struct rspamd_config_post_load_script *on_load; /**< list of scripts executed on config load */
+ gchar *ssl_ca_path; /**< path to CA certs */
+ gchar *ssl_ciphers; /**< set of preferred ciphers */
+
ref_entry_t ref; /**< reference counter */
};
G_STRUCT_OFFSET (struct rspamd_config, ignore_received),
0,
"Ignore data from the first received header");
+ rspamd_rcl_add_default_handler (sub,
+ "ssl_ca_path",
+ rspamd_rcl_parse_struct_string,
+ G_STRUCT_OFFSET (struct rspamd_config, ssl_ca_path),
+ RSPAMD_CL_FLAG_STRING_PATH,
+ "Path to ssl CA file");
+ rspamd_rcl_add_default_handler (sub,
+ "ssl_ciphers",
+ rspamd_rcl_parse_struct_string,
+ G_STRUCT_OFFSET (struct rspamd_config, ssl_ciphers),
+ 0,
+ "List of ssl ciphers (e.g. HIGH:!aNULL:!kRSA:!PSK:!SRP:!MD5:!RC4)");
/* New DNS configuration */
ssub = rspamd_rcl_add_section_doc (&sub->subsections, "dns", NULL, NULL,
UCL_OBJECT, FALSE, TRUE,
*/
cfg->enable_shutdown_workaround = TRUE;
+ cfg->ssl_ciphers = "HIGH:!aNULL:!kRSA:!PSK:!SRP:!MD5:!RC4";
+#ifndef FREEBSD
+ cfg->ssl_ca_path = "/etc/ssl/certs/ca-certificates.crt";
+#else
+ cfg->ssl_ca_path = "/usr/local/etc/ssl/certs/ca-certificates.crt";
+#endif
+
REF_INIT_RETAIN (cfg, rspamd_config_free);
return cfg;
#include <openssl/err.h>
#include <openssl/evp.h>
#include <openssl/ssl.h>
+#include <openssl/conf.h>
+#include <openssl/engine.h>
#endif
#ifdef HAVE_TERMIOS_H
OpenSSL_add_all_algorithms ();
OpenSSL_add_all_digests ();
OpenSSL_add_all_ciphers ();
+
+#if OPENSSL_VERSION_NUMBER >= 0x1000104fL
+ ENGINE_load_builtin_engines ();
+
+ if ((ctx->crypto_ctx->cpu_config & CPUID_RDRAND) == 0) {
+ RAND_set_rand_engine (NULL);
+ }
+#endif
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+ SSL_library_init ();
+#else
+ OPENSSL_init_ssl (0, NULL);
+#endif
SSL_library_init ();
SSL_load_error_strings ();
+ OPENSSL_config (NULL);
if (RAND_poll () == 0) {
guchar seed[128];
projects / thirdparty / rspamd.git / commitdiff
