<html dir="ltr">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<style type="text/css" id="owaParaStyle"></style>
</head>
<body fpstyle="1" ocsi="0">
<div style="direction: ltr;font-family: Tahoma;color: #000000;font-size: 10pt;">
<div style="direction:ltr; font-family:Tahoma; color:#000000; font-size:10pt">
<div style="direction:ltr; font-family:Tahoma; color:#000000; font-size:10pt">
<div style="direction:ltr">
<div style="direction:ltr"># HG changeset patch</div>
<div style="direction:ltr"># User Filipe da Silva <fdasilva@ingima.com></div>
<div style="direction:ltr"># Date 1428509613 -7200</div>
<div style="direction:ltr"># Wed Apr 08 18:13:33 2015 +0200</div>
<div style="direction:ltr"># Node ID cce55a4d8cf331ded858829da6fd19c6db6cb2ab</div>
<div style="direction:ltr"># Parent 24cf399885b13221a498160140b3cf82cc208dc7</div>
<div style="direction:ltr">SSL: add Multiple SSL certificate support to other modules.</div>
<div style="direction:ltr">OpenSSL >= 1.0.2 required.</div>
<div style="direction:ltr"><br>
</div>
<div style="direction:ltr">diff -r 24cf399885b1 -r cce55a4d8cf3 src/http/modules/ngx_http_proxy_module.c</div>
<div style="direction:ltr">--- a/src/http/modules/ngx_http_proxy_module.c<span class="Apple-tab-span" style="white-space:pre">
</span>Wed Apr 08 18:13:33 2015 +0200</div>
<div style="direction:ltr">+++ b/src/http/modules/ngx_http_proxy_module.c<span class="Apple-tab-span" style="white-space:pre">
</span>Wed Apr 08 18:13:33 2015 +0200</div>
<div style="direction:ltr">@@ -97,8 +97,8 @@ typedef struct {</div>
<div style="direction:ltr"> ngx_uint_t ssl_verify_depth;</div>
<div style="direction:ltr"> ngx_str_t ssl_trusted_certificate;</div>
<div style="direction:ltr"> ngx_str_t ssl_crl;</div>
<div style="direction:ltr">- ngx_str_t ssl_certificate;</div>
<div style="direction:ltr">- ngx_str_t ssl_certificate_key;</div>
<div style="direction:ltr">+ ngx_array_t *ssl_certificates;</div>
<div style="direction:ltr">+ ngx_array_t *ssl_certificate_keys;</div>
<div style="direction:ltr"> ngx_array_t *ssl_passwords;</div>
<div style="direction:ltr"> #endif</div>
<div style="direction:ltr"> } ngx_http_proxy_loc_conf_t;</div>
<div style="direction:ltr">@@ -672,16 +672,16 @@ static ngx_command_t ngx_http_proxy_com</div>
<div style="direction:ltr"> </div>
<div style="direction:ltr"> { ngx_string("proxy_ssl_certificate"),</div>
<div style="direction:ltr"> NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1,</div>
<div style="direction:ltr">- ngx_conf_set_str_slot,</div>
<div style="direction:ltr">+ ngx_conf_set_str_array_slot,</div>
<div style="direction:ltr"> NGX_HTTP_LOC_CONF_OFFSET,</div>
<div style="direction:ltr">- offsetof(ngx_http_proxy_loc_conf_t, ssl_certificate),</div>
<div style="direction:ltr">+ offsetof(ngx_http_proxy_loc_conf_t, ssl_certificates),</div>
<div style="direction:ltr"> NULL },</div>
<div style="direction:ltr"> </div>
<div style="direction:ltr"> { ngx_string("proxy_ssl_certificate_key"),</div>
<div style="direction:ltr"> NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1,</div>
<div style="direction:ltr">- ngx_conf_set_str_slot,</div>
<div style="direction:ltr">+ ngx_conf_set_str_array_slot,</div>
<div style="direction:ltr"> NGX_HTTP_LOC_CONF_OFFSET,</div>
<div style="direction:ltr">- offsetof(ngx_http_proxy_loc_conf_t, ssl_certificate_key),</div>
<div style="direction:ltr">+ offsetof(ngx_http_proxy_loc_conf_t, ssl_certificate_keys),</div>
<div style="direction:ltr"> NULL },</div>
<div style="direction:ltr"> </div>
<div style="direction:ltr"> { ngx_string("proxy_ssl_password_file"),</div>
<div style="direction:ltr">@@ -2858,6 +2858,8 @@ ngx_http_proxy_create_loc_conf(ngx_conf_</div>
<div style="direction:ltr"> conf->upstream.ssl_verify = NGX_CONF_UNSET;</div>
<div style="direction:ltr"> conf->ssl_verify_depth = NGX_CONF_UNSET_UINT;</div>
<div style="direction:ltr"> conf->ssl_passwords = NGX_CONF_UNSET_PTR;</div>
<div style="direction:ltr">+ conf->ssl_certificates = NGX_CONF_UNSET_PTR;</div>
<div style="direction:ltr">+ conf->ssl_certificate_keys = NGX_CONF_UNSET_PTR;</div>
<div style="direction:ltr"> #endif</div>
<div style="direction:ltr"> </div>
<div style="direction:ltr"> /* "proxy_cyclic_temp_file" is disabled */</div>
<div style="direction:ltr">@@ -3189,10 +3191,11 @@ ngx_http_proxy_merge_loc_conf(ngx_conf_t</div>
<div style="direction:ltr"> prev->ssl_trusted_certificate, "");</div>
<div style="direction:ltr"> ngx_conf_merge_str_value(conf->ssl_crl, prev->ssl_crl, "");</div>
<div style="direction:ltr"> </div>
<div style="direction:ltr">- ngx_conf_merge_str_value(conf->ssl_certificate,</div>
<div style="direction:ltr">- prev->ssl_certificate, "");</div>
<div style="direction:ltr">- ngx_conf_merge_str_value(conf->ssl_certificate_key,</div>
<div style="direction:ltr">- prev->ssl_certificate_key, "");</div>
<div style="direction:ltr">+ ngx_conf_merge_ptr_value(conf->ssl_certificates,</div>
<div style="direction:ltr">+ prev->ssl_certificates, NULL);</div>
<div style="direction:ltr">+ ngx_conf_merge_ptr_value(conf->ssl_certificate_keys,</div>
<div style="direction:ltr">+ prev->ssl_certificate_keys, NULL);</div>
<div style="direction:ltr">+</div>
<div style="direction:ltr"> ngx_conf_merge_ptr_value(conf->ssl_passwords, prev->ssl_passwords, NULL);</div>
<div style="direction:ltr"> </div>
<div style="direction:ltr"> if (conf->ssl && ngx_http_proxy_set_ssl(cf, conf) != NGX_OK) {</div>
<div style="direction:ltr">@@ -4279,6 +4282,7 @@ static ngx_int_t</div>
<div style="direction:ltr"> ngx_http_proxy_set_ssl(ngx_conf_t *cf, ngx_http_proxy_loc_conf_t *plcf)</div>
<div style="direction:ltr"> {</div>
<div style="direction:ltr"> ngx_pool_cleanup_t *cln;</div>
<div style="direction:ltr">+ ngx_str_t *oddkey;</div>
<div style="direction:ltr"> </div>
<div style="direction:ltr"> plcf->upstream.ssl = ngx_pcalloc(cf->pool, sizeof(ngx_ssl_t));</div>
<div style="direction:ltr"> if (plcf->upstream.ssl == NULL) {</div>
<div style="direction:ltr">@@ -4301,18 +4305,43 @@ ngx_http_proxy_set_ssl(ngx_conf_t *cf, n</div>
<div style="direction:ltr"> cln->handler = ngx_ssl_cleanup_ctx;</div>
<div style="direction:ltr"> cln->data = plcf->upstream.ssl;</div>
<div style="direction:ltr"> </div>
<div style="direction:ltr">- if (plcf->ssl_certificate.len) {</div>
<div style="direction:ltr">-</div>
<div style="direction:ltr">- if (plcf->ssl_certificate_key.len == 0) {</div>
<div style="direction:ltr">+ if (plcf->ssl_certificates && plcf->ssl_certificates->nelts > 0) {</div>
<div style="direction:ltr">+</div>
<div style="direction:ltr">+ if (!plcf->ssl_certificate_keys</div>
<div style="direction:ltr">+ || plcf->ssl_certificate_keys->nelts</div>
<div style="direction:ltr">+ < plcf->ssl_certificates->nelts)</div>
<div style="direction:ltr">+ {</div>
<div style="direction:ltr">+</div>
<div style="direction:ltr">+ oddkey = plcf->ssl_certificates->elts;</div>
<div style="direction:ltr">+</div>
<div style="direction:ltr"> ngx_log_error(NGX_LOG_EMERG, cf->log, 0,</div>
<div style="direction:ltr">- "no \"proxy_ssl_certificate_key\" is defined "</div>
<div style="direction:ltr">- "for certificate \"%V\"", &plcf->ssl_certificate);</div>
<div style="direction:ltr">+ "no \"proxy_ssl_certificate_key\" is defined for "</div>
<div style="direction:ltr">+ "ssl certificate \"%V\"",</div>
<div style="direction:ltr">+ oddkey[(plcf->ssl_certificate_keys)</div>
<div style="direction:ltr">+ ? plcf->ssl_certificate_keys->nelts</div>
<div style="direction:ltr">+ : 0]);</div>
<div style="direction:ltr">+</div>
<div style="direction:ltr"> return NGX_ERROR;</div>
<div style="direction:ltr"> }</div>
<div style="direction:ltr"> </div>
<div style="direction:ltr">- if (ngx_ssl_certificate(cf, plcf->upstream.ssl, &plcf->ssl_certificate,</div>
<div style="direction:ltr">- &plcf->ssl_certificate_key, plcf->ssl_passwords)</div>
<div style="direction:ltr">- != NGX_OK)</div>
<div style="direction:ltr">+#ifndef SSL_CTX_add0_chain_cert</div>
<div style="direction:ltr">+ if (plcf->ssl_certificates->nelts > 1) {</div>
<div style="direction:ltr">+ /*</div>
<div style="direction:ltr">+ * no multiple certificates support for OpenSSL < 1.0.2,</div>
<div style="direction:ltr">+ * so we need to alarm user</div>
<div style="direction:ltr">+ */</div>
<div style="direction:ltr">+ ngx_log_error(NGX_LOG_EMERG, cf->log, 0,</div>
<div style="direction:ltr">+ "Multiple certificate configured "</div>
<div style="direction:ltr">+ "in \"proxy_ssl_certificate\", "</div>
<div style="direction:ltr">+ "but OpenSSL version < 1.0.2 used");</div>
<div style="direction:ltr">+ return NGX_ERROR;</div>
<div style="direction:ltr">+ }</div>
<div style="direction:ltr">+#endif</div>
<div style="direction:ltr">+</div>
<div style="direction:ltr">+ if (ngx_ssl_certificates(cf, plcf->upstream.ssl, plcf->ssl_certificates,</div>
<div style="direction:ltr">+ plcf->ssl_certificate_keys,</div>
<div style="direction:ltr">+ plcf->ssl_passwords)</div>
<div style="direction:ltr">+ != NGX_OK)</div>
<div style="direction:ltr"> {</div>
<div style="direction:ltr"> return NGX_ERROR;</div>
<div style="direction:ltr"> }</div>
<div style="direction:ltr">diff -r 24cf399885b1 -r cce55a4d8cf3 src/http/modules/ngx_http_uwsgi_module.c</div>
<div style="direction:ltr">--- a/src/http/modules/ngx_http_uwsgi_module.c<span class="Apple-tab-span" style="white-space:pre">
</span>Wed Apr 08 18:13:33 2015 +0200</div>
<div style="direction:ltr">+++ b/src/http/modules/ngx_http_uwsgi_module.c<span class="Apple-tab-span" style="white-space:pre">
</span>Wed Apr 08 18:13:33 2015 +0200</div>
<div style="direction:ltr">@@ -54,8 +54,8 @@ typedef struct {</div>
<div style="direction:ltr"> ngx_uint_t ssl_verify_depth;</div>
<div style="direction:ltr"> ngx_str_t ssl_trusted_certificate;</div>
<div style="direction:ltr"> ngx_str_t ssl_crl;</div>
<div style="direction:ltr">- ngx_str_t ssl_certificate;</div>
<div style="direction:ltr">- ngx_str_t ssl_certificate_key;</div>
<div style="direction:ltr">+ ngx_array_t *ssl_certificates;</div>
<div style="direction:ltr">+ ngx_array_t *ssl_certificate_keys;</div>
<div style="direction:ltr"> ngx_array_t *ssl_passwords;</div>
<div style="direction:ltr"> #endif</div>
<div style="direction:ltr"> } ngx_http_uwsgi_loc_conf_t;</div>
<div style="direction:ltr">@@ -517,16 +517,16 @@ static ngx_command_t ngx_http_uwsgi_comm</div>
<div style="direction:ltr"> </div>
<div style="direction:ltr"> { ngx_string("uwsgi_ssl_certificate"),</div>
<div style="direction:ltr"> NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1,</div>
<div style="direction:ltr">- ngx_conf_set_str_slot,</div>
<div style="direction:ltr">+ ngx_conf_set_str_array_slot,</div>
<div style="direction:ltr"> NGX_HTTP_LOC_CONF_OFFSET,</div>
<div style="direction:ltr">- offsetof(ngx_http_uwsgi_loc_conf_t, ssl_certificate),</div>
<div style="direction:ltr">+ offsetof(ngx_http_uwsgi_loc_conf_t, ssl_certificates),</div>
<div style="direction:ltr"> NULL },</div>
<div style="direction:ltr"> </div>
<div style="direction:ltr"> { ngx_string("uwsgi_ssl_certificate_key"),</div>
<div style="direction:ltr"> NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1,</div>
<div style="direction:ltr">- ngx_conf_set_str_slot,</div>
<div style="direction:ltr">+ ngx_conf_set_str_array_slot,</div>
<div style="direction:ltr"> NGX_HTTP_LOC_CONF_OFFSET,</div>
<div style="direction:ltr">- offsetof(ngx_http_uwsgi_loc_conf_t, ssl_certificate_key),</div>
<div style="direction:ltr">+ offsetof(ngx_http_uwsgi_loc_conf_t, ssl_certificate_keys),</div>
<div style="direction:ltr"> NULL },</div>
<div style="direction:ltr"> </div>
<div style="direction:ltr"> { ngx_string("uwsgi_ssl_password_file"),</div>
<div style="direction:ltr">@@ -1430,6 +1430,8 @@ ngx_http_uwsgi_create_loc_conf(ngx_conf_</div>
<div style="direction:ltr"> conf->upstream.ssl_verify = NGX_CONF_UNSET;</div>
<div style="direction:ltr"> conf->ssl_verify_depth = NGX_CONF_UNSET_UINT;</div>
<div style="direction:ltr"> conf->ssl_passwords = NGX_CONF_UNSET_PTR;</div>
<div style="direction:ltr">+ conf->ssl_certificates = NGX_CONF_UNSET_PTR;</div>
<div style="direction:ltr">+ conf->ssl_certificate_keys = NGX_CONF_UNSET_PTR;</div>
<div style="direction:ltr"> #endif</div>
<div style="direction:ltr"> </div>
<div style="direction:ltr"> /* "uwsgi_cyclic_temp_file" is disabled */</div>
<div style="direction:ltr">@@ -1744,11 +1746,10 @@ ngx_http_uwsgi_merge_loc_conf(ngx_conf_t</div>
<div style="direction:ltr"> ngx_conf_merge_str_value(conf->ssl_trusted_certificate,</div>
<div style="direction:ltr"> prev->ssl_trusted_certificate, "");</div>
<div style="direction:ltr"> ngx_conf_merge_str_value(conf->ssl_crl, prev->ssl_crl, "");</div>
<div style="direction:ltr">-</div>
<div style="direction:ltr">- ngx_conf_merge_str_value(conf->ssl_certificate,</div>
<div style="direction:ltr">- prev->ssl_certificate, "");</div>
<div style="direction:ltr">- ngx_conf_merge_str_value(conf->ssl_certificate_key,</div>
<div style="direction:ltr">- prev->ssl_certificate_key, "");</div>
<div style="direction:ltr">+ ngx_conf_merge_ptr_value(conf->ssl_certificates,</div>
<div style="direction:ltr">+ prev->ssl_certificates, NULL);</div>
<div style="direction:ltr">+ ngx_conf_merge_ptr_value(conf->ssl_certificate_keys,</div>
<div style="direction:ltr">+ prev->ssl_certificate_keys, NULL);</div>
<div style="direction:ltr"> ngx_conf_merge_ptr_value(conf->ssl_passwords, prev->ssl_passwords, NULL);</div>
<div style="direction:ltr"> </div>
<div style="direction:ltr"> if (conf->ssl && ngx_http_uwsgi_set_ssl(cf, conf) != NGX_OK) {</div>
<div style="direction:ltr">@@ -2285,6 +2286,7 @@ static ngx_int_t</div>
<div style="direction:ltr"> ngx_http_uwsgi_set_ssl(ngx_conf_t *cf, ngx_http_uwsgi_loc_conf_t *uwcf)</div>
<div style="direction:ltr"> {</div>
<div style="direction:ltr"> ngx_pool_cleanup_t *cln;</div>
<div style="direction:ltr">+ ngx_str_t *oddkey;</div>
<div style="direction:ltr"> </div>
<div style="direction:ltr"> uwcf->upstream.ssl = ngx_pcalloc(cf->pool, sizeof(ngx_ssl_t));</div>
<div style="direction:ltr"> if (uwcf->upstream.ssl == NULL) {</div>
<div style="direction:ltr">@@ -2307,17 +2309,42 @@ ngx_http_uwsgi_set_ssl(ngx_conf_t *cf, n</div>
<div style="direction:ltr"> cln->handler = ngx_ssl_cleanup_ctx;</div>
<div style="direction:ltr"> cln->data = uwcf->upstream.ssl;</div>
<div style="direction:ltr"> </div>
<div style="direction:ltr">- if (uwcf->ssl_certificate.len) {</div>
<div style="direction:ltr">-</div>
<div style="direction:ltr">- if (uwcf->ssl_certificate_key.len == 0) {</div>
<div style="direction:ltr">+ if (uwcf->ssl_certificates && uwcf->ssl_certificates->nelts > 0) {</div>
<div style="direction:ltr">+</div>
<div style="direction:ltr">+ if (!uwcf->ssl_certificate_keys</div>
<div style="direction:ltr">+ || uwcf->ssl_certificate_keys->nelts</div>
<div style="direction:ltr">+ < uwcf->ssl_certificates->nelts)</div>
<div style="direction:ltr">+ {</div>
<div style="direction:ltr">+</div>
<div style="direction:ltr">+ oddkey = uwcf->ssl_certificates->elts;</div>
<div style="direction:ltr">+</div>
<div style="direction:ltr"> ngx_log_error(NGX_LOG_EMERG, cf->log, 0,</div>
<div style="direction:ltr">- "no \"uwsgi_ssl_certificate_key\" is defined "</div>
<div style="direction:ltr">- "for certificate \"%V\"", &uwcf->ssl_certificate);</div>
<div style="direction:ltr">+ "no \"uwsgi_ssl_certificate_key\" is defined for "</div>
<div style="direction:ltr">+ "ssl certificate \"%V\"",</div>
<div style="direction:ltr">+ oddkey[(uwcf->ssl_certificate_keys)</div>
<div style="direction:ltr">+ ? uwcf->ssl_certificate_keys->nelts</div>
<div style="direction:ltr">+ : 0]);</div>
<div style="direction:ltr">+</div>
<div style="direction:ltr"> return NGX_ERROR;</div>
<div style="direction:ltr"> }</div>
<div style="direction:ltr"> </div>
<div style="direction:ltr">- if (ngx_ssl_certificate(cf, uwcf->upstream.ssl, &uwcf->ssl_certificate,</div>
<div style="direction:ltr">- &uwcf->ssl_certificate_key, uwcf->ssl_passwords)</div>
<div style="direction:ltr">+#ifndef SSL_CTX_add0_chain_cert</div>
<div style="direction:ltr">+ if (uwcf->ssl_certificates->nelts > 1) {</div>
<div style="direction:ltr">+ /*</div>
<div style="direction:ltr">+ * no multiple certificates support for OpenSSL < 1.0.2,</div>
<div style="direction:ltr">+ * so we need to alarm user</div>
<div style="direction:ltr">+ */</div>
<div style="direction:ltr">+ ngx_log_error(NGX_LOG_EMERG, cf->log, 0,</div>
<div style="direction:ltr">+ "Multiple certificate configured "</div>
<div style="direction:ltr">+ "in \"uwsgi_ssl_certificate\", but "</div>
<div style="direction:ltr">+ "OpenSSL < 1.0.2 used");</div>
<div style="direction:ltr">+ return NGX_ERROR;</div>
<div style="direction:ltr">+ }</div>
<div style="direction:ltr">+#endif</div>
<div style="direction:ltr">+</div>
<div style="direction:ltr">+ if (ngx_ssl_certificates(cf, uwcf->upstream.ssl, uwcf->ssl_certificates,</div>
<div style="direction:ltr">+ uwcf->ssl_certificate_keys,</div>
<div style="direction:ltr">+ uwcf->ssl_passwords)</div>
<div style="direction:ltr"> != NGX_OK)</div>
<div style="direction:ltr"> {</div>
<div style="direction:ltr"> return NGX_ERROR;</div>
<div style="direction:ltr">diff -r 24cf399885b1 -r cce55a4d8cf3 src/mail/ngx_mail_ssl_module.c</div>
<div style="direction:ltr">--- a/src/mail/ngx_mail_ssl_module.c<span class="Apple-tab-span" style="white-space:pre">
</span>Wed Apr 08 18:13:33 2015 +0200</div>
<div style="direction:ltr">+++ b/src/mail/ngx_mail_ssl_module.c<span class="Apple-tab-span" style="white-space:pre">
</span>Wed Apr 08 18:13:33 2015 +0200</div>
<div style="direction:ltr">@@ -73,16 +73,16 @@ static ngx_command_t ngx_mail_ssl_comma</div>
<div style="direction:ltr"> </div>
<div style="direction:ltr"> { ngx_string("ssl_certificate"),</div>
<div style="direction:ltr"> NGX_MAIL_MAIN_CONF|NGX_MAIL_SRV_CONF|NGX_CONF_TAKE1,</div>
<div style="direction:ltr">- ngx_conf_set_str_slot,</div>
<div style="direction:ltr">+ ngx_conf_set_str_array_slot,</div>
<div style="direction:ltr"> NGX_MAIL_SRV_CONF_OFFSET,</div>
<div style="direction:ltr">- offsetof(ngx_mail_ssl_conf_t, certificate),</div>
<div style="direction:ltr">+ offsetof(ngx_mail_ssl_conf_t, certificates),</div>
<div style="direction:ltr"> NULL },</div>
<div style="direction:ltr"> </div>
<div style="direction:ltr"> { ngx_string("ssl_certificate_key"),</div>
<div style="direction:ltr"> NGX_MAIL_MAIN_CONF|NGX_MAIL_SRV_CONF|NGX_CONF_TAKE1,</div>
<div style="direction:ltr">- ngx_conf_set_str_slot,</div>
<div style="direction:ltr">+ ngx_conf_set_str_array_slot,</div>
<div style="direction:ltr"> NGX_MAIL_SRV_CONF_OFFSET,</div>
<div style="direction:ltr">- offsetof(ngx_mail_ssl_conf_t, certificate_key),</div>
<div style="direction:ltr">+ offsetof(ngx_mail_ssl_conf_t, certificate_keys),</div>
<div style="direction:ltr"> NULL },</div>
<div style="direction:ltr"> </div>
<div style="direction:ltr"> { ngx_string("ssl_password_file"),</div>
<div style="direction:ltr">@@ -238,8 +238,6 @@ ngx_mail_ssl_create_conf(ngx_conf_t *cf)</div>
<div style="direction:ltr"> * set by ngx_pcalloc():</div>
<div style="direction:ltr"> *</div>
<div style="direction:ltr"> * scf->protocols = 0;</div>
<div style="direction:ltr">- * scf->certificate = { 0, NULL };</div>
<div style="direction:ltr">- * scf->certificate_key = { 0, NULL };</div>
<div style="direction:ltr"> * scf->dhparam = { 0, NULL };</div>
<div style="direction:ltr"> * scf->ecdh_curve = { 0, NULL };</div>
<div style="direction:ltr"> * scf->client_certificate = { 0, NULL };</div>
<div style="direction:ltr">@@ -250,6 +248,8 @@ ngx_mail_ssl_create_conf(ngx_conf_t *cf)</div>
<div style="direction:ltr"> */</div>
<div style="direction:ltr"> </div>
<div style="direction:ltr"> scf->enable = NGX_CONF_UNSET;</div>
<div style="direction:ltr">+ scf->certificates = NGX_CONF_UNSET_PTR;</div>
<div style="direction:ltr">+ scf->certificate_keys = NGX_CONF_UNSET_PTR;</div>
<div style="direction:ltr"> scf->starttls = NGX_CONF_UNSET_UINT;</div>
<div style="direction:ltr"> scf->passwords = NGX_CONF_UNSET_PTR;</div>
<div style="direction:ltr"> scf->prefer_server_ciphers = NGX_CONF_UNSET;</div>
<div style="direction:ltr">@@ -290,8 +290,9 @@ ngx_mail_ssl_merge_conf(ngx_conf_t *cf, </div>
<div style="direction:ltr"> ngx_conf_merge_uint_value(conf->verify, prev->verify, 0);</div>
<div style="direction:ltr"> ngx_conf_merge_uint_value(conf->verify_depth, prev->verify_depth, 1);</div>
<div style="direction:ltr"> </div>
<div style="direction:ltr">- ngx_conf_merge_str_value(conf->certificate, prev->certificate, "");</div>
<div style="direction:ltr">- ngx_conf_merge_str_value(conf->certificate_key, prev->certificate_key, "");</div>
<div style="direction:ltr">+ ngx_conf_merge_ptr_value(conf->certificates, prev->certificates, NULL);</div>
<div style="direction:ltr">+ ngx_conf_merge_ptr_value(conf->certificate_keys, prev->certificate_keys,</div>
<div style="direction:ltr">+ NULL);</div>
<div style="direction:ltr"> </div>
<div style="direction:ltr"> ngx_conf_merge_ptr_value(conf->passwords, prev->passwords, NULL);</div>
<div style="direction:ltr"> </div>
<div style="direction:ltr">@@ -328,7 +329,7 @@ ngx_mail_ssl_merge_conf(ngx_conf_t *cf, </div>
<div style="direction:ltr"> </div>
<div style="direction:ltr"> if (*mode) {</div>
<div style="direction:ltr"> </div>
<div style="direction:ltr">- if (conf->certificate.len == 0) {</div>
<div style="direction:ltr">+ if (!conf->certificates || conf->certificates->nelts == 0) {</div>
<div style="direction:ltr"> ngx_log_error(NGX_LOG_EMERG, cf->log, 0,</div>
<div style="direction:ltr"> "no \"ssl_certificate\" is defined for "</div>
<div style="direction:ltr"> "the \"%s\" directive in %s:%ui",</div>
<div style="direction:ltr">@@ -336,7 +337,7 @@ ngx_mail_ssl_merge_conf(ngx_conf_t *cf, </div>
<div style="direction:ltr"> return NGX_CONF_ERROR;</div>
<div style="direction:ltr"> }</div>
<div style="direction:ltr"> </div>
<div style="direction:ltr">- if (conf->certificate_key.len == 0) {</div>
<div style="direction:ltr">+ if (!conf->certificate_keys || conf->certificate_keys->nelts == 0) {</div>
<div style="direction:ltr"> ngx_log_error(NGX_LOG_EMERG, cf->log, 0,</div>
<div style="direction:ltr"> "no \"ssl_certificate_key\" is defined for "</div>
<div style="direction:ltr"> "the \"%s\" directive in %s:%ui",</div>
<div style="direction:ltr">@@ -344,17 +345,24 @@ ngx_mail_ssl_merge_conf(ngx_conf_t *cf, </div>
<div style="direction:ltr"> return NGX_CONF_ERROR;</div>
<div style="direction:ltr"> }</div>
<div style="direction:ltr"> </div>
<div style="direction:ltr">+ if (conf->certificate_keys->nelts < conf->certificates->nelts) {</div>
<div style="direction:ltr">+ ngx_log_error(NGX_LOG_EMERG, cf->log, 0,</div>
<div style="direction:ltr">+ "no \"ssl_certificate_key\" is defined "</div>
<div style="direction:ltr">+ "for certificate \"%V\"",</div>
<div style="direction:ltr">+ &conf->certificates[conf->certificate_keys->nelts]);</div>
<div style="direction:ltr">+ return NGX_CONF_ERROR;</div>
<div style="direction:ltr">+ }</div>
<div style="direction:ltr">+</div>
<div style="direction:ltr"> } else {</div>
<div style="direction:ltr"> </div>
<div style="direction:ltr">- if (conf->certificate.len == 0) {</div>
<div style="direction:ltr">+ if (!conf->certificates || conf->certificates->nelts == 0) {</div>
<div style="direction:ltr"> return NGX_CONF_OK;</div>
<div style="direction:ltr"> }</div>
<div style="direction:ltr"> </div>
<div style="direction:ltr">- if (conf->certificate_key.len == 0) {</div>
<div style="direction:ltr">+ if (!conf->certificate_keys || conf->certificate_keys->nelts == 0) {</div>
<div style="direction:ltr"> ngx_log_error(NGX_LOG_EMERG, cf->log, 0,</div>
<div style="direction:ltr"> "no \"ssl_certificate_key\" is defined "</div>
<div style="direction:ltr">- "for certificate \"%V\"",</div>
<div style="direction:ltr">- &conf->certificate);</div>
<div style="direction:ltr">+ "for certificate \"%V\"", &conf->certificates[0]);</div>
<div style="direction:ltr"> return NGX_CONF_ERROR;</div>
<div style="direction:ltr"> }</div>
<div style="direction:ltr"> }</div>
<div style="direction:ltr">@@ -371,8 +379,21 @@ ngx_mail_ssl_merge_conf(ngx_conf_t *cf, </div>
<div style="direction:ltr"> cln->handler = ngx_ssl_cleanup_ctx;</div>
<div style="direction:ltr"> cln->data = &conf->ssl;</div>
<div style="direction:ltr"> </div>
<div style="direction:ltr">- if (ngx_ssl_certificate(cf, &conf->ssl, &conf->certificate,</div>
<div style="direction:ltr">- &conf->certificate_key, conf->passwords)</div>
<div style="direction:ltr">+#ifndef SSL_CTX_add0_chain_cert</div>
<div style="direction:ltr">+ if (conf->certificates->nelts > 1) {</div>
<div style="direction:ltr">+ /*</div>
<div style="direction:ltr">+ * no multiple certificates support for OpenSSL < 1.0.2,</div>
<div style="direction:ltr">+ * so we need to alarm user</div>
<div style="direction:ltr">+ */</div>
<div style="direction:ltr">+ ngx_log_error(NGX_LOG_EMERG, cf->log, 0,</div>
<div style="direction:ltr">+ "Multiple certificate configured in "</div>
<div style="direction:ltr">+ "\"ssl_certificate\", but OpenSSL < 1.0.2 used");</div>
<div style="direction:ltr">+ return NGX_CONF_ERROR;</div>
<div style="direction:ltr">+ }</div>
<div style="direction:ltr">+#endif</div>
<div style="direction:ltr">+</div>
<div style="direction:ltr">+ if (ngx_ssl_certificates(cf, &conf->ssl, conf->certificates,</div>
<div style="direction:ltr">+ conf->certificate_keys, conf->passwords)</div>
<div style="direction:ltr"> != NGX_OK)</div>
<div style="direction:ltr"> {</div>
<div style="direction:ltr"> return NGX_CONF_ERROR;</div>
<div style="direction:ltr">diff -r 24cf399885b1 -r cce55a4d8cf3 src/mail/ngx_mail_ssl_module.h</div>
<div style="direction:ltr">--- a/src/mail/ngx_mail_ssl_module.h<span class="Apple-tab-span" style="white-space:pre">
</span>Wed Apr 08 18:13:33 2015 +0200</div>
<div style="direction:ltr">+++ b/src/mail/ngx_mail_ssl_module.h<span class="Apple-tab-span" style="white-space:pre">
</span>Wed Apr 08 18:13:33 2015 +0200</div>
<div style="direction:ltr">@@ -35,8 +35,8 @@ typedef struct {</div>
<div style="direction:ltr"> </div>
<div style="direction:ltr"> time_t session_timeout;</div>
<div style="direction:ltr"> </div>
<div style="direction:ltr">- ngx_str_t certificate;</div>
<div style="direction:ltr">- ngx_str_t certificate_key;</div>
<div style="direction:ltr">+ ngx_array_t *certificates;</div>
<div style="direction:ltr">+ ngx_array_t *certificate_keys;</div>
<div style="direction:ltr"> ngx_str_t dhparam;</div>
<div style="direction:ltr"> ngx_str_t ecdh_curve;</div>
<div style="direction:ltr"> ngx_str_t client_certificate;</div>
<div style="color:rgb(0,0,0); font-family:Tahoma; font-size:10pt"><br>
</div>
</div>
</div>
</div>
</div>
</body>
</html>