832..11e428cb9 100644
--- a/src/mail/ngx_mail_ssl_module.c
+++ b/src/mail/ngx_mail_ssl_module.c
@@ -422,24 +422,13 @@ ngx_mail_ssl_merge_conf(ngx_conf_t *cf, void *parent, void *child)
}
}
- if (SSL_CTX_set_cipher_list(conf->ssl.ctx,
- (const char *) conf->ciphers.data)
- == 0)
+ if (ngx_ssl_ciphers(cf, &conf->ssl, &conf->ciphers,
+ conf->prefer_server_ciphers)
+ != NGX_OK)
{
- ngx_ssl_error(NGX_LOG_EMERG, cf->log, 0,
- "SSL_CTX_set_cipher_list(\"%V\") failed",
- &conf->ciphers);
return NGX_CONF_ERROR;
}
- if (conf->prefer_server_ciphers) {
- SSL_CTX_set_options(conf->ssl.ctx, SSL_OP_CIPHER_SERVER_PREFERENCE);
- }
-
-#if (OPENSSL_VERSION_NUMBER < 0x10100001L && !defined LIBRESSL_VERSION_NUMBER)
- SSL_CTX_set_tmp_rsa_callback(conf->ssl.ctx, ngx_ssl_rsa512_key_callback);
-#endif
-
if (ngx_ssl_dhparam(cf, &conf->ssl, &conf->dhparam) != NGX_OK) {
return NGX_CONF_ERROR;
}
generated by cgit v1.2.3 (git 2.25.1) at 2025-07-19 16:12:36 +0000