summaryrefslogtreecommitdiffhomepage
path: root/src/event
diff options
context:
space:
mode:
authorTim Taubert <tim@timtaubert.de>2016-06-15 21:05:30 +0100
committerTim Taubert <tim@timtaubert.de>2016-06-15 21:05:30 +0100
commit4f578bfcab740fcfbbb8824822803ad9b3f176cc (patch)
tree361da9087f06bd7eb328a82b691044a5c83a48fb /src/event
parent6e38998bacb77b1bcaa16a999a722c0c4f961b8e (diff)
downloadnginx-4f578bfcab740fcfbbb8824822803ad9b3f176cc.tar.gz
nginx-4f578bfcab740fcfbbb8824822803ad9b3f176cc.tar.bz2
SSL: ngx_ssl_ciphers() to set list of ciphers.
This patch moves various OpenSSL-specific function calls into the OpenSSL module and introduces ngx_ssl_ciphers() to make nginx more crypto-library-agnostic.
Diffstat (limited to 'src/event')
-rw-r--r--src/event/ngx_event_openssl.c24
-rw-r--r--src/event/ngx_event_openssl.h2
2 files changed, 26 insertions, 0 deletions
diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c
index 810c46995..bb9a9006b 100644
--- a/src/event/ngx_event_openssl.c
+++ b/src/event/ngx_event_openssl.c
@@ -592,6 +592,30 @@ ngx_ssl_password_callback(char *buf, int size, int rwflag, void *userdata)
ngx_int_t
+ngx_ssl_ciphers(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *ciphers,
+ ngx_uint_t prefer_server_ciphers)
+{
+ if (SSL_CTX_set_cipher_list(ssl->ctx, (char *) ciphers->data) == 0) {
+ ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0,
+ "SSL_CTX_set_cipher_list(\"%V\") failed",
+ ciphers);
+ return NGX_ERROR;
+ }
+
+ if (prefer_server_ciphers) {
+ SSL_CTX_set_options(ssl->ctx, SSL_OP_CIPHER_SERVER_PREFERENCE);
+ }
+
+#if (OPENSSL_VERSION_NUMBER < 0x10100001L && !defined LIBRESSL_VERSION_NUMBER)
+ /* a temporary 512-bit RSA key is required for export versions of MSIE */
+ SSL_CTX_set_tmp_rsa_callback(ssl->ctx, ngx_ssl_rsa512_key_callback);
+#endif
+
+ return NGX_OK;
+}
+
+
+ngx_int_t
ngx_ssl_client_certificate(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *cert,
ngx_int_t depth)
{
diff --git a/src/event/ngx_event_openssl.h b/src/event/ngx_event_openssl.h
index fc9ec054a..3367d1020 100644
--- a/src/event/ngx_event_openssl.h
+++ b/src/event/ngx_event_openssl.h
@@ -144,6 +144,8 @@ ngx_int_t ngx_ssl_certificates(ngx_conf_t *cf, ngx_ssl_t *ssl,
ngx_array_t *certs, ngx_array_t *keys, ngx_array_t *passwords);
ngx_int_t ngx_ssl_certificate(ngx_conf_t *cf, ngx_ssl_t *ssl,
ngx_str_t *cert, ngx_str_t *key, ngx_array_t *passwords);
+ngx_int_t ngx_ssl_ciphers(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *ciphers,
+ ngx_uint_t prefer_server_ciphers);
ngx_int_t ngx_ssl_client_certificate(ngx_conf_t *cf, ngx_ssl_t *ssl,
ngx_str_t *cert, ngx_int_t depth);
ngx_int_t ngx_ssl_trusted_certificate(ngx_conf_t *cf, ngx_ssl_t *ssl,