<div dir="ltr"><div>Hello, <br><br></div>I think that the mail haven't been seen by devel forum.<br><br>Kind regards,<br>Franck.<br>2014-10-30 19:25 GMT+01:00 Kunal Pariani <span dir="ltr"><<a href="mailto:kpariani@zimbra.com" target="_blank">kpariani@zimbra.com</a>></span>:<br><div>Hello,</div><div>Any reason for this patch not being committed upstream yet ?</div><div><br></div><div>Thanks</div><div>-Kunal</div><br><div class="gmail_extra"><br><div class="gmail_quote">2014-10-30 19:25 GMT+01:00 Kunal Pariani <span dir="ltr"><<a href="mailto:kpariani@zimbra.com" target="_blank">kpariani@zimbra.com</a>></span>:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div><div style="font-family:arial,helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)"><div>Hello,</div><div>Any reason for this patch not being committed upstream yet ?</div><div><br></div><div>Thanks</div><div>-Kunal</div><div><br></div><hr><div><span class=""><b>From: </b>"Franck Levionnois" <<a href="mailto:flevionnois@gmail.com" target="_blank">flevionnois@gmail.com</a>><br><b>To: </b>"nginx-devel" <<a href="mailto:nginx-devel@nginx.org" target="_blank">nginx-devel@nginx.org</a>>, "Kunal Pariani" <<a href="mailto:kpariani@zimbra.com" target="_blank">kpariani@zimbra.com</a>><br></span><b>Sent: </b>Tuesday, October 21, 2014 12:59:04 AM<div><div class="h5"><br><b>Subject: </b>Re: [PATCH] SSL support for the mail proxy module<br></div></div></div><div><div class="h5"><br><div><div dir="ltr"><div><div>Hello,<br><br></div>The patch below has been submited some 
months ago. It do about the same, and it support to return a name by the auth script.<br><br></div>Kind regards <br><div>Franck Levionnois.<br></div><br>---------- Forwarded message ----------<br>From:  <span dir="ltr"><<a href="mailto:flevionnois@gmail.com" target="_blank">flevionnois@gmail.com</a>></span><br>Date: 2014-01-24 21:40 GMT+01:00<br>Subject: [PATCH 1 of 1] Mail: added support for SSL client certificate<br>To: <a href="mailto:nginx-devel@nginx.org" target="_blank">nginx-devel@nginx.org</a><br><br><br># HG changeset patch<br>
# User Franck Levionnois <<a href="mailto:flevionnois@gmail.com" target="_blank">flevionnois@gmail.com</a>><br>
# Date 1390577176 -3600<br>
#      Fri Jan 24 16:26:16 2014 +0100<br>
# Node ID d7b8381c200e300c2b6729574f4c2a<div class="gmail_quote">b537804f56<br>
# Parent  a387ce36744aa36b50e8171dbf01ef716748327e<br>
Mail: added support for SSL client certificate<br>
<br>
Add support for SSL module like HTTP.<br>
<br>
Added mail configuration directives (like http):<br>
ssl_verify_client, ssl_verify_depth,  ssl_client_certificate, ssl_trusted_certificate, ssl_crl<br>
<br>
Added headers:<br>
Auth-Certificate, Auth-Certificate-Verify, Auth-Issuer-DN, Auth-Subject-DN, Auth-Subject-Serial<br>
<br>
diff -r a387ce36744a -r d7b8381c200e src/mail/ngx_mail_auth_http_module.c<br>
--- a/src/mail/ngx_mail_auth_http_module.c      Thu Jan 23 22:09:59 2014 +0900<br>
+++ b/src/mail/ngx_mail_auth_http_module.c      Fri Jan 24 16:26:16 2014 +0100<br>
@@ -1135,6 +1135,32 @@<br>
                    "mail auth http dummy handler");<br>
 }<br>
<br>
+#if (NGX_MAIL_SSL)<br>
+static ngx_int_t<br>
+ngx_ssl_get_certificate_oneline(ngx_connection_t *c, ngx_pool_t *pool,<br>
+                                ngx_str_t *b64_cert)<br>
+{<br>
+    ngx_str_t    pemCert;<br>
+    if (ngx_ssl_get_raw_certificate(c, pool, &pemCert) != NGX_OK) {<br>
+        return NGX_ERROR;<br>
+    }<br>
+<br>
+    if (pemCert.len == 0) {<br>
+        b64_cert->len = 0;<br>
+        return NGX_OK;<br>
+    }<br>
+<br>
+    b64_cert->len = ngx_base64_encoded_length(pemCert.len);<br>
+    b64_cert->data = ngx_palloc( pool, b64_cert->len);<br>
+    if (b64_cert->data == NULL) {<br>
+        b64_cert->len = 0;<br>
+        return NGX_ERROR;<br>
+    }<br>
+    ngx_encode_base64(b64_cert, &pemCert);<br>
+<br>
+    return NGX_OK;<br>
+}<br>
+#endif<br>
<br>
 static ngx_buf_t *<br>
 ngx_mail_auth_http_create_request(ngx_mail_session_t *s, ngx_pool_t *pool,<br>
@@ -1142,7 +1168,9 @@<br>
 {<br>
     size_t                     len;<br>
     ngx_buf_t                 *b;<br>
-    ngx_str_t                  login, passwd;<br>
+    ngx_str_t                  login, passwd, client_cert, client_verify,<br>
+                               client_subject, client_issuer,<br>
+                               client_serial;<br>
     ngx_mail_core_srv_conf_t  *cscf;<br>
<br>
     if (ngx_mail_auth_http_escape(pool, &s->login, &login) != NGX_OK) {<br>
@@ -1155,6 +1183,42 @@<br>
<br>
     cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module);<br>
<br>
+#if (NGX_MAIL_SSL)<br>
+    if (s->connection->ssl) {<br>
+        if (ngx_ssl_get_client_verify(s->connection, pool,<br>
+                                     &client_verify) != NGX_OK) {<br>
+            return NULL;<br>
+        }<br>
+<br>
+        if (ngx_ssl_get_subject_dn(s->connection, pool,<br>
+                                  &client_subject) != NGX_OK) {<br>
+            return NULL;<br>
+        }<br>
+<br>
+        if (ngx_ssl_get_issuer_dn(s->connection, pool,<br>
+                                  &client_issuer) != NGX_OK) {<br>
+            return NULL;<br>
+        }<br>
+<br>
+        if (ngx_ssl_get_serial_number(s->connection, pool,<br>
+                                      &client_serial) != NGX_OK) {<br>
+            return NULL;<br>
+        }<br>
+<br>
+        if (ngx_ssl_get_certificate_oneline(s->connection, pool,<br>
+                                            &client_cert) != NGX_OK) {<br>
+            return NULL;<br>
+        }<br>
+    } else {<br>
+        client_verify.len = 0;<br>
+        client_issuer.len = 0;<br>
+        client_subject.len = 0;<br>
+        client_serial.len = 0;<br>
+        client_cert.len = 0;<br>
+    }<br>
+<br>
+#endif<br>
+<br>
     len = sizeof("GET ") - 1 + ahcf->uri.len + sizeof(" HTTP/1.0" CRLF) - 1<br>
           + sizeof("Host: ") - 1 + ahcf->host_header.len + sizeof(CRLF) - 1<br>
           + sizeof("Auth-Method: ") - 1<br>
@@ -1163,6 +1227,18 @@<br>
           + sizeof("Auth-User: ") - 1 + login.len + sizeof(CRLF) - 1<br>
           + sizeof("Auth-Pass: ") - 1 + passwd.len + sizeof(CRLF) - 1<br>
           + sizeof("Auth-Salt: ") - 1 + s->salt.len<br>
+#if (NGX_MAIL_SSL)<br>
+          + sizeof("Auth-Certificate: ") - 1 + client_cert.len<br>
+          + sizeof(CRLF) - 1<br>
+          + sizeof("Auth-Certificate-Verify: ") - 1 + client_verify.len<br>
+          + sizeof(CRLF) - 1<br>
+          + sizeof("Auth-Issuer-DN: ") - 1 + client_issuer.len<br>
+          + sizeof(CRLF) - 1<br>
+          + sizeof("Auth-Subject-DN: ") - 1 + client_subject.len<br>
+          + sizeof(CRLF) - 1<br>
+          + sizeof("Auth-Subject-Serial: ") - 1 + client_serial.len<br>
+          + sizeof(CRLF) - 1<br>
+#endif<br>
           + sizeof("Auth-Protocol: ") - 1 + cscf->protocol->name.len<br>
                 + sizeof(CRLF) - 1<br>
           + sizeof("Auth-Login-Attempt: ") - 1 + NGX_INT_T_LEN<br>
@@ -1212,7 +1288,43 @@<br>
<br>
         s->passwd.data = NULL;<br>
     }<br>
-<br>
+#if (NGX_MAIL_SSL)<br>
+    if ( client_cert.len )<br>
+    {<br>
+        b->last = ngx_cpymem(b->last, "Auth-Certificate: ",<br>
+                             sizeof("Auth-Certificate: ") - 1);<br>
+        b->last = ngx_copy(b->last, client_cert.data, client_cert.len);<br>
+        *b->last++ = CR; *b->last++ = LF;<br>
+    }<br>
+    if ( client_verify.len )<br>
+    {<br>
+        b->last = ngx_cpymem(b->last, "Auth-Certificate-Verify: ",<br>
+                             sizeof("Auth-Certificate-Verify: ") - 1);<br>
+        b->last = ngx_copy(b->last, client_verify.data, client_verify.len);<br>
+        *b->last++ = CR; *b->last++ = LF;<br>
+    }<br>
+    if ( client_issuer.len )<br>
+    {<br>
+        b->last = ngx_cpymem(b->last, "Auth-Issuer-DN: ",<br>
+                             sizeof("Auth-Issuer-DN: ") - 1);<br>
+        b->last = ngx_copy(b->last, client_issuer.data, client_issuer.len);<br>
+        *b->last++ = CR; *b->last++ = LF;<br>
+    }<br>
+    if ( client_subject.len )<br>
+    {<br>
+        b->last = ngx_cpymem(b->last, "Auth-Subject-DN: ",<br>
+                             sizeof("Auth-Subject-DN: ") - 1);<br>
+        b->last = ngx_copy(b->last, client_subject.data, client_subject.len);<br>
+        *b->last++ = CR; *b->last++ = LF;<br>
+    }<br>
+    if ( client_serial.len )<br>
+    {<br>
+        b->last = ngx_cpymem(b->last, "Auth-Subject-Serial: ",<br>
+                             sizeof("Auth-Subject-Serial: ") - 1);<br>
+        b->last = ngx_copy(b->last, client_serial.data, client_serial.len);<br>
+        *b->last++ = CR; *b->last++ = LF;<br>
+    }<br>
+#endif<br>
     b->last = ngx_cpymem(b->last, "Auth-Protocol: ",<br>
                          sizeof("Auth-Protocol: ") - 1);<br>
     b->last = ngx_cpymem(b->last, cscf->protocol->name.data,<br>
diff -r a387ce36744a -r d7b8381c200e src/mail/ngx_mail_handler.c<br>
--- a/src/mail/ngx_mail_handler.c       Thu Jan 23 22:09:59 2014 +0900<br>
+++ b/src/mail/ngx_mail_handler.c       Fri Jan 24 16:26:16 2014 +0100<br>
@@ -236,11 +236,59 @@<br>
 {<br>
     ngx_mail_session_t        *s;<br>
     ngx_mail_core_srv_conf_t  *cscf;<br>
+#if (NGX_MAIL_SSL)<br>
+    ngx_mail_ssl_conf_t       *sslcf;<br>
+#endif<br>
+<br>
+    ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0,<br>
+        "ngx_mail_ssl_handshake_handler handshaked: %d ",<br>
+        c->ssl->handshaked );<br>
<br>
     if (c->ssl->handshaked) {<br>
<br>
         s = c->data;<br>
<br>
+#if (NGX_MAIL_SSL)<br>
+        sslcf = ngx_mail_get_module_srv_conf(s, ngx_mail_ssl_module);<br>
+        if (sslcf->verify) {<br>
+            long                      rc;<br>
+<br>
+            rc = SSL_get_verify_result(c->ssl->connection);<br>
+<br>
+            if (rc != X509_V_OK<br>
+                && (sslcf->verify != 3 || !ngx_ssl_verify_error_optional(rc)))<br>
+            {<br>
+                ngx_log_error(NGX_LOG_INFO, c->log, 0,<br>
+                    "client SSL certificate verify error: (%l:%s)",<br>
+                    rc, X509_verify_cert_error_string(rc));<br>
+<br>
+                ngx_ssl_remove_cached_session(sslcf->ssl.ctx,<br>
+                    (SSL_get0_session(c->ssl->connection)));<br>
+<br>
+                ngx_mail_close_connection(c);<br>
+                return;<br>
+            }<br>
+<br>
+            if (sslcf->verify == 1) {<br>
+                X509                     *cert;<br>
+                cert = SSL_get_peer_certificate(c->ssl->connection);<br>
+<br>
+                if (cert == NULL) {<br>
+                    ngx_log_error(NGX_LOG_INFO, c->log, 0,<br>
+                        "client sent no required SSL certificate");<br>
+<br>
+                    ngx_ssl_remove_cached_session(sslcf->ssl.ctx,<br>
+                        (SSL_get0_session(c->ssl->connection)));<br>
+<br>
+                    ngx_mail_close_connection(c);<br>
+                    return;<br>
+                }<br>
+<br>
+                X509_free(cert);<br>
+            }<br>
+        }<br>
+#endif<br>
+<br>
         if (s->starttls) {<br>
             cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module);<br>
<br>
@@ -276,6 +324,10 @@<br>
<br>
     s->protocol = cscf->protocol->type;<br>
<br>
+    ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0,<br>
+        "ngx_mail_init_session protocol: %d ",<br>
+        cscf->protocol->type );<br>
+<br>
     s->ctx = ngx_pcalloc(c->pool, sizeof(void *) * ngx_mail_max_module);<br>
     if (s->ctx == NULL) {<br>
         ngx_mail_session_internal_server_error(s);<br>
diff -r a387ce36744a -r d7b8381c200e src/mail/ngx_mail_ssl_module.c<br>
--- a/src/mail/ngx_mail_ssl_module.c    Thu Jan 23 22:09:59 2014 +0900<br>
+++ b/src/mail/ngx_mail_ssl_module.c    Fri Jan 24 16:26:16 2014 +0100<br>
@@ -43,6 +43,13 @@<br>
     { ngx_null_string, 0 }<br>
 };<br>
<br>
+static ngx_conf_enum_t  ngx_mail_ssl_verify[] = {<br>
+    { ngx_string("off"), 0 },<br>
+    { ngx_string("on"), 1 },<br>
+    { ngx_string("optional"), 2 },<br>
+    { ngx_string("optional_no_ca"), 3 },<br>
+    { ngx_null_string, 0 }<br>
+};<br>
<br>
 static ngx_command_t  ngx_mail_ssl_commands[] = {<br>
<br>
@@ -102,6 +109,34 @@<br>
       offsetof(ngx_mail_ssl_conf_t, ciphers),<br>
       NULL },<br>
<br>
+    { ngx_string("ssl_verify_client"),<br>
+      NGX_MAIL_MAIN_CONF|NGX_MAIL_SRV_CONF|NGX_CONF_TAKE1,<br>
+      ngx_conf_set_enum_slot,<br>
+      NGX_MAIL_SRV_CONF_OFFSET,<br>
+      offsetof(ngx_mail_ssl_conf_t, verify),<br>
+      &ngx_mail_ssl_verify },<br>
+<br>
+    { ngx_string("ssl_verify_depth"),<br>
+      NGX_MAIL_MAIN_CONF|NGX_MAIL_SRV_CONF|NGX_CONF_1MORE,<br>
+      ngx_conf_set_num_slot,<br>
+      NGX_MAIL_SRV_CONF_OFFSET,<br>
+      offsetof(ngx_mail_ssl_conf_t, verify_depth),<br>
+      NULL },<br>
+<br>
+    { ngx_string("ssl_client_certificate"),<br>
+      NGX_MAIL_MAIN_CONF|NGX_MAIL_SRV_CONF|NGX_CONF_TAKE1,<br>
+      ngx_conf_set_str_slot,<br>
+      NGX_MAIL_SRV_CONF_OFFSET,<br>
+      offsetof(ngx_mail_ssl_conf_t, client_certificate),<br>
+      NULL },<br>
+<br>
+    { ngx_string("ssl_trusted_certificate"),<br>
+      NGX_MAIL_MAIN_CONF|NGX_MAIL_SRV_CONF|NGX_CONF_TAKE1,<br>
+      ngx_conf_set_str_slot,<br>
+      NGX_MAIL_SRV_CONF_OFFSET,<br>
+      offsetof(ngx_mail_ssl_conf_t, trusted_certificate),<br>
+      NULL },<br>
+<br>
     { ngx_string("ssl_prefer_server_ciphers"),<br>
       NGX_MAIL_MAIN_CONF|NGX_MAIL_SRV_CONF|NGX_CONF_FLAG,<br>
       ngx_conf_set_flag_slot,<br>
@@ -137,6 +172,13 @@<br>
       offsetof(ngx_mail_ssl_conf_t, session_timeout),<br>
       NULL },<br>
<br>
+    { ngx_string("ssl_crl"),<br>
+      NGX_MAIL_MAIN_CONF|NGX_MAIL_SRV_CONF|NGX_CONF_TAKE1,<br>
+      ngx_conf_set_str_slot,<br>
+      NGX_MAIL_SRV_CONF_OFFSET,<br>
+      offsetof(ngx_mail_ssl_conf_t, crl),<br>
+      NULL },<br>
+<br>
       ngx_null_command<br>
 };<br>
<br>
@@ -196,6 +238,8 @@<br>
     scf->enable = NGX_CONF_UNSET;<br>
     scf->starttls = NGX_CONF_UNSET_UINT;<br>
     scf->prefer_server_ciphers = NGX_CONF_UNSET;<br>
+    scf->verify = NGX_CONF_UNSET_UINT;<br>
+    scf->verify_depth = NGX_CONF_UNSET_UINT;<br>
     scf->builtin_session_cache = NGX_CONF_UNSET;<br>
     scf->session_timeout = NGX_CONF_UNSET;<br>
     scf->session_tickets = NGX_CONF_UNSET;<br>
@@ -228,11 +272,20 @@<br>
                          (NGX_CONF_BITMASK_SET|NGX_SSL_SSLv3|NGX_SSL_TLSv1<br>
                           |NGX_SSL_TLSv1_1|NGX_SSL_TLSv1_2));<br>
<br>
+    ngx_conf_merge_uint_value(conf->verify, prev->verify, 0);<br>
+    ngx_conf_merge_uint_value(conf->verify_depth, prev->verify_depth, 1);<br>
+<br>
     ngx_conf_merge_str_value(conf->certificate, prev->certificate, "");<br>
     ngx_conf_merge_str_value(conf->certificate_key, prev->certificate_key, "");<br>
<br>
     ngx_conf_merge_str_value(conf->dhparam, prev->dhparam, "");<br>
<br>
+    ngx_conf_merge_str_value(conf->client_certificate, prev->client_certificate,<br>
+                         "");<br>
+    ngx_conf_merge_str_value(conf->trusted_certificate,<br>
+                         prev->trusted_certificate, "");<br>
+    ngx_conf_merge_str_value(conf->crl, prev->crl, "");<br>
+<br>
     ngx_conf_merge_str_value(conf->ecdh_curve, prev->ecdh_curve,<br>
                          NGX_DEFAULT_ECDH_CURVE);<br>
<br>
@@ -318,6 +371,35 @@<br>
         return NGX_CONF_ERROR;<br>
     }<br>
<br>
+    if (conf->verify) {<br>
+<br>
+        if (conf->client_certificate.len == 0 && conf->verify != 3) {<br>
+            ngx_log_error(NGX_LOG_EMERG, cf->log, 0,<br>
+                          "no ssl_client_certificate for ssl_client_verify");<br>
+            return NGX_CONF_ERROR;<br>
+        }<br>
+<br>
+        if (ngx_ssl_client_certificate(cf, &conf->ssl,<br>
+                                       &conf->client_certificate,<br>
+                                       conf->verify_depth)<br>
+            != NGX_OK)<br>
+        {<br>
+            return NGX_CONF_ERROR;<br>
+        }<br>
+    }<br>
+<br>
+    if (ngx_ssl_trusted_certificate(cf, &conf->ssl,<br>
+                                    &conf->trusted_certificate,<br>
+                                    conf->verify_depth)<br>
+        != NGX_OK)<br>
+    {<br>
+        return NGX_CONF_ERROR;<br>
+    }<br>
+<br>
+    if (ngx_ssl_crl(cf, &conf->ssl, &conf->crl) != NGX_OK) {<br>
+        return NGX_CONF_ERROR;<br>
+    }<br>
+<br>
     if (conf->prefer_server_ciphers) {<br>
         SSL_CTX_set_options(conf->ssl.ctx, SSL_OP_CIPHER_SERVER_PREFERENCE);<br>
     }<br>
diff -r a387ce36744a -r d7b8381c200e src/mail/ngx_mail_ssl_module.h<br>
--- a/src/mail/ngx_mail_ssl_module.h    Thu Jan 23 22:09:59 2014 +0900<br>
+++ b/src/mail/ngx_mail_ssl_module.h    Fri Jan 24 16:26:16 2014 +0100<br>
@@ -28,6 +28,8 @@<br>
     ngx_uint_t       starttls;<br>
     ngx_uint_t       protocols;<br>
<br>
+    ngx_uint_t       verify;<br>
+    ngx_uint_t       verify_depth;<br>
     ssize_t          builtin_session_cache;<br>
<br>
     time_t           session_timeout;<br>
@@ -36,6 +38,9 @@<br>
     ngx_str_t        certificate_key;<br>
     ngx_str_t        dhparam;<br>
     ngx_str_t        ecdh_curve;<br>
+    ngx_str_t        client_certificate;<br>
+    ngx_str_t        trusted_certificate;<br>
+    ngx_str_t        crl;<br>
<br>
     ngx_str_t        ciphers;<br>
</div></div><div class="gmail_extra"><br><div class="gmail_quote">2014-09-17 2:23 GMT+02:00 Kunal Pariani <span dir="ltr"><<a href="mailto:kpariani@zimbra.com" target="_blank">kpariani@zimbra.com</a>></span>:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">I guess these diffs can still be applied with limitation of having the same ssl setting for all upstreams until the support to return a name by the auth script is added later ?<br>
<span><br>
Thanks<br>
-Kunal<br>
<br>
----- Original Message -----<br>
</span><span>From: "Maxim Dounin" <<a href="mailto:mdounin@mdounin.ru" target="_blank">mdounin@mdounin.ru</a>><br>
To: "nginx-devel" <<a href="mailto:nginx-devel@nginx.org" target="_blank">nginx-devel@nginx.org</a>><br>
Sent: Tuesday, September 16, 2014 5:03:06 AM<br>
Subject: Re: [PATCH] SSL support for the mail proxy module<br>
<br>
</span><div><div>Hello!<br>
<br>
On Tue, Sep 16, 2014 at 02:30:17AM -0500, Kunal Pariani wrote:<br>
<br>
> Updated the diffs after addressing the first 2 issues.<br>
> Regarding the 3rd comment, you are correct. Only 1 set of ssl<br>
> settings for all the mail backends with my patch. I guess this<br>
> will be a limitation with the current mail proxy workflow ? Am<br>
> not sure of the exact changes that will be required to address<br>
> this issue completely.<br>
<br>
Probably, returning a name by the auth script is a way to go.<br>
<br>
--<br>
Maxim Dounin<br>
<a href="http://nginx.org/" target="_blank">http://nginx.org/</a><br>
<br>
_______________________________________________<br>
nginx-devel mailing list<br>
<a href="mailto:nginx-devel@nginx.org" target="_blank">nginx-devel@nginx.org</a><br>
<a href="http://mailman.nginx.org/mailman/listinfo/nginx-devel" target="_blank">http://mailman.nginx.org/mailman/listinfo/nginx-devel</a><br>
<br>
_______________________________________________<br>
nginx-devel mailing list<br>
<a href="mailto:nginx-devel@nginx.org" target="_blank">nginx-devel@nginx.org</a><br>
<a href="http://mailman.nginx.org/mailman/listinfo/nginx-devel" target="_blank">http://mailman.nginx.org/mailman/listinfo/nginx-devel</a><br>
</div></div></blockquote></div></div><br></div></div></div></div></div></blockquote></div><br></div></div>