ssl/nonssl listener в контексте одного server'а

Artem Bokhan artist at academ.org
Mon Sep 1 10:47:32 MSD 2008


Пока что работает ;) Спасибо.

Igor Sysoev пишет:
> On Wed, Aug 27, 2008 at 11:49:43PM +0400, Igor Sysoev wrote:
>
>   
>> On Wed, Aug 27, 2008 at 05:05:33PM +0700, Artem Bokhan wrote:
>>
>>     
>>> Игорь, а нельзя ли упростить включение ssl до вида, схожего с указанным 
>>> ниже? Возможно, я ошибаюсь, и возможность слушать ssl и не-ssl порты в 
>>> контексте одного сервера уже реализована?
>>>
>>>    server {
>>>        listen  80;
>>>        listen  443 ssl;
>>>        ....
>>>    }
>>>       
>> Прилагаемый патч добавляет такую функциональность.
>> Если тестирование пройдёт успешно, то патч будет включён в 0.7.14.
>>
>>     server {
>>         listen  80;
>>         listen  443 default ssl;
>>
>>         server_name  www.example.com;
>>
>>         ssl_certificate       /path/to/cert;
>>         ssl_certificate_key   /path/to/key;
>>
>>         location / {
>>             ...
>>         }
>>
>>         location /ssl/only/dir/ {
>>             if ($scheme = http) {
>>                 rewrite  ^(.+)$   https://www.example.com$1;
>>             }
>>             ...
>>         }
>>
>>     }
>>     
>
> Новая версия.
>
>
>   
> ------------------------------------------------------------------------
>
> Index: src/http/ngx_http_request.c
> ===================================================================
> --- src/http/ngx_http_request.c	(revision 1538)
> +++ src/http/ngx_http_request.c	(working copy)
> @@ -357,9 +357,20 @@
>      ngx_http_ssl_srv_conf_t  *sscf;
>  
>      sscf = ngx_http_get_module_srv_conf(r, ngx_http_ssl_module);
> -    if (sscf->enable) {
> +    if (sscf->enable || hia[i].ssl) {
>  
>          if (c->ssl == NULL) {
> +
> +            c->log->action = "SSL handshaking";
> +
> +            if (hia[i].ssl && sscf->ssl.ctx == NULL) {
> +                ngx_log_error(NGX_LOG_ERR, c->log, 0,
> +                              "no \"ssl_certificate\" is defined "
> +                              "in server listening on SSL port");
> +                ngx_http_close_connection(c);
> +                return;
> +            }
> +
>              if (ngx_ssl_create_connection(&sscf->ssl, c, NGX_SSL_BUFFER)
>                  == NGX_ERROR)
>              {
> @@ -529,6 +540,8 @@
>          }
>      }
>  
> +    c->log->action = "reading client request line";
> +
>      rev->handler = ngx_http_process_request_line;
>      ngx_http_process_request_line(rev);
>  }
> Index: src/http/ngx_http_core_module.c
> ===================================================================
> --- src/http/ngx_http_core_module.c	(revision 1538)
> +++ src/http/ngx_http_core_module.c	(working copy)
> @@ -3081,6 +3081,17 @@
>              continue;
>          }
>  
> +        if (ngx_strcmp(value[n].data, "ssl") == 0) {
> +#if (NGX_HTTP_SSL)
> +            ls->conf.ssl = 1;
> +#else
> +            ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
> +                               "the \"ssl\" parameter requires "
> +                               "ngx_http_ssl_module, ignored");
> +#endif
> +            continue;
> +        }
> +
>          ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
>                             "the invalid \"%V\" parameter", &value[n]);
>          return NGX_CONF_ERROR;
> Index: src/http/ngx_http_core_module.h
> ===================================================================
> --- src/http/ngx_http_core_module.h	(revision 1538)
> +++ src/http/ngx_http_core_module.h	(working copy)
> @@ -35,6 +35,9 @@
>  typedef struct {
>      unsigned                   default_server:1;
>      unsigned                   bind:1;
> +#if (NGX_HTTP_SSL)
> +    unsigned                   ssl:1;
> +#endif
>  
>      int                        backlog;
>      int                        rcvbuf;
> @@ -167,6 +170,10 @@
>      ngx_http_core_srv_conf_t  *core_srv_conf;
>  
>      ngx_http_virtual_names_t  *virtual_names;
> +
> +#if (NGX_HTTP_SSL)
> +    ngx_uint_t                 ssl;   /* unsigned  ssl:1; */
> +#endif
>  } ngx_http_in_addr_t;
>  
>  
> @@ -203,6 +210,9 @@
>  
>      unsigned                   default_server:1;
>      unsigned                   bind:1;
> +#if (NGX_HTTP_SSL)
> +    unsigned                   ssl:1;
> +#endif
>  
>      ngx_http_listen_conf_t    *listen_conf;
>  } ngx_http_conf_in_addr_t;
> Index: src/http/modules/ngx_http_ssl_module.c
> ===================================================================
> --- src/http/modules/ngx_http_ssl_module.c	(revision 1538)
> +++ src/http/modules/ngx_http_ssl_module.c	(working copy)
> @@ -13,8 +13,6 @@
>      ngx_pool_t *pool, ngx_str_t *s);
>  
>  
> -#define NGX_DEFAULT_CERTIFICATE      "cert.pem"
> -#define NGX_DEFAULT_CERTIFICATE_KEY  "cert.pem"
>  #define NGX_DEFAULT_CIPHERS  "ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP"
>  
>  
> @@ -28,6 +26,8 @@
>  static char *ngx_http_ssl_merge_srv_conf(ngx_conf_t *cf,
>      void *parent, void *child);
>  
> +static char *ngx_http_ssl_enable(ngx_conf_t *cf, ngx_command_t *cmd,
> +    void *conf);
>  static char *ngx_http_ssl_session_cache(ngx_conf_t *cf, ngx_command_t *cmd,
>      void *conf);
>  
> @@ -61,7 +61,7 @@
>  
>      { ngx_string("ssl"),
>        NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_FLAG,
> -      ngx_conf_set_flag_slot,
> +      ngx_http_ssl_enable,
>        NGX_HTTP_SRV_CONF_OFFSET,
>        offsetof(ngx_http_ssl_srv_conf_t, enable),
>        NULL },
> @@ -339,10 +339,6 @@
>  
>      ngx_conf_merge_value(conf->enable, prev->enable, 0);
>  
> -    if (conf->enable == 0) {
> -        return NGX_CONF_OK;
> -    }
> -
>      ngx_conf_merge_value(conf->session_timeout,
>                           prev->session_timeout, 300);
>  
> @@ -356,12 +352,9 @@
>      ngx_conf_merge_uint_value(conf->verify, prev->verify, 0);
>      ngx_conf_merge_uint_value(conf->verify_depth, prev->verify_depth, 1);
>  
> -    ngx_conf_merge_str_value(conf->certificate, prev->certificate,
> -                         NGX_DEFAULT_CERTIFICATE);
> +    ngx_conf_merge_str_value(conf->certificate, prev->certificate, "");
> +    ngx_conf_merge_str_value(conf->certificate_key, prev->certificate_key, "");
>  
> -    ngx_conf_merge_str_value(conf->certificate_key, prev->certificate_key,
> -                         NGX_DEFAULT_CERTIFICATE_KEY);
> -
>      ngx_conf_merge_str_value(conf->dhparam, prev->dhparam, "");
>  
>      ngx_conf_merge_str_value(conf->client_certificate, prev->client_certificate,
> @@ -372,6 +365,39 @@
>  
>      conf->ssl.log = cf->log;
>  
> +    if (conf->enable) {
> +
> +        if (conf->certificate.len == 0) {
> +            ngx_log_error(NGX_LOG_EMERG, cf->log, 0,
> +                          "SSL mode is enabled, "
> +                          "but no \"ssl_certificate\" is defined in %s:%ui",
> +                          conf->file, conf->line);
> +            return NGX_CONF_ERROR;
> +        }
> +
> +        if (conf->certificate_key.len == 0) {
> +            ngx_log_error(NGX_LOG_EMERG, cf->log, 0,
> +                          "SSL mode is enabled, "
> +                          "but no \"ssl_certificate_key\" is defined in %s:%ui",
> +                          conf->file, conf->line);
> +            return NGX_CONF_ERROR;
> +        }
> +
> +    } else {
> +
> +        if (conf->certificate.len == 0) {
> +            return NGX_CONF_OK;
> +        }
> +
> +        if (conf->certificate_key.len == 0) {
> +            ngx_log_error(NGX_LOG_EMERG, cf->log, 0,
> +                          "no \"ssl_certificate_key\" is defined "
> +                          "for certificate \"%V\"",
> +                          &conf->certificate);
> +            return NGX_CONF_ERROR;
> +        }
> +    }
> +
>      if (ngx_ssl_create(&conf->ssl, conf->protocols, conf) != NGX_OK) {
>          return NGX_CONF_ERROR;
>      }
> @@ -467,6 +493,26 @@
>  
>  
>  static char *
> +ngx_http_ssl_enable(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
> +{
> +    ngx_http_ssl_srv_conf_t *sscf = conf;
> +
> +    char  *rv;
> +
> +    rv = ngx_conf_set_flag_slot(cf, cmd, conf);
> +
> +    if (rv != NGX_CONF_OK) {
> +        return rv;
> +    }
> +
> +    sscf->file = cf->conf_file->file.name.data;
> +    sscf->line = cf->conf_file->line;
> +
> +    return NGX_CONF_OK;
> +}
> +
> +
> +static char *
>  ngx_http_ssl_session_cache(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
>  {
>      ngx_http_ssl_srv_conf_t *sscf = conf;
> Index: src/http/modules/ngx_http_ssl_module.h
> ===================================================================
> --- src/http/modules/ngx_http_ssl_module.h	(revision 1538)
> +++ src/http/modules/ngx_http_ssl_module.h	(working copy)
> @@ -37,6 +37,9 @@
>      ngx_str_t                       ciphers;
>  
>      ngx_shm_zone_t                 *shm_zone;
> +
> +    u_char                         *file;
> +    ngx_uint_t                      line;
>  } ngx_http_ssl_srv_conf_t;
>  
>  
> Index: src/http/ngx_http.c
> ===================================================================
> --- src/http/ngx_http.c	(revision 1538)
> +++ src/http/ngx_http.c	(working copy)
> @@ -1158,6 +1158,10 @@
>  
>                          in_addr[a].core_srv_conf = cscfp[s];
>                          in_addr[a].default_server = 1;
> +#if (NGX_HTTP_SSL)
> +                        in_addr[a].ssl = listen[l].conf.ssl;
> +#endif
> +                        in_addr[a].listen_conf = &listen[l].conf;
>                      }
>  
>                      goto found;
> @@ -1241,6 +1245,9 @@
>      in_addr->core_srv_conf = cscf;
>      in_addr->default_server = listen->conf.default_server;
>      in_addr->bind = listen->conf.bind;
> +#if (NGX_HTTP_SSL)
> +    in_addr->ssl = listen->conf.ssl;
> +#endif
>      in_addr->listen_conf = &listen->conf;
>  
>      return ngx_http_add_names(cf, cscf, in_addr);
> @@ -1647,6 +1654,10 @@
>              hip->addrs[i].addr = in_addr[i].addr;
>              hip->addrs[i].core_srv_conf = in_addr[i].core_srv_conf;
>  
> +#if (NGX_HTTP_SSL)
> +            hip->addrs[i].ssl = in_addr[i].ssl;
> +#endif
> +
>              if (in_addr[i].hash.buckets == NULL
>                  && (in_addr[i].wc_head == NULL
>                      || in_addr[i].wc_head->hash.buckets == NULL)
> Index: src/mail/ngx_mail.c
> ===================================================================
> --- src/mail/ngx_mail.c	(revision 1538)
> +++ src/mail/ngx_mail.c	(working copy)
> @@ -261,6 +261,9 @@
>          in_addr->addr = imls[l].addr;
>          in_addr->ctx = imls[l].ctx;
>          in_addr->bind = imls[l].bind;
> +#if (NGX_MAIL_SSL)
> +        in_addr->ssl = imls[l].ssl;
> +#endif
>      }
>  
>      /* optimize the lists of ports and addresses */
> @@ -370,6 +373,10 @@
>  
>                  imip->addrs[i].addr_text.len = len;
>                  imip->addrs[i].addr_text.data = text;
> +
> +#if (NGX_MAIL_SSL)
> +                imip->addrs[i].ssl = in_addr[i].ssl;
> +#endif
>              }
>  
>              if (done) {
> Index: src/mail/ngx_mail.h
> ===================================================================
> --- src/mail/ngx_mail.h	(revision 1538)
> +++ src/mail/ngx_mail.h	(working copy)
> @@ -34,6 +34,9 @@
>      ngx_mail_conf_ctx_t    *ctx;
>  
>      unsigned                bind:1;
> +#if (NGX_MAIL_SSL)
> +    unsigned                ssl:1;
> +#endif
>  } ngx_mail_listen_t;
>  
>  
> @@ -41,6 +44,9 @@
>      in_addr_t               addr;
>      ngx_mail_conf_ctx_t    *ctx;
>      ngx_str_t               addr_text;
> +#if (NGX_MAIL_SSL)
> +    ngx_uint_t              ssl;    /* unsigned   ssl:1; */
> +#endif
>  } ngx_mail_in_addr_t;
>  
>  
> @@ -60,6 +66,9 @@
>      in_addr_t               addr;
>      ngx_mail_conf_ctx_t    *ctx;
>      unsigned                bind:1;
> +#if (NGX_MAIL_SSL)
> +    unsigned                ssl:1;
> +#endif
>  } ngx_mail_conf_in_addr_t;
>  
>  
> Index: src/mail/ngx_mail_core_module.c
> ===================================================================
> --- src/mail/ngx_mail_core_module.c	(revision 1538)
> +++ src/mail/ngx_mail_core_module.c	(working copy)
> @@ -351,18 +351,30 @@
>          }
>      }
>  
> -    if (cf->args->nelts == 2) {
> -        return NGX_CONF_OK;
> -    }
> +    for (i = 2; i < cf->args->nelts; i++) {
>  
> -    if (ngx_strcmp(value[2].data, "bind") == 0) {
> -        imls->bind = 1;
> -        return NGX_CONF_OK;
> +        if (ngx_strcmp(value[i].data, "bind") == 0) {
> +            imls->bind = 1;
> +            continue;
> +        }
> +
> +        if (ngx_strcmp(value[i].data, "ssl") == 0) {
> +#if (NGX_MAIL_SSL)
> +            imls->ssl = 1;
> +#else
> +            ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
> +                               "the \"ssl\" parameter requires "
> +                               "ngx_mail_ssl_module, ignored");
> +#endif
> +            continue;
> +        }
> +
> +        ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
> +                           "the invalid \"%V\" parameter", &value[i]);
> +        return NGX_CONF_ERROR;
>      }
>  
> -    ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
> -                       "the invalid \"%V\" parameter", &value[2]);
> -    return NGX_CONF_ERROR;
> +    return NGX_CONF_OK;
>  }
>  
>  
> Index: src/mail/ngx_mail_ssl_module.c
> ===================================================================
> --- src/mail/ngx_mail_ssl_module.c	(revision 1538)
> +++ src/mail/ngx_mail_ssl_module.c	(working copy)
> @@ -9,13 +9,16 @@
>  #include <ngx_mail.h>
>  
>  
> -#define NGX_DEFAULT_CERTIFICATE      "cert.pem"
> -#define NGX_DEFAULT_CERTIFICATE_KEY  "cert.pem"
>  #define NGX_DEFAULT_CIPHERS  "ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP"
>  
>  
>  static void *ngx_mail_ssl_create_conf(ngx_conf_t *cf);
>  static char *ngx_mail_ssl_merge_conf(ngx_conf_t *cf, void *parent, void *child);
> +
> +static char *ngx_mail_ssl_enable(ngx_conf_t *cf, ngx_command_t *cmd,
> +    void *conf);
> +static char *ngx_mail_ssl_starttls(ngx_conf_t *cf, ngx_command_t *cmd,
> +    void *conf);
>  static char *ngx_mail_ssl_session_cache(ngx_conf_t *cf, ngx_command_t *cmd,
>      void *conf);
>  
> @@ -50,14 +53,14 @@
>  
>      { ngx_string("ssl"),
>        NGX_MAIL_MAIN_CONF|NGX_MAIL_SRV_CONF|NGX_CONF_FLAG,
> -      ngx_conf_set_flag_slot,
> +      ngx_mail_ssl_enable,
>        NGX_MAIL_SRV_CONF_OFFSET,
>        offsetof(ngx_mail_ssl_conf_t, enable),
>        NULL },
>  
>      { ngx_string("starttls"),
>        NGX_MAIL_MAIN_CONF|NGX_MAIL_SRV_CONF|NGX_CONF_TAKE1,
> -      ngx_conf_set_enum_slot,
> +      ngx_mail_ssl_starttls,
>        NGX_MAIL_SRV_CONF_OFFSET,
>        offsetof(ngx_mail_ssl_conf_t, starttls),
>        ngx_http_starttls_state },
> @@ -197,12 +200,9 @@
>      ngx_pool_cleanup_t  *cln;
>  
>      ngx_conf_merge_value(conf->enable, prev->enable, 0);
> -    ngx_conf_merge_value(conf->starttls, prev->starttls, NGX_MAIL_STARTTLS_OFF);
> +    ngx_conf_merge_uint_value(conf->starttls, prev->starttls,
> +                         NGX_MAIL_STARTTLS_OFF);
>  
> -    if (conf->enable == 0 && conf->starttls == NGX_MAIL_STARTTLS_OFF) {
> -        return NGX_CONF_OK;
> -    }
> -
>      ngx_conf_merge_value(conf->session_timeout,
>                           prev->session_timeout, 300);
>  
> @@ -213,12 +213,9 @@
>                           (NGX_CONF_BITMASK_SET
>                            |NGX_SSL_SSLv2|NGX_SSL_SSLv3|NGX_SSL_TLSv1));
>  
> -    ngx_conf_merge_str_value(conf->certificate, prev->certificate,
> -                         NGX_DEFAULT_CERTIFICATE);
> +    ngx_conf_merge_str_value(conf->certificate, prev->certificate, "");
> +    ngx_conf_merge_str_value(conf->certificate_key, prev->certificate_key, "");
>  
> -    ngx_conf_merge_str_value(conf->certificate_key, prev->certificate_key,
> -                         NGX_DEFAULT_CERTIFICATE_KEY);
> -
>      ngx_conf_merge_str_value(conf->dhparam, prev->dhparam, "");
>  
>      ngx_conf_merge_str_value(conf->ciphers, prev->ciphers, NGX_DEFAULT_CIPHERS);
> @@ -226,6 +223,39 @@
>  
>      conf->ssl.log = cf->log;
>  
> +    if (conf->enable || conf->starttls != NGX_MAIL_STARTTLS_OFF) {
> +
> +        if (conf->certificate.len == 0) {
> +            ngx_log_error(NGX_LOG_EMERG, cf->log, 0,
> +                          "SSL mode is enabled, "
> +                          "but no \"ssl_certificate\" is defined in %s:%ui",
> +                          conf->file, conf->line);
> +            return NGX_CONF_ERROR;
> +        }
> +
> +        if (conf->certificate_key.len == 0) {
> +            ngx_log_error(NGX_LOG_EMERG, cf->log, 0,
> +                          "SSL mode is enabled, "
> +                          "but no \"ssl_certificate_key\" is defined in %s:%ui",
> +                          conf->file, conf->line);
> +            return NGX_CONF_ERROR;
> +        }
> +
> +    } else {
> +
> +        if (conf->certificate.len == 0) {
> +            return NGX_CONF_OK;
> +        }
> +
> +        if (conf->certificate_key.len == 0) {
> +            ngx_log_error(NGX_LOG_EMERG, cf->log, 0,
> +                          "no \"ssl_certificate_key\" is defined "
> +                          "for certificate \"%V\"",
> +                          &conf->certificate);
> +            return NGX_CONF_ERROR;
> +        }
> +    }
> +
>      if (ngx_ssl_create(&conf->ssl, conf->protocols, NULL) != NGX_OK) {
>          return NGX_CONF_ERROR;
>      }
> @@ -292,6 +322,58 @@
>  
>  
>  static char *
> +ngx_mail_ssl_enable(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
> +{
> +    ngx_mail_ssl_conf_t  *scf = conf;
> +
> +    char  *rv;
> +
> +    rv = ngx_conf_set_flag_slot(cf, cmd, conf);
> +
> +    if (rv != NGX_CONF_OK) {
> +        return rv;
> +    }
> +
> +    if (scf->enable && (ngx_int_t) scf->starttls > NGX_MAIL_STARTTLS_OFF) {
> +        ngx_conf_log_error(NGX_LOG_WARN, cf, 0,
> +                           "\"starttls\" directive conflicts with \"ssl on\"");
> +        return NGX_CONF_ERROR;
> +    }
> +
> +    scf->file = cf->conf_file->file.name.data;
> +    scf->line = cf->conf_file->line;
> +
> +    return NGX_CONF_OK;
> +}
> +
> +
> +static char *
> +ngx_mail_ssl_starttls(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
> +{
> +    ngx_mail_ssl_conf_t  *scf = conf;
> +
> +    char  *rv;
> +
> +    rv = ngx_conf_set_enum_slot(cf, cmd, conf);
> +
> +    if (rv != NGX_CONF_OK) {
> +        return rv;
> +    }
> +
> +    if (scf->enable == 1 && (ngx_int_t) scf->starttls > NGX_MAIL_STARTTLS_OFF) {
> +        ngx_conf_log_error(NGX_LOG_WARN, cf, 0,
> +                           "\"ssl\" directive conflicts with \"starttls\"");
> +        return NGX_CONF_ERROR;
> +    }
> +
> +    scf->file = cf->conf_file->file.name.data;
> +    scf->line = cf->conf_file->line;
> +
> +    return NGX_CONF_OK;
> +}
> +
> +
> +static char *
>  ngx_mail_ssl_session_cache(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
>  {
>      ngx_mail_ssl_conf_t  *scf = conf;
> Index: src/mail/ngx_mail_ssl_module.h
> ===================================================================
> --- src/mail/ngx_mail_ssl_module.h	(revision 1538)
> +++ src/mail/ngx_mail_ssl_module.h	(working copy)
> @@ -20,12 +20,11 @@
>  
>  typedef struct {
>      ngx_flag_t       enable;
> +    ngx_flag_t       prefer_server_ciphers;
>  
>      ngx_ssl_t        ssl;
>  
> -    ngx_flag_t       prefer_server_ciphers;
> -    ngx_flag_t       starttls;
> -
> +    ngx_uint_t       starttls;
>      ngx_uint_t       protocols;
>  
>      ssize_t          builtin_session_cache;
> @@ -39,6 +38,9 @@
>      ngx_str_t        ciphers;
>  
>      ngx_shm_zone_t  *shm_zone;
> +
> +    u_char          *file;
> +    ngx_uint_t       line;
>  } ngx_mail_ssl_conf_t;
>  
>  
> Index: src/mail/ngx_mail_handler.c
> ===================================================================
> --- src/mail/ngx_mail_handler.c	(revision 1538)
> +++ src/mail/ngx_mail_handler.c	(working copy)
> @@ -118,10 +118,29 @@
>      sslcf = ngx_mail_get_module_srv_conf(s, ngx_mail_ssl_module);
>  
>      if (sslcf->enable) {
> +        c->log->action = "SSL handshaking";
> +
>          ngx_mail_ssl_init_connection(&sslcf->ssl, c);
>          return;
>      }
> +
> +    if (imia[i].ssl) {
> +
> +        c->log->action = "SSL handshaking";
> +
> +        if (sslcf->ssl.ctx == NULL) {
> +            ngx_log_error(NGX_LOG_ERR, c->log, 0,
> +                          "no \"ssl_certificate\" is defined "
> +                          "in server listening on SSL port");
> +            ngx_mail_close_connection(c);
> +            return;
> +        }
> +
> +        ngx_mail_ssl_init_connection(&sslcf->ssl, c);
> +        return;
>      }
> +
> +    }
>  #endif
>  
>      ngx_mail_init_session(c);
>   






More information about the nginx-ru mailing list