Mercurial > hg > nginx

comparison src/http/modules/ngx_http_grpc_module.c @ 7730:1a719ee45526

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Upstream: proxy_ssl_conf_command and friends. Similarly to ssl_conf_command, proxy_ssl_conf_command (grpc_ssl_conf_command, uwsgi_ssl_conf_command) can be used to set arbitrary OpenSSL configuration parameters as long as nginx is compiled with OpenSSL 1.0.2 or later, when connecting to upstream servers with SSL. Full list of available configuration commands can be found in the SSL_CONF_cmd manual page (https://www.openssl.org/docs/man1.1.1/man3/SSL_CONF_cmd.html).
author Maxim Dounin <mdounin@mdounin.ru>
date Thu, 22 Oct 2020 18:00:23 +0300
parents 485dba3e2a01
children a46fcf101cfc
comparison
equal deleted inserted replaced
7729:3bff3f397c05 7730:1a719ee45526
38 ngx_str_t ssl_trusted_certificate; 38 ngx_str_t ssl_trusted_certificate;
39 ngx_str_t ssl_crl; 39 ngx_str_t ssl_crl;
40 ngx_str_t ssl_certificate; 40 ngx_str_t ssl_certificate;
41 ngx_str_t ssl_certificate_key; 41 ngx_str_t ssl_certificate_key;
42 ngx_array_t *ssl_passwords; 42 ngx_array_t *ssl_passwords;
43 ngx_array_t *ssl_conf_commands;
43 #endif 44 #endif
44 } ngx_http_grpc_loc_conf_t; 45 } ngx_http_grpc_loc_conf_t;
45 46
46 47
47 typedef enum { 48 typedef enum {
206 void *conf); 207 void *conf);
207 208
208 #if (NGX_HTTP_SSL) 209 #if (NGX_HTTP_SSL)
209 static char *ngx_http_grpc_ssl_password_file(ngx_conf_t *cf, 210 static char *ngx_http_grpc_ssl_password_file(ngx_conf_t *cf,
210 ngx_command_t *cmd, void *conf); 211 ngx_command_t *cmd, void *conf);
212 static char *ngx_http_grpc_ssl_conf_command_check(ngx_conf_t *cf, void *post,
213 void *data);
211 static ngx_int_t ngx_http_grpc_set_ssl(ngx_conf_t *cf, 214 static ngx_int_t ngx_http_grpc_set_ssl(ngx_conf_t *cf,
212 ngx_http_grpc_loc_conf_t *glcf); 215 ngx_http_grpc_loc_conf_t *glcf);
213 #endif 216 #endif
214 217
215 218
240 { ngx_string("TLSv1.2"), NGX_SSL_TLSv1_2 }, 243 { ngx_string("TLSv1.2"), NGX_SSL_TLSv1_2 },
241 { ngx_string("TLSv1.3"), NGX_SSL_TLSv1_3 }, 244 { ngx_string("TLSv1.3"), NGX_SSL_TLSv1_3 },
242 { ngx_null_string, 0 } 245 { ngx_null_string, 0 }
243 }; 246 };
244 247
248 static ngx_conf_post_t ngx_http_grpc_ssl_conf_command_post =
249 { ngx_http_grpc_ssl_conf_command_check };
250
245 #endif 251 #endif
246 252
247 253
248 static ngx_command_t ngx_http_grpc_commands[] = { 254 static ngx_command_t ngx_http_grpc_commands[] = {
249 255
435 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1, 441 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1,
436 ngx_http_grpc_ssl_password_file, 442 ngx_http_grpc_ssl_password_file,
437 NGX_HTTP_LOC_CONF_OFFSET, 443 NGX_HTTP_LOC_CONF_OFFSET,
438 0, 444 0,
439 NULL }, 445 NULL },
446
447 { ngx_string("grpc_ssl_conf_command"),
448 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE2,
449 ngx_conf_set_keyval_slot,
450 NGX_HTTP_LOC_CONF_OFFSET,
451 offsetof(ngx_http_grpc_loc_conf_t, ssl_conf_commands),
452 &ngx_http_grpc_ssl_conf_command_post },
440 453
441 #endif 454 #endif
442 455
443 ngx_null_command 456 ngx_null_command
444 }; 457 };
4357 conf->upstream.ssl_session_reuse = NGX_CONF_UNSET; 4370 conf->upstream.ssl_session_reuse = NGX_CONF_UNSET;
4358 conf->upstream.ssl_server_name = NGX_CONF_UNSET; 4371 conf->upstream.ssl_server_name = NGX_CONF_UNSET;
4359 conf->upstream.ssl_verify = NGX_CONF_UNSET; 4372 conf->upstream.ssl_verify = NGX_CONF_UNSET;
4360 conf->ssl_verify_depth = NGX_CONF_UNSET_UINT; 4373 conf->ssl_verify_depth = NGX_CONF_UNSET_UINT;
4361 conf->ssl_passwords = NGX_CONF_UNSET_PTR; 4374 conf->ssl_passwords = NGX_CONF_UNSET_PTR;
4375 conf->ssl_conf_commands = NGX_CONF_UNSET_PTR;
4362 #endif 4376 #endif
4363 4377
4364 /* the hardcoded values */ 4378 /* the hardcoded values */
4365 conf->upstream.cyclic_temp_file = 0; 4379 conf->upstream.cyclic_temp_file = 0;
4366 conf->upstream.buffering = 0; 4380 conf->upstream.buffering = 0;
4467 prev->ssl_certificate, ""); 4481 prev->ssl_certificate, "");
4468 ngx_conf_merge_str_value(conf->ssl_certificate_key, 4482 ngx_conf_merge_str_value(conf->ssl_certificate_key,
4469 prev->ssl_certificate_key, ""); 4483 prev->ssl_certificate_key, "");
4470 ngx_conf_merge_ptr_value(conf->ssl_passwords, prev->ssl_passwords, NULL); 4484 ngx_conf_merge_ptr_value(conf->ssl_passwords, prev->ssl_passwords, NULL);
4471 4485
4486 ngx_conf_merge_ptr_value(conf->ssl_conf_commands,
4487 prev->ssl_conf_commands, NULL);
4488
4472 if (conf->ssl && ngx_http_grpc_set_ssl(cf, conf) != NGX_OK) { 4489 if (conf->ssl && ngx_http_grpc_set_ssl(cf, conf) != NGX_OK) {
4473 return NGX_CONF_ERROR; 4490 return NGX_CONF_ERROR;
4474 } 4491 }
4475 4492
4476 #endif 4493 #endif
4834 4851
4835 return NGX_CONF_OK; 4852 return NGX_CONF_OK;
4836 } 4853 }
4837 4854
4838 4855
4856 static char *
4857 ngx_http_grpc_ssl_conf_command_check(ngx_conf_t *cf, void *post, void *data)
4858 {
4859 #ifndef SSL_CONF_FLAG_FILE
4860 return "is not supported on this platform";
4861 #endif
4862
4863 return NGX_CONF_OK;
4864 }
4865
4866
4839 static ngx_int_t 4867 static ngx_int_t
4840 ngx_http_grpc_set_ssl(ngx_conf_t *cf, ngx_http_grpc_loc_conf_t *glcf) 4868 ngx_http_grpc_set_ssl(ngx_conf_t *cf, ngx_http_grpc_loc_conf_t *glcf)
4841 { 4869 {
4842 ngx_pool_cleanup_t *cln; 4870 ngx_pool_cleanup_t *cln;
4843 4871
4924 return NGX_ERROR; 4952 return NGX_ERROR;
4925 } 4953 }
4926 4954
4927 #endif 4955 #endif
4928 4956
4957 if (ngx_ssl_conf_commands(cf, glcf->upstream.ssl, glcf->ssl_conf_commands)
4958 != NGX_OK)
4959 {
4960 return NGX_ERROR;
4961 }
4962
4929 return NGX_OK; 4963 return NGX_OK;
4930 } 4964 }
4931 4965
4932 #endif 4966 #endif