static ngx_int_t ngx_http_ssl_compile_certificates(ngx_conf_t *cf,
ngx_http_ssl_srv_conf_t *conf);
-static char *ngx_http_ssl_enable(ngx_conf_t *cf, ngx_command_t *cmd,
- void *conf);
static char *ngx_http_ssl_password_file(ngx_conf_t *cf, ngx_command_t *cmd,
void *conf);
static char *ngx_http_ssl_session_cache(ngx_conf_t *cf, ngx_command_t *cmd,
};
-static ngx_conf_deprecated_t ngx_http_ssl_deprecated = {
- ngx_conf_deprecated, "ssl", "listen ... ssl"
-};
-
-
static ngx_conf_post_t ngx_http_ssl_conf_command_post =
{ ngx_http_ssl_conf_command_check };
static ngx_command_t ngx_http_ssl_commands[] = {
- { ngx_string("ssl"),
- NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_FLAG,
- ngx_http_ssl_enable,
- NGX_HTTP_SRV_CONF_OFFSET,
- offsetof(ngx_http_ssl_srv_conf_t, enable),
- &ngx_http_ssl_deprecated },
-
{ ngx_string("ssl_certificate"),
NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_TAKE1,
ngx_conf_set_str_array_slot,
* sscf->stapling_responder = { 0, NULL };
*/
- sscf->enable = NGX_CONF_UNSET;
sscf->prefer_server_ciphers = NGX_CONF_UNSET;
sscf->early_data = NGX_CONF_UNSET;
sscf->reject_handshake = NGX_CONF_UNSET;
ngx_pool_cleanup_t *cln;
- if (conf->enable == NGX_CONF_UNSET) {
- if (prev->enable == NGX_CONF_UNSET) {
- conf->enable = 0;
-
- } else {
- conf->enable = prev->enable;
- conf->file = prev->file;
- conf->line = prev->line;
- }
- }
-
ngx_conf_merge_value(conf->session_timeout,
prev->session_timeout, 300);
conf->ssl.log = cf->log;
- if (conf->enable) {
-
- if (conf->certificates) {
- if (conf->certificate_keys == NULL) {
- ngx_log_error(NGX_LOG_EMERG, cf->log, 0,
- "no \"ssl_certificate_key\" is defined for "
- "the \"ssl\" directive in %s:%ui",
- conf->file, conf->line);
- return NGX_CONF_ERROR;
- }
-
- if (conf->certificate_keys->nelts < conf->certificates->nelts) {
- ngx_log_error(NGX_LOG_EMERG, cf->log, 0,
- "no \"ssl_certificate_key\" is defined "
- "for certificate \"%V\" and "
- "the \"ssl\" directive in %s:%ui",
- ((ngx_str_t *) conf->certificates->elts)
- + conf->certificates->nelts - 1,
- conf->file, conf->line);
- return NGX_CONF_ERROR;
- }
-
- } else if (!conf->reject_handshake) {
- ngx_log_error(NGX_LOG_EMERG, cf->log, 0,
- "no \"ssl_certificate\" is defined for "
- "the \"ssl\" directive in %s:%ui",
- conf->file, conf->line);
- return NGX_CONF_ERROR;
- }
-
- } else if (conf->certificates) {
+ if (conf->certificates) {
if (conf->certificate_keys == NULL
|| conf->certificate_keys->nelts < conf->certificates->nelts)
}
-static char *
-ngx_http_ssl_enable(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
-{
- ngx_http_ssl_srv_conf_t *sscf = conf;
-
- char *rv;
-
- rv = ngx_conf_set_flag_slot(cf, cmd, conf);
-
- if (rv != NGX_CONF_OK) {
- return rv;
- }
-
- sscf->file = cf->conf_file->file.name.data;
- sscf->line = cf->conf_file->line;
-
- return NGX_CONF_OK;
-}
-
-
static char *
ngx_http_ssl_password_file(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
{
static void *ngx_mail_ssl_create_conf(ngx_conf_t *cf);
static char *ngx_mail_ssl_merge_conf(ngx_conf_t *cf, void *parent, void *child);
-static char *ngx_mail_ssl_enable(ngx_conf_t *cf, ngx_command_t *cmd,
- void *conf);
static char *ngx_mail_ssl_starttls(ngx_conf_t *cf, ngx_command_t *cmd,
void *conf);
static char *ngx_mail_ssl_password_file(ngx_conf_t *cf, ngx_command_t *cmd,
};
-static ngx_conf_deprecated_t ngx_mail_ssl_deprecated = {
- ngx_conf_deprecated, "ssl", "listen ... ssl"
-};
-
-
static ngx_conf_post_t ngx_mail_ssl_conf_command_post =
{ ngx_mail_ssl_conf_command_check };
static ngx_command_t ngx_mail_ssl_commands[] = {
- { ngx_string("ssl"),
- NGX_MAIL_MAIN_CONF|NGX_MAIL_SRV_CONF|NGX_CONF_FLAG,
- ngx_mail_ssl_enable,
- NGX_MAIL_SRV_CONF_OFFSET,
- offsetof(ngx_mail_ssl_conf_t, enable),
- &ngx_mail_ssl_deprecated },
-
{ ngx_string("starttls"),
NGX_MAIL_MAIN_CONF|NGX_MAIL_SRV_CONF|NGX_CONF_TAKE1,
ngx_mail_ssl_starttls,
* scf->shm_zone = NULL;
*/
- scf->enable = NGX_CONF_UNSET;
scf->starttls = NGX_CONF_UNSET_UINT;
scf->certificates = NGX_CONF_UNSET_PTR;
scf->certificate_keys = NGX_CONF_UNSET_PTR;
char *mode;
ngx_pool_cleanup_t *cln;
- ngx_conf_merge_value(conf->enable, prev->enable, 0);
ngx_conf_merge_uint_value(conf->starttls, prev->starttls,
NGX_MAIL_STARTTLS_OFF);
if (conf->listen) {
mode = "listen ... ssl";
- } else if (conf->enable) {
- mode = "ssl";
-
} else if (conf->starttls != NGX_MAIL_STARTTLS_OFF) {
mode = "starttls";
}
-static char *
-ngx_mail_ssl_enable(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
-{
- ngx_mail_ssl_conf_t *scf = conf;
-
- char *rv;
-
- rv = ngx_conf_set_flag_slot(cf, cmd, conf);
-
- if (rv != NGX_CONF_OK) {
- return rv;
- }
-
- if (scf->enable && (ngx_int_t) scf->starttls > NGX_MAIL_STARTTLS_OFF) {
- ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
- "\"starttls\" directive conflicts with \"ssl on\"");
- return NGX_CONF_ERROR;
- }
-
- if (!scf->listen) {
- scf->file = cf->conf_file->file.name.data;
- scf->line = cf->conf_file->line;
- }
-
- return NGX_CONF_OK;
-}
-
-
static char *
ngx_mail_ssl_starttls(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
{
return rv;
}
- if (scf->enable == 1 && (ngx_int_t) scf->starttls > NGX_MAIL_STARTTLS_OFF) {
- ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
- "\"ssl\" directive conflicts with \"starttls\"");
- return NGX_CONF_ERROR;
- }
-
if (!scf->listen) {
scf->file = cf->conf_file->file.name.data;
scf->line = cf->conf_file->line;
projects / nginx.git / commitdiff