Mercurial > hg > nginx
comparison src/http/ngx_http_upstream.c @ 7833:3ab8e1e2f0f7
Upstream: variables support in certificates.
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Thu, 06 May 2021 02:22:09 +0300 |
parents | 1ebd78df4ce7 |
children | 058a67435e83 d514f88053e5 |
comparison
equal
deleted
inserted
replaced
7832:be82e72c9af8 | 7833:3ab8e1e2f0f7 |
---|---|
185 static void ngx_http_upstream_ssl_handshake(ngx_http_request_t *, | 185 static void ngx_http_upstream_ssl_handshake(ngx_http_request_t *, |
186 ngx_http_upstream_t *u, ngx_connection_t *c); | 186 ngx_http_upstream_t *u, ngx_connection_t *c); |
187 static void ngx_http_upstream_ssl_save_session(ngx_connection_t *c); | 187 static void ngx_http_upstream_ssl_save_session(ngx_connection_t *c); |
188 static ngx_int_t ngx_http_upstream_ssl_name(ngx_http_request_t *r, | 188 static ngx_int_t ngx_http_upstream_ssl_name(ngx_http_request_t *r, |
189 ngx_http_upstream_t *u, ngx_connection_t *c); | 189 ngx_http_upstream_t *u, ngx_connection_t *c); |
190 static ngx_int_t ngx_http_upstream_ssl_certificate(ngx_http_request_t *r, | |
191 ngx_http_upstream_t *u, ngx_connection_t *c); | |
190 #endif | 192 #endif |
191 | 193 |
192 | 194 |
193 static ngx_http_upstream_header_t ngx_http_upstream_headers_in[] = { | 195 static ngx_http_upstream_header_t ngx_http_upstream_headers_in[] = { |
194 | 196 |
1690 NGX_HTTP_INTERNAL_SERVER_ERROR); | 1692 NGX_HTTP_INTERNAL_SERVER_ERROR); |
1691 return; | 1693 return; |
1692 } | 1694 } |
1693 } | 1695 } |
1694 | 1696 |
1697 if (u->conf->ssl_certificate && (u->conf->ssl_certificate->lengths | |
1698 || u->conf->ssl_certificate_key->lengths)) | |
1699 { | |
1700 if (ngx_http_upstream_ssl_certificate(r, u, c) != NGX_OK) { | |
1701 ngx_http_upstream_finalize_request(r, u, | |
1702 NGX_HTTP_INTERNAL_SERVER_ERROR); | |
1703 return; | |
1704 } | |
1705 } | |
1706 | |
1695 if (u->conf->ssl_session_reuse) { | 1707 if (u->conf->ssl_session_reuse) { |
1696 c->ssl->save_session = ngx_http_upstream_ssl_save_session; | 1708 c->ssl->save_session = ngx_http_upstream_ssl_save_session; |
1697 | 1709 |
1698 if (u->peer.set_session(&u->peer, u->peer.data) != NGX_OK) { | 1710 if (u->peer.set_session(&u->peer, u->peer.data) != NGX_OK) { |
1699 ngx_http_upstream_finalize_request(r, u, | 1711 ngx_http_upstream_finalize_request(r, u, |
1906 #endif | 1918 #endif |
1907 | 1919 |
1908 done: | 1920 done: |
1909 | 1921 |
1910 u->ssl_name = name; | 1922 u->ssl_name = name; |
1923 | |
1924 return NGX_OK; | |
1925 } | |
1926 | |
1927 | |
1928 static ngx_int_t | |
1929 ngx_http_upstream_ssl_certificate(ngx_http_request_t *r, | |
1930 ngx_http_upstream_t *u, ngx_connection_t *c) | |
1931 { | |
1932 ngx_str_t cert, key; | |
1933 | |
1934 if (ngx_http_complex_value(r, u->conf->ssl_certificate, &cert) | |
1935 != NGX_OK) | |
1936 { | |
1937 return NGX_ERROR; | |
1938 } | |
1939 | |
1940 ngx_log_debug1(NGX_LOG_DEBUG_HTTP, c->log, 0, | |
1941 "http upstream ssl cert: \"%s\"", cert.data); | |
1942 | |
1943 if (*cert.data == '\0') { | |
1944 return NGX_OK; | |
1945 } | |
1946 | |
1947 if (ngx_http_complex_value(r, u->conf->ssl_certificate_key, &key) | |
1948 != NGX_OK) | |
1949 { | |
1950 return NGX_ERROR; | |
1951 } | |
1952 | |
1953 ngx_log_debug1(NGX_LOG_DEBUG_HTTP, c->log, 0, | |
1954 "http upstream ssl key: \"%s\"", key.data); | |
1955 | |
1956 if (ngx_ssl_connection_certificate(c, r->pool, &cert, &key, | |
1957 u->conf->ssl_passwords) | |
1958 != NGX_OK) | |
1959 { | |
1960 return NGX_ERROR; | |
1961 } | |
1911 | 1962 |
1912 return NGX_OK; | 1963 return NGX_OK; |
1913 } | 1964 } |
1914 | 1965 |
1915 #endif | 1966 #endif |