Hello! On Wed, Jun 15, 2016 at 09:08:58PM +0100, Tim Taubert wrote:
> # HG changeset patch > # User Tim Taubert <[email protected]> > # Date 1466021130 -3600 > # Wed Jun 15 21:05:30 2016 +0100 > # Node ID 42ec0b0933f637da2a4a3a17146eb9c7347fa02c > # Parent 1064ea81ed3aabb8ad422ffcc60ddcde667022ac > SSL: ngx_ssl_ciphers() to set list of ciphers. > > This patch moves various OpenSSL-specific function calls into the > OpenSSL module and introduces ngx_ssl_ciphers() to make nginx more > crypto-library-agnostic. > > diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c > --- a/src/event/ngx_event_openssl.c > +++ b/src/event/ngx_event_openssl.c > @@ -587,16 +587,40 @@ ngx_ssl_password_callback(char *buf, int > > ngx_memcpy(buf, pwd->data, size); > > return size; > } > > > ngx_int_t > +ngx_ssl_ciphers(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *ciphers, > + ngx_uint_t prefer_server_ciphers) > +{ > + if (SSL_CTX_set_cipher_list(ssl->ctx, (char *) ciphers->data) == 0) { > + ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0, > + "SSL_CTX_set_cipher_list(\"%V\") failed", > + ciphers); > + return NGX_ERROR; > + } > + > + if (prefer_server_ciphers) { > + SSL_CTX_set_options(ssl->ctx, SSL_OP_CIPHER_SERVER_PREFERENCE); > + } > + > +#if (OPENSSL_VERSION_NUMBER < 0x10100001L && !defined > LIBRESSL_VERSION_NUMBER) > + /* a temporary 512-bit RSA key is required for export versions of MSIE */ > + SSL_CTX_set_tmp_rsa_callback(conf->ssl.ctx, ngx_ssl_rsa512_key_callback); Here "conf->ssl.ctx" needs to be changed to "ssl->ctx", as there is no "conf" here. Otherwise looks good, so I've fixed this and committed: http://hg.nginx.org/nginx/rev/04d8d1f85649 Thanks! -- Maxim Dounin http://nginx.org/ _______________________________________________ nginx-devel mailing list [email protected] http://mailman.nginx.org/mailman/listinfo/nginx-devel
