Hello!

On Wed, Jun 15, 2016 at 09:08:58PM +0100, Tim Taubert wrote:

> # HG changeset patch
> # User Tim Taubert <tim@timtaubert.de>
> # Date 1466021130 -3600
> # Wed Jun 15 21:05:30 2016 +0100
> # Node ID 42ec0b0933f637da2a4a3a17146eb9c7347fa02c
> # Parent 1064ea81ed3aabb8ad422ffcc60ddcde667022ac
> SSL: ngx_ssl_ciphers() to set list of ciphers.
>
> This patch moves various OpenSSL-specific function calls into the
> OpenSSL module and introduces ngx_ssl_ciphers() to make nginx more
> crypto-library-agnostic.
>
> diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c
> --- a/src/event/ngx_event_openssl.c
> +++ b/src/event/ngx_event_openssl.c
> @@ -587,16 +587,40 @@ ngx_ssl_password_callback(char *buf, int
>
> ngx_memcpy(buf, pwd->data, size);
>
> return size;
> }
>
>
> ngx_int_t
> +ngx_ssl_ciphers(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *ciphers,
> + ngx_uint_t prefer_server_ciphers)
> +{
> + if (SSL_CTX_set_cipher_list(ssl->ctx, (char *) ciphers->data) == 0) {
> + ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0,
> + "SSL_CTX_set_cipher_list(\"%V\") failed",
> + ciphers);
> + return NGX_ERROR;
> + }
> +
> + if (prefer_server_ciphers) {
> + SSL_CTX_set_options(ssl->ctx, SSL_OP_CIPHER_SERVER_PREFERENCE);
> + }
> +
> +#if (OPENSSL_VERSION_NUMBER < 0x10100001L && !defined LIBRESSL_VERSION_NUMBER)
> + /* a temporary 512-bit RSA key is required for export versions of MSIE */
> + SSL_CTX_set_tmp_rsa_callback(conf->ssl.ctx, ngx_ssl_rsa512_key_callback);

Here "conf->ssl.ctx" needs to be changed to "ssl->ctx", as there
is no "conf" here. Otherwise looks good, so I've fixed this and
committed:

http://hg.nginx.org/nginx/rev/04d8d1f85649

Thanks!

--
Maxim Dounin
http://nginx.org/

_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel