[PATCH 2 of 2] Mail: add SSL stapling resolver and timeout.
Filipe DA SILVA
fdasilva at ingima.com
Mon Apr 27 08:55:15 UTC 2015
# HG changeset patch
# User Filipe da Silva <fdasilva at ingima.com>
# Date 1430124786 -7200
# Mon Apr 27 10:53:06 2015 +0200
# Branch stable-1.6
# Node ID 55cca5107f72f4ed950a20265e2627296acfa4a5
# Parent bc8fc02d70953b3e55a10312130f4c22c5adf1b7
Mail: propagate resolver and resolver_timeout settings to SSL stapling
Propagate resolver and resolver_timeout settings from mail core module
to mail ssl module.
Same functionality as in http_ssl_module.
Compatible with nginx 1.6 and 1.8
diff -r bc8fc02d7095 -r 55cca5107f72 src/mail/ngx_mail.c
--- a/src/mail/ngx_mail.c Mon Apr 27 10:53:05 2015 +0200
+++ b/src/mail/ngx_mail.c Mon Apr 27 10:53:06 2015 +0200
@@ -217,6 +217,21 @@ ngx_mail_block(ngx_conf_t *cf, ngx_comma
}
}
+ for (m = 0; ngx_modules[m]; m++) {
+ if (ngx_modules[m]->type != NGX_MAIL_MODULE) {
+ continue;
+ }
+
+ module = ngx_modules[m]->ctx;
+
+ if (module->postconfiguration) {
+ if (module->postconfiguration(cf) != NGX_OK) {
+ return NGX_CONF_ERROR;
+ }
+ }
+ }
+
+
*cf = pcf;
diff -r bc8fc02d7095 -r 55cca5107f72 src/mail/ngx_mail.h
--- a/src/mail/ngx_mail.h Mon Apr 27 10:53:05 2015 +0200
+++ b/src/mail/ngx_mail.h Mon Apr 27 10:53:06 2015 +0200
@@ -342,6 +342,8 @@ struct ngx_mail_protocol_s {
typedef struct {
ngx_mail_protocol_t *protocol;
+ ngx_int_t (*postconfiguration)(ngx_conf_t *cf);
+
void *(*create_main_conf)(ngx_conf_t *cf);
char *(*init_main_conf)(ngx_conf_t *cf, void *conf);
diff -r bc8fc02d7095 -r 55cca5107f72 src/mail/ngx_mail_auth_http_module.c
--- a/src/mail/ngx_mail_auth_http_module.c Mon Apr 27 10:53:05 2015 +0200
+++ b/src/mail/ngx_mail_auth_http_module.c Mon Apr 27 10:53:06 2015 +0200
@@ -113,6 +113,8 @@ static ngx_command_t ngx_mail_auth_http
static ngx_mail_module_t ngx_mail_auth_http_module_ctx = {
NULL, /* protocol */
+ NULL, /* post configuration */
+
NULL, /* create main configuration */
NULL, /* init main configuration */
diff -r bc8fc02d7095 -r 55cca5107f72 src/mail/ngx_mail_core_module.c
--- a/src/mail/ngx_mail_core_module.c Mon Apr 27 10:53:05 2015 +0200
+++ b/src/mail/ngx_mail_core_module.c Mon Apr 27 10:53:06 2015 +0200
@@ -96,6 +96,8 @@ static ngx_command_t ngx_mail_core_comm
static ngx_mail_module_t ngx_mail_core_module_ctx = {
NULL, /* protocol */
+ NULL, /* post configuration */
+
ngx_mail_core_create_main_conf, /* create main configuration */
NULL, /* init main configuration */
diff -r bc8fc02d7095 -r 55cca5107f72 src/mail/ngx_mail_imap_module.c
--- a/src/mail/ngx_mail_imap_module.c Mon Apr 27 10:53:05 2015 +0200
+++ b/src/mail/ngx_mail_imap_module.c Mon Apr 27 10:53:06 2015 +0200
@@ -86,6 +86,8 @@ static ngx_command_t ngx_mail_imap_comm
static ngx_mail_module_t ngx_mail_imap_module_ctx = {
&ngx_mail_imap_protocol, /* protocol */
+ NULL, /* post configuration */
+
NULL, /* create main configuration */
NULL, /* init main configuration */
diff -r bc8fc02d7095 -r 55cca5107f72 src/mail/ngx_mail_pop3_module.c
--- a/src/mail/ngx_mail_pop3_module.c Mon Apr 27 10:53:05 2015 +0200
+++ b/src/mail/ngx_mail_pop3_module.c Mon Apr 27 10:53:06 2015 +0200
@@ -85,6 +85,8 @@ static ngx_command_t ngx_mail_pop3_comm
static ngx_mail_module_t ngx_mail_pop3_module_ctx = {
&ngx_mail_pop3_protocol, /* protocol */
+ NULL, /* post configuration */
+
NULL, /* create main configuration */
NULL, /* init main configuration */
diff -r bc8fc02d7095 -r 55cca5107f72 src/mail/ngx_mail_proxy_module.c
--- a/src/mail/ngx_mail_proxy_module.c Mon Apr 27 10:53:05 2015 +0200
+++ b/src/mail/ngx_mail_proxy_module.c Mon Apr 27 10:53:06 2015 +0200
@@ -81,6 +81,8 @@ static ngx_command_t ngx_mail_proxy_com
static ngx_mail_module_t ngx_mail_proxy_module_ctx = {
NULL, /* protocol */
+ NULL, /* post configuration */
+
NULL, /* create main configuration */
NULL, /* init main configuration */
diff -r bc8fc02d7095 -r 55cca5107f72 src/mail/ngx_mail_smtp_module.c
--- a/src/mail/ngx_mail_smtp_module.c Mon Apr 27 10:53:05 2015 +0200
+++ b/src/mail/ngx_mail_smtp_module.c Mon Apr 27 10:53:06 2015 +0200
@@ -86,6 +86,8 @@ static ngx_command_t ngx_mail_smtp_comm
static ngx_mail_module_t ngx_mail_smtp_module_ctx = {
&ngx_mail_smtp_protocol, /* protocol */
+ NULL, /* post configuration */
+
NULL, /* create main configuration */
NULL, /* init main configuration */
diff -r bc8fc02d7095 -r 55cca5107f72 src/mail/ngx_mail_ssl_module.c
--- a/src/mail/ngx_mail_ssl_module.c Mon Apr 27 10:53:05 2015 +0200
+++ b/src/mail/ngx_mail_ssl_module.c Mon Apr 27 10:53:06 2015 +0200
@@ -23,6 +23,7 @@ static char *ngx_mail_ssl_starttls(ngx_c
void *conf);
static char *ngx_mail_ssl_session_cache(ngx_conf_t *cf, ngx_command_t *cmd,
void *conf);
+static ngx_int_t ngx_mail_ssl_init(ngx_conf_t *cf);
static ngx_conf_enum_t ngx_mail_starttls_state[] = {
@@ -172,6 +173,8 @@ static ngx_command_t ngx_mail_ssl_comma
static ngx_mail_module_t ngx_mail_ssl_module_ctx = {
NULL, /* protocol */
+ ngx_mail_ssl_init, /* post configuration */
+
NULL, /* create main configuration */
NULL, /* init main configuration */
@@ -580,3 +583,37 @@ invalid:
return NGX_CONF_ERROR;
}
+
+
+static ngx_int_t
+ngx_mail_ssl_init(ngx_conf_t *cf)
+{
+ ngx_uint_t s;
+ ngx_mail_ssl_conf_t *scf;
+ ngx_mail_core_srv_conf_t *cscf;
+ ngx_mail_core_srv_conf_t **cscfp;
+ ngx_mail_core_main_conf_t *cmcf;
+
+ cmcf = ngx_mail_conf_get_module_main_conf(cf, ngx_mail_core_module);
+ cscfp = cmcf->servers.elts;
+
+ for (s = 0; s < cmcf->servers.nelts; s++) {
+
+ scf = cscfp[s]->ctx->srv_conf[ngx_mail_ssl_module.ctx_index];
+
+ if (scf->ssl.ctx == NULL || !scf->stapling) {
+ continue;
+ }
+
+ cscf = cscfp[s]->ctx->srv_conf[ngx_mail_core_module.ctx_index];
+
+ if (ngx_ssl_stapling_resolver(cf, &scf->ssl, cscf->resolver,
+ cscf->resolver_timeout)
+ != NGX_OK)
+ {
+ return NGX_ERROR;
+ }
+ }
+
+ return NGX_OK;
+}
More information about the nginx-devel
mailing list