Mercurial > hg > nginx
comparison src/http/modules/ngx_http_uwsgi_module.c @ 7833:3ab8e1e2f0f7
Upstream: variables support in certificates.
| author | Maxim Dounin <mdounin@mdounin.ru> |
|---|---|
| date | Thu, 06 May 2021 02:22:09 +0300 |
| parents | bdd4d89370a7 |
| children | b87b7092cedb |
comparison
equal
deleted
inserted
replaced
| 7832:be82e72c9af8 | 7833:3ab8e1e2f0f7 |
|---|---|
| 52 ngx_uint_t ssl_protocols; | 52 ngx_uint_t ssl_protocols; |
| 53 ngx_str_t ssl_ciphers; | 53 ngx_str_t ssl_ciphers; |
| 54 ngx_uint_t ssl_verify_depth; | 54 ngx_uint_t ssl_verify_depth; |
| 55 ngx_str_t ssl_trusted_certificate; | 55 ngx_str_t ssl_trusted_certificate; |
| 56 ngx_str_t ssl_crl; | 56 ngx_str_t ssl_crl; |
| 57 ngx_str_t ssl_certificate; | |
| 58 ngx_str_t ssl_certificate_key; | |
| 59 ngx_array_t *ssl_passwords; | |
| 60 ngx_array_t *ssl_conf_commands; | 57 ngx_array_t *ssl_conf_commands; |
| 61 #endif | 58 #endif |
| 62 } ngx_http_uwsgi_loc_conf_t; | 59 } ngx_http_uwsgi_loc_conf_t; |
| 63 | 60 |
| 64 | 61 |
| 546 offsetof(ngx_http_uwsgi_loc_conf_t, ssl_crl), | 543 offsetof(ngx_http_uwsgi_loc_conf_t, ssl_crl), |
| 547 NULL }, | 544 NULL }, |
| 548 | 545 |
| 549 { ngx_string("uwsgi_ssl_certificate"), | 546 { ngx_string("uwsgi_ssl_certificate"), |
| 550 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1, | 547 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1, |
| 551 ngx_conf_set_str_slot, | 548 ngx_http_set_complex_value_zero_slot, |
| 552 NGX_HTTP_LOC_CONF_OFFSET, | 549 NGX_HTTP_LOC_CONF_OFFSET, |
| 553 offsetof(ngx_http_uwsgi_loc_conf_t, ssl_certificate), | 550 offsetof(ngx_http_uwsgi_loc_conf_t, upstream.ssl_certificate), |
| 554 NULL }, | 551 NULL }, |
| 555 | 552 |
| 556 { ngx_string("uwsgi_ssl_certificate_key"), | 553 { ngx_string("uwsgi_ssl_certificate_key"), |
| 557 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1, | 554 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1, |
| 558 ngx_conf_set_str_slot, | 555 ngx_http_set_complex_value_zero_slot, |
| 559 NGX_HTTP_LOC_CONF_OFFSET, | 556 NGX_HTTP_LOC_CONF_OFFSET, |
| 560 offsetof(ngx_http_uwsgi_loc_conf_t, ssl_certificate_key), | 557 offsetof(ngx_http_uwsgi_loc_conf_t, upstream.ssl_certificate_key), |
| 561 NULL }, | 558 NULL }, |
| 562 | 559 |
| 563 { ngx_string("uwsgi_ssl_password_file"), | 560 { ngx_string("uwsgi_ssl_password_file"), |
| 564 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1, | 561 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1, |
| 565 ngx_http_uwsgi_ssl_password_file, | 562 ngx_http_uwsgi_ssl_password_file, |
| 1511 conf->upstream.ssl_session_reuse = NGX_CONF_UNSET; | 1508 conf->upstream.ssl_session_reuse = NGX_CONF_UNSET; |
| 1512 conf->upstream.ssl_name = NGX_CONF_UNSET_PTR; | 1509 conf->upstream.ssl_name = NGX_CONF_UNSET_PTR; |
| 1513 conf->upstream.ssl_server_name = NGX_CONF_UNSET; | 1510 conf->upstream.ssl_server_name = NGX_CONF_UNSET; |
| 1514 conf->upstream.ssl_verify = NGX_CONF_UNSET; | 1511 conf->upstream.ssl_verify = NGX_CONF_UNSET; |
| 1515 conf->ssl_verify_depth = NGX_CONF_UNSET_UINT; | 1512 conf->ssl_verify_depth = NGX_CONF_UNSET_UINT; |
| 1516 conf->ssl_passwords = NGX_CONF_UNSET_PTR; | 1513 conf->upstream.ssl_certificate = NGX_CONF_UNSET_PTR; |
| 1514 conf->upstream.ssl_certificate_key = NGX_CONF_UNSET_PTR; | |
| 1515 conf->upstream.ssl_passwords = NGX_CONF_UNSET_PTR; | |
| 1517 conf->ssl_conf_commands = NGX_CONF_UNSET_PTR; | 1516 conf->ssl_conf_commands = NGX_CONF_UNSET_PTR; |
| 1518 #endif | 1517 #endif |
| 1519 | 1518 |
| 1520 /* "uwsgi_cyclic_temp_file" is disabled */ | 1519 /* "uwsgi_cyclic_temp_file" is disabled */ |
| 1521 conf->upstream.cyclic_temp_file = 0; | 1520 conf->upstream.cyclic_temp_file = 0; |
| 1835 prev->ssl_verify_depth, 1); | 1834 prev->ssl_verify_depth, 1); |
| 1836 ngx_conf_merge_str_value(conf->ssl_trusted_certificate, | 1835 ngx_conf_merge_str_value(conf->ssl_trusted_certificate, |
| 1837 prev->ssl_trusted_certificate, ""); | 1836 prev->ssl_trusted_certificate, ""); |
| 1838 ngx_conf_merge_str_value(conf->ssl_crl, prev->ssl_crl, ""); | 1837 ngx_conf_merge_str_value(conf->ssl_crl, prev->ssl_crl, ""); |
| 1839 | 1838 |
| 1840 ngx_conf_merge_str_value(conf->ssl_certificate, | 1839 ngx_conf_merge_ptr_value(conf->upstream.ssl_certificate, |
| 1841 prev->ssl_certificate, ""); | 1840 prev->upstream.ssl_certificate, NULL); |
| 1842 ngx_conf_merge_str_value(conf->ssl_certificate_key, | 1841 ngx_conf_merge_ptr_value(conf->upstream.ssl_certificate_key, |
| 1843 prev->ssl_certificate_key, ""); | 1842 prev->upstream.ssl_certificate_key, NULL); |
| 1844 ngx_conf_merge_ptr_value(conf->ssl_passwords, prev->ssl_passwords, NULL); | 1843 ngx_conf_merge_ptr_value(conf->upstream.ssl_passwords, |
| 1844 prev->upstream.ssl_passwords, NULL); | |
| 1845 | 1845 |
| 1846 ngx_conf_merge_ptr_value(conf->ssl_conf_commands, | 1846 ngx_conf_merge_ptr_value(conf->ssl_conf_commands, |
| 1847 prev->ssl_conf_commands, NULL); | 1847 prev->ssl_conf_commands, NULL); |
| 1848 | 1848 |
| 1849 if (conf->ssl && ngx_http_uwsgi_set_ssl(cf, conf) != NGX_OK) { | 1849 if (conf->ssl && ngx_http_uwsgi_set_ssl(cf, conf) != NGX_OK) { |
| 2374 { | 2374 { |
| 2375 ngx_http_uwsgi_loc_conf_t *uwcf = conf; | 2375 ngx_http_uwsgi_loc_conf_t *uwcf = conf; |
| 2376 | 2376 |
| 2377 ngx_str_t *value; | 2377 ngx_str_t *value; |
| 2378 | 2378 |
| 2379 if (uwcf->ssl_passwords != NGX_CONF_UNSET_PTR) { | 2379 if (uwcf->upstream.ssl_passwords != NGX_CONF_UNSET_PTR) { |
| 2380 return "is duplicate"; | 2380 return "is duplicate"; |
| 2381 } | 2381 } |
| 2382 | 2382 |
| 2383 value = cf->args->elts; | 2383 value = cf->args->elts; |
| 2384 | 2384 |
| 2385 uwcf->ssl_passwords = ngx_ssl_read_password_file(cf, &value[1]); | 2385 uwcf->upstream.ssl_passwords = ngx_ssl_read_password_file(cf, &value[1]); |
| 2386 | 2386 |
| 2387 if (uwcf->ssl_passwords == NULL) { | 2387 if (uwcf->upstream.ssl_passwords == NULL) { |
| 2388 return NGX_CONF_ERROR; | 2388 return NGX_CONF_ERROR; |
| 2389 } | 2389 } |
| 2390 | 2390 |
| 2391 return NGX_CONF_OK; | 2391 return NGX_CONF_OK; |
| 2392 } | 2392 } |
| 2428 } | 2428 } |
| 2429 | 2429 |
| 2430 cln->handler = ngx_ssl_cleanup_ctx; | 2430 cln->handler = ngx_ssl_cleanup_ctx; |
| 2431 cln->data = uwcf->upstream.ssl; | 2431 cln->data = uwcf->upstream.ssl; |
| 2432 | 2432 |
| 2433 if (uwcf->ssl_certificate.len) { | 2433 if (uwcf->upstream.ssl_certificate) { |
| 2434 | 2434 |
| 2435 if (uwcf->ssl_certificate_key.len == 0) { | 2435 if (uwcf->upstream.ssl_certificate_key == NULL) { |
| 2436 ngx_log_error(NGX_LOG_EMERG, cf->log, 0, | 2436 ngx_log_error(NGX_LOG_EMERG, cf->log, 0, |
| 2437 "no \"uwsgi_ssl_certificate_key\" is defined " | 2437 "no \"uwsgi_ssl_certificate_key\" is defined " |
| 2438 "for certificate \"%V\"", &uwcf->ssl_certificate); | 2438 "for certificate \"%V\"", |
| 2439 &uwcf->upstream.ssl_certificate->value); | |
| 2439 return NGX_ERROR; | 2440 return NGX_ERROR; |
| 2440 } | 2441 } |
| 2441 | 2442 |
| 2442 if (ngx_ssl_certificate(cf, uwcf->upstream.ssl, &uwcf->ssl_certificate, | 2443 if (uwcf->upstream.ssl_certificate->lengths |
| 2443 &uwcf->ssl_certificate_key, uwcf->ssl_passwords) | 2444 || uwcf->upstream.ssl_certificate_key->lengths) |
| 2444 != NGX_OK) | |
| 2445 { | 2445 { |
| 2446 return NGX_ERROR; | 2446 uwcf->upstream.ssl_passwords = |
| 2447 ngx_ssl_preserve_passwords(cf, uwcf->upstream.ssl_passwords); | |
| 2448 if (uwcf->upstream.ssl_passwords == NULL) { | |
| 2449 return NGX_ERROR; | |
| 2450 } | |
| 2451 | |
| 2452 } else { | |
| 2453 if (ngx_ssl_certificate(cf, uwcf->upstream.ssl, | |
| 2454 &uwcf->upstream.ssl_certificate->value, | |
| 2455 &uwcf->upstream.ssl_certificate_key->value, | |
| 2456 uwcf->upstream.ssl_passwords) | |
| 2457 != NGX_OK) | |
| 2458 { | |
| 2459 return NGX_ERROR; | |
| 2460 } | |
| 2447 } | 2461 } |
| 2448 } | 2462 } |
| 2449 | 2463 |
| 2450 if (ngx_ssl_ciphers(cf, uwcf->upstream.ssl, &uwcf->ssl_ciphers, 0) | 2464 if (ngx_ssl_ciphers(cf, uwcf->upstream.ssl, &uwcf->ssl_ciphers, 0) |
| 2451 != NGX_OK) | 2465 != NGX_OK) |