diff options
| author | Andrey Suvorov <a.suvorov@f5.com> | 2021-05-26 11:19:47 -0700 |
|---|---|---|
| committer | Andrey Suvorov <a.suvorov@f5.com> | 2021-05-26 11:19:47 -0700 |
| commit | 3f7ccf142ff4d1a11b807a344bcb1e3cb6c3284b (patch) | |
| tree | 0262e65fe3a943ba90d5e377b7b4c9b4faa42096 /src/nxt_tls.h | |
| parent | 3efffddd95e564fe10f59e1de45afc2b551a5cba (diff) | |
| download | unit-3f7ccf142ff4d1a11b807a344bcb1e3cb6c3284b.tar.gz unit-3f7ccf142ff4d1a11b807a344bcb1e3cb6c3284b.tar.bz2 | |
Enabling SSL_CTX configuration by using SSL_CONF_cmd().
To perform various configuration operations on SSL_CTX, OpenSSL provides
SSL_CONF_cmd(). Specifically, to configure ciphers for a listener,
"CipherString" and "Ciphersuites" file commands are used:
https://www.openssl.org/docs/man1.1.1/man3/SSL_CONF_cmd.html
This feature can be configured in the "tls/conf_commands" section.
Diffstat (limited to '')
| -rw-r--r-- | src/nxt_tls.h | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/src/nxt_tls.h b/src/nxt_tls.h index 2a29f3ca..63c49ee4 100644 --- a/src/nxt_tls.h +++ b/src/nxt_tls.h @@ -8,6 +8,9 @@ #define _NXT_TLS_H_INCLUDED_ +#include <nxt_conf.h> + + /* * The SSL/TLS libraries lack vector I/O interface yet add noticeable * overhead to each SSL/TLS record so buffering allows to decrease the @@ -32,6 +35,7 @@ typedef struct { nxt_int_t (*server_init)(nxt_task_t *task, nxt_tls_conf_t *conf, nxt_mp_t *mp, + nxt_conf_value_t *conf_cmds, nxt_bool_t last); void (*server_free)(nxt_task_t *task, nxt_tls_conf_t *conf); @@ -49,7 +53,7 @@ struct nxt_tls_bundle_conf_s { void *ctx; nxt_fd_t chain_file; - nxt_str_t *name; + nxt_str_t name; nxt_tls_bundle_conf_t *next; }; |