aboutsummaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/http/modules/ngx_http_ssl_module.c78
-rw-r--r--src/http/modules/ngx_http_ssl_module.h5
-rw-r--r--src/http/ngx_http_request.c8
-rw-r--r--src/mail/ngx_mail_handler.c6
-rw-r--r--src/mail/ngx_mail_ssl_module.c53
-rw-r--r--src/mail/ngx_mail_ssl_module.h1
6 files changed, 5 insertions, 146 deletions
diff --git a/src/http/modules/ngx_http_ssl_module.c b/src/http/modules/ngx_http_ssl_module.c
index 3d52c1c57..1c92d9fa8 100644
--- a/src/http/modules/ngx_http_ssl_module.c
+++ b/src/http/modules/ngx_http_ssl_module.c
@@ -43,8 +43,6 @@ static char *ngx_http_ssl_merge_srv_conf(ngx_conf_t *cf,
static ngx_int_t ngx_http_ssl_compile_certificates(ngx_conf_t *cf,
ngx_http_ssl_srv_conf_t *conf);
-static char *ngx_http_ssl_enable(ngx_conf_t *cf, ngx_command_t *cmd,
- void *conf);
static char *ngx_http_ssl_password_file(ngx_conf_t *cf, ngx_command_t *cmd,
void *conf);
static char *ngx_http_ssl_session_cache(ngx_conf_t *cf, ngx_command_t *cmd,
@@ -90,24 +88,12 @@ static ngx_conf_enum_t ngx_http_ssl_ocsp[] = {
};
-static ngx_conf_deprecated_t ngx_http_ssl_deprecated = {
- ngx_conf_deprecated, "ssl", "listen ... ssl"
-};
-
-
static ngx_conf_post_t ngx_http_ssl_conf_command_post =
{ ngx_http_ssl_conf_command_check };
static ngx_command_t ngx_http_ssl_commands[] = {
- { ngx_string("ssl"),
- NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_FLAG,
- ngx_http_ssl_enable,
- NGX_HTTP_SRV_CONF_OFFSET,
- offsetof(ngx_http_ssl_srv_conf_t, enable),
- &ngx_http_ssl_deprecated },
-
{ ngx_string("ssl_certificate"),
NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_TAKE1,
ngx_conf_set_str_array_slot,
@@ -625,7 +611,6 @@ ngx_http_ssl_create_srv_conf(ngx_conf_t *cf)
* sscf->stapling_responder = { 0, NULL };
*/
- sscf->enable = NGX_CONF_UNSET;
sscf->prefer_server_ciphers = NGX_CONF_UNSET;
sscf->early_data = NGX_CONF_UNSET;
sscf->reject_handshake = NGX_CONF_UNSET;
@@ -657,17 +642,6 @@ ngx_http_ssl_merge_srv_conf(ngx_conf_t *cf, void *parent, void *child)
ngx_pool_cleanup_t *cln;
- if (conf->enable == NGX_CONF_UNSET) {
- if (prev->enable == NGX_CONF_UNSET) {
- conf->enable = 0;
-
- } else {
- conf->enable = prev->enable;
- conf->file = prev->file;
- conf->line = prev->line;
- }
- }
-
ngx_conf_merge_value(conf->session_timeout,
prev->session_timeout, 300);
@@ -722,37 +696,7 @@ ngx_http_ssl_merge_srv_conf(ngx_conf_t *cf, void *parent, void *child)
conf->ssl.log = cf->log;
- if (conf->enable) {
-
- if (conf->certificates) {
- if (conf->certificate_keys == NULL) {
- ngx_log_error(NGX_LOG_EMERG, cf->log, 0,
- "no \"ssl_certificate_key\" is defined for "
- "the \"ssl\" directive in %s:%ui",
- conf->file, conf->line);
- return NGX_CONF_ERROR;
- }
-
- if (conf->certificate_keys->nelts < conf->certificates->nelts) {
- ngx_log_error(NGX_LOG_EMERG, cf->log, 0,
- "no \"ssl_certificate_key\" is defined "
- "for certificate \"%V\" and "
- "the \"ssl\" directive in %s:%ui",
- ((ngx_str_t *) conf->certificates->elts)
- + conf->certificates->nelts - 1,
- conf->file, conf->line);
- return NGX_CONF_ERROR;
- }
-
- } else if (!conf->reject_handshake) {
- ngx_log_error(NGX_LOG_EMERG, cf->log, 0,
- "no \"ssl_certificate\" is defined for "
- "the \"ssl\" directive in %s:%ui",
- conf->file, conf->line);
- return NGX_CONF_ERROR;
- }
-
- } else if (conf->certificates) {
+ if (conf->certificates) {
if (conf->certificate_keys == NULL
|| conf->certificate_keys->nelts < conf->certificates->nelts)
@@ -1039,26 +983,6 @@ found:
static char *
-ngx_http_ssl_enable(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
-{
- ngx_http_ssl_srv_conf_t *sscf = conf;
-
- char *rv;
-
- rv = ngx_conf_set_flag_slot(cf, cmd, conf);
-
- if (rv != NGX_CONF_OK) {
- return rv;
- }
-
- sscf->file = cf->conf_file->file.name.data;
- sscf->line = cf->conf_file->line;
-
- return NGX_CONF_OK;
-}
-
-
-static char *
ngx_http_ssl_password_file(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
{
ngx_http_ssl_srv_conf_t *sscf = conf;
diff --git a/src/http/modules/ngx_http_ssl_module.h b/src/http/modules/ngx_http_ssl_module.h
index 7ab0f7eae..c69c8ffd2 100644
--- a/src/http/modules/ngx_http_ssl_module.h
+++ b/src/http/modules/ngx_http_ssl_module.h
@@ -15,8 +15,6 @@
typedef struct {
- ngx_flag_t enable;
-
ngx_ssl_t ssl;
ngx_flag_t prefer_server_ciphers;
@@ -64,9 +62,6 @@ typedef struct {
ngx_flag_t stapling_verify;
ngx_str_t stapling_file;
ngx_str_t stapling_responder;
-
- u_char *file;
- ngx_uint_t line;
} ngx_http_ssl_srv_conf_t;
diff --git a/src/http/ngx_http_request.c b/src/http/ngx_http_request.c
index 0aca92132..bd2be5eac 100644
--- a/src/http/ngx_http_request.c
+++ b/src/http/ngx_http_request.c
@@ -326,17 +326,11 @@ ngx_http_init_connection(ngx_connection_t *c)
#endif
#if (NGX_HTTP_SSL)
- {
- ngx_http_ssl_srv_conf_t *sscf;
-
- sscf = ngx_http_get_module_srv_conf(hc->conf_ctx, ngx_http_ssl_module);
-
- if (sscf->enable || hc->addr_conf->ssl) {
+ if (hc->addr_conf->ssl) {
hc->ssl = 1;
c->log->action = "SSL handshaking";
rev->handler = ngx_http_ssl_handshake;
}
- }
#endif
if (hc->addr_conf->proxy_protocol) {
diff --git a/src/mail/ngx_mail_handler.c b/src/mail/ngx_mail_handler.c
index 246ba97cf..1167df3fb 100644
--- a/src/mail/ngx_mail_handler.c
+++ b/src/mail/ngx_mail_handler.c
@@ -283,11 +283,11 @@ ngx_mail_init_session_handler(ngx_event_t *rev)
s = c->data;
- sslcf = ngx_mail_get_module_srv_conf(s, ngx_mail_ssl_module);
-
- if (sslcf->enable || s->ssl) {
+ if (s->ssl) {
c->log->action = "SSL handshaking";
+ sslcf = ngx_mail_get_module_srv_conf(s, ngx_mail_ssl_module);
+
ngx_mail_ssl_init_connection(&sslcf->ssl, c);
return;
}
diff --git a/src/mail/ngx_mail_ssl_module.c b/src/mail/ngx_mail_ssl_module.c
index 28737ac4e..aebb4ccb6 100644
--- a/src/mail/ngx_mail_ssl_module.c
+++ b/src/mail/ngx_mail_ssl_module.c
@@ -23,8 +23,6 @@ static int ngx_mail_ssl_alpn_select(ngx_ssl_conn_t *ssl_conn,
static void *ngx_mail_ssl_create_conf(ngx_conf_t *cf);
static char *ngx_mail_ssl_merge_conf(ngx_conf_t *cf, void *parent, void *child);
-static char *ngx_mail_ssl_enable(ngx_conf_t *cf, ngx_command_t *cmd,
- void *conf);
static char *ngx_mail_ssl_starttls(ngx_conf_t *cf, ngx_command_t *cmd,
void *conf);
static char *ngx_mail_ssl_password_file(ngx_conf_t *cf, ngx_command_t *cmd,
@@ -65,24 +63,12 @@ static ngx_conf_enum_t ngx_mail_ssl_verify[] = {
};
-static ngx_conf_deprecated_t ngx_mail_ssl_deprecated = {
- ngx_conf_deprecated, "ssl", "listen ... ssl"
-};
-
-
static ngx_conf_post_t ngx_mail_ssl_conf_command_post =
{ ngx_mail_ssl_conf_command_check };
static ngx_command_t ngx_mail_ssl_commands[] = {
- { ngx_string("ssl"),
- NGX_MAIL_MAIN_CONF|NGX_MAIL_SRV_CONF|NGX_CONF_FLAG,
- ngx_mail_ssl_enable,
- NGX_MAIL_SRV_CONF_OFFSET,
- offsetof(ngx_mail_ssl_conf_t, enable),
- &ngx_mail_ssl_deprecated },
-
{ ngx_string("starttls"),
NGX_MAIL_MAIN_CONF|NGX_MAIL_SRV_CONF|NGX_CONF_TAKE1,
ngx_mail_ssl_starttls,
@@ -322,7 +308,6 @@ ngx_mail_ssl_create_conf(ngx_conf_t *cf)
* scf->shm_zone = NULL;
*/
- scf->enable = NGX_CONF_UNSET;
scf->starttls = NGX_CONF_UNSET_UINT;
scf->certificates = NGX_CONF_UNSET_PTR;
scf->certificate_keys = NGX_CONF_UNSET_PTR;
@@ -349,7 +334,6 @@ ngx_mail_ssl_merge_conf(ngx_conf_t *cf, void *parent, void *child)
char *mode;
ngx_pool_cleanup_t *cln;
- ngx_conf_merge_value(conf->enable, prev->enable, 0);
ngx_conf_merge_uint_value(conf->starttls, prev->starttls,
NGX_MAIL_STARTTLS_OFF);
@@ -394,9 +378,6 @@ ngx_mail_ssl_merge_conf(ngx_conf_t *cf, void *parent, void *child)
if (conf->listen) {
mode = "listen ... ssl";
- } else if (conf->enable) {
- mode = "ssl";
-
} else if (conf->starttls != NGX_MAIL_STARTTLS_OFF) {
mode = "starttls";
@@ -546,34 +527,6 @@ ngx_mail_ssl_merge_conf(ngx_conf_t *cf, void *parent, void *child)
static char *
-ngx_mail_ssl_enable(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
-{
- ngx_mail_ssl_conf_t *scf = conf;
-
- char *rv;
-
- rv = ngx_conf_set_flag_slot(cf, cmd, conf);
-
- if (rv != NGX_CONF_OK) {
- return rv;
- }
-
- if (scf->enable && (ngx_int_t) scf->starttls > NGX_MAIL_STARTTLS_OFF) {
- ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
- "\"starttls\" directive conflicts with \"ssl on\"");
- return NGX_CONF_ERROR;
- }
-
- if (!scf->listen) {
- scf->file = cf->conf_file->file.name.data;
- scf->line = cf->conf_file->line;
- }
-
- return NGX_CONF_OK;
-}
-
-
-static char *
ngx_mail_ssl_starttls(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
{
ngx_mail_ssl_conf_t *scf = conf;
@@ -586,12 +539,6 @@ ngx_mail_ssl_starttls(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
return rv;
}
- if (scf->enable == 1 && (ngx_int_t) scf->starttls > NGX_MAIL_STARTTLS_OFF) {
- ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
- "\"ssl\" directive conflicts with \"starttls\"");
- return NGX_CONF_ERROR;
- }
-
if (!scf->listen) {
scf->file = cf->conf_file->file.name.data;
scf->line = cf->conf_file->line;
diff --git a/src/mail/ngx_mail_ssl_module.h b/src/mail/ngx_mail_ssl_module.h
index a0a611317..c0eb6a38f 100644
--- a/src/mail/ngx_mail_ssl_module.h
+++ b/src/mail/ngx_mail_ssl_module.h
@@ -20,7 +20,6 @@
typedef struct {
- ngx_flag_t enable;
ngx_flag_t prefer_server_ciphers;
ngx_ssl_t ssl;
generated by cgit v1.2.3 (git 2.25.1) at 2025-07-15 10:50:04 +0000