[PATCH 2 of 2] Mail: add SSL stapling resolver and timeout.

Filipe DA SILVA fdasilva at ingima.com
Mon Apr 27 08:55:15 UTC 2015


# HG changeset patch
# User Filipe da Silva <fdasilva at ingima.com>
# Date 1430124786 -7200
#      Mon Apr 27 10:53:06 2015 +0200
# Branch stable-1.6
# Node ID 55cca5107f72f4ed950a20265e2627296acfa4a5
# Parent  bc8fc02d70953b3e55a10312130f4c22c5adf1b7
Mail: propagate resolver and resolver_timeout settings to SSL stapling

Propagate resolver and resolver_timeout settings from mail core module
to mail ssl module.

Same functionality as in http_ssl_module.

Compatible with nginx 1.6 and 1.8

diff -r bc8fc02d7095 -r 55cca5107f72 src/mail/ngx_mail.c
--- a/src/mail/ngx_mail.c	Mon Apr 27 10:53:05 2015 +0200
+++ b/src/mail/ngx_mail.c	Mon Apr 27 10:53:06 2015 +0200
@@ -217,6 +217,21 @@ ngx_mail_block(ngx_conf_t *cf, ngx_comma
         }
     }
 
+    for (m = 0; ngx_modules[m]; m++) {
+        if (ngx_modules[m]->type != NGX_MAIL_MODULE) {
+            continue;
+        }
+
+        module = ngx_modules[m]->ctx;
+
+        if (module->postconfiguration) {
+            if (module->postconfiguration(cf) != NGX_OK) {
+                return NGX_CONF_ERROR;
+            }
+        }
+    }
+
+
     *cf = pcf;
 
 
diff -r bc8fc02d7095 -r 55cca5107f72 src/mail/ngx_mail.h
--- a/src/mail/ngx_mail.h	Mon Apr 27 10:53:05 2015 +0200
+++ b/src/mail/ngx_mail.h	Mon Apr 27 10:53:06 2015 +0200
@@ -342,6 +342,8 @@ struct ngx_mail_protocol_s {
 typedef struct {
     ngx_mail_protocol_t        *protocol;
 
+    ngx_int_t                 (*postconfiguration)(ngx_conf_t *cf);
+
     void                       *(*create_main_conf)(ngx_conf_t *cf);
     char                       *(*init_main_conf)(ngx_conf_t *cf, void *conf);
 
diff -r bc8fc02d7095 -r 55cca5107f72 src/mail/ngx_mail_auth_http_module.c
--- a/src/mail/ngx_mail_auth_http_module.c	Mon Apr 27 10:53:05 2015 +0200
+++ b/src/mail/ngx_mail_auth_http_module.c	Mon Apr 27 10:53:06 2015 +0200
@@ -113,6 +113,8 @@ static ngx_command_t  ngx_mail_auth_http
 static ngx_mail_module_t  ngx_mail_auth_http_module_ctx = {
     NULL,                                  /* protocol */
 
+    NULL,                                  /* post configuration */
+
     NULL,                                  /* create main configuration */
     NULL,                                  /* init main configuration */
 
diff -r bc8fc02d7095 -r 55cca5107f72 src/mail/ngx_mail_core_module.c
--- a/src/mail/ngx_mail_core_module.c	Mon Apr 27 10:53:05 2015 +0200
+++ b/src/mail/ngx_mail_core_module.c	Mon Apr 27 10:53:06 2015 +0200
@@ -96,6 +96,8 @@ static ngx_command_t  ngx_mail_core_comm
 static ngx_mail_module_t  ngx_mail_core_module_ctx = {
     NULL,                                  /* protocol */
 
+    NULL,                                  /* post configuration */
+
     ngx_mail_core_create_main_conf,        /* create main configuration */
     NULL,                                  /* init main configuration */
 
diff -r bc8fc02d7095 -r 55cca5107f72 src/mail/ngx_mail_imap_module.c
--- a/src/mail/ngx_mail_imap_module.c	Mon Apr 27 10:53:05 2015 +0200
+++ b/src/mail/ngx_mail_imap_module.c	Mon Apr 27 10:53:06 2015 +0200
@@ -86,6 +86,8 @@ static ngx_command_t  ngx_mail_imap_comm
 static ngx_mail_module_t  ngx_mail_imap_module_ctx = {
     &ngx_mail_imap_protocol,               /* protocol */
 
+    NULL,                                  /* post configuration */
+
     NULL,                                  /* create main configuration */
     NULL,                                  /* init main configuration */
 
diff -r bc8fc02d7095 -r 55cca5107f72 src/mail/ngx_mail_pop3_module.c
--- a/src/mail/ngx_mail_pop3_module.c	Mon Apr 27 10:53:05 2015 +0200
+++ b/src/mail/ngx_mail_pop3_module.c	Mon Apr 27 10:53:06 2015 +0200
@@ -85,6 +85,8 @@ static ngx_command_t  ngx_mail_pop3_comm
 static ngx_mail_module_t  ngx_mail_pop3_module_ctx = {
     &ngx_mail_pop3_protocol,               /* protocol */
 
+    NULL,                                  /* post configuration */
+
     NULL,                                  /* create main configuration */
     NULL,                                  /* init main configuration */
 
diff -r bc8fc02d7095 -r 55cca5107f72 src/mail/ngx_mail_proxy_module.c
--- a/src/mail/ngx_mail_proxy_module.c	Mon Apr 27 10:53:05 2015 +0200
+++ b/src/mail/ngx_mail_proxy_module.c	Mon Apr 27 10:53:06 2015 +0200
@@ -81,6 +81,8 @@ static ngx_command_t  ngx_mail_proxy_com
 static ngx_mail_module_t  ngx_mail_proxy_module_ctx = {
     NULL,                                  /* protocol */
 
+    NULL,                                  /* post configuration */
+
     NULL,                                  /* create main configuration */
     NULL,                                  /* init main configuration */
 
diff -r bc8fc02d7095 -r 55cca5107f72 src/mail/ngx_mail_smtp_module.c
--- a/src/mail/ngx_mail_smtp_module.c	Mon Apr 27 10:53:05 2015 +0200
+++ b/src/mail/ngx_mail_smtp_module.c	Mon Apr 27 10:53:06 2015 +0200
@@ -86,6 +86,8 @@ static ngx_command_t  ngx_mail_smtp_comm
 static ngx_mail_module_t  ngx_mail_smtp_module_ctx = {
     &ngx_mail_smtp_protocol,               /* protocol */
 
+    NULL,                                  /* post configuration */
+
     NULL,                                  /* create main configuration */
     NULL,                                  /* init main configuration */
 
diff -r bc8fc02d7095 -r 55cca5107f72 src/mail/ngx_mail_ssl_module.c
--- a/src/mail/ngx_mail_ssl_module.c	Mon Apr 27 10:53:05 2015 +0200
+++ b/src/mail/ngx_mail_ssl_module.c	Mon Apr 27 10:53:06 2015 +0200
@@ -23,6 +23,7 @@ static char *ngx_mail_ssl_starttls(ngx_c
     void *conf);
 static char *ngx_mail_ssl_session_cache(ngx_conf_t *cf, ngx_command_t *cmd,
     void *conf);
+static ngx_int_t ngx_mail_ssl_init(ngx_conf_t *cf);
 
 
 static ngx_conf_enum_t  ngx_mail_starttls_state[] = {
@@ -172,6 +173,8 @@ static ngx_command_t  ngx_mail_ssl_comma
 static ngx_mail_module_t  ngx_mail_ssl_module_ctx = {
     NULL,                                  /* protocol */
 
+    ngx_mail_ssl_init,                     /* post configuration */
+
     NULL,                                  /* create main configuration */
     NULL,                                  /* init main configuration */
 
@@ -580,3 +583,37 @@ invalid:
 
     return NGX_CONF_ERROR;
 }
+
+
+static ngx_int_t
+ngx_mail_ssl_init(ngx_conf_t *cf)
+{
+    ngx_uint_t                   s;
+    ngx_mail_ssl_conf_t         *scf;
+    ngx_mail_core_srv_conf_t    *cscf;
+    ngx_mail_core_srv_conf_t   **cscfp;
+    ngx_mail_core_main_conf_t   *cmcf;
+
+    cmcf = ngx_mail_conf_get_module_main_conf(cf, ngx_mail_core_module);
+    cscfp = cmcf->servers.elts;
+
+    for (s = 0; s < cmcf->servers.nelts; s++) {
+
+        scf = cscfp[s]->ctx->srv_conf[ngx_mail_ssl_module.ctx_index];
+
+        if (scf->ssl.ctx == NULL || !scf->stapling) {
+            continue;
+        }
+
+        cscf = cscfp[s]->ctx->srv_conf[ngx_mail_core_module.ctx_index];
+
+        if (ngx_ssl_stapling_resolver(cf, &scf->ssl, cscf->resolver,
+                                      cscf->resolver_timeout)
+            != NGX_OK)
+        {
+            return NGX_ERROR;
+        }
+    }
+
+    return NGX_OK;
+}



More information about the nginx-devel mailing list