Mercurial > hg > nginx
comparison src/http/modules/ngx_http_uwsgi_module.c @ 5900:20d966ad5e89
Upstream: add "proxy_ssl_certificate" and friends.
Signed-off-by: Piotr Sikora <piotr@cloudflare.com>
| author | Piotr Sikora <piotr@cloudflare.com> |
|---|---|
| date | Thu, 30 Oct 2014 04:30:41 -0700 |
| parents | 973ee2276300 |
| children | 2f7e557eab5b |
comparison
equal
deleted
inserted
replaced
| 5899:234c5ecb00c0 | 5900:20d966ad5e89 |
|---|---|
| 40 ngx_uint_t ssl_protocols; | 40 ngx_uint_t ssl_protocols; |
| 41 ngx_str_t ssl_ciphers; | 41 ngx_str_t ssl_ciphers; |
| 42 ngx_uint_t ssl_verify_depth; | 42 ngx_uint_t ssl_verify_depth; |
| 43 ngx_str_t ssl_trusted_certificate; | 43 ngx_str_t ssl_trusted_certificate; |
| 44 ngx_str_t ssl_crl; | 44 ngx_str_t ssl_crl; |
| 45 ngx_str_t ssl_certificate; | |
| 46 ngx_str_t ssl_certificate_key; | |
| 47 ngx_array_t *ssl_passwords; | |
| 45 #endif | 48 #endif |
| 46 } ngx_http_uwsgi_loc_conf_t; | 49 } ngx_http_uwsgi_loc_conf_t; |
| 47 | 50 |
| 48 | 51 |
| 49 static ngx_int_t ngx_http_uwsgi_eval(ngx_http_request_t *r, | 52 static ngx_int_t ngx_http_uwsgi_eval(ngx_http_request_t *r, |
| 74 static char *ngx_http_uwsgi_cache_key(ngx_conf_t *cf, ngx_command_t *cmd, | 77 static char *ngx_http_uwsgi_cache_key(ngx_conf_t *cf, ngx_command_t *cmd, |
| 75 void *conf); | 78 void *conf); |
| 76 #endif | 79 #endif |
| 77 | 80 |
| 78 #if (NGX_HTTP_SSL) | 81 #if (NGX_HTTP_SSL) |
| 82 static char *ngx_http_uwsgi_ssl_password_file(ngx_conf_t *cf, | |
| 83 ngx_command_t *cmd, void *conf); | |
| 79 static ngx_int_t ngx_http_uwsgi_set_ssl(ngx_conf_t *cf, | 84 static ngx_int_t ngx_http_uwsgi_set_ssl(ngx_conf_t *cf, |
| 80 ngx_http_uwsgi_loc_conf_t *uwcf); | 85 ngx_http_uwsgi_loc_conf_t *uwcf); |
| 81 #endif | 86 #endif |
| 82 | 87 |
| 83 | 88 |
| 478 { ngx_string("uwsgi_ssl_crl"), | 483 { ngx_string("uwsgi_ssl_crl"), |
| 479 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1, | 484 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1, |
| 480 ngx_conf_set_str_slot, | 485 ngx_conf_set_str_slot, |
| 481 NGX_HTTP_LOC_CONF_OFFSET, | 486 NGX_HTTP_LOC_CONF_OFFSET, |
| 482 offsetof(ngx_http_uwsgi_loc_conf_t, ssl_crl), | 487 offsetof(ngx_http_uwsgi_loc_conf_t, ssl_crl), |
| 488 NULL }, | |
| 489 | |
| 490 { ngx_string("uwsgi_ssl_certificate"), | |
| 491 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1, | |
| 492 ngx_conf_set_str_slot, | |
| 493 NGX_HTTP_LOC_CONF_OFFSET, | |
| 494 offsetof(ngx_http_uwsgi_loc_conf_t, ssl_certificate), | |
| 495 NULL }, | |
| 496 | |
| 497 { ngx_string("uwsgi_ssl_certificate_key"), | |
| 498 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1, | |
| 499 ngx_conf_set_str_slot, | |
| 500 NGX_HTTP_LOC_CONF_OFFSET, | |
| 501 offsetof(ngx_http_uwsgi_loc_conf_t, ssl_certificate_key), | |
| 502 NULL }, | |
| 503 | |
| 504 { ngx_string("uwsgi_ssl_password_file"), | |
| 505 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1, | |
| 506 ngx_http_uwsgi_ssl_password_file, | |
| 507 NGX_HTTP_LOC_CONF_OFFSET, | |
| 508 0, | |
| 483 NULL }, | 509 NULL }, |
| 484 | 510 |
| 485 #endif | 511 #endif |
| 486 | 512 |
| 487 ngx_null_command | 513 ngx_null_command |
| 1324 #if (NGX_HTTP_SSL) | 1350 #if (NGX_HTTP_SSL) |
| 1325 conf->upstream.ssl_session_reuse = NGX_CONF_UNSET; | 1351 conf->upstream.ssl_session_reuse = NGX_CONF_UNSET; |
| 1326 conf->upstream.ssl_server_name = NGX_CONF_UNSET; | 1352 conf->upstream.ssl_server_name = NGX_CONF_UNSET; |
| 1327 conf->upstream.ssl_verify = NGX_CONF_UNSET; | 1353 conf->upstream.ssl_verify = NGX_CONF_UNSET; |
| 1328 conf->ssl_verify_depth = NGX_CONF_UNSET_UINT; | 1354 conf->ssl_verify_depth = NGX_CONF_UNSET_UINT; |
| 1355 conf->ssl_passwords = NGX_CONF_UNSET_PTR; | |
| 1329 #endif | 1356 #endif |
| 1330 | 1357 |
| 1331 /* "uwsgi_cyclic_temp_file" is disabled */ | 1358 /* "uwsgi_cyclic_temp_file" is disabled */ |
| 1332 conf->upstream.cyclic_temp_file = 0; | 1359 conf->upstream.cyclic_temp_file = 0; |
| 1333 | 1360 |
| 1616 ngx_conf_merge_uint_value(conf->ssl_verify_depth, | 1643 ngx_conf_merge_uint_value(conf->ssl_verify_depth, |
| 1617 prev->ssl_verify_depth, 1); | 1644 prev->ssl_verify_depth, 1); |
| 1618 ngx_conf_merge_str_value(conf->ssl_trusted_certificate, | 1645 ngx_conf_merge_str_value(conf->ssl_trusted_certificate, |
| 1619 prev->ssl_trusted_certificate, ""); | 1646 prev->ssl_trusted_certificate, ""); |
| 1620 ngx_conf_merge_str_value(conf->ssl_crl, prev->ssl_crl, ""); | 1647 ngx_conf_merge_str_value(conf->ssl_crl, prev->ssl_crl, ""); |
| 1648 | |
| 1649 ngx_conf_merge_str_value(conf->ssl_certificate, | |
| 1650 prev->ssl_certificate, ""); | |
| 1651 ngx_conf_merge_str_value(conf->ssl_certificate_key, | |
| 1652 prev->ssl_certificate_key, ""); | |
| 1653 ngx_conf_merge_ptr_value(conf->ssl_passwords, prev->ssl_passwords, NULL); | |
| 1621 | 1654 |
| 1622 if (conf->ssl && ngx_http_uwsgi_set_ssl(cf, conf) != NGX_OK) { | 1655 if (conf->ssl && ngx_http_uwsgi_set_ssl(cf, conf) != NGX_OK) { |
| 1623 return NGX_CONF_ERROR; | 1656 return NGX_CONF_ERROR; |
| 1624 } | 1657 } |
| 1625 | 1658 |
| 2107 #endif | 2140 #endif |
| 2108 | 2141 |
| 2109 | 2142 |
| 2110 #if (NGX_HTTP_SSL) | 2143 #if (NGX_HTTP_SSL) |
| 2111 | 2144 |
| 2145 static char * | |
| 2146 ngx_http_uwsgi_ssl_password_file(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) | |
| 2147 { | |
| 2148 ngx_http_uwsgi_loc_conf_t *uwcf = conf; | |
| 2149 | |
| 2150 ngx_str_t *value; | |
| 2151 | |
| 2152 if (uwcf->ssl_passwords != NGX_CONF_UNSET_PTR) { | |
| 2153 return "is duplicate"; | |
| 2154 } | |
| 2155 | |
| 2156 value = cf->args->elts; | |
| 2157 | |
| 2158 uwcf->ssl_passwords = ngx_ssl_read_password_file(cf, &value[1]); | |
| 2159 | |
| 2160 if (uwcf->ssl_passwords == NULL) { | |
| 2161 return NGX_CONF_ERROR; | |
| 2162 } | |
| 2163 | |
| 2164 return NGX_CONF_OK; | |
| 2165 } | |
| 2166 | |
| 2167 | |
| 2112 static ngx_int_t | 2168 static ngx_int_t |
| 2113 ngx_http_uwsgi_set_ssl(ngx_conf_t *cf, ngx_http_uwsgi_loc_conf_t *uwcf) | 2169 ngx_http_uwsgi_set_ssl(ngx_conf_t *cf, ngx_http_uwsgi_loc_conf_t *uwcf) |
| 2114 { | 2170 { |
| 2115 ngx_pool_cleanup_t *cln; | 2171 ngx_pool_cleanup_t *cln; |
| 2116 | 2172 |
| 2132 return NGX_ERROR; | 2188 return NGX_ERROR; |
| 2133 } | 2189 } |
| 2134 | 2190 |
| 2135 cln->handler = ngx_ssl_cleanup_ctx; | 2191 cln->handler = ngx_ssl_cleanup_ctx; |
| 2136 cln->data = uwcf->upstream.ssl; | 2192 cln->data = uwcf->upstream.ssl; |
| 2193 | |
| 2194 if (uwcf->ssl_certificate.len) { | |
| 2195 | |
| 2196 if (uwcf->ssl_certificate_key.len == 0) { | |
| 2197 ngx_log_error(NGX_LOG_EMERG, cf->log, 0, | |
| 2198 "no \"uwsgi_ssl_certificate_key\" is defined " | |
| 2199 "for certificate \"%V\"", &uwcf->ssl_certificate); | |
| 2200 return NGX_ERROR; | |
| 2201 } | |
| 2202 | |
| 2203 if (ngx_ssl_certificate(cf, uwcf->upstream.ssl, &uwcf->ssl_certificate, | |
| 2204 &uwcf->ssl_certificate_key, uwcf->ssl_passwords) | |
| 2205 != NGX_OK) | |
| 2206 { | |
| 2207 return NGX_ERROR; | |
| 2208 } | |
| 2209 } | |
| 2137 | 2210 |
| 2138 if (SSL_CTX_set_cipher_list(uwcf->upstream.ssl->ctx, | 2211 if (SSL_CTX_set_cipher_list(uwcf->upstream.ssl->ctx, |
| 2139 (const char *) uwcf->ssl_ciphers.data) | 2212 (const char *) uwcf->ssl_ciphers.data) |
| 2140 == 0) | 2213 == 0) |
| 2141 { | 2214 { |