# HG changeset patch # User Piotr Sikora <[email protected]> # Date 1379914571 25200 # Sun Sep 22 22:36:11 2013 -0700 # Node ID 0fbcfab0bfd72dbc40c3ee75665e81a08ed2fa0b # Parent 2d947c2e3ea1b3144239f028c8e2af895d95fff4 SSL: stop loading configs with invalid "ssl_ciphers" values.
While there, remove unnecessary check in ngx_mail_ssl_module. Signed-off-by: Piotr Sikora <[email protected]> diff -r 2d947c2e3ea1 -r 0fbcfab0bfd7 src/http/modules/ngx_http_ssl_module.c --- a/src/http/modules/ngx_http_ssl_module.c Fri Sep 20 17:57:21 2013 +0300 +++ b/src/http/modules/ngx_http_ssl_module.c Sun Sep 22 22:36:11 2013 -0700 @@ -561,6 +561,7 @@ ngx_http_ssl_merge_srv_conf(ngx_conf_t * ngx_ssl_error(NGX_LOG_EMERG, cf->log, 0, "SSL_CTX_set_cipher_list(\"%V\") failed", &conf->ciphers); + return NGX_CONF_ERROR; } if (conf->verify) { diff -r 2d947c2e3ea1 -r 0fbcfab0bfd7 src/mail/ngx_mail_ssl_module.c --- a/src/mail/ngx_mail_ssl_module.c Fri Sep 20 17:57:21 2013 +0300 +++ b/src/mail/ngx_mail_ssl_module.c Sun Sep 22 22:36:11 2013 -0700 @@ -287,15 +287,14 @@ ngx_mail_ssl_merge_conf(ngx_conf_t *cf, return NGX_CONF_ERROR; } - if (conf->ciphers.len) { - if (SSL_CTX_set_cipher_list(conf->ssl.ctx, - (const char *) conf->ciphers.data) - == 0) - { - ngx_ssl_error(NGX_LOG_EMERG, cf->log, 0, - "SSL_CTX_set_cipher_list(\"%V\") failed", - &conf->ciphers); - } + if (SSL_CTX_set_cipher_list(conf->ssl.ctx, + (const char *) conf->ciphers.data) + == 0) + { + ngx_ssl_error(NGX_LOG_EMERG, cf->log, 0, + "SSL_CTX_set_cipher_list(\"%V\") failed", + &conf->ciphers); + return NGX_CONF_ERROR; } if (conf->prefer_server_ciphers) { _______________________________________________ nginx-devel mailing list [email protected] http://mailman.nginx.org/mailman/listinfo/nginx-devel
