Mercurial > hg > nginx-quic
comparison src/http/modules/ngx_http_grpc_module.c @ 8454:3ab8e1e2f0f7
Upstream: variables support in certificates.
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Thu, 06 May 2021 02:22:09 +0300 |
parents | bdd4d89370a7 |
children | 021416fca094 |
comparison
equal
deleted
inserted
replaced
8453:be82e72c9af8 | 8454:3ab8e1e2f0f7 |
---|---|
35 ngx_uint_t ssl_protocols; | 35 ngx_uint_t ssl_protocols; |
36 ngx_str_t ssl_ciphers; | 36 ngx_str_t ssl_ciphers; |
37 ngx_uint_t ssl_verify_depth; | 37 ngx_uint_t ssl_verify_depth; |
38 ngx_str_t ssl_trusted_certificate; | 38 ngx_str_t ssl_trusted_certificate; |
39 ngx_str_t ssl_crl; | 39 ngx_str_t ssl_crl; |
40 ngx_str_t ssl_certificate; | |
41 ngx_str_t ssl_certificate_key; | |
42 ngx_array_t *ssl_passwords; | |
43 ngx_array_t *ssl_conf_commands; | 40 ngx_array_t *ssl_conf_commands; |
44 #endif | 41 #endif |
45 } ngx_http_grpc_loc_conf_t; | 42 } ngx_http_grpc_loc_conf_t; |
46 | 43 |
47 | 44 |
423 offsetof(ngx_http_grpc_loc_conf_t, ssl_crl), | 420 offsetof(ngx_http_grpc_loc_conf_t, ssl_crl), |
424 NULL }, | 421 NULL }, |
425 | 422 |
426 { ngx_string("grpc_ssl_certificate"), | 423 { ngx_string("grpc_ssl_certificate"), |
427 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1, | 424 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1, |
428 ngx_conf_set_str_slot, | 425 ngx_http_set_complex_value_zero_slot, |
429 NGX_HTTP_LOC_CONF_OFFSET, | 426 NGX_HTTP_LOC_CONF_OFFSET, |
430 offsetof(ngx_http_grpc_loc_conf_t, ssl_certificate), | 427 offsetof(ngx_http_grpc_loc_conf_t, upstream.ssl_certificate), |
431 NULL }, | 428 NULL }, |
432 | 429 |
433 { ngx_string("grpc_ssl_certificate_key"), | 430 { ngx_string("grpc_ssl_certificate_key"), |
434 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1, | 431 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1, |
435 ngx_conf_set_str_slot, | 432 ngx_http_set_complex_value_zero_slot, |
436 NGX_HTTP_LOC_CONF_OFFSET, | 433 NGX_HTTP_LOC_CONF_OFFSET, |
437 offsetof(ngx_http_grpc_loc_conf_t, ssl_certificate_key), | 434 offsetof(ngx_http_grpc_loc_conf_t, upstream.ssl_certificate_key), |
438 NULL }, | 435 NULL }, |
439 | 436 |
440 { ngx_string("grpc_ssl_password_file"), | 437 { ngx_string("grpc_ssl_password_file"), |
441 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1, | 438 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1, |
442 ngx_http_grpc_ssl_password_file, | 439 ngx_http_grpc_ssl_password_file, |
4340 * conf->ssl = 0; | 4337 * conf->ssl = 0; |
4341 * conf->ssl_protocols = 0; | 4338 * conf->ssl_protocols = 0; |
4342 * conf->ssl_ciphers = { 0, NULL }; | 4339 * conf->ssl_ciphers = { 0, NULL }; |
4343 * conf->ssl_trusted_certificate = { 0, NULL }; | 4340 * conf->ssl_trusted_certificate = { 0, NULL }; |
4344 * conf->ssl_crl = { 0, NULL }; | 4341 * conf->ssl_crl = { 0, NULL }; |
4345 * conf->ssl_certificate = { 0, NULL }; | |
4346 * conf->ssl_certificate_key = { 0, NULL }; | |
4347 */ | 4342 */ |
4348 | 4343 |
4349 conf->upstream.local = NGX_CONF_UNSET_PTR; | 4344 conf->upstream.local = NGX_CONF_UNSET_PTR; |
4350 conf->upstream.socket_keepalive = NGX_CONF_UNSET; | 4345 conf->upstream.socket_keepalive = NGX_CONF_UNSET; |
4351 conf->upstream.next_upstream_tries = NGX_CONF_UNSET_UINT; | 4346 conf->upstream.next_upstream_tries = NGX_CONF_UNSET_UINT; |
4365 conf->upstream.ssl_session_reuse = NGX_CONF_UNSET; | 4360 conf->upstream.ssl_session_reuse = NGX_CONF_UNSET; |
4366 conf->upstream.ssl_name = NGX_CONF_UNSET_PTR; | 4361 conf->upstream.ssl_name = NGX_CONF_UNSET_PTR; |
4367 conf->upstream.ssl_server_name = NGX_CONF_UNSET; | 4362 conf->upstream.ssl_server_name = NGX_CONF_UNSET; |
4368 conf->upstream.ssl_verify = NGX_CONF_UNSET; | 4363 conf->upstream.ssl_verify = NGX_CONF_UNSET; |
4369 conf->ssl_verify_depth = NGX_CONF_UNSET_UINT; | 4364 conf->ssl_verify_depth = NGX_CONF_UNSET_UINT; |
4370 conf->ssl_passwords = NGX_CONF_UNSET_PTR; | 4365 conf->upstream.ssl_certificate = NGX_CONF_UNSET_PTR; |
4366 conf->upstream.ssl_certificate_key = NGX_CONF_UNSET_PTR; | |
4367 conf->upstream.ssl_passwords = NGX_CONF_UNSET_PTR; | |
4371 conf->ssl_conf_commands = NGX_CONF_UNSET_PTR; | 4368 conf->ssl_conf_commands = NGX_CONF_UNSET_PTR; |
4372 #endif | 4369 #endif |
4373 | 4370 |
4374 /* the hardcoded values */ | 4371 /* the hardcoded values */ |
4375 conf->upstream.cyclic_temp_file = 0; | 4372 conf->upstream.cyclic_temp_file = 0; |
4469 prev->ssl_verify_depth, 1); | 4466 prev->ssl_verify_depth, 1); |
4470 ngx_conf_merge_str_value(conf->ssl_trusted_certificate, | 4467 ngx_conf_merge_str_value(conf->ssl_trusted_certificate, |
4471 prev->ssl_trusted_certificate, ""); | 4468 prev->ssl_trusted_certificate, ""); |
4472 ngx_conf_merge_str_value(conf->ssl_crl, prev->ssl_crl, ""); | 4469 ngx_conf_merge_str_value(conf->ssl_crl, prev->ssl_crl, ""); |
4473 | 4470 |
4474 ngx_conf_merge_str_value(conf->ssl_certificate, | 4471 ngx_conf_merge_ptr_value(conf->upstream.ssl_certificate, |
4475 prev->ssl_certificate, ""); | 4472 prev->upstream.ssl_certificate, NULL); |
4476 ngx_conf_merge_str_value(conf->ssl_certificate_key, | 4473 ngx_conf_merge_ptr_value(conf->upstream.ssl_certificate_key, |
4477 prev->ssl_certificate_key, ""); | 4474 prev->upstream.ssl_certificate_key, NULL); |
4478 ngx_conf_merge_ptr_value(conf->ssl_passwords, prev->ssl_passwords, NULL); | 4475 ngx_conf_merge_ptr_value(conf->upstream.ssl_passwords, |
4476 prev->upstream.ssl_passwords, NULL); | |
4479 | 4477 |
4480 ngx_conf_merge_ptr_value(conf->ssl_conf_commands, | 4478 ngx_conf_merge_ptr_value(conf->ssl_conf_commands, |
4481 prev->ssl_conf_commands, NULL); | 4479 prev->ssl_conf_commands, NULL); |
4482 | 4480 |
4483 if (conf->ssl && ngx_http_grpc_set_ssl(cf, conf) != NGX_OK) { | 4481 if (conf->ssl && ngx_http_grpc_set_ssl(cf, conf) != NGX_OK) { |
4829 { | 4827 { |
4830 ngx_http_grpc_loc_conf_t *glcf = conf; | 4828 ngx_http_grpc_loc_conf_t *glcf = conf; |
4831 | 4829 |
4832 ngx_str_t *value; | 4830 ngx_str_t *value; |
4833 | 4831 |
4834 if (glcf->ssl_passwords != NGX_CONF_UNSET_PTR) { | 4832 if (glcf->upstream.ssl_passwords != NGX_CONF_UNSET_PTR) { |
4835 return "is duplicate"; | 4833 return "is duplicate"; |
4836 } | 4834 } |
4837 | 4835 |
4838 value = cf->args->elts; | 4836 value = cf->args->elts; |
4839 | 4837 |
4840 glcf->ssl_passwords = ngx_ssl_read_password_file(cf, &value[1]); | 4838 glcf->upstream.ssl_passwords = ngx_ssl_read_password_file(cf, &value[1]); |
4841 | 4839 |
4842 if (glcf->ssl_passwords == NULL) { | 4840 if (glcf->upstream.ssl_passwords == NULL) { |
4843 return NGX_CONF_ERROR; | 4841 return NGX_CONF_ERROR; |
4844 } | 4842 } |
4845 | 4843 |
4846 return NGX_CONF_OK; | 4844 return NGX_CONF_OK; |
4847 } | 4845 } |
4883 } | 4881 } |
4884 | 4882 |
4885 cln->handler = ngx_ssl_cleanup_ctx; | 4883 cln->handler = ngx_ssl_cleanup_ctx; |
4886 cln->data = glcf->upstream.ssl; | 4884 cln->data = glcf->upstream.ssl; |
4887 | 4885 |
4888 if (glcf->ssl_certificate.len) { | 4886 if (glcf->upstream.ssl_certificate) { |
4889 | 4887 |
4890 if (glcf->ssl_certificate_key.len == 0) { | 4888 if (glcf->upstream.ssl_certificate_key == NULL) { |
4891 ngx_log_error(NGX_LOG_EMERG, cf->log, 0, | 4889 ngx_log_error(NGX_LOG_EMERG, cf->log, 0, |
4892 "no \"grpc_ssl_certificate_key\" is defined " | 4890 "no \"grpc_ssl_certificate_key\" is defined " |
4893 "for certificate \"%V\"", &glcf->ssl_certificate); | 4891 "for certificate \"%V\"", |
4892 &glcf->upstream.ssl_certificate->value); | |
4894 return NGX_ERROR; | 4893 return NGX_ERROR; |
4895 } | 4894 } |
4896 | 4895 |
4897 if (ngx_ssl_certificate(cf, glcf->upstream.ssl, &glcf->ssl_certificate, | 4896 if (glcf->upstream.ssl_certificate->lengths |
4898 &glcf->ssl_certificate_key, glcf->ssl_passwords) | 4897 || glcf->upstream.ssl_certificate_key->lengths) |
4899 != NGX_OK) | |
4900 { | 4898 { |
4901 return NGX_ERROR; | 4899 glcf->upstream.ssl_passwords = |
4900 ngx_ssl_preserve_passwords(cf, glcf->upstream.ssl_passwords); | |
4901 if (glcf->upstream.ssl_passwords == NULL) { | |
4902 return NGX_ERROR; | |
4903 } | |
4904 | |
4905 } else { | |
4906 if (ngx_ssl_certificate(cf, glcf->upstream.ssl, | |
4907 &glcf->upstream.ssl_certificate->value, | |
4908 &glcf->upstream.ssl_certificate_key->value, | |
4909 glcf->upstream.ssl_passwords) | |
4910 != NGX_OK) | |
4911 { | |
4912 return NGX_ERROR; | |
4913 } | |
4902 } | 4914 } |
4903 } | 4915 } |
4904 | 4916 |
4905 if (ngx_ssl_ciphers(cf, glcf->upstream.ssl, &glcf->ssl_ciphers, 0) | 4917 if (ngx_ssl_ciphers(cf, glcf->upstream.ssl, &glcf->ssl_ciphers, 0) |
4906 != NGX_OK) | 4918 != NGX_OK) |