CERBERUS/nginx
1
0
Fork 0
mirror of https://github.com/nginx/nginx.git synced 2026-05-13 09:36:42 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Merge 8b250f9ae0 into 319b4ea63f

Browse source
This commit is contained in:
Jakub Onderka 2026-05-12 20:46:16 +02:00 committed by GitHub
commit 10faec5ffd
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
8 changed files with 64 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

18
src/event/ngx_event_openssl.c
View file

@ -1841,6 +1841,24 @@ ngx_ssl_ecdh_curve(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *name)
}
ngx_int_t
ngx_ssl_sigalgs(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *sigalgs)
{
if (sigalgs->len == 0) {
return NGX_OK;
}
if (SSL_CTX_set1_sigalgs_list(ssl->ctx, (char *) sigalgs->data) == 0) {
ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0,
"SSL_CTX_set1_sigalgs_list(\"%V\") failed",
sigalgs);
return NGX_ERROR;
}
return NGX_OK;
}
ngx_int_t
ngx_ssl_early_data(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_uint_t enable)
{

1
src/event/ngx_event_openssl.h
View file

@ -279,6 +279,7 @@ ngx_int_t ngx_ssl_dhparam(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *file);
ngx_int_t ngx_ssl_ech_files(ngx_conf_t *cf, ngx_ssl_t *ssl,
ngx_array_t *filename);
ngx_int_t ngx_ssl_ecdh_curve(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *name);
ngx_int_t ngx_ssl_sigalgs(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *sigalgs);
ngx_int_t ngx_ssl_early_data(ngx_conf_t *cf, ngx_ssl_t *ssl,
ngx_uint_t enable);
ngx_int_t ngx_ssl_conf_commands(ngx_conf_t *cf, ngx_ssl_t *ssl,

14
src/http/modules/ngx_http_ssl_module.c
View file

@ -152,6 +152,13 @@ static ngx_command_t ngx_http_ssl_commands[] = {
offsetof(ngx_http_ssl_srv_conf_t, ecdh_curve),
NULL },
{ ngx_string("ssl_sigalgs"),
NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_TAKE1,
ngx_conf_set_str_slot,
NGX_HTTP_SRV_CONF_OFFSET,
offsetof(ngx_http_ssl_srv_conf_t, sigalgs),
NULL },
{ ngx_string("ssl_protocols"),
NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_1MORE,
ngx_conf_set_bitmask_slot,
@ -637,6 +644,7 @@ ngx_http_ssl_create_srv_conf(ngx_conf_t *cf)
* sscf->certificate_values = NULL;
* sscf->dhparam = { 0, NULL };
* sscf->ecdh_curve = { 0, NULL };
* sscf->sigalgs = { 0, NULL };
* sscf->client_certificate = { 0, NULL };
* sscf->trusted_certificate = { 0, NULL };
* sscf->crl = { 0, NULL };
@ -724,6 +732,8 @@ ngx_http_ssl_merge_srv_conf(ngx_conf_t *cf, void *parent, void *child)
ngx_conf_merge_str_value(conf->ecdh_curve, prev->ecdh_curve,
NGX_DEFAULT_ECDH_CURVE);
ngx_conf_merge_str_value(conf->sigalgs, prev->sigalgs, "");
ngx_conf_merge_str_value(conf->ciphers, prev->ciphers, NGX_DEFAULT_CIPHERS);
ngx_conf_merge_ptr_value(conf->conf_commands, prev->conf_commands, NULL);
@ -905,6 +915,10 @@ ngx_http_ssl_merge_srv_conf(ngx_conf_t *cf, void *parent, void *child)
return NGX_CONF_ERROR;
}
if (ngx_ssl_sigalgs(cf, &conf->ssl, &conf->sigalgs) != NGX_OK) {
return NGX_CONF_ERROR;
}
ngx_conf_merge_value(conf->builtin_session_cache,
prev->builtin_session_cache, NGX_SSL_NONE_SCACHE);

1
src/http/modules/ngx_http_ssl_module.h
View file

@ -43,6 +43,7 @@ typedef struct {
ngx_str_t dhparam;
ngx_str_t ecdh_curve;
ngx_str_t sigalgs;
ngx_str_t client_certificate;
ngx_str_t trusted_certificate;
ngx_str_t crl;

14
src/mail/ngx_mail_ssl_module.c
View file

@ -118,6 +118,13 @@ static ngx_command_t ngx_mail_ssl_commands[] = {
offsetof(ngx_mail_ssl_conf_t, ecdh_curve),
NULL },
{ ngx_string("ssl_sigalgs"),
NGX_MAIL_MAIN_CONF|NGX_MAIL_SRV_CONF|NGX_CONF_TAKE1,
ngx_conf_set_str_slot,
NGX_MAIL_SRV_CONF_OFFSET,
offsetof(ngx_mail_ssl_conf_t, sigalgs),
NULL },
{ ngx_string("ssl_protocols"),
NGX_MAIL_MAIN_CONF|NGX_MAIL_SRV_CONF|NGX_CONF_1MORE,
ngx_conf_set_bitmask_slot,
@ -308,6 +315,7 @@ ngx_mail_ssl_create_conf(ngx_conf_t *cf)
* scf->protocols = 0;
* scf->dhparam = { 0, NULL };
* scf->ecdh_curve = { 0, NULL };
* scf->sigalgs = { 0, NULL };
* scf->client_certificate = { 0, NULL };
* scf->trusted_certificate = { 0, NULL };
* scf->crl = { 0, NULL };
@ -371,6 +379,8 @@ ngx_mail_ssl_merge_conf(ngx_conf_t *cf, void *parent, void *child)
ngx_conf_merge_str_value(conf->ecdh_curve, prev->ecdh_curve,
NGX_DEFAULT_ECDH_CURVE);
ngx_conf_merge_str_value(conf->sigalgs, prev->sigalgs, "");
ngx_conf_merge_str_value(conf->client_certificate,
prev->client_certificate, "");
ngx_conf_merge_str_value(conf->trusted_certificate,
@ -505,6 +515,10 @@ ngx_mail_ssl_merge_conf(ngx_conf_t *cf, void *parent, void *child)
return NGX_CONF_ERROR;
}
if (ngx_ssl_ecdh_curve(cf, &conf->ssl, &conf->sigalgs) != NGX_OK) {
return NGX_CONF_ERROR;
}
ngx_conf_merge_value(conf->builtin_session_cache,
prev->builtin_session_cache, NGX_SSL_NONE_SCACHE);

1
src/mail/ngx_mail_ssl_module.h
View file

@ -41,6 +41,7 @@ typedef struct {
ngx_str_t dhparam;
ngx_str_t ecdh_curve;
ngx_str_t sigalgs;
ngx_str_t client_certificate;
ngx_str_t trusted_certificate;
ngx_str_t crl;

14
src/stream/ngx_stream_ssl_module.c
View file

@ -161,6 +161,13 @@ static ngx_command_t ngx_stream_ssl_commands[] = {
offsetof(ngx_stream_ssl_srv_conf_t, ecdh_curve),
NULL },
{ ngx_string("ssl_sigalgs"),
NGX_STREAM_MAIN_CONF|NGX_STREAM_SRV_CONF|NGX_CONF_TAKE1,
ngx_conf_set_str_slot,
NGX_STREAM_SRV_CONF_OFFSET,
offsetof(ngx_stream_ssl_srv_conf_t, sigalgs),
NULL },
{ ngx_string("ssl_protocols"),
NGX_STREAM_MAIN_CONF|NGX_STREAM_SRV_CONF|NGX_CONF_1MORE,
ngx_conf_set_bitmask_slot,
@ -897,6 +904,7 @@ ngx_stream_ssl_create_srv_conf(ngx_conf_t *cf)
* sscf->certificate_values = NULL;
* sscf->dhparam = { 0, NULL };
* sscf->ecdh_curve = { 0, NULL };
* sscf->sigalgs = { 0, NULL };
* sscf->client_certificate = { 0, NULL };
* sscf->trusted_certificate = { 0, NULL };
* sscf->crl = { 0, NULL };
@ -984,6 +992,8 @@ ngx_stream_ssl_merge_srv_conf(ngx_conf_t *cf, void *parent, void *child)
ngx_conf_merge_str_value(conf->ecdh_curve, prev->ecdh_curve,
NGX_DEFAULT_ECDH_CURVE);
ngx_conf_merge_str_value(conf->sigalgs, prev->sigalgs, "");
ngx_conf_merge_str_value(conf->ciphers, prev->ciphers, NGX_DEFAULT_CIPHERS);
ngx_conf_merge_ptr_value(conf->conf_commands, prev->conf_commands, NULL);
@ -1159,6 +1169,10 @@ ngx_stream_ssl_merge_srv_conf(ngx_conf_t *cf, void *parent, void *child)
return NGX_CONF_ERROR;
}
if (ngx_ssl_sigalgs(cf, &conf->ssl, &conf->sigalgs) != NGX_OK) {
return NGX_CONF_ERROR;
}
ngx_conf_merge_value(conf->builtin_session_cache,
prev->builtin_session_cache, NGX_SSL_NONE_SCACHE);

1
src/stream/ngx_stream_ssl_module.h
View file

@ -42,6 +42,7 @@ typedef struct {
ngx_str_t dhparam;
ngx_str_t ecdh_curve;
ngx_str_t sigalgs;
ngx_str_t client_certificate;
ngx_str_t trusted_certificate;
ngx_str_t crl;