Mercurial > hg > nginx-quic
comparison src/http/modules/ngx_http_proxy_module.c @ 5390:919d230ecdbe
Proxy: added the "proxy_ssl_ciphers" directive.
Signed-off-by: Piotr Sikora <piotr@cloudflare.com>
author | Piotr Sikora <piotr@cloudflare.com> |
---|---|
date | Mon, 23 Sep 2013 15:58:28 -0700 |
parents | 7c1f4977d8a0 |
children | e65be17e3a3e |
comparison
equal
deleted
inserted
replaced
5389:72e31d88defa | 5390:919d230ecdbe |
---|---|
78 ngx_uint_t headers_hash_bucket_size; | 78 ngx_uint_t headers_hash_bucket_size; |
79 | 79 |
80 #if (NGX_HTTP_SSL) | 80 #if (NGX_HTTP_SSL) |
81 ngx_uint_t ssl; | 81 ngx_uint_t ssl; |
82 ngx_uint_t ssl_protocols; | 82 ngx_uint_t ssl_protocols; |
83 ngx_str_t ssl_ciphers; | |
83 #endif | 84 #endif |
84 } ngx_http_proxy_loc_conf_t; | 85 } ngx_http_proxy_loc_conf_t; |
85 | 86 |
86 | 87 |
87 typedef struct { | 88 typedef struct { |
535 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_1MORE, | 536 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_1MORE, |
536 ngx_conf_set_bitmask_slot, | 537 ngx_conf_set_bitmask_slot, |
537 NGX_HTTP_LOC_CONF_OFFSET, | 538 NGX_HTTP_LOC_CONF_OFFSET, |
538 offsetof(ngx_http_proxy_loc_conf_t, ssl_protocols), | 539 offsetof(ngx_http_proxy_loc_conf_t, ssl_protocols), |
539 &ngx_http_proxy_ssl_protocols }, | 540 &ngx_http_proxy_ssl_protocols }, |
541 | |
542 { ngx_string("proxy_ssl_ciphers"), | |
543 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1, | |
544 ngx_conf_set_str_slot, | |
545 NGX_HTTP_LOC_CONF_OFFSET, | |
546 offsetof(ngx_http_proxy_loc_conf_t, ssl_ciphers), | |
547 NULL }, | |
540 | 548 |
541 #endif | 549 #endif |
542 | 550 |
543 ngx_null_command | 551 ngx_null_command |
544 }; | 552 }; |
2412 * conf->body_set = NULL; | 2420 * conf->body_set = NULL; |
2413 * conf->body_source = { 0, NULL }; | 2421 * conf->body_source = { 0, NULL }; |
2414 * conf->redirects = NULL; | 2422 * conf->redirects = NULL; |
2415 * conf->ssl = 0; | 2423 * conf->ssl = 0; |
2416 * conf->ssl_protocols = 0; | 2424 * conf->ssl_protocols = 0; |
2425 * conf->ssl_ciphers = { 0, NULL }; | |
2417 */ | 2426 */ |
2418 | 2427 |
2419 conf->upstream.store = NGX_CONF_UNSET; | 2428 conf->upstream.store = NGX_CONF_UNSET; |
2420 conf->upstream.store_access = NGX_CONF_UNSET_UINT; | 2429 conf->upstream.store_access = NGX_CONF_UNSET_UINT; |
2421 conf->upstream.buffering = NGX_CONF_UNSET; | 2430 conf->upstream.buffering = NGX_CONF_UNSET; |
2732 | 2741 |
2733 ngx_conf_merge_bitmask_value(conf->ssl_protocols, prev->ssl_protocols, | 2742 ngx_conf_merge_bitmask_value(conf->ssl_protocols, prev->ssl_protocols, |
2734 (NGX_CONF_BITMASK_SET|NGX_SSL_SSLv3 | 2743 (NGX_CONF_BITMASK_SET|NGX_SSL_SSLv3 |
2735 |NGX_SSL_TLSv1|NGX_SSL_TLSv1_1 | 2744 |NGX_SSL_TLSv1|NGX_SSL_TLSv1_1 |
2736 |NGX_SSL_TLSv1_2)); | 2745 |NGX_SSL_TLSv1_2)); |
2746 | |
2747 ngx_conf_merge_str_value(conf->ssl_ciphers, prev->ssl_ciphers, | |
2748 "DEFAULT"); | |
2737 | 2749 |
2738 if (conf->ssl && ngx_http_proxy_set_ssl(cf, conf) != NGX_OK) { | 2750 if (conf->ssl && ngx_http_proxy_set_ssl(cf, conf) != NGX_OK) { |
2739 return NGX_CONF_ERROR; | 2751 return NGX_CONF_ERROR; |
2740 } | 2752 } |
2741 #endif | 2753 #endif |
3782 != NGX_OK) | 3794 != NGX_OK) |
3783 { | 3795 { |
3784 return NGX_ERROR; | 3796 return NGX_ERROR; |
3785 } | 3797 } |
3786 | 3798 |
3799 if (SSL_CTX_set_cipher_list(plcf->upstream.ssl->ctx, | |
3800 (const char *) plcf->ssl_ciphers.data) | |
3801 == 0) | |
3802 { | |
3803 ngx_ssl_error(NGX_LOG_EMERG, cf->log, 0, | |
3804 "SSL_CTX_set_cipher_list(\"%V\") failed", | |
3805 &plcf->ssl_ciphers); | |
3806 return NGX_ERROR; | |
3807 } | |
3808 | |
3787 cln = ngx_pool_cleanup_add(cf->pool, 0); | 3809 cln = ngx_pool_cleanup_add(cf->pool, 0); |
3788 if (cln == NULL) { | 3810 if (cln == NULL) { |
3789 return NGX_ERROR; | 3811 return NGX_ERROR; |
3790 } | 3812 } |
3791 | 3813 |