| Age | Commit message (Collapse) | Author | Files | Lines | |
|---|---|---|---|---|---|
| 2021-08-13 | Mail: Auth-SSL-Protocol and Auth-SSL-Cipher headers (ticket #2134). | Rob Mueller | 1 | -2/+39 | |
| This adds new Auth-SSL-Protocol and Auth-SSL-Cipher headers to the mail proxy auth protocol when SSL is enabled. This can be useful for detecting users using older clients that negotiate old ciphers when you want to upgrade to newer TLS versions of remove suppport for old and insecure ciphers. You can use your auth backend to notify these users before the upgrade that they either need to upgrade their client software or contact your support team to work out an upgrade path. | |||||
| 2021-03-11 | Mail: fixed build without SSL. | Maxim Dounin | 1 | -2/+3 | |
| Broken by d84f13618277 and 12ea1de7d87c (1.19.8). Reported by Sergey Osokin. | |||||
| 2021-03-05 | Mail: parsing of the PROXY protocol from clients. | Maxim Dounin | 1 | -0/+31 | |
| Activated with the "proxy_protocol" parameter of the "listen" directive. Obtained information is passed to the auth_http script in Proxy-Protocol-Addr, Proxy-Protocol-Port, Proxy-Protocol-Server-Addr, and Proxy-Protocol-Server-Port headers. | |||||
| 2021-03-05 | Mail: made auth http creating request easier to extend. | Maxim Dounin | 1 | -13/+29 | |
| 2016-10-08 | Mail: support SASL EXTERNAL (RFC 4422). | Rob N ★ | 1 | -0/+1 | |
| This is needed to allow TLS client certificate auth to work. With ssl_verify_client configured, the auth daemon can choose to allow the connection to proceed based on the certificate data. This has been tested with Thunderbird for IMAP only. I've not yet found a client that will do client certificate auth for POP3 or SMTP, and the method is not really documented anywhere that I can find. That said, its simple enough that the way I've done is probably right. | |||||
| 2016-06-20 | Fixed build on MSVC. | Roman Arutyunyan | 1 | -1/+1 | |
| 2016-06-20 | Introduced ngx_inet_get_port() and ngx_inet_set_port() functions. | Roman Arutyunyan | 1 | -23/+6 | |
| 2016-03-31 | Fixed logging. | Sergey Kandaurov | 1 | -1/+1 | |
| 2015-03-04 | Style: use %*s format, as in 68d21fd1dc64. | Ruslan Ermilov | 1 | -8/+3 | |
| 2015-02-27 | Mail: don't emit Auth-SSL-Verify with disabled ssl_verify_client. | Sergey Kandaurov | 1 | -5/+9 | |
| Previously, the Auth-SSL-Verify header with the "NONE" value was always passed to the auth_http script if verification of client certificates is disabled. | |||||
| 2015-02-25 | Mail: client SSL certificates support. | Maxim Dounin | 1 | -1/+119 | |
| The "ssl_verify_client", "ssl_verify_depth", "ssl_client_certificate", "ssl_trusted_certificate", and "ssl_crl" directives introduced to control SSL client certificate verification in mail proxy module. If there is a certificate, detail of the certificate are passed to the auth_http script configured via Auth-SSL-Verify, Auth-SSL-Subject, Auth-SSL-Issuer, Auth-SSL-Serial, Auth-SSL-Fingerprint headers. If the auth_http_pass_client_cert directive is set, client certificate in PEM format will be passed in the Auth-SSL-Cert header (urlencoded). If there is no required certificate provided during an SSL handshake or certificate verification fails then a protocol-specific error is returned after the SSL handshake and the connection is closed. Based on previous work by Sven Peter, Franck Levionnois and Filipe Da Silva. | |||||
| 2015-02-25 | Mail: added Auth-SSL header to indicate SSL. | Maxim Dounin | 1 | -0/+12 | |
| Based on a patch by Filipe da Silva. | |||||
| 2015-02-25 | Mail: fixed buffer allocation for CRLF after Auth-SMTP-* headers. | Maxim Dounin | 1 | -3/+3 | |
| There were no buffer overruns in real life as there is extra space allocated for the Auth-Login-Attempt counter. | |||||
| 2014-05-14 | Style: use %N instead of '\n' where appropriate. | Ruslan Ermilov | 1 | -1/+1 | |
| 2013-05-09 | Mail: removed surplus ngx_close_connection() call. | Filipe Da Silva | 1 | -1/+0 | |
| It is already called for a peer connection a few lines above. | |||||
| 2013-03-25 | Mail: IPv6 backends (ticket #323). | Ruslan Ermilov | 1 | -24/+35 | |
| 2012-12-17 | Implemented IPv6 support for URLs specified using domain names. | Ruslan Ermilov | 1 | -1/+0 | |
| This includes "debug_connection", upstreams, "proxy_pass", etc. (ticket #92) To preserve compatibility, "listen" specified with a domain name selects the first IPv4 address, if available. If not available, the first IPv6 address will be used (ticket #186). | |||||
| 2012-08-15 | Corrected the directive name in the ngx_mail_auth_http_module error message. | Ruslan Ermilov | 1 | -1/+1 | |
| 2012-01-18 | Copyright updated. | Maxim Konovalov | 1 | -0/+1 | |
| 2011-10-25 | Fixed port range checking. | Ruslan Ermilov | 1 | -1/+1 | |
| 2010-05-14 | ngx_str_set() and ngx_str_null() | Igor Sysoev | 1 | -4/+2 | |
| 2009-12-25 | use "localhost" in "Host" header line, if unix socket is used in "auth_http" | Igor Sysoev | 1 | -1/+8 | |
| 2009-11-02 | rename ngx_peer_addr_t to ngx_addr_t | Igor Sysoev | 1 | -3/+3 | |
| 2009-11-02 | replace inet_addr() with ngx_inet_addr() | Igor Sysoev | 1 | -2/+1 | |
| 2009-06-02 | return NULL instead of NGX_CONF_ERROR on a create conf failure | Igor Sysoev | 1 | -1/+1 | |
| 2009-05-18 | mail proxy listen IPv6 support | Igor Sysoev | 1 | -0/+2 | |
| 2009-04-24 | fix Auth-Method, the bug has been introduced in r2496 | Igor Sysoev | 1 | -0/+1 | |
| 2008-12-09 | use "!= NGX_OK" instead of "== NGX_ERROR" | Igor Sysoev | 1 | -4/+4 | |
| 2008-11-13 | remove unused field | Igor Sysoev | 1 | -10/+0 | |
| 2008-11-13 | smtp_auth none | Igor Sysoev | 1 | -2/+35 | |
| patch by Maxim Dounin | |||||
| 2008-06-23 | change useless ngx_pcalloc() to ngx_pnalloc() | Igor Sysoev | 1 | -1/+1 | |
| 2008-06-17 | *) back out r2040 | Igor Sysoev | 1 | -8/+9 | |
| *) refactor ngx_palloc() *) introduce ngx_pnalloc() *) additional pool blocks have smaller header | |||||
| 2007-11-15 | 64-bit time_t compatibility | Igor Sysoev | 1 | -2/+2 | |
| 2007-10-08 | use pool instead of ngx_conf_t | Igor Sysoev | 1 | -1/+1 | |
| 2007-09-15 | ngx_mail_pop3_module, ngx_mail_imap_module, and ngx_mail_smtp_module | Igor Sysoev | 1 | -24/+18 | |
| 2007-09-13 | small optimizations | Igor Sysoev | 1 | -6/+6 | |
| 2007-09-13 | style fix and optimizations | Igor Sysoev | 1 | -21/+19 | |
| 2007-08-20 | escape " ", "%", and %00-%1F in login and password | Igor Sysoev | 1 | -31/+5 | |
| 2007-08-14 | test http_auth absence | Igor Sysoev | 1 | -0/+14 | |
| 2007-08-14 | allow "http://" in auth_http URL | Igor Sysoev | 1 | -0/+5 | |
| 2007-08-14 | stop configuration on error | Igor Sysoev | 1 | -0/+2 | |
| 2007-07-10 | fix memory allocation for auth_http_header | Igor Sysoev | 1 | -0/+1 | |
| 2007-04-18 | style fix: remove tabs | Igor Sysoev | 1 | -10/+10 | |
| 2007-03-19 | Many changes: | Igor Sysoev | 1 | -0/+1432 | |
| *) rename imap to mail, sort pop3/imap functions *) smtp auth support *) pop3 starttls only *) fix segfault if cram-md5 was used without apop | |||||
 |
index : nginx.git | |
| nginx | a.clayton@nginx.com |
| summaryrefslogtreecommitdiffhomepage |