Mercurial > hg > nginx

comparison src/http/modules/ngx_http_uwsgi_module.c @ 7730:1a719ee45526

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Upstream: proxy_ssl_conf_command and friends. Similarly to ssl_conf_command, proxy_ssl_conf_command (grpc_ssl_conf_command, uwsgi_ssl_conf_command) can be used to set arbitrary OpenSSL configuration parameters as long as nginx is compiled with OpenSSL 1.0.2 or later, when connecting to upstream servers with SSL. Full list of available configuration commands can be found in the SSL_CONF_cmd manual page (https://www.openssl.org/docs/man1.1.1/man3/SSL_CONF_cmd.html).
author Maxim Dounin <mdounin@mdounin.ru>
date Thu, 22 Oct 2020 18:00:23 +0300
parents bffcc5af1d72
children 7ce28b4cc57e
comparison
equal deleted inserted replaced
7729:3bff3f397c05 7730:1a719ee45526
55 ngx_str_t ssl_trusted_certificate; 55 ngx_str_t ssl_trusted_certificate;
56 ngx_str_t ssl_crl; 56 ngx_str_t ssl_crl;
57 ngx_str_t ssl_certificate; 57 ngx_str_t ssl_certificate;
58 ngx_str_t ssl_certificate_key; 58 ngx_str_t ssl_certificate_key;
59 ngx_array_t *ssl_passwords; 59 ngx_array_t *ssl_passwords;
60 ngx_array_t *ssl_conf_commands;
60 #endif 61 #endif
61 } ngx_http_uwsgi_loc_conf_t; 62 } ngx_http_uwsgi_loc_conf_t;
62 63
63 64
64 static ngx_int_t ngx_http_uwsgi_eval(ngx_http_request_t *r, 65 static ngx_int_t ngx_http_uwsgi_eval(ngx_http_request_t *r,
94 #endif 95 #endif
95 96
96 #if (NGX_HTTP_SSL) 97 #if (NGX_HTTP_SSL)
97 static char *ngx_http_uwsgi_ssl_password_file(ngx_conf_t *cf, 98 static char *ngx_http_uwsgi_ssl_password_file(ngx_conf_t *cf,
98 ngx_command_t *cmd, void *conf); 99 ngx_command_t *cmd, void *conf);
100 static char *ngx_http_uwsgi_ssl_conf_command_check(ngx_conf_t *cf, void *post,
101 void *data);
99 static ngx_int_t ngx_http_uwsgi_set_ssl(ngx_conf_t *cf, 102 static ngx_int_t ngx_http_uwsgi_set_ssl(ngx_conf_t *cf,
100 ngx_http_uwsgi_loc_conf_t *uwcf); 103 ngx_http_uwsgi_loc_conf_t *uwcf);
101 #endif 104 #endif
102 105
103 106
132 { ngx_string("TLSv1.2"), NGX_SSL_TLSv1_2 }, 135 { ngx_string("TLSv1.2"), NGX_SSL_TLSv1_2 },
133 { ngx_string("TLSv1.3"), NGX_SSL_TLSv1_3 }, 136 { ngx_string("TLSv1.3"), NGX_SSL_TLSv1_3 },
134 { ngx_null_string, 0 } 137 { ngx_null_string, 0 }
135 }; 138 };
136 139
140 static ngx_conf_post_t ngx_http_uwsgi_ssl_conf_command_post =
141 { ngx_http_uwsgi_ssl_conf_command_check };
142
137 #endif 143 #endif
138 144
139 145
140 ngx_module_t ngx_http_uwsgi_module; 146 ngx_module_t ngx_http_uwsgi_module;
141 147
558 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1, 564 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1,
559 ngx_http_uwsgi_ssl_password_file, 565 ngx_http_uwsgi_ssl_password_file,
560 NGX_HTTP_LOC_CONF_OFFSET, 566 NGX_HTTP_LOC_CONF_OFFSET,
561 0, 567 0,
562 NULL }, 568 NULL },
569
570 { ngx_string("uwsgi_ssl_conf_command"),
571 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE2,
572 ngx_conf_set_keyval_slot,
573 NGX_HTTP_LOC_CONF_OFFSET,
574 offsetof(ngx_http_uwsgi_loc_conf_t, ssl_conf_commands),
575 &ngx_http_uwsgi_ssl_conf_command_post },
563 576
564 #endif 577 #endif
565 578
566 ngx_null_command 579 ngx_null_command
567 }; 580 };
1498 conf->upstream.ssl_session_reuse = NGX_CONF_UNSET; 1511 conf->upstream.ssl_session_reuse = NGX_CONF_UNSET;
1499 conf->upstream.ssl_server_name = NGX_CONF_UNSET; 1512 conf->upstream.ssl_server_name = NGX_CONF_UNSET;
1500 conf->upstream.ssl_verify = NGX_CONF_UNSET; 1513 conf->upstream.ssl_verify = NGX_CONF_UNSET;
1501 conf->ssl_verify_depth = NGX_CONF_UNSET_UINT; 1514 conf->ssl_verify_depth = NGX_CONF_UNSET_UINT;
1502 conf->ssl_passwords = NGX_CONF_UNSET_PTR; 1515 conf->ssl_passwords = NGX_CONF_UNSET_PTR;
1516 conf->ssl_conf_commands = NGX_CONF_UNSET_PTR;
1503 #endif 1517 #endif
1504 1518
1505 /* "uwsgi_cyclic_temp_file" is disabled */ 1519 /* "uwsgi_cyclic_temp_file" is disabled */
1506 conf->upstream.cyclic_temp_file = 0; 1520 conf->upstream.cyclic_temp_file = 0;
1507 1521
1827 ngx_conf_merge_str_value(conf->ssl_certificate, 1841 ngx_conf_merge_str_value(conf->ssl_certificate,
1828 prev->ssl_certificate, ""); 1842 prev->ssl_certificate, "");
1829 ngx_conf_merge_str_value(conf->ssl_certificate_key, 1843 ngx_conf_merge_str_value(conf->ssl_certificate_key,
1830 prev->ssl_certificate_key, ""); 1844 prev->ssl_certificate_key, "");
1831 ngx_conf_merge_ptr_value(conf->ssl_passwords, prev->ssl_passwords, NULL); 1845 ngx_conf_merge_ptr_value(conf->ssl_passwords, prev->ssl_passwords, NULL);
1846
1847 ngx_conf_merge_ptr_value(conf->ssl_conf_commands,
1848 prev->ssl_conf_commands, NULL);
1832 1849
1833 if (conf->ssl && ngx_http_uwsgi_set_ssl(cf, conf) != NGX_OK) { 1850 if (conf->ssl && ngx_http_uwsgi_set_ssl(cf, conf) != NGX_OK) {
1834 return NGX_CONF_ERROR; 1851 return NGX_CONF_ERROR;
1835 } 1852 }
1836 1853
2374 2391
2375 return NGX_CONF_OK; 2392 return NGX_CONF_OK;
2376 } 2393 }
2377 2394
2378 2395
2396 static char *
2397 ngx_http_uwsgi_ssl_conf_command_check(ngx_conf_t *cf, void *post, void *data)
2398 {
2399 #ifndef SSL_CONF_FLAG_FILE
2400 return "is not supported on this platform";
2401 #endif
2402
2403 return NGX_CONF_OK;
2404 }
2405
2406
2379 static ngx_int_t 2407 static ngx_int_t
2380 ngx_http_uwsgi_set_ssl(ngx_conf_t *cf, ngx_http_uwsgi_loc_conf_t *uwcf) 2408 ngx_http_uwsgi_set_ssl(ngx_conf_t *cf, ngx_http_uwsgi_loc_conf_t *uwcf)
2381 { 2409 {
2382 ngx_pool_cleanup_t *cln; 2410 ngx_pool_cleanup_t *cln;
2383 2411
2451 != NGX_OK) 2479 != NGX_OK)
2452 { 2480 {
2453 return NGX_ERROR; 2481 return NGX_ERROR;
2454 } 2482 }
2455 2483
2484 if (ngx_ssl_conf_commands(cf, uwcf->upstream.ssl, uwcf->ssl_conf_commands)
2485 != NGX_OK)
2486 {
2487 return NGX_ERROR;
2488 }
2489
2456 return NGX_OK; 2490 return NGX_OK;
2457 } 2491 }
2458 2492
2459 #endif 2493 #endif