Hello! On Thu, Mar 06, 2014 at 10:59:29AM +0100, Filipe da Silva wrote:
> # HG changeset patch > # User Filipe da Silva <[email protected]> > # Date 1394099468 -3600 > # Thu Mar 06 10:51:08 2014 +0100 > # Node ID 51fd90f96449c23af0076a19efbfdb1f88702125 > # Parent 24df9fa5868957c1fb9a2d1569271e0958327dad > Mail: send starttls flag value to auth script. > > Allow to do logging (if logging takes place in the auth script) and or force > some users to use STARTTLS while others can use unencrypted connection. > > diff -r 24df9fa58689 -r 51fd90f96449 src/mail/ngx_mail_auth_http_module.c > --- a/src/mail/ngx_mail_auth_http_module.c Thu Mar 06 10:51:08 2014 +0100 > +++ b/src/mail/ngx_mail_auth_http_module.c Thu Mar 06 10:51:08 2014 +0100 > @@ -1165,6 +1165,9 @@ ngx_mail_auth_http_create_request(ngx_ma > + sizeof("Auth-Salt: ") - 1 + s->salt.len > + sizeof("Auth-Protocol: ") - 1 + cscf->protocol->name.len > + sizeof(CRLF) - 1 > +#if (NGX_MAIL_SSL) > + + sizeof("Auth-STARTTLS: ") - 1 + 1 + sizeof(CRLF) - 1 > +#endif > + sizeof("Auth-Login-Attempt: ") - 1 + NGX_INT_T_LEN > + sizeof(CRLF) - 1 > + sizeof("Client-IP: ") - 1 + s->connection->addr_text.len > @@ -1219,6 +1222,13 @@ ngx_mail_auth_http_create_request(ngx_ma > cscf->protocol->name.len); > *b->last++ = CR; *b->last++ = LF; > > +#if (NGX_MAIL_SSL) > + b->last = ngx_cpymem(b->last, "Auth-STARTTLS: ", > + sizeof("Auth-STARTTLS: ") - 1); > + *b->last++ = s->starttls ? '1' : '0' ; > + *b->last++ = CR; *b->last++ = LF; > +#endif > + > b->last = ngx_sprintf(b->last, "Auth-Login-Attempt: %ui" CRLF, > s->login_attempt); > > # HG changeset patch > # User Filipe da Silva <[email protected]> > # Date 1394099468 -3600 > # Thu Mar 06 10:51:08 2014 +0100 > # Node ID 51fd90f96449c23af0076a19efbfdb1f88702125 > # Parent 24df9fa5868957c1fb9a2d1569271e0958327dad > Mail: send starttls flag value to auth script. > > Allow to do logging (if logging takes place in the auth script) and or force > some users to use STARTTLS while others can use unencrypted connection. > > diff -r 24df9fa58689 -r 51fd90f96449 src/mail/ngx_mail_auth_http_module.c > --- a/src/mail/ngx_mail_auth_http_module.c Thu Mar 06 10:51:08 2014 +0100 > +++ b/src/mail/ngx_mail_auth_http_module.c Thu Mar 06 10:51:08 2014 +0100 > @@ -1165,6 +1165,9 @@ ngx_mail_auth_http_create_request(ngx_ma > + sizeof("Auth-Salt: ") - 1 + s->salt.len > + sizeof("Auth-Protocol: ") - 1 + cscf->protocol->name.len > + sizeof(CRLF) - 1 > +#if (NGX_MAIL_SSL) > + + sizeof("Auth-STARTTLS: ") - 1 + 1 + sizeof(CRLF) - 1 > +#endif > + sizeof("Auth-Login-Attempt: ") - 1 + NGX_INT_T_LEN > + sizeof(CRLF) - 1 > + sizeof("Client-IP: ") - 1 + s->connection->addr_text.len > @@ -1219,6 +1222,13 @@ ngx_mail_auth_http_create_request(ngx_ma > cscf->protocol->name.len); > *b->last++ = CR; *b->last++ = LF; > > +#if (NGX_MAIL_SSL) > + b->last = ngx_cpymem(b->last, "Auth-STARTTLS: ", > + sizeof("Auth-STARTTLS: ") - 1); > + *b->last++ = s->starttls ? '1' : '0' ; > + *b->last++ = CR; *b->last++ = LF; > +#endif > + > b->last = ngx_sprintf(b->last, "Auth-Login-Attempt: %ui" CRLF, > s->login_attempt); > I don't think that it's a good idea to pass STARTTLS into auth script. If at all needed, it should be something like a flag "if SSL is used", not an explicit STARTTLS status. From auth script point of view there is no difference if a connection uses SSL on a dedicated port or encryption was negotiated using STARTLS. -- Maxim Dounin http://nginx.org/ _______________________________________________ nginx-devel mailing list [email protected] http://mailman.nginx.org/mailman/listinfo/nginx-devel
