<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
Hi Maxim,<br>
<br>
this is very interesting to have in nginx, and it's a very easy
patch. Any chance this gets into nginx? It helps a lot to migrate
users to encrypted mail connections, allowing some users to still
use unencrypted connections, and log in the auth script which user
already uses encrypted connections.<br>
<br>
It would be great if you could add it to nginx.<br>
<br>
Thanks!<br>
Michael<br>
<br>
<div class="moz-cite-prefix">Am 19.06.2014 um 22:10 schrieb Filipe
Da Silva:<br>
</div>
<blockquote
cite="mid:CAMdnPMqcZScY=DK7P3FufbP6-tiqSj-4pMaPh1sXHcM3mLONzg@mail.gmail.com"
type="cite">
<pre wrap="">Hi,
I forget to post the reworked version.
Here is it.
Regards,
Filipe DA SILVA
# HG changeset patch
# Parent b2b5b1b741290adf60220f44f6e37cd8bd9d3885
Mail: send a secure connection flag to auth script.
Allow to do logging (if logging takes place in the auth script) and or force
some users to use STARTTLS while others can use unencrypted connection.
diff -r b2b5b1b74129 src/mail/ngx_mail_auth_http_module.c
--- a/src/mail/ngx_mail_auth_http_module.c Fri Mar 07 15:17:38 2014 +0400
+++ b/src/mail/ngx_mail_auth_http_module.c Wed Mar 12 15:49:21 2014 +0100
@@ -1165,6 +1165,9 @@ ngx_mail_auth_http_create_request(ngx_ma
+ sizeof("Auth-Salt: ") - 1 + s->salt.len
+ sizeof("Auth-Protocol: ") - 1 + cscf->protocol->name.len
+ sizeof(CRLF) - 1
+#if (NGX_MAIL_SSL)
+ + sizeof("Auth-Secured: ") - 1 + 1 + sizeof(CRLF) - 1
+#endif
+ sizeof("Auth-Login-Attempt: ") - 1 + NGX_INT_T_LEN
+ sizeof(CRLF) - 1
+ sizeof("Client-IP: ") - 1 + s->connection->addr_text.len
@@ -1219,6 +1222,13 @@ ngx_mail_auth_http_create_request(ngx_ma
cscf->protocol->name.len);
*b->last++ = CR; *b->last++ = LF;
+#if (NGX_MAIL_SSL)
+ b->last = ngx_cpymem(b->last, "Auth-Secured: ",
+ sizeof("Auth-Secured: ") - 1);
+ *b->last++ = s->connection->ssl ? '1' : '0' ;
+ *b->last++ = CR; *b->last++ = LF;
+#endif
+
b->last = ngx_sprintf(b->last, "Auth-Login-Attempt: %ui" CRLF,
s->login_attempt);
2014-03-06 18:03 GMT+01:00 Michael Kliewe <a class="moz-txt-link-rfc2396E" href="mailto:info@phpgangsta.de"><info@phpgangsta.de></a>:
</pre>
<blockquote type="cite">
<pre wrap="">Hi Maxim,
On Mar 6, 2014, at 5:27 PM, Maxim Dounin wrote:
</pre>
<blockquote type="cite">
<pre wrap="">Hello!
On Thu, Mar 06, 2014 at 10:59:29AM +0100, Filipe da Silva wrote:
</pre>
<blockquote type="cite">
<pre wrap=""># HG changeset patch
# User Filipe da Silva <a class="moz-txt-link-rfc2396E" href="mailto:fdasilvayy@gmail.com"><fdasilvayy@gmail.com></a>
# Date 1394099468 -3600
# Thu Mar 06 10:51:08 2014 +0100
# Node ID 51fd90f96449c23af0076a19efbfdb1f88702125
# Parent 24df9fa5868957c1fb9a2d1569271e0958327dad
Mail: send starttls flag value to auth script.
Allow to do logging (if logging takes place in the auth script) and or force
some users to use STARTTLS while others can use unencrypted connection.
</pre>
</blockquote>
<pre wrap="">
I don't think that it's a good idea to pass STARTTLS into auth
script. If at all needed, it should be something like a flag "if
SSL is used", not an explicit STARTTLS status. From auth script
point of view there is no difference if a connection uses SSL on a
dedicated port or encryption was negotiated using STARTLS.
</pre>
</blockquote>
<pre wrap="">
yes, it is needed ;-)
You are right, that would also be possible, the auth script then can check which port has been used, and then has the information if it has been STARTTLS or SSL. In our case we want to distinguish between STARTTLS and SSL in the auth script.
Both solutions are fine I think, so let's take Maxims ;-) (Sorry Filipe for the extra work)
Hope this easy patch gets into nginx then, we need it ;-)
Thanks!
Michael
_______________________________________________
nginx-devel mailing list
<a class="moz-txt-link-abbreviated" href="mailto:nginx-devel@nginx.org">nginx-devel@nginx.org</a>
<a class="moz-txt-link-freetext" href="http://mailman.nginx.org/mailman/listinfo/nginx-devel">http://mailman.nginx.org/mailman/listinfo/nginx-devel</a>
</pre>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
nginx-devel mailing list
<a class="moz-txt-link-abbreviated" href="mailto:nginx-devel@nginx.org">nginx-devel@nginx.org</a>
<a class="moz-txt-link-freetext" href="http://mailman.nginx.org/mailman/listinfo/nginx-devel">http://mailman.nginx.org/mailman/listinfo/nginx-devel</a></pre>
</blockquote>
</blockquote>
<br>
</body>
</html>