nginx: src/http/modules/ngx_http_uwsgi

comparison src/http/modules/ngx_http_uwsgi_module.c @ 8786:d514f88053e5 quic

Merged with the default branch.

author	Sergey Kandaurov <pluknet@nginx.com>
date	Fri, 28 May 2021 13:33:08 +0300
parents	3ab8e1e2f0f7
children	b87b7092cedb

comparison

equal deleted inserted replaced

-:e6c26cb4d38b
+:d514f88053e5
 ngx_uint_t                 ssl_protocols;
 ngx_str_t                  ssl_ciphers;
 ngx_uint_t                 ssl_verify_depth;
 ngx_str_t                  ssl_trusted_certificate;
 ngx_str_t                  ssl_crl;
-ngx_str_t                  ssl_certificate;
-ngx_str_t                  ssl_certificate_key;
-ngx_array_t               *ssl_passwords;
 ngx_array_t               *ssl_conf_commands;
 #endif
 } ngx_http_uwsgi_loc_conf_t;
 offsetof(ngx_http_uwsgi_loc_conf_t, ssl_crl),
 NULL },
 { ngx_string("uwsgi_ssl_certificate"),
 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1,
-ngx_conf_set_str_slot,
+ngx_http_set_complex_value_zero_slot,
 NGX_HTTP_LOC_CONF_OFFSET,
-offsetof(ngx_http_uwsgi_loc_conf_t, ssl_certificate),
+offsetof(ngx_http_uwsgi_loc_conf_t, upstream.ssl_certificate),
 NULL },
 { ngx_string("uwsgi_ssl_certificate_key"),
 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1,
-ngx_conf_set_str_slot,
+ngx_http_set_complex_value_zero_slot,
 NGX_HTTP_LOC_CONF_OFFSET,
-offsetof(ngx_http_uwsgi_loc_conf_t, ssl_certificate_key),
+offsetof(ngx_http_uwsgi_loc_conf_t, upstream.ssl_certificate_key),
 NULL },
 { ngx_string("uwsgi_ssl_password_file"),
 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1,
 ngx_http_uwsgi_ssl_password_file,
 conf->upstream.intercept_errors = NGX_CONF_UNSET;
 #if (NGX_HTTP_SSL)
 conf->upstream.ssl_session_reuse = NGX_CONF_UNSET;
+conf->upstream.ssl_name = NGX_CONF_UNSET_PTR;
 conf->upstream.ssl_server_name = NGX_CONF_UNSET;
 conf->upstream.ssl_verify = NGX_CONF_UNSET;
 conf->ssl_verify_depth = NGX_CONF_UNSET_UINT;
-conf->ssl_passwords = NGX_CONF_UNSET_PTR;
+conf->upstream.ssl_certificate = NGX_CONF_UNSET_PTR;
+conf->upstream.ssl_certificate_key = NGX_CONF_UNSET_PTR;
+conf->upstream.ssl_passwords = NGX_CONF_UNSET_PTR;
 conf->ssl_conf_commands = NGX_CONF_UNSET_PTR;
 #endif
 /* "uwsgi_cyclic_temp_file" is disabled */
 conf->upstream.cyclic_temp_file = 0;
 |NGX_SSL_TLSv1_1|NGX_SSL_TLSv1_2));
 ngx_conf_merge_str_value(conf->ssl_ciphers, prev->ssl_ciphers,
 "DEFAULT");
-if (conf->upstream.ssl_name == NULL) {
+ngx_conf_merge_ptr_value(conf->upstream.ssl_name,
-conf->upstream.ssl_name = prev->upstream.ssl_name;
+prev->upstream.ssl_name, NULL);
-}
 ngx_conf_merge_value(conf->upstream.ssl_server_name,
 prev->upstream.ssl_server_name, 0);
 ngx_conf_merge_value(conf->upstream.ssl_verify,
 prev->upstream.ssl_verify, 0);
 ngx_conf_merge_uint_value(conf->ssl_verify_depth,
 prev->ssl_verify_depth, 1);
 ngx_conf_merge_str_value(conf->ssl_trusted_certificate,
 prev->ssl_trusted_certificate, "");
 ngx_conf_merge_str_value(conf->ssl_crl, prev->ssl_crl, "");
-ngx_conf_merge_str_value(conf->ssl_certificate,
+ngx_conf_merge_ptr_value(conf->upstream.ssl_certificate,
-prev->ssl_certificate, "");
+prev->upstream.ssl_certificate, NULL);
-ngx_conf_merge_str_value(conf->ssl_certificate_key,
+ngx_conf_merge_ptr_value(conf->upstream.ssl_certificate_key,
-prev->ssl_certificate_key, "");
+prev->upstream.ssl_certificate_key, NULL);
-ngx_conf_merge_ptr_value(conf->ssl_passwords, prev->ssl_passwords, NULL);
+ngx_conf_merge_ptr_value(conf->upstream.ssl_passwords,
+prev->upstream.ssl_passwords, NULL);
 ngx_conf_merge_ptr_value(conf->ssl_conf_commands,
 prev->ssl_conf_commands, NULL);
 if (conf->ssl && ngx_http_uwsgi_set_ssl(cf, conf) != NGX_OK) {
 {
 ngx_http_uwsgi_loc_conf_t *uwcf = conf;
 ngx_str_t  *value;
-if (uwcf->ssl_passwords != NGX_CONF_UNSET_PTR) {
+if (uwcf->upstream.ssl_passwords != NGX_CONF_UNSET_PTR) {
 return "is duplicate";
 }
 value = cf->args->elts;
-uwcf->ssl_passwords = ngx_ssl_read_password_file(cf, &value[1]);
+uwcf->upstream.ssl_passwords = ngx_ssl_read_password_file(cf, &value[1]);
-if (uwcf->ssl_passwords == NULL) {
+if (uwcf->upstream.ssl_passwords == NULL) {
 return NGX_CONF_ERROR;
 }
 return NGX_CONF_OK;
 }
 }
 cln->handler = ngx_ssl_cleanup_ctx;
 cln->data = uwcf->upstream.ssl;
-if (uwcf->ssl_certificate.len) {
+if (uwcf->upstream.ssl_certificate) {
-if (uwcf->ssl_certificate_key.len == 0) {
+if (uwcf->upstream.ssl_certificate_key == NULL) {
 ngx_log_error(NGX_LOG_EMERG, cf->log, 0,
 "no \"uwsgi_ssl_certificate_key\" is defined "
-"for certificate \"%V\"", &uwcf->ssl_certificate);
+"for certificate \"%V\"",
+&uwcf->upstream.ssl_certificate->value);
 return NGX_ERROR;
 }
-if (ngx_ssl_certificate(cf, uwcf->upstream.ssl, &uwcf->ssl_certificate,
+if (uwcf->upstream.ssl_certificate->lengths
-&uwcf->ssl_certificate_key, uwcf->ssl_passwords)
+|| uwcf->upstream.ssl_certificate_key->lengths)
-!= NGX_OK)
 {
-return NGX_ERROR;
+uwcf->upstream.ssl_passwords =
+ngx_ssl_preserve_passwords(cf, uwcf->upstream.ssl_passwords);
+if (uwcf->upstream.ssl_passwords == NULL) {
+return NGX_ERROR;
+}
+} else {
+if (ngx_ssl_certificate(cf, uwcf->upstream.ssl,
+&uwcf->upstream.ssl_certificate->value,
+&uwcf->upstream.ssl_certificate_key->value,
+uwcf->upstream.ssl_passwords)
+!= NGX_OK)
+{
+return NGX_ERROR;
+}
 }
 }
 if (ngx_ssl_ciphers(cf, uwcf->upstream.ssl, &uwcf->ssl_ciphers, 0)
 != NGX_OK)

Mercurial > hg > nginx

comparison src/http/modules/ngx_http_uwsgi_module.c @ 8786:d514f88053e5 quic