Mercurial > hg > nginx
comparison src/http/ngx_http_upstream.c @ 8786:d514f88053e5 quic
Merged with the default branch.
author | Sergey Kandaurov <pluknet@nginx.com> |
---|---|
date | Fri, 28 May 2021 13:33:08 +0300 |
parents | f1986657fc26 3ab8e1e2f0f7 |
children | fac88e160653 |
comparison
equal
deleted
inserted
replaced
8785:e6c26cb4d38b | 8786:d514f88053e5 |
---|---|
185 static void ngx_http_upstream_ssl_handshake(ngx_http_request_t *, | 185 static void ngx_http_upstream_ssl_handshake(ngx_http_request_t *, |
186 ngx_http_upstream_t *u, ngx_connection_t *c); | 186 ngx_http_upstream_t *u, ngx_connection_t *c); |
187 static void ngx_http_upstream_ssl_save_session(ngx_connection_t *c); | 187 static void ngx_http_upstream_ssl_save_session(ngx_connection_t *c); |
188 static ngx_int_t ngx_http_upstream_ssl_name(ngx_http_request_t *r, | 188 static ngx_int_t ngx_http_upstream_ssl_name(ngx_http_request_t *r, |
189 ngx_http_upstream_t *u, ngx_connection_t *c); | 189 ngx_http_upstream_t *u, ngx_connection_t *c); |
190 static ngx_int_t ngx_http_upstream_ssl_certificate(ngx_http_request_t *r, | |
191 ngx_http_upstream_t *u, ngx_connection_t *c); | |
190 #endif | 192 #endif |
191 | 193 |
192 | 194 |
193 static ngx_http_upstream_header_t ngx_http_upstream_headers_in[] = { | 195 static ngx_http_upstream_header_t ngx_http_upstream_headers_in[] = { |
194 | 196 |
1710 NGX_HTTP_INTERNAL_SERVER_ERROR); | 1712 NGX_HTTP_INTERNAL_SERVER_ERROR); |
1711 return; | 1713 return; |
1712 } | 1714 } |
1713 } | 1715 } |
1714 | 1716 |
1717 if (u->conf->ssl_certificate && (u->conf->ssl_certificate->lengths | |
1718 || u->conf->ssl_certificate_key->lengths)) | |
1719 { | |
1720 if (ngx_http_upstream_ssl_certificate(r, u, c) != NGX_OK) { | |
1721 ngx_http_upstream_finalize_request(r, u, | |
1722 NGX_HTTP_INTERNAL_SERVER_ERROR); | |
1723 return; | |
1724 } | |
1725 } | |
1726 | |
1715 if (u->conf->ssl_session_reuse) { | 1727 if (u->conf->ssl_session_reuse) { |
1716 c->ssl->save_session = ngx_http_upstream_ssl_save_session; | 1728 c->ssl->save_session = ngx_http_upstream_ssl_save_session; |
1717 | 1729 |
1718 if (u->peer.set_session(&u->peer, u->peer.data) != NGX_OK) { | 1730 if (u->peer.set_session(&u->peer, u->peer.data) != NGX_OK) { |
1719 ngx_http_upstream_finalize_request(r, u, | 1731 ngx_http_upstream_finalize_request(r, u, |
1926 #endif | 1938 #endif |
1927 | 1939 |
1928 done: | 1940 done: |
1929 | 1941 |
1930 u->ssl_name = name; | 1942 u->ssl_name = name; |
1943 | |
1944 return NGX_OK; | |
1945 } | |
1946 | |
1947 | |
1948 static ngx_int_t | |
1949 ngx_http_upstream_ssl_certificate(ngx_http_request_t *r, | |
1950 ngx_http_upstream_t *u, ngx_connection_t *c) | |
1951 { | |
1952 ngx_str_t cert, key; | |
1953 | |
1954 if (ngx_http_complex_value(r, u->conf->ssl_certificate, &cert) | |
1955 != NGX_OK) | |
1956 { | |
1957 return NGX_ERROR; | |
1958 } | |
1959 | |
1960 ngx_log_debug1(NGX_LOG_DEBUG_HTTP, c->log, 0, | |
1961 "http upstream ssl cert: \"%s\"", cert.data); | |
1962 | |
1963 if (*cert.data == '\0') { | |
1964 return NGX_OK; | |
1965 } | |
1966 | |
1967 if (ngx_http_complex_value(r, u->conf->ssl_certificate_key, &key) | |
1968 != NGX_OK) | |
1969 { | |
1970 return NGX_ERROR; | |
1971 } | |
1972 | |
1973 ngx_log_debug1(NGX_LOG_DEBUG_HTTP, c->log, 0, | |
1974 "http upstream ssl key: \"%s\"", key.data); | |
1975 | |
1976 if (ngx_ssl_connection_certificate(c, r->pool, &cert, &key, | |
1977 u->conf->ssl_passwords) | |
1978 != NGX_OK) | |
1979 { | |
1980 return NGX_ERROR; | |
1981 } | |
1931 | 1982 |
1932 return NGX_OK; | 1983 return NGX_OK; |
1933 } | 1984 } |
1934 | 1985 |
1935 #endif | 1986 #endif |