ngx_int_t
ngx_ssl_init(ngx_log_t *log)
{
-#if OPENSSL_VERSION_NUMBER >= 0x00907000
OPENSSL_config(NULL);
-#endif
SSL_library_init();
SSL_load_error_strings();
-#if (NGX_SSL_ENGINE)
ENGINE_load_builtin_engines();
-#endif
ngx_ssl_connection_index = SSL_get_ex_new_index(0, NULL, NULL, NULL, NULL);
SSL_CTX_set_options(ssl->ctx, SSL_OP_TLS_D5_BUG);
SSL_CTX_set_options(ssl->ctx, SSL_OP_TLS_BLOCK_PADDING_BUG);
-#ifdef SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS
SSL_CTX_set_options(ssl->ctx, SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS);
-#endif
SSL_CTX_set_options(ssl->ctx, SSL_OP_SINGLE_DH_USE);
static char *
ngx_openssl_engine(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
{
-#if (NGX_SSL_ENGINE)
ngx_openssl_conf_t *oscf = conf;
ENGINE *engine;
ENGINE_free(engine);
return NGX_CONF_OK;
-
-#else
-
- ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
- "\"ssl_engine\" directive is available only in "
- "OpenSSL 0.9.7 and higher,");
-
- return NGX_CONF_ERROR;
-
-#endif
}
static void
ngx_openssl_exit(ngx_cycle_t *cycle)
{
-#if (NGX_SSL_ENGINE)
ENGINE_cleanup();
-#endif
}
#include <openssl/ssl.h>
#include <openssl/err.h>
-
-#if OPENSSL_VERSION_NUMBER >= 0x00907000
#include <openssl/conf.h>
#include <openssl/engine.h>
-#define NGX_SSL_ENGINE 1
-#endif
#define NGX_SSL_NAME "OpenSSL"
static char *ngx_http_ssl_session_cache(ngx_conf_t *cf, ngx_command_t *cmd,
void *conf);
-#if !defined (SSL_OP_CIPHER_SERVER_PREFERENCE)
-
-static char *ngx_http_ssl_nosupported(ngx_conf_t *cf, ngx_command_t *cmd,
- void *conf);
-
-static char ngx_http_ssl_openssl097[] = "OpenSSL 0.9.7 and higher";
-
-#endif
-
static ngx_conf_bitmask_t ngx_http_ssl_protocols[] = {
{ ngx_string("SSLv2"), NGX_SSL_SSLv2 },
{ ngx_string("ssl_prefer_server_ciphers"),
NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_FLAG,
-#ifdef SSL_OP_CIPHER_SERVER_PREFERENCE
ngx_conf_set_flag_slot,
NGX_HTTP_SRV_CONF_OFFSET,
offsetof(ngx_http_ssl_srv_conf_t, prefer_server_ciphers),
NULL },
-#else
- ngx_http_ssl_nosupported, 0, 0, ngx_http_ssl_openssl097 },
-#endif
{ ngx_string("ssl_session_cache"),
NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_TAKE12,
}
}
-#ifdef SSL_OP_CIPHER_SERVER_PREFERENCE
-
if (conf->prefer_server_ciphers) {
SSL_CTX_set_options(conf->ssl.ctx, SSL_OP_CIPHER_SERVER_PREFERENCE);
}
-#endif
-
/* a temporary 512-bit RSA key is required for export versions of MSIE */
if (ngx_ssl_generate_rsa512_key(&conf->ssl) != NGX_OK) {
return NGX_CONF_ERROR;
return NGX_CONF_ERROR;
}
-
-
-#if !defined (SSL_OP_CIPHER_SERVER_PREFERENCE)
-
-static char *
-ngx_http_ssl_nosupported(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
-{
- ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
- "\"%V\" directive is available only in %s,",
- &cmd->name, cmd->post);
-
- return NGX_CONF_ERROR;
-}
-
-#endif
static char *ngx_mail_ssl_session_cache(ngx_conf_t *cf, ngx_command_t *cmd,
void *conf);
-#if !defined (SSL_OP_CIPHER_SERVER_PREFERENCE)
-
-static char *ngx_mail_ssl_nosupported(ngx_conf_t *cf, ngx_command_t *cmd,
- void *conf);
-
-static char ngx_mail_ssl_openssl097[] = "OpenSSL 0.9.7 and higher";
-
-#endif
-
static ngx_conf_enum_t ngx_http_starttls_state[] = {
{ ngx_string("off"), NGX_MAIL_STARTTLS_OFF },
{ ngx_string("ssl_prefer_server_ciphers"),
NGX_MAIL_MAIN_CONF|NGX_MAIL_SRV_CONF|NGX_CONF_FLAG,
-#ifdef SSL_OP_CIPHER_SERVER_PREFERENCE
ngx_conf_set_flag_slot,
NGX_MAIL_SRV_CONF_OFFSET,
offsetof(ngx_mail_ssl_conf_t, prefer_server_ciphers),
NULL },
-#else
- ngx_mail_ssl_nosupported, 0, 0, ngx_mail_ssl_openssl097 },
-#endif
{ ngx_string("ssl_session_cache"),
NGX_MAIL_MAIN_CONF|NGX_MAIL_SRV_CONF|NGX_CONF_TAKE12,
}
}
-#ifdef SSL_OP_CIPHER_SERVER_PREFERENCE
-
if (conf->prefer_server_ciphers) {
SSL_CTX_set_options(conf->ssl.ctx, SSL_OP_CIPHER_SERVER_PREFERENCE);
}
-#endif
-
if (ngx_ssl_generate_rsa512_key(&conf->ssl) != NGX_OK) {
return NGX_CONF_ERROR;
}
return NGX_CONF_ERROR;
}
-
-
-#if !defined (SSL_OP_CIPHER_SERVER_PREFERENCE)
-
-static char *
-ngx_mail_ssl_nosupported(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
-{
- ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
- "\"%V\" directive is available only in %s,",
- &cmd->name, cmd->post);
-
- return NGX_CONF_ERROR;
-}
-
-#endif
projects / nginx.git / commitdiff