nginxtra 1.6.3.9 → 1.8.0.9
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/bin/nginxtra +1 -1
- data/bin/nginxtra_rails +1 -1
- data/lib/nginxtra/version.rb +1 -1
- data/vendor/nginx/CHANGES +358 -14
- data/vendor/nginx/CHANGES.ru +372 -18
- data/vendor/nginx/LICENSE +2 -2
- data/vendor/nginx/auto/cc/clang +5 -0
- data/vendor/nginx/auto/cc/gcc +5 -0
- data/vendor/nginx/auto/lib/google-perftools/conf +1 -1
- data/vendor/nginx/auto/lib/openssl/make +0 -5
- data/vendor/nginx/auto/lib/perl/conf +9 -1
- data/vendor/nginx/auto/make +1 -1
- data/vendor/nginx/auto/modules +11 -0
- data/vendor/nginx/auto/options +10 -2
- data/vendor/nginx/auto/os/darwin +0 -1
- data/vendor/nginx/auto/os/freebsd +6 -23
- data/vendor/nginx/auto/sources +16 -14
- data/vendor/nginx/auto/summary +3 -24
- data/vendor/nginx/auto/threads +20 -0
- data/vendor/nginx/auto/types/sizeof +2 -12
- data/vendor/nginx/auto/unix +50 -6
- data/vendor/nginx/configure +5 -0
- data/vendor/nginx/contrib/vim/syntax/nginx.vim +183 -50
- data/vendor/nginx/src/core/nginx.c +21 -9
- data/vendor/nginx/src/core/nginx.h +8 -2
- data/vendor/nginx/src/core/ngx_buf.c +88 -0
- data/vendor/nginx/src/core/ngx_buf.h +15 -1
- data/vendor/nginx/src/core/ngx_conf_file.c +4 -1
- data/vendor/nginx/src/core/ngx_connection.c +25 -66
- data/vendor/nginx/src/core/ngx_connection.h +1 -3
- data/vendor/nginx/src/core/ngx_core.h +11 -3
- data/vendor/nginx/src/core/ngx_crypt.c +1 -1
- data/vendor/nginx/src/core/ngx_cycle.c +7 -1
- data/vendor/nginx/src/core/ngx_cycle.h +6 -2
- data/vendor/nginx/src/core/ngx_file.c +13 -5
- data/vendor/nginx/src/core/ngx_file.h +6 -0
- data/vendor/nginx/src/core/ngx_log.c +215 -21
- data/vendor/nginx/src/core/ngx_log.h +9 -1
- data/vendor/nginx/src/core/ngx_output_chain.c +104 -15
- data/vendor/nginx/src/core/ngx_palloc.c +3 -7
- data/vendor/nginx/src/core/ngx_rbtree.c +2 -4
- data/vendor/nginx/src/core/ngx_rbtree.h +2 -4
- data/vendor/nginx/src/core/ngx_regex.c +14 -6
- data/vendor/nginx/src/core/ngx_resolver.c +16 -23
- data/vendor/nginx/src/core/ngx_resolver.h +8 -7
- data/vendor/nginx/src/core/ngx_shmtx.c +1 -1
- data/vendor/nginx/src/core/ngx_slab.c +89 -2
- data/vendor/nginx/src/core/ngx_slab.h +3 -0
- data/vendor/nginx/src/core/ngx_string.c +58 -2
- data/vendor/nginx/src/core/ngx_string.h +1 -0
- data/vendor/nginx/src/core/ngx_syslog.c +374 -0
- data/vendor/nginx/src/core/ngx_syslog.h +30 -0
- data/vendor/nginx/src/core/ngx_thread_pool.c +630 -0
- data/vendor/nginx/src/core/ngx_thread_pool.h +36 -0
- data/vendor/nginx/src/core/ngx_times.c +19 -2
- data/vendor/nginx/src/core/ngx_times.h +1 -0
- data/vendor/nginx/src/event/modules/ngx_aio_module.c +1 -1
- data/vendor/nginx/src/event/modules/ngx_devpoll_module.c +9 -24
- data/vendor/nginx/src/event/modules/ngx_epoll_module.c +152 -28
- data/vendor/nginx/src/event/modules/ngx_eventport_module.c +43 -25
- data/vendor/nginx/src/event/modules/ngx_kqueue_module.c +86 -156
- data/vendor/nginx/src/event/modules/ngx_poll_module.c +21 -37
- data/vendor/nginx/src/event/modules/ngx_rtsig_module.c +15 -27
- data/vendor/nginx/src/event/modules/ngx_select_module.c +10 -12
- data/vendor/nginx/src/event/modules/ngx_win32_select_module.c +7 -9
- data/vendor/nginx/src/event/ngx_event.c +5 -33
- data/vendor/nginx/src/event/ngx_event.h +15 -50
- data/vendor/nginx/src/event/ngx_event_accept.c +11 -10
- data/vendor/nginx/src/event/ngx_event_connect.c +0 -11
- data/vendor/nginx/src/event/ngx_event_connect.h +1 -4
- data/vendor/nginx/src/event/ngx_event_openssl.c +622 -38
- data/vendor/nginx/src/event/ngx_event_openssl.h +20 -2
- data/vendor/nginx/src/event/ngx_event_openssl_stapling.c +5 -1
- data/vendor/nginx/src/event/ngx_event_pipe.c +45 -19
- data/vendor/nginx/src/event/ngx_event_pipe.h +3 -0
- data/vendor/nginx/src/event/ngx_event_posted.c +7 -145
- data/vendor/nginx/src/event/ngx_event_posted.h +12 -39
- data/vendor/nginx/src/event/ngx_event_timer.c +50 -70
- data/vendor/nginx/src/event/ngx_event_timer.h +2 -14
- data/vendor/nginx/src/http/modules/ngx_http_addition_filter_module.c +1 -1
- data/vendor/nginx/src/http/modules/ngx_http_autoindex_module.c +416 -71
- data/vendor/nginx/src/http/modules/ngx_http_charset_filter_module.c +19 -15
- data/vendor/nginx/src/http/modules/ngx_http_dav_module.c +16 -4
- data/vendor/nginx/src/http/modules/ngx_http_fastcgi_module.c +601 -134
- data/vendor/nginx/src/http/modules/ngx_http_geo_module.c +1 -1
- data/vendor/nginx/src/http/modules/ngx_http_geoip_module.c +9 -3
- data/vendor/nginx/src/http/modules/ngx_http_gunzip_filter_module.c +9 -3
- data/vendor/nginx/src/http/modules/ngx_http_gzip_filter_module.c +9 -3
- data/vendor/nginx/src/http/modules/ngx_http_gzip_static_module.c +0 -2
- data/vendor/nginx/src/http/modules/ngx_http_headers_filter_module.c +197 -91
- data/vendor/nginx/src/http/modules/ngx_http_image_filter_module.c +1 -0
- data/vendor/nginx/src/http/modules/ngx_http_limit_conn_module.c +65 -162
- data/vendor/nginx/src/http/modules/ngx_http_limit_req_module.c +53 -67
- data/vendor/nginx/src/http/modules/ngx_http_log_module.c +128 -23
- data/vendor/nginx/src/http/modules/ngx_http_memcached_module.c +25 -6
- data/vendor/nginx/src/http/modules/ngx_http_mp4_module.c +1 -1
- data/vendor/nginx/src/http/modules/ngx_http_not_modified_filter_module.c +39 -13
- data/vendor/nginx/src/http/modules/ngx_http_proxy_module.c +697 -141
- data/vendor/nginx/src/http/modules/ngx_http_rewrite_module.c +5 -1
- data/vendor/nginx/src/http/modules/ngx_http_scgi_module.c +282 -125
- data/vendor/nginx/src/http/modules/ngx_http_ssi_filter_module.c +4 -1
- data/vendor/nginx/src/http/modules/ngx_http_ssl_module.c +44 -1
- data/vendor/nginx/src/http/modules/ngx_http_ssl_module.h +2 -0
- data/vendor/nginx/src/http/modules/ngx_http_stub_status_module.c +10 -8
- data/vendor/nginx/src/http/modules/ngx_http_sub_filter_module.c +18 -3
- data/vendor/nginx/src/http/modules/ngx_http_upstream_hash_module.c +641 -0
- data/vendor/nginx/src/http/modules/ngx_http_upstream_ip_hash_module.c +1 -1
- data/vendor/nginx/src/http/modules/ngx_http_upstream_keepalive_module.c +3 -21
- data/vendor/nginx/src/http/modules/ngx_http_upstream_least_conn_module.c +0 -5
- data/vendor/nginx/src/http/modules/ngx_http_uwsgi_module.c +449 -125
- data/vendor/nginx/src/http/modules/ngx_http_xslt_filter_module.c +4 -2
- data/vendor/nginx/src/http/modules/perl/ngx_http_perl_module.c +2 -1
- data/vendor/nginx/src/http/ngx_http.c +10 -5
- data/vendor/nginx/src/http/ngx_http.h +4 -4
- data/vendor/nginx/src/http/ngx_http_cache.h +26 -1
- data/vendor/nginx/src/http/ngx_http_copy_filter_module.c +109 -68
- data/vendor/nginx/src/http/ngx_http_core_module.c +191 -46
- data/vendor/nginx/src/http/ngx_http_core_module.h +16 -4
- data/vendor/nginx/src/http/ngx_http_file_cache.c +584 -67
- data/vendor/nginx/src/http/ngx_http_parse.c +55 -4
- data/vendor/nginx/src/http/ngx_http_request.c +14 -6
- data/vendor/nginx/src/http/ngx_http_request.h +12 -4
- data/vendor/nginx/src/http/ngx_http_request_body.c +114 -28
- data/vendor/nginx/src/http/ngx_http_spdy.c +383 -229
- data/vendor/nginx/src/http/ngx_http_spdy.h +8 -5
- data/vendor/nginx/src/http/ngx_http_spdy_filter_module.c +12 -4
- data/vendor/nginx/src/http/ngx_http_special_response.c +2 -2
- data/vendor/nginx/src/http/ngx_http_upstream.c +808 -132
- data/vendor/nginx/src/http/ngx_http_upstream.h +33 -3
- data/vendor/nginx/src/http/ngx_http_upstream_round_robin.c +72 -65
- data/vendor/nginx/src/http/ngx_http_upstream_round_robin.h +1 -2
- data/vendor/nginx/src/http/ngx_http_variables.c +47 -3
- data/vendor/nginx/src/http/ngx_http_write_filter_module.c +15 -6
- data/vendor/nginx/src/mail/ngx_mail.c +2 -3
- data/vendor/nginx/src/mail/ngx_mail.h +2 -0
- data/vendor/nginx/src/mail/ngx_mail_auth_http_module.c +140 -11
- data/vendor/nginx/src/mail/ngx_mail_core_module.c +3 -3
- data/vendor/nginx/src/mail/ngx_mail_handler.c +79 -2
- data/vendor/nginx/src/mail/ngx_mail_imap_module.c +3 -1
- data/vendor/nginx/src/mail/ngx_mail_pop3_module.c +3 -1
- data/vendor/nginx/src/mail/ngx_mail_smtp_module.c +3 -1
- data/vendor/nginx/src/mail/ngx_mail_ssl_module.c +125 -1
- data/vendor/nginx/src/mail/ngx_mail_ssl_module.h +8 -0
- data/vendor/nginx/src/misc/ngx_cpp_test_module.cpp +1 -1
- data/vendor/nginx/src/os/unix/ngx_aio_read_chain.c +1 -1
- data/vendor/nginx/src/os/unix/ngx_channel.c +0 -7
- data/vendor/nginx/src/os/unix/ngx_darwin_config.h +0 -3
- data/vendor/nginx/src/os/unix/ngx_darwin_sendfile_chain.c +44 -208
- data/vendor/nginx/src/os/unix/ngx_file_aio_read.c +25 -17
- data/vendor/nginx/src/os/unix/ngx_files.c +109 -0
- data/vendor/nginx/src/os/unix/ngx_files.h +6 -0
- data/vendor/nginx/src/os/unix/ngx_freebsd_config.h +0 -6
- data/vendor/nginx/src/os/unix/ngx_freebsd_sendfile_chain.c +78 -206
- data/vendor/nginx/src/os/unix/ngx_linux_aio_read.c +25 -14
- data/vendor/nginx/src/os/unix/ngx_linux_config.h +4 -1
- data/vendor/nginx/src/os/unix/ngx_linux_sendfile_chain.c +235 -194
- data/vendor/nginx/src/os/unix/ngx_os.h +25 -3
- data/vendor/nginx/src/os/unix/ngx_posix_init.c +4 -2
- data/vendor/nginx/src/os/unix/ngx_process_cycle.c +13 -195
- data/vendor/nginx/src/os/unix/ngx_process_cycle.h +0 -1
- data/vendor/nginx/src/os/unix/ngx_readv_chain.c +27 -108
- data/vendor/nginx/src/os/unix/ngx_setproctitle.h +2 -2
- data/vendor/nginx/src/os/unix/ngx_solaris_sendfilev_chain.c +12 -67
- data/vendor/nginx/src/os/unix/ngx_thread.h +26 -83
- data/vendor/nginx/src/os/unix/ngx_thread_cond.c +87 -0
- data/vendor/nginx/src/os/unix/ngx_thread_id.c +70 -0
- data/vendor/nginx/src/os/unix/ngx_thread_mutex.c +174 -0
- data/vendor/nginx/src/os/unix/ngx_user.c +2 -20
- data/vendor/nginx/src/os/unix/ngx_writev_chain.c +129 -98
- metadata +16 -17
- data/vendor/nginx/auto/lib/zlib/patch.zlib.h +0 -10
- data/vendor/nginx/src/event/ngx_event_busy_lock.c +0 -286
- data/vendor/nginx/src/event/ngx_event_busy_lock.h +0 -65
- data/vendor/nginx/src/event/ngx_event_mutex.c +0 -70
- data/vendor/nginx/src/http/ngx_http_busy_lock.c +0 -307
- data/vendor/nginx/src/http/ngx_http_busy_lock.h +0 -54
- data/vendor/nginx/src/os/unix/ngx_freebsd_rfork_thread.c +0 -756
- data/vendor/nginx/src/os/unix/ngx_freebsd_rfork_thread.h +0 -122
- data/vendor/nginx/src/os/unix/ngx_pthread_thread.c +0 -278
- data/vendor/nginx/src/os/unix/rfork_thread.S +0 -73
@@ -48,7 +48,7 @@ ngx_int_t
|
|
48
48
|
ngx_http_write_filter(ngx_http_request_t *r, ngx_chain_t *in)
|
49
49
|
{
|
50
50
|
off_t size, sent, nsent, limit;
|
51
|
-
ngx_uint_t last, flush;
|
51
|
+
ngx_uint_t last, flush, sync;
|
52
52
|
ngx_msec_t delay;
|
53
53
|
ngx_chain_t *cl, *ln, **ll, *chain;
|
54
54
|
ngx_connection_t *c;
|
@@ -62,6 +62,7 @@ ngx_http_write_filter(ngx_http_request_t *r, ngx_chain_t *in)
|
|
62
62
|
|
63
63
|
size = 0;
|
64
64
|
flush = 0;
|
65
|
+
sync = 0;
|
65
66
|
last = 0;
|
66
67
|
ll = &r->out;
|
67
68
|
|
@@ -72,7 +73,7 @@ ngx_http_write_filter(ngx_http_request_t *r, ngx_chain_t *in)
|
|
72
73
|
|
73
74
|
ngx_log_debug7(NGX_LOG_DEBUG_EVENT, c->log, 0,
|
74
75
|
"write old buf t:%d f:%d %p, pos %p, size: %z "
|
75
|
-
"file: %O, size: %
|
76
|
+
"file: %O, size: %O",
|
76
77
|
cl->buf->temporary, cl->buf->in_file,
|
77
78
|
cl->buf->start, cl->buf->pos,
|
78
79
|
cl->buf->last - cl->buf->pos,
|
@@ -105,6 +106,10 @@ ngx_http_write_filter(ngx_http_request_t *r, ngx_chain_t *in)
|
|
105
106
|
flush = 1;
|
106
107
|
}
|
107
108
|
|
109
|
+
if (cl->buf->sync) {
|
110
|
+
sync = 1;
|
111
|
+
}
|
112
|
+
|
108
113
|
if (cl->buf->last_buf) {
|
109
114
|
last = 1;
|
110
115
|
}
|
@@ -124,7 +129,7 @@ ngx_http_write_filter(ngx_http_request_t *r, ngx_chain_t *in)
|
|
124
129
|
|
125
130
|
ngx_log_debug7(NGX_LOG_DEBUG_EVENT, c->log, 0,
|
126
131
|
"write new buf t:%d f:%d %p, pos %p, size: %z "
|
127
|
-
"file: %O, size: %
|
132
|
+
"file: %O, size: %O",
|
128
133
|
cl->buf->temporary, cl->buf->in_file,
|
129
134
|
cl->buf->start, cl->buf->pos,
|
130
135
|
cl->buf->last - cl->buf->pos,
|
@@ -157,6 +162,10 @@ ngx_http_write_filter(ngx_http_request_t *r, ngx_chain_t *in)
|
|
157
162
|
flush = 1;
|
158
163
|
}
|
159
164
|
|
165
|
+
if (cl->buf->sync) {
|
166
|
+
sync = 1;
|
167
|
+
}
|
168
|
+
|
160
169
|
if (cl->buf->last_buf) {
|
161
170
|
last = 1;
|
162
171
|
}
|
@@ -188,7 +197,7 @@ ngx_http_write_filter(ngx_http_request_t *r, ngx_chain_t *in)
|
|
188
197
|
&& !(c->buffered & NGX_LOWLEVEL_BUFFERED)
|
189
198
|
&& !(last && c->need_last_buf))
|
190
199
|
{
|
191
|
-
if (last || flush) {
|
200
|
+
if (last || flush || sync) {
|
192
201
|
for (cl = r->out; cl; /* void */) {
|
193
202
|
ln = cl;
|
194
203
|
cl = cl->next;
|
@@ -219,8 +228,8 @@ ngx_http_write_filter(ngx_http_request_t *r, ngx_chain_t *in)
|
|
219
228
|
|
220
229
|
if (limit <= 0) {
|
221
230
|
c->write->delayed = 1;
|
222
|
-
|
223
|
-
|
231
|
+
delay = (ngx_msec_t) (- limit * 1000 / r->limit_rate + 1);
|
232
|
+
ngx_add_timer(c->write, delay);
|
224
233
|
|
225
234
|
c->buffered |= NGX_HTTP_WRITE_BUFFERED;
|
226
235
|
|
@@ -98,7 +98,7 @@ ngx_mail_block(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
|
|
98
98
|
|
99
99
|
*(ngx_mail_conf_ctx_t **) conf = ctx;
|
100
100
|
|
101
|
-
/* count the number of the
|
101
|
+
/* count the number of the mail modules and set up their indices */
|
102
102
|
|
103
103
|
ngx_mail_max_module = 0;
|
104
104
|
for (m = 0; ngx_modules[m]; m++) {
|
@@ -131,8 +131,7 @@ ngx_mail_block(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
|
|
131
131
|
|
132
132
|
|
133
133
|
/*
|
134
|
-
* create the main_conf's
|
135
|
-
* of the all mail modules
|
134
|
+
* create the main_conf's and the null srv_conf's of the all mail modules
|
136
135
|
*/
|
137
136
|
|
138
137
|
for (m = 0; ngx_modules[m]; m++) {
|
@@ -16,6 +16,7 @@ typedef struct {
|
|
16
16
|
ngx_addr_t *peer;
|
17
17
|
|
18
18
|
ngx_msec_t timeout;
|
19
|
+
ngx_flag_t pass_client_cert;
|
19
20
|
|
20
21
|
ngx_str_t host_header;
|
21
22
|
ngx_str_t uri;
|
@@ -106,6 +107,13 @@ static ngx_command_t ngx_mail_auth_http_commands[] = {
|
|
106
107
|
0,
|
107
108
|
NULL },
|
108
109
|
|
110
|
+
{ ngx_string("auth_http_pass_client_cert"),
|
111
|
+
NGX_MAIL_MAIN_CONF|NGX_MAIL_SRV_CONF|NGX_CONF_FLAG,
|
112
|
+
ngx_conf_set_flag_slot,
|
113
|
+
NGX_MAIL_SRV_CONF_OFFSET,
|
114
|
+
offsetof(ngx_mail_auth_http_conf_t, pass_client_cert),
|
115
|
+
NULL },
|
116
|
+
|
109
117
|
ngx_null_command
|
110
118
|
};
|
111
119
|
|
@@ -1143,6 +1151,12 @@ ngx_mail_auth_http_create_request(ngx_mail_session_t *s, ngx_pool_t *pool,
|
|
1143
1151
|
size_t len;
|
1144
1152
|
ngx_buf_t *b;
|
1145
1153
|
ngx_str_t login, passwd;
|
1154
|
+
#if (NGX_MAIL_SSL)
|
1155
|
+
ngx_str_t verify, subject, issuer, serial, fingerprint,
|
1156
|
+
raw_cert, cert;
|
1157
|
+
ngx_connection_t *c;
|
1158
|
+
ngx_mail_ssl_conf_t *sslcf;
|
1159
|
+
#endif
|
1146
1160
|
ngx_mail_core_srv_conf_t *cscf;
|
1147
1161
|
|
1148
1162
|
if (ngx_mail_auth_http_escape(pool, &s->login, &login) != NGX_OK) {
|
@@ -1153,6 +1167,62 @@ ngx_mail_auth_http_create_request(ngx_mail_session_t *s, ngx_pool_t *pool,
|
|
1153
1167
|
return NULL;
|
1154
1168
|
}
|
1155
1169
|
|
1170
|
+
#if (NGX_MAIL_SSL)
|
1171
|
+
|
1172
|
+
c = s->connection;
|
1173
|
+
sslcf = ngx_mail_get_module_srv_conf(s, ngx_mail_ssl_module);
|
1174
|
+
|
1175
|
+
if (c->ssl && sslcf->verify) {
|
1176
|
+
|
1177
|
+
/* certificate details */
|
1178
|
+
|
1179
|
+
if (ngx_ssl_get_client_verify(c, pool, &verify) != NGX_OK) {
|
1180
|
+
return NULL;
|
1181
|
+
}
|
1182
|
+
|
1183
|
+
if (ngx_ssl_get_subject_dn(c, pool, &subject) != NGX_OK) {
|
1184
|
+
return NULL;
|
1185
|
+
}
|
1186
|
+
|
1187
|
+
if (ngx_ssl_get_issuer_dn(c, pool, &issuer) != NGX_OK) {
|
1188
|
+
return NULL;
|
1189
|
+
}
|
1190
|
+
|
1191
|
+
if (ngx_ssl_get_serial_number(c, pool, &serial) != NGX_OK) {
|
1192
|
+
return NULL;
|
1193
|
+
}
|
1194
|
+
|
1195
|
+
if (ngx_ssl_get_fingerprint(c, pool, &fingerprint) != NGX_OK) {
|
1196
|
+
return NULL;
|
1197
|
+
}
|
1198
|
+
|
1199
|
+
if (ahcf->pass_client_cert) {
|
1200
|
+
|
1201
|
+
/* certificate itself, if configured */
|
1202
|
+
|
1203
|
+
if (ngx_ssl_get_raw_certificate(c, pool, &raw_cert) != NGX_OK) {
|
1204
|
+
return NULL;
|
1205
|
+
}
|
1206
|
+
|
1207
|
+
if (ngx_mail_auth_http_escape(pool, &raw_cert, &cert) != NGX_OK) {
|
1208
|
+
return NULL;
|
1209
|
+
}
|
1210
|
+
|
1211
|
+
} else {
|
1212
|
+
ngx_str_null(&cert);
|
1213
|
+
}
|
1214
|
+
|
1215
|
+
} else {
|
1216
|
+
ngx_str_null(&verify);
|
1217
|
+
ngx_str_null(&subject);
|
1218
|
+
ngx_str_null(&issuer);
|
1219
|
+
ngx_str_null(&serial);
|
1220
|
+
ngx_str_null(&fingerprint);
|
1221
|
+
ngx_str_null(&cert);
|
1222
|
+
}
|
1223
|
+
|
1224
|
+
#endif
|
1225
|
+
|
1156
1226
|
cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module);
|
1157
1227
|
|
1158
1228
|
len = sizeof("GET ") - 1 + ahcf->uri.len + sizeof(" HTTP/1.0" CRLF) - 1
|
@@ -1170,9 +1240,19 @@ ngx_mail_auth_http_create_request(ngx_mail_session_t *s, ngx_pool_t *pool,
|
|
1170
1240
|
+ sizeof("Client-IP: ") - 1 + s->connection->addr_text.len
|
1171
1241
|
+ sizeof(CRLF) - 1
|
1172
1242
|
+ sizeof("Client-Host: ") - 1 + s->host.len + sizeof(CRLF) - 1
|
1173
|
-
+ sizeof("Auth-SMTP-Helo: ") - 1 + s->smtp_helo.len
|
1174
|
-
+ sizeof("Auth-SMTP-From: ") - 1 + s->smtp_from.len
|
1175
|
-
+ sizeof("Auth-SMTP-To: ") - 1 + s->smtp_to.len
|
1243
|
+
+ sizeof("Auth-SMTP-Helo: ") - 1 + s->smtp_helo.len + sizeof(CRLF) - 1
|
1244
|
+
+ sizeof("Auth-SMTP-From: ") - 1 + s->smtp_from.len + sizeof(CRLF) - 1
|
1245
|
+
+ sizeof("Auth-SMTP-To: ") - 1 + s->smtp_to.len + sizeof(CRLF) - 1
|
1246
|
+
#if (NGX_MAIL_SSL)
|
1247
|
+
+ sizeof("Auth-SSL: on" CRLF) - 1
|
1248
|
+
+ sizeof("Auth-SSL-Verify: ") - 1 + verify.len + sizeof(CRLF) - 1
|
1249
|
+
+ sizeof("Auth-SSL-Subject: ") - 1 + subject.len + sizeof(CRLF) - 1
|
1250
|
+
+ sizeof("Auth-SSL-Issuer: ") - 1 + issuer.len + sizeof(CRLF) - 1
|
1251
|
+
+ sizeof("Auth-SSL-Serial: ") - 1 + serial.len + sizeof(CRLF) - 1
|
1252
|
+
+ sizeof("Auth-SSL-Fingerprint: ") - 1 + fingerprint.len
|
1253
|
+
+ sizeof(CRLF) - 1
|
1254
|
+
+ sizeof("Auth-SSL-Cert: ") - 1 + cert.len + sizeof(CRLF) - 1
|
1255
|
+
#endif
|
1176
1256
|
+ ahcf->header.len
|
1177
1257
|
+ sizeof(CRLF) - 1;
|
1178
1258
|
|
@@ -1255,6 +1335,57 @@ ngx_mail_auth_http_create_request(ngx_mail_session_t *s, ngx_pool_t *pool,
|
|
1255
1335
|
|
1256
1336
|
}
|
1257
1337
|
|
1338
|
+
#if (NGX_MAIL_SSL)
|
1339
|
+
|
1340
|
+
if (c->ssl) {
|
1341
|
+
b->last = ngx_cpymem(b->last, "Auth-SSL: on" CRLF,
|
1342
|
+
sizeof("Auth-SSL: on" CRLF) - 1);
|
1343
|
+
|
1344
|
+
if (verify.len) {
|
1345
|
+
b->last = ngx_cpymem(b->last, "Auth-SSL-Verify: ",
|
1346
|
+
sizeof("Auth-SSL-Verify: ") - 1);
|
1347
|
+
b->last = ngx_copy(b->last, verify.data, verify.len);
|
1348
|
+
*b->last++ = CR; *b->last++ = LF;
|
1349
|
+
}
|
1350
|
+
|
1351
|
+
if (subject.len) {
|
1352
|
+
b->last = ngx_cpymem(b->last, "Auth-SSL-Subject: ",
|
1353
|
+
sizeof("Auth-SSL-Subject: ") - 1);
|
1354
|
+
b->last = ngx_copy(b->last, subject.data, subject.len);
|
1355
|
+
*b->last++ = CR; *b->last++ = LF;
|
1356
|
+
}
|
1357
|
+
|
1358
|
+
if (issuer.len) {
|
1359
|
+
b->last = ngx_cpymem(b->last, "Auth-SSL-Issuer: ",
|
1360
|
+
sizeof("Auth-SSL-Issuer: ") - 1);
|
1361
|
+
b->last = ngx_copy(b->last, issuer.data, issuer.len);
|
1362
|
+
*b->last++ = CR; *b->last++ = LF;
|
1363
|
+
}
|
1364
|
+
|
1365
|
+
if (serial.len) {
|
1366
|
+
b->last = ngx_cpymem(b->last, "Auth-SSL-Serial: ",
|
1367
|
+
sizeof("Auth-SSL-Serial: ") - 1);
|
1368
|
+
b->last = ngx_copy(b->last, serial.data, serial.len);
|
1369
|
+
*b->last++ = CR; *b->last++ = LF;
|
1370
|
+
}
|
1371
|
+
|
1372
|
+
if (fingerprint.len) {
|
1373
|
+
b->last = ngx_cpymem(b->last, "Auth-SSL-Fingerprint: ",
|
1374
|
+
sizeof("Auth-SSL-Fingerprint: ") - 1);
|
1375
|
+
b->last = ngx_copy(b->last, fingerprint.data, fingerprint.len);
|
1376
|
+
*b->last++ = CR; *b->last++ = LF;
|
1377
|
+
}
|
1378
|
+
|
1379
|
+
if (cert.len) {
|
1380
|
+
b->last = ngx_cpymem(b->last, "Auth-SSL-Cert: ",
|
1381
|
+
sizeof("Auth-SSL-Cert: ") - 1);
|
1382
|
+
b->last = ngx_copy(b->last, cert.data, cert.len);
|
1383
|
+
*b->last++ = CR; *b->last++ = LF;
|
1384
|
+
}
|
1385
|
+
}
|
1386
|
+
|
1387
|
+
#endif
|
1388
|
+
|
1258
1389
|
if (ahcf->header.len) {
|
1259
1390
|
b->last = ngx_copy(b->last, ahcf->header.data, ahcf->header.len);
|
1260
1391
|
}
|
@@ -1263,14 +1394,9 @@ ngx_mail_auth_http_create_request(ngx_mail_session_t *s, ngx_pool_t *pool,
|
|
1263
1394
|
*b->last++ = CR; *b->last++ = LF;
|
1264
1395
|
|
1265
1396
|
#if (NGX_DEBUG_MAIL_PASSWD)
|
1266
|
-
|
1267
|
-
|
1268
|
-
|
1269
|
-
l.len = b->last - b->pos;
|
1270
|
-
l.data = b->pos;
|
1271
|
-
ngx_log_debug1(NGX_LOG_DEBUG_MAIL, s->connection->log, 0,
|
1272
|
-
"mail auth http header:\n\"%V\"", &l);
|
1273
|
-
}
|
1397
|
+
ngx_log_debug2(NGX_LOG_DEBUG_MAIL, s->connection->log, 0,
|
1398
|
+
"mail auth http header:%N\"%*s\"",
|
1399
|
+
(size_t) (b->last - b->pos), b->pos);
|
1274
1400
|
#endif
|
1275
1401
|
|
1276
1402
|
return b;
|
@@ -1316,6 +1442,7 @@ ngx_mail_auth_http_create_conf(ngx_conf_t *cf)
|
|
1316
1442
|
}
|
1317
1443
|
|
1318
1444
|
ahcf->timeout = NGX_CONF_UNSET_MSEC;
|
1445
|
+
ahcf->pass_client_cert = NGX_CONF_UNSET;
|
1319
1446
|
|
1320
1447
|
ahcf->file = cf->conf_file->file.name.data;
|
1321
1448
|
ahcf->line = cf->conf_file->line;
|
@@ -1351,6 +1478,8 @@ ngx_mail_auth_http_merge_conf(ngx_conf_t *cf, void *parent, void *child)
|
|
1351
1478
|
|
1352
1479
|
ngx_conf_merge_msec_value(conf->timeout, prev->timeout, 60000);
|
1353
1480
|
|
1481
|
+
ngx_conf_merge_value(conf->pass_client_cert, prev->pass_client_cert, 0);
|
1482
|
+
|
1354
1483
|
if (conf->headers == NULL) {
|
1355
1484
|
conf->headers = prev->headers;
|
1356
1485
|
conf->header = prev->header;
|
@@ -41,7 +41,7 @@ static ngx_command_t ngx_mail_core_commands[] = {
|
|
41
41
|
NULL },
|
42
42
|
|
43
43
|
{ ngx_string("listen"),
|
44
|
-
NGX_MAIL_SRV_CONF|
|
44
|
+
NGX_MAIL_SRV_CONF|NGX_CONF_1MORE,
|
45
45
|
ngx_mail_core_listen,
|
46
46
|
NGX_MAIL_SRV_CONF_OFFSET,
|
47
47
|
0,
|
@@ -336,7 +336,7 @@ ngx_mail_core_listen(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
|
|
336
336
|
off = offsetof(struct sockaddr_in6, sin6_addr);
|
337
337
|
len = 16;
|
338
338
|
sin6 = (struct sockaddr_in6 *) sa;
|
339
|
-
port = sin6->sin6_port;
|
339
|
+
port = ntohs(sin6->sin6_port);
|
340
340
|
break;
|
341
341
|
#endif
|
342
342
|
|
@@ -352,7 +352,7 @@ ngx_mail_core_listen(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
|
|
352
352
|
off = offsetof(struct sockaddr_in, sin_addr);
|
353
353
|
len = 4;
|
354
354
|
sin = (struct sockaddr_in *) sa;
|
355
|
-
port = sin->sin_port;
|
355
|
+
port = ntohs(sin->sin_port);
|
356
356
|
break;
|
357
357
|
}
|
358
358
|
|
@@ -16,12 +16,15 @@ static void ngx_mail_init_session(ngx_connection_t *c);
|
|
16
16
|
#if (NGX_MAIL_SSL)
|
17
17
|
static void ngx_mail_ssl_init_connection(ngx_ssl_t *ssl, ngx_connection_t *c);
|
18
18
|
static void ngx_mail_ssl_handshake_handler(ngx_connection_t *c);
|
19
|
+
static ngx_int_t ngx_mail_verify_cert(ngx_mail_session_t *s,
|
20
|
+
ngx_connection_t *c);
|
19
21
|
#endif
|
20
22
|
|
21
23
|
|
22
24
|
void
|
23
25
|
ngx_mail_init_connection(ngx_connection_t *c)
|
24
26
|
{
|
27
|
+
size_t len;
|
25
28
|
ngx_uint_t i;
|
26
29
|
ngx_mail_port_t *port;
|
27
30
|
struct sockaddr *sa;
|
@@ -30,6 +33,7 @@ ngx_mail_init_connection(ngx_connection_t *c)
|
|
30
33
|
ngx_mail_in_addr_t *addr;
|
31
34
|
ngx_mail_session_t *s;
|
32
35
|
ngx_mail_addr_conf_t *addr_conf;
|
36
|
+
u_char text[NGX_SOCKADDR_STRLEN];
|
33
37
|
#if (NGX_HAVE_INET6)
|
34
38
|
struct sockaddr_in6 *sin6;
|
35
39
|
ngx_mail_in6_addr_t *addr6;
|
@@ -119,6 +123,8 @@ ngx_mail_init_connection(ngx_connection_t *c)
|
|
119
123
|
return;
|
120
124
|
}
|
121
125
|
|
126
|
+
s->signature = NGX_MAIL_MODULE;
|
127
|
+
|
122
128
|
s->main_conf = addr_conf->ctx->main_conf;
|
123
129
|
s->srv_conf = addr_conf->ctx->srv_conf;
|
124
130
|
|
@@ -127,8 +133,10 @@ ngx_mail_init_connection(ngx_connection_t *c)
|
|
127
133
|
c->data = s;
|
128
134
|
s->connection = c;
|
129
135
|
|
130
|
-
|
131
|
-
|
136
|
+
len = ngx_sock_ntop(c->sockaddr, c->socklen, text, NGX_SOCKADDR_STRLEN, 1);
|
137
|
+
|
138
|
+
ngx_log_error(NGX_LOG_INFO, c->log, 0, "*%uA client %*s connected to %V",
|
139
|
+
c->number, len, text, s->addr_text);
|
132
140
|
|
133
141
|
ctx = ngx_palloc(c->pool, sizeof(ngx_mail_log_ctx_t));
|
134
142
|
if (ctx == NULL) {
|
@@ -241,6 +249,10 @@ ngx_mail_ssl_handshake_handler(ngx_connection_t *c)
|
|
241
249
|
|
242
250
|
s = c->data;
|
243
251
|
|
252
|
+
if (ngx_mail_verify_cert(s, c) != NGX_OK) {
|
253
|
+
return;
|
254
|
+
}
|
255
|
+
|
244
256
|
if (s->starttls) {
|
245
257
|
cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module);
|
246
258
|
|
@@ -261,6 +273,71 @@ ngx_mail_ssl_handshake_handler(ngx_connection_t *c)
|
|
261
273
|
ngx_mail_close_connection(c);
|
262
274
|
}
|
263
275
|
|
276
|
+
|
277
|
+
static ngx_int_t
|
278
|
+
ngx_mail_verify_cert(ngx_mail_session_t *s, ngx_connection_t *c)
|
279
|
+
{
|
280
|
+
long rc;
|
281
|
+
X509 *cert;
|
282
|
+
ngx_mail_ssl_conf_t *sslcf;
|
283
|
+
ngx_mail_core_srv_conf_t *cscf;
|
284
|
+
|
285
|
+
sslcf = ngx_mail_get_module_srv_conf(s, ngx_mail_ssl_module);
|
286
|
+
|
287
|
+
if (!sslcf->verify) {
|
288
|
+
return NGX_OK;
|
289
|
+
}
|
290
|
+
|
291
|
+
rc = SSL_get_verify_result(c->ssl->connection);
|
292
|
+
|
293
|
+
if (rc != X509_V_OK
|
294
|
+
&& (sslcf->verify != 3 || !ngx_ssl_verify_error_optional(rc)))
|
295
|
+
{
|
296
|
+
ngx_log_error(NGX_LOG_INFO, c->log, 0,
|
297
|
+
"client SSL certificate verify error: (%l:%s)",
|
298
|
+
rc, X509_verify_cert_error_string(rc));
|
299
|
+
|
300
|
+
ngx_ssl_remove_cached_session(sslcf->ssl.ctx,
|
301
|
+
(SSL_get0_session(c->ssl->connection)));
|
302
|
+
|
303
|
+
cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module);
|
304
|
+
|
305
|
+
s->out = cscf->protocol->cert_error;
|
306
|
+
s->quit = 1;
|
307
|
+
|
308
|
+
c->write->handler = ngx_mail_send;
|
309
|
+
|
310
|
+
ngx_mail_send(s->connection->write);
|
311
|
+
return NGX_ERROR;
|
312
|
+
}
|
313
|
+
|
314
|
+
if (sslcf->verify == 1) {
|
315
|
+
cert = SSL_get_peer_certificate(c->ssl->connection);
|
316
|
+
|
317
|
+
if (cert == NULL) {
|
318
|
+
ngx_log_error(NGX_LOG_INFO, c->log, 0,
|
319
|
+
"client sent no required SSL certificate");
|
320
|
+
|
321
|
+
ngx_ssl_remove_cached_session(sslcf->ssl.ctx,
|
322
|
+
(SSL_get0_session(c->ssl->connection)));
|
323
|
+
|
324
|
+
cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module);
|
325
|
+
|
326
|
+
s->out = cscf->protocol->no_cert;
|
327
|
+
s->quit = 1;
|
328
|
+
|
329
|
+
c->write->handler = ngx_mail_send;
|
330
|
+
|
331
|
+
ngx_mail_send(s->connection->write);
|
332
|
+
return NGX_ERROR;
|
333
|
+
}
|
334
|
+
|
335
|
+
X509_free(cert);
|
336
|
+
}
|
337
|
+
|
338
|
+
return NGX_OK;
|
339
|
+
}
|
340
|
+
|
264
341
|
#endif
|
265
342
|
|
266
343
|
|