[PATCH] Nginx secure link module with HMAC construction

Adrian Kotelba adrian.kotelba at barbasyn.org
Sat Apr 28 17:52:45 UTC 2012


Oops. So it must work  without OpenSSL. This requirement makes all
things more complicated and inflexible. All hashing algorithms of
practical importance (sha1, sha256) should be implemented in the
module. It is a lot of work :)

Well, maybe someone finds the patch useful.

2012/4/28 Maxim Dounin <mdounin at mdounin.ru>:
> Hello!
> On Sat, Apr 28, 2012 at 11:48:02AM +0300, Adrian Kotelba wrote:
>> Hello,
>> Attached is the proposed patch to http_secure_link module. With the
>> patch, the security and functionality of the module is extended. First
>> of all, the secure token is created using much more secure HMAC
>> construction with an arbitrary hash algorithm supported by OpenSSL,
>> e.g., md5, sha1, sha256, sha512. Secure token is created in the
> The ngx_http_secure_link module must be usable without OpenSSL.
> Maxim Dounin
> _______________________________________________
> nginx-devel mailing list
> nginx-devel at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx-devel

More information about the nginx-devel mailing list