Mercurial > hg > nginx
comparison src/http/modules/ngx_http_grpc_module.c @ 7730:1a719ee45526
Upstream: proxy_ssl_conf_command and friends.
Similarly to ssl_conf_command, proxy_ssl_conf_command (grpc_ssl_conf_command,
uwsgi_ssl_conf_command) can be used to set arbitrary OpenSSL configuration
parameters as long as nginx is compiled with OpenSSL 1.0.2 or later,
when connecting to upstream servers with SSL. Full list of available
configuration commands can be found in the SSL_CONF_cmd manual page
(https://www.openssl.org/docs/man1.1.1/man3/SSL_CONF_cmd.html).
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Thu, 22 Oct 2020 18:00:23 +0300 |
parents | 485dba3e2a01 |
children | a46fcf101cfc |
comparison
equal
deleted
inserted
replaced
7729:3bff3f397c05 | 7730:1a719ee45526 |
---|---|
38 ngx_str_t ssl_trusted_certificate; | 38 ngx_str_t ssl_trusted_certificate; |
39 ngx_str_t ssl_crl; | 39 ngx_str_t ssl_crl; |
40 ngx_str_t ssl_certificate; | 40 ngx_str_t ssl_certificate; |
41 ngx_str_t ssl_certificate_key; | 41 ngx_str_t ssl_certificate_key; |
42 ngx_array_t *ssl_passwords; | 42 ngx_array_t *ssl_passwords; |
43 ngx_array_t *ssl_conf_commands; | |
43 #endif | 44 #endif |
44 } ngx_http_grpc_loc_conf_t; | 45 } ngx_http_grpc_loc_conf_t; |
45 | 46 |
46 | 47 |
47 typedef enum { | 48 typedef enum { |
206 void *conf); | 207 void *conf); |
207 | 208 |
208 #if (NGX_HTTP_SSL) | 209 #if (NGX_HTTP_SSL) |
209 static char *ngx_http_grpc_ssl_password_file(ngx_conf_t *cf, | 210 static char *ngx_http_grpc_ssl_password_file(ngx_conf_t *cf, |
210 ngx_command_t *cmd, void *conf); | 211 ngx_command_t *cmd, void *conf); |
212 static char *ngx_http_grpc_ssl_conf_command_check(ngx_conf_t *cf, void *post, | |
213 void *data); | |
211 static ngx_int_t ngx_http_grpc_set_ssl(ngx_conf_t *cf, | 214 static ngx_int_t ngx_http_grpc_set_ssl(ngx_conf_t *cf, |
212 ngx_http_grpc_loc_conf_t *glcf); | 215 ngx_http_grpc_loc_conf_t *glcf); |
213 #endif | 216 #endif |
214 | 217 |
215 | 218 |
240 { ngx_string("TLSv1.2"), NGX_SSL_TLSv1_2 }, | 243 { ngx_string("TLSv1.2"), NGX_SSL_TLSv1_2 }, |
241 { ngx_string("TLSv1.3"), NGX_SSL_TLSv1_3 }, | 244 { ngx_string("TLSv1.3"), NGX_SSL_TLSv1_3 }, |
242 { ngx_null_string, 0 } | 245 { ngx_null_string, 0 } |
243 }; | 246 }; |
244 | 247 |
248 static ngx_conf_post_t ngx_http_grpc_ssl_conf_command_post = | |
249 { ngx_http_grpc_ssl_conf_command_check }; | |
250 | |
245 #endif | 251 #endif |
246 | 252 |
247 | 253 |
248 static ngx_command_t ngx_http_grpc_commands[] = { | 254 static ngx_command_t ngx_http_grpc_commands[] = { |
249 | 255 |
435 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1, | 441 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1, |
436 ngx_http_grpc_ssl_password_file, | 442 ngx_http_grpc_ssl_password_file, |
437 NGX_HTTP_LOC_CONF_OFFSET, | 443 NGX_HTTP_LOC_CONF_OFFSET, |
438 0, | 444 0, |
439 NULL }, | 445 NULL }, |
446 | |
447 { ngx_string("grpc_ssl_conf_command"), | |
448 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE2, | |
449 ngx_conf_set_keyval_slot, | |
450 NGX_HTTP_LOC_CONF_OFFSET, | |
451 offsetof(ngx_http_grpc_loc_conf_t, ssl_conf_commands), | |
452 &ngx_http_grpc_ssl_conf_command_post }, | |
440 | 453 |
441 #endif | 454 #endif |
442 | 455 |
443 ngx_null_command | 456 ngx_null_command |
444 }; | 457 }; |
4357 conf->upstream.ssl_session_reuse = NGX_CONF_UNSET; | 4370 conf->upstream.ssl_session_reuse = NGX_CONF_UNSET; |
4358 conf->upstream.ssl_server_name = NGX_CONF_UNSET; | 4371 conf->upstream.ssl_server_name = NGX_CONF_UNSET; |
4359 conf->upstream.ssl_verify = NGX_CONF_UNSET; | 4372 conf->upstream.ssl_verify = NGX_CONF_UNSET; |
4360 conf->ssl_verify_depth = NGX_CONF_UNSET_UINT; | 4373 conf->ssl_verify_depth = NGX_CONF_UNSET_UINT; |
4361 conf->ssl_passwords = NGX_CONF_UNSET_PTR; | 4374 conf->ssl_passwords = NGX_CONF_UNSET_PTR; |
4375 conf->ssl_conf_commands = NGX_CONF_UNSET_PTR; | |
4362 #endif | 4376 #endif |
4363 | 4377 |
4364 /* the hardcoded values */ | 4378 /* the hardcoded values */ |
4365 conf->upstream.cyclic_temp_file = 0; | 4379 conf->upstream.cyclic_temp_file = 0; |
4366 conf->upstream.buffering = 0; | 4380 conf->upstream.buffering = 0; |
4467 prev->ssl_certificate, ""); | 4481 prev->ssl_certificate, ""); |
4468 ngx_conf_merge_str_value(conf->ssl_certificate_key, | 4482 ngx_conf_merge_str_value(conf->ssl_certificate_key, |
4469 prev->ssl_certificate_key, ""); | 4483 prev->ssl_certificate_key, ""); |
4470 ngx_conf_merge_ptr_value(conf->ssl_passwords, prev->ssl_passwords, NULL); | 4484 ngx_conf_merge_ptr_value(conf->ssl_passwords, prev->ssl_passwords, NULL); |
4471 | 4485 |
4486 ngx_conf_merge_ptr_value(conf->ssl_conf_commands, | |
4487 prev->ssl_conf_commands, NULL); | |
4488 | |
4472 if (conf->ssl && ngx_http_grpc_set_ssl(cf, conf) != NGX_OK) { | 4489 if (conf->ssl && ngx_http_grpc_set_ssl(cf, conf) != NGX_OK) { |
4473 return NGX_CONF_ERROR; | 4490 return NGX_CONF_ERROR; |
4474 } | 4491 } |
4475 | 4492 |
4476 #endif | 4493 #endif |
4834 | 4851 |
4835 return NGX_CONF_OK; | 4852 return NGX_CONF_OK; |
4836 } | 4853 } |
4837 | 4854 |
4838 | 4855 |
4856 static char * | |
4857 ngx_http_grpc_ssl_conf_command_check(ngx_conf_t *cf, void *post, void *data) | |
4858 { | |
4859 #ifndef SSL_CONF_FLAG_FILE | |
4860 return "is not supported on this platform"; | |
4861 #endif | |
4862 | |
4863 return NGX_CONF_OK; | |
4864 } | |
4865 | |
4866 | |
4839 static ngx_int_t | 4867 static ngx_int_t |
4840 ngx_http_grpc_set_ssl(ngx_conf_t *cf, ngx_http_grpc_loc_conf_t *glcf) | 4868 ngx_http_grpc_set_ssl(ngx_conf_t *cf, ngx_http_grpc_loc_conf_t *glcf) |
4841 { | 4869 { |
4842 ngx_pool_cleanup_t *cln; | 4870 ngx_pool_cleanup_t *cln; |
4843 | 4871 |
4924 return NGX_ERROR; | 4952 return NGX_ERROR; |
4925 } | 4953 } |
4926 | 4954 |
4927 #endif | 4955 #endif |
4928 | 4956 |
4957 if (ngx_ssl_conf_commands(cf, glcf->upstream.ssl, glcf->ssl_conf_commands) | |
4958 != NGX_OK) | |
4959 { | |
4960 return NGX_ERROR; | |
4961 } | |
4962 | |
4929 return NGX_OK; | 4963 return NGX_OK; |
4930 } | 4964 } |
4931 | 4965 |
4932 #endif | 4966 #endif |