Mercurial > hg > nginx
comparison src/http/modules/ngx_http_uwsgi_module.c @ 7730:1a719ee45526
Upstream: proxy_ssl_conf_command and friends.
Similarly to ssl_conf_command, proxy_ssl_conf_command (grpc_ssl_conf_command,
uwsgi_ssl_conf_command) can be used to set arbitrary OpenSSL configuration
parameters as long as nginx is compiled with OpenSSL 1.0.2 or later,
when connecting to upstream servers with SSL. Full list of available
configuration commands can be found in the SSL_CONF_cmd manual page
(https://www.openssl.org/docs/man1.1.1/man3/SSL_CONF_cmd.html).
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Thu, 22 Oct 2020 18:00:23 +0300 |
parents | bffcc5af1d72 |
children | 7ce28b4cc57e |
comparison
equal
deleted
inserted
replaced
7729:3bff3f397c05 | 7730:1a719ee45526 |
---|---|
55 ngx_str_t ssl_trusted_certificate; | 55 ngx_str_t ssl_trusted_certificate; |
56 ngx_str_t ssl_crl; | 56 ngx_str_t ssl_crl; |
57 ngx_str_t ssl_certificate; | 57 ngx_str_t ssl_certificate; |
58 ngx_str_t ssl_certificate_key; | 58 ngx_str_t ssl_certificate_key; |
59 ngx_array_t *ssl_passwords; | 59 ngx_array_t *ssl_passwords; |
60 ngx_array_t *ssl_conf_commands; | |
60 #endif | 61 #endif |
61 } ngx_http_uwsgi_loc_conf_t; | 62 } ngx_http_uwsgi_loc_conf_t; |
62 | 63 |
63 | 64 |
64 static ngx_int_t ngx_http_uwsgi_eval(ngx_http_request_t *r, | 65 static ngx_int_t ngx_http_uwsgi_eval(ngx_http_request_t *r, |
94 #endif | 95 #endif |
95 | 96 |
96 #if (NGX_HTTP_SSL) | 97 #if (NGX_HTTP_SSL) |
97 static char *ngx_http_uwsgi_ssl_password_file(ngx_conf_t *cf, | 98 static char *ngx_http_uwsgi_ssl_password_file(ngx_conf_t *cf, |
98 ngx_command_t *cmd, void *conf); | 99 ngx_command_t *cmd, void *conf); |
100 static char *ngx_http_uwsgi_ssl_conf_command_check(ngx_conf_t *cf, void *post, | |
101 void *data); | |
99 static ngx_int_t ngx_http_uwsgi_set_ssl(ngx_conf_t *cf, | 102 static ngx_int_t ngx_http_uwsgi_set_ssl(ngx_conf_t *cf, |
100 ngx_http_uwsgi_loc_conf_t *uwcf); | 103 ngx_http_uwsgi_loc_conf_t *uwcf); |
101 #endif | 104 #endif |
102 | 105 |
103 | 106 |
132 { ngx_string("TLSv1.2"), NGX_SSL_TLSv1_2 }, | 135 { ngx_string("TLSv1.2"), NGX_SSL_TLSv1_2 }, |
133 { ngx_string("TLSv1.3"), NGX_SSL_TLSv1_3 }, | 136 { ngx_string("TLSv1.3"), NGX_SSL_TLSv1_3 }, |
134 { ngx_null_string, 0 } | 137 { ngx_null_string, 0 } |
135 }; | 138 }; |
136 | 139 |
140 static ngx_conf_post_t ngx_http_uwsgi_ssl_conf_command_post = | |
141 { ngx_http_uwsgi_ssl_conf_command_check }; | |
142 | |
137 #endif | 143 #endif |
138 | 144 |
139 | 145 |
140 ngx_module_t ngx_http_uwsgi_module; | 146 ngx_module_t ngx_http_uwsgi_module; |
141 | 147 |
558 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1, | 564 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1, |
559 ngx_http_uwsgi_ssl_password_file, | 565 ngx_http_uwsgi_ssl_password_file, |
560 NGX_HTTP_LOC_CONF_OFFSET, | 566 NGX_HTTP_LOC_CONF_OFFSET, |
561 0, | 567 0, |
562 NULL }, | 568 NULL }, |
569 | |
570 { ngx_string("uwsgi_ssl_conf_command"), | |
571 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE2, | |
572 ngx_conf_set_keyval_slot, | |
573 NGX_HTTP_LOC_CONF_OFFSET, | |
574 offsetof(ngx_http_uwsgi_loc_conf_t, ssl_conf_commands), | |
575 &ngx_http_uwsgi_ssl_conf_command_post }, | |
563 | 576 |
564 #endif | 577 #endif |
565 | 578 |
566 ngx_null_command | 579 ngx_null_command |
567 }; | 580 }; |
1498 conf->upstream.ssl_session_reuse = NGX_CONF_UNSET; | 1511 conf->upstream.ssl_session_reuse = NGX_CONF_UNSET; |
1499 conf->upstream.ssl_server_name = NGX_CONF_UNSET; | 1512 conf->upstream.ssl_server_name = NGX_CONF_UNSET; |
1500 conf->upstream.ssl_verify = NGX_CONF_UNSET; | 1513 conf->upstream.ssl_verify = NGX_CONF_UNSET; |
1501 conf->ssl_verify_depth = NGX_CONF_UNSET_UINT; | 1514 conf->ssl_verify_depth = NGX_CONF_UNSET_UINT; |
1502 conf->ssl_passwords = NGX_CONF_UNSET_PTR; | 1515 conf->ssl_passwords = NGX_CONF_UNSET_PTR; |
1516 conf->ssl_conf_commands = NGX_CONF_UNSET_PTR; | |
1503 #endif | 1517 #endif |
1504 | 1518 |
1505 /* "uwsgi_cyclic_temp_file" is disabled */ | 1519 /* "uwsgi_cyclic_temp_file" is disabled */ |
1506 conf->upstream.cyclic_temp_file = 0; | 1520 conf->upstream.cyclic_temp_file = 0; |
1507 | 1521 |
1827 ngx_conf_merge_str_value(conf->ssl_certificate, | 1841 ngx_conf_merge_str_value(conf->ssl_certificate, |
1828 prev->ssl_certificate, ""); | 1842 prev->ssl_certificate, ""); |
1829 ngx_conf_merge_str_value(conf->ssl_certificate_key, | 1843 ngx_conf_merge_str_value(conf->ssl_certificate_key, |
1830 prev->ssl_certificate_key, ""); | 1844 prev->ssl_certificate_key, ""); |
1831 ngx_conf_merge_ptr_value(conf->ssl_passwords, prev->ssl_passwords, NULL); | 1845 ngx_conf_merge_ptr_value(conf->ssl_passwords, prev->ssl_passwords, NULL); |
1846 | |
1847 ngx_conf_merge_ptr_value(conf->ssl_conf_commands, | |
1848 prev->ssl_conf_commands, NULL); | |
1832 | 1849 |
1833 if (conf->ssl && ngx_http_uwsgi_set_ssl(cf, conf) != NGX_OK) { | 1850 if (conf->ssl && ngx_http_uwsgi_set_ssl(cf, conf) != NGX_OK) { |
1834 return NGX_CONF_ERROR; | 1851 return NGX_CONF_ERROR; |
1835 } | 1852 } |
1836 | 1853 |
2374 | 2391 |
2375 return NGX_CONF_OK; | 2392 return NGX_CONF_OK; |
2376 } | 2393 } |
2377 | 2394 |
2378 | 2395 |
2396 static char * | |
2397 ngx_http_uwsgi_ssl_conf_command_check(ngx_conf_t *cf, void *post, void *data) | |
2398 { | |
2399 #ifndef SSL_CONF_FLAG_FILE | |
2400 return "is not supported on this platform"; | |
2401 #endif | |
2402 | |
2403 return NGX_CONF_OK; | |
2404 } | |
2405 | |
2406 | |
2379 static ngx_int_t | 2407 static ngx_int_t |
2380 ngx_http_uwsgi_set_ssl(ngx_conf_t *cf, ngx_http_uwsgi_loc_conf_t *uwcf) | 2408 ngx_http_uwsgi_set_ssl(ngx_conf_t *cf, ngx_http_uwsgi_loc_conf_t *uwcf) |
2381 { | 2409 { |
2382 ngx_pool_cleanup_t *cln; | 2410 ngx_pool_cleanup_t *cln; |
2383 | 2411 |
2451 != NGX_OK) | 2479 != NGX_OK) |
2452 { | 2480 { |
2453 return NGX_ERROR; | 2481 return NGX_ERROR; |
2454 } | 2482 } |
2455 | 2483 |
2484 if (ngx_ssl_conf_commands(cf, uwcf->upstream.ssl, uwcf->ssl_conf_commands) | |
2485 != NGX_OK) | |
2486 { | |
2487 return NGX_ERROR; | |
2488 } | |
2489 | |
2456 return NGX_OK; | 2490 return NGX_OK; |
2457 } | 2491 } |
2458 | 2492 |
2459 #endif | 2493 #endif |