Mercurial > hg > nginx
comparison src/http/modules/ngx_http_grpc_module.c @ 7833:3ab8e1e2f0f7
Upstream: variables support in certificates.
| author | Maxim Dounin <mdounin@mdounin.ru> |
|---|---|
| date | Thu, 06 May 2021 02:22:09 +0300 |
| parents | bdd4d89370a7 |
| children | 021416fca094 |
comparison
equal
deleted
inserted
replaced
| 7832:be82e72c9af8 | 7833:3ab8e1e2f0f7 |
|---|---|
| 35 ngx_uint_t ssl_protocols; | 35 ngx_uint_t ssl_protocols; |
| 36 ngx_str_t ssl_ciphers; | 36 ngx_str_t ssl_ciphers; |
| 37 ngx_uint_t ssl_verify_depth; | 37 ngx_uint_t ssl_verify_depth; |
| 38 ngx_str_t ssl_trusted_certificate; | 38 ngx_str_t ssl_trusted_certificate; |
| 39 ngx_str_t ssl_crl; | 39 ngx_str_t ssl_crl; |
| 40 ngx_str_t ssl_certificate; | |
| 41 ngx_str_t ssl_certificate_key; | |
| 42 ngx_array_t *ssl_passwords; | |
| 43 ngx_array_t *ssl_conf_commands; | 40 ngx_array_t *ssl_conf_commands; |
| 44 #endif | 41 #endif |
| 45 } ngx_http_grpc_loc_conf_t; | 42 } ngx_http_grpc_loc_conf_t; |
| 46 | 43 |
| 47 | 44 |
| 423 offsetof(ngx_http_grpc_loc_conf_t, ssl_crl), | 420 offsetof(ngx_http_grpc_loc_conf_t, ssl_crl), |
| 424 NULL }, | 421 NULL }, |
| 425 | 422 |
| 426 { ngx_string("grpc_ssl_certificate"), | 423 { ngx_string("grpc_ssl_certificate"), |
| 427 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1, | 424 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1, |
| 428 ngx_conf_set_str_slot, | 425 ngx_http_set_complex_value_zero_slot, |
| 429 NGX_HTTP_LOC_CONF_OFFSET, | 426 NGX_HTTP_LOC_CONF_OFFSET, |
| 430 offsetof(ngx_http_grpc_loc_conf_t, ssl_certificate), | 427 offsetof(ngx_http_grpc_loc_conf_t, upstream.ssl_certificate), |
| 431 NULL }, | 428 NULL }, |
| 432 | 429 |
| 433 { ngx_string("grpc_ssl_certificate_key"), | 430 { ngx_string("grpc_ssl_certificate_key"), |
| 434 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1, | 431 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1, |
| 435 ngx_conf_set_str_slot, | 432 ngx_http_set_complex_value_zero_slot, |
| 436 NGX_HTTP_LOC_CONF_OFFSET, | 433 NGX_HTTP_LOC_CONF_OFFSET, |
| 437 offsetof(ngx_http_grpc_loc_conf_t, ssl_certificate_key), | 434 offsetof(ngx_http_grpc_loc_conf_t, upstream.ssl_certificate_key), |
| 438 NULL }, | 435 NULL }, |
| 439 | 436 |
| 440 { ngx_string("grpc_ssl_password_file"), | 437 { ngx_string("grpc_ssl_password_file"), |
| 441 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1, | 438 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1, |
| 442 ngx_http_grpc_ssl_password_file, | 439 ngx_http_grpc_ssl_password_file, |
| 4340 * conf->ssl = 0; | 4337 * conf->ssl = 0; |
| 4341 * conf->ssl_protocols = 0; | 4338 * conf->ssl_protocols = 0; |
| 4342 * conf->ssl_ciphers = { 0, NULL }; | 4339 * conf->ssl_ciphers = { 0, NULL }; |
| 4343 * conf->ssl_trusted_certificate = { 0, NULL }; | 4340 * conf->ssl_trusted_certificate = { 0, NULL }; |
| 4344 * conf->ssl_crl = { 0, NULL }; | 4341 * conf->ssl_crl = { 0, NULL }; |
| 4345 * conf->ssl_certificate = { 0, NULL }; | |
| 4346 * conf->ssl_certificate_key = { 0, NULL }; | |
| 4347 */ | 4342 */ |
| 4348 | 4343 |
| 4349 conf->upstream.local = NGX_CONF_UNSET_PTR; | 4344 conf->upstream.local = NGX_CONF_UNSET_PTR; |
| 4350 conf->upstream.socket_keepalive = NGX_CONF_UNSET; | 4345 conf->upstream.socket_keepalive = NGX_CONF_UNSET; |
| 4351 conf->upstream.next_upstream_tries = NGX_CONF_UNSET_UINT; | 4346 conf->upstream.next_upstream_tries = NGX_CONF_UNSET_UINT; |
| 4365 conf->upstream.ssl_session_reuse = NGX_CONF_UNSET; | 4360 conf->upstream.ssl_session_reuse = NGX_CONF_UNSET; |
| 4366 conf->upstream.ssl_name = NGX_CONF_UNSET_PTR; | 4361 conf->upstream.ssl_name = NGX_CONF_UNSET_PTR; |
| 4367 conf->upstream.ssl_server_name = NGX_CONF_UNSET; | 4362 conf->upstream.ssl_server_name = NGX_CONF_UNSET; |
| 4368 conf->upstream.ssl_verify = NGX_CONF_UNSET; | 4363 conf->upstream.ssl_verify = NGX_CONF_UNSET; |
| 4369 conf->ssl_verify_depth = NGX_CONF_UNSET_UINT; | 4364 conf->ssl_verify_depth = NGX_CONF_UNSET_UINT; |
| 4370 conf->ssl_passwords = NGX_CONF_UNSET_PTR; | 4365 conf->upstream.ssl_certificate = NGX_CONF_UNSET_PTR; |
| 4366 conf->upstream.ssl_certificate_key = NGX_CONF_UNSET_PTR; | |
| 4367 conf->upstream.ssl_passwords = NGX_CONF_UNSET_PTR; | |
| 4371 conf->ssl_conf_commands = NGX_CONF_UNSET_PTR; | 4368 conf->ssl_conf_commands = NGX_CONF_UNSET_PTR; |
| 4372 #endif | 4369 #endif |
| 4373 | 4370 |
| 4374 /* the hardcoded values */ | 4371 /* the hardcoded values */ |
| 4375 conf->upstream.cyclic_temp_file = 0; | 4372 conf->upstream.cyclic_temp_file = 0; |
| 4469 prev->ssl_verify_depth, 1); | 4466 prev->ssl_verify_depth, 1); |
| 4470 ngx_conf_merge_str_value(conf->ssl_trusted_certificate, | 4467 ngx_conf_merge_str_value(conf->ssl_trusted_certificate, |
| 4471 prev->ssl_trusted_certificate, ""); | 4468 prev->ssl_trusted_certificate, ""); |
| 4472 ngx_conf_merge_str_value(conf->ssl_crl, prev->ssl_crl, ""); | 4469 ngx_conf_merge_str_value(conf->ssl_crl, prev->ssl_crl, ""); |
| 4473 | 4470 |
| 4474 ngx_conf_merge_str_value(conf->ssl_certificate, | 4471 ngx_conf_merge_ptr_value(conf->upstream.ssl_certificate, |
| 4475 prev->ssl_certificate, ""); | 4472 prev->upstream.ssl_certificate, NULL); |
| 4476 ngx_conf_merge_str_value(conf->ssl_certificate_key, | 4473 ngx_conf_merge_ptr_value(conf->upstream.ssl_certificate_key, |
| 4477 prev->ssl_certificate_key, ""); | 4474 prev->upstream.ssl_certificate_key, NULL); |
| 4478 ngx_conf_merge_ptr_value(conf->ssl_passwords, prev->ssl_passwords, NULL); | 4475 ngx_conf_merge_ptr_value(conf->upstream.ssl_passwords, |
| 4476 prev->upstream.ssl_passwords, NULL); | |
| 4479 | 4477 |
| 4480 ngx_conf_merge_ptr_value(conf->ssl_conf_commands, | 4478 ngx_conf_merge_ptr_value(conf->ssl_conf_commands, |
| 4481 prev->ssl_conf_commands, NULL); | 4479 prev->ssl_conf_commands, NULL); |
| 4482 | 4480 |
| 4483 if (conf->ssl && ngx_http_grpc_set_ssl(cf, conf) != NGX_OK) { | 4481 if (conf->ssl && ngx_http_grpc_set_ssl(cf, conf) != NGX_OK) { |
| 4829 { | 4827 { |
| 4830 ngx_http_grpc_loc_conf_t *glcf = conf; | 4828 ngx_http_grpc_loc_conf_t *glcf = conf; |
| 4831 | 4829 |
| 4832 ngx_str_t *value; | 4830 ngx_str_t *value; |
| 4833 | 4831 |
| 4834 if (glcf->ssl_passwords != NGX_CONF_UNSET_PTR) { | 4832 if (glcf->upstream.ssl_passwords != NGX_CONF_UNSET_PTR) { |
| 4835 return "is duplicate"; | 4833 return "is duplicate"; |
| 4836 } | 4834 } |
| 4837 | 4835 |
| 4838 value = cf->args->elts; | 4836 value = cf->args->elts; |
| 4839 | 4837 |
| 4840 glcf->ssl_passwords = ngx_ssl_read_password_file(cf, &value[1]); | 4838 glcf->upstream.ssl_passwords = ngx_ssl_read_password_file(cf, &value[1]); |
| 4841 | 4839 |
| 4842 if (glcf->ssl_passwords == NULL) { | 4840 if (glcf->upstream.ssl_passwords == NULL) { |
| 4843 return NGX_CONF_ERROR; | 4841 return NGX_CONF_ERROR; |
| 4844 } | 4842 } |
| 4845 | 4843 |
| 4846 return NGX_CONF_OK; | 4844 return NGX_CONF_OK; |
| 4847 } | 4845 } |
| 4883 } | 4881 } |
| 4884 | 4882 |
| 4885 cln->handler = ngx_ssl_cleanup_ctx; | 4883 cln->handler = ngx_ssl_cleanup_ctx; |
| 4886 cln->data = glcf->upstream.ssl; | 4884 cln->data = glcf->upstream.ssl; |
| 4887 | 4885 |
| 4888 if (glcf->ssl_certificate.len) { | 4886 if (glcf->upstream.ssl_certificate) { |
| 4889 | 4887 |
| 4890 if (glcf->ssl_certificate_key.len == 0) { | 4888 if (glcf->upstream.ssl_certificate_key == NULL) { |
| 4891 ngx_log_error(NGX_LOG_EMERG, cf->log, 0, | 4889 ngx_log_error(NGX_LOG_EMERG, cf->log, 0, |
| 4892 "no \"grpc_ssl_certificate_key\" is defined " | 4890 "no \"grpc_ssl_certificate_key\" is defined " |
| 4893 "for certificate \"%V\"", &glcf->ssl_certificate); | 4891 "for certificate \"%V\"", |
| 4892 &glcf->upstream.ssl_certificate->value); | |
| 4894 return NGX_ERROR; | 4893 return NGX_ERROR; |
| 4895 } | 4894 } |
| 4896 | 4895 |
| 4897 if (ngx_ssl_certificate(cf, glcf->upstream.ssl, &glcf->ssl_certificate, | 4896 if (glcf->upstream.ssl_certificate->lengths |
| 4898 &glcf->ssl_certificate_key, glcf->ssl_passwords) | 4897 || glcf->upstream.ssl_certificate_key->lengths) |
| 4899 != NGX_OK) | |
| 4900 { | 4898 { |
| 4901 return NGX_ERROR; | 4899 glcf->upstream.ssl_passwords = |
| 4900 ngx_ssl_preserve_passwords(cf, glcf->upstream.ssl_passwords); | |
| 4901 if (glcf->upstream.ssl_passwords == NULL) { | |
| 4902 return NGX_ERROR; | |
| 4903 } | |
| 4904 | |
| 4905 } else { | |
| 4906 if (ngx_ssl_certificate(cf, glcf->upstream.ssl, | |
| 4907 &glcf->upstream.ssl_certificate->value, | |
| 4908 &glcf->upstream.ssl_certificate_key->value, | |
| 4909 glcf->upstream.ssl_passwords) | |
| 4910 != NGX_OK) | |
| 4911 { | |
| 4912 return NGX_ERROR; | |
| 4913 } | |
| 4902 } | 4914 } |
| 4903 } | 4915 } |
| 4904 | 4916 |
| 4905 if (ngx_ssl_ciphers(cf, glcf->upstream.ssl, &glcf->ssl_ciphers, 0) | 4917 if (ngx_ssl_ciphers(cf, glcf->upstream.ssl, &glcf->ssl_ciphers, 0) |
| 4906 != NGX_OK) | 4918 != NGX_OK) |