Mercurial > hg > nginx
comparison src/http/modules/ngx_http_uwsgi_module.c @ 7833:3ab8e1e2f0f7
Upstream: variables support in certificates.
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Thu, 06 May 2021 02:22:09 +0300 |
parents | bdd4d89370a7 |
children | b87b7092cedb |
comparison
equal
deleted
inserted
replaced
7832:be82e72c9af8 | 7833:3ab8e1e2f0f7 |
---|---|
52 ngx_uint_t ssl_protocols; | 52 ngx_uint_t ssl_protocols; |
53 ngx_str_t ssl_ciphers; | 53 ngx_str_t ssl_ciphers; |
54 ngx_uint_t ssl_verify_depth; | 54 ngx_uint_t ssl_verify_depth; |
55 ngx_str_t ssl_trusted_certificate; | 55 ngx_str_t ssl_trusted_certificate; |
56 ngx_str_t ssl_crl; | 56 ngx_str_t ssl_crl; |
57 ngx_str_t ssl_certificate; | |
58 ngx_str_t ssl_certificate_key; | |
59 ngx_array_t *ssl_passwords; | |
60 ngx_array_t *ssl_conf_commands; | 57 ngx_array_t *ssl_conf_commands; |
61 #endif | 58 #endif |
62 } ngx_http_uwsgi_loc_conf_t; | 59 } ngx_http_uwsgi_loc_conf_t; |
63 | 60 |
64 | 61 |
546 offsetof(ngx_http_uwsgi_loc_conf_t, ssl_crl), | 543 offsetof(ngx_http_uwsgi_loc_conf_t, ssl_crl), |
547 NULL }, | 544 NULL }, |
548 | 545 |
549 { ngx_string("uwsgi_ssl_certificate"), | 546 { ngx_string("uwsgi_ssl_certificate"), |
550 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1, | 547 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1, |
551 ngx_conf_set_str_slot, | 548 ngx_http_set_complex_value_zero_slot, |
552 NGX_HTTP_LOC_CONF_OFFSET, | 549 NGX_HTTP_LOC_CONF_OFFSET, |
553 offsetof(ngx_http_uwsgi_loc_conf_t, ssl_certificate), | 550 offsetof(ngx_http_uwsgi_loc_conf_t, upstream.ssl_certificate), |
554 NULL }, | 551 NULL }, |
555 | 552 |
556 { ngx_string("uwsgi_ssl_certificate_key"), | 553 { ngx_string("uwsgi_ssl_certificate_key"), |
557 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1, | 554 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1, |
558 ngx_conf_set_str_slot, | 555 ngx_http_set_complex_value_zero_slot, |
559 NGX_HTTP_LOC_CONF_OFFSET, | 556 NGX_HTTP_LOC_CONF_OFFSET, |
560 offsetof(ngx_http_uwsgi_loc_conf_t, ssl_certificate_key), | 557 offsetof(ngx_http_uwsgi_loc_conf_t, upstream.ssl_certificate_key), |
561 NULL }, | 558 NULL }, |
562 | 559 |
563 { ngx_string("uwsgi_ssl_password_file"), | 560 { ngx_string("uwsgi_ssl_password_file"), |
564 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1, | 561 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1, |
565 ngx_http_uwsgi_ssl_password_file, | 562 ngx_http_uwsgi_ssl_password_file, |
1511 conf->upstream.ssl_session_reuse = NGX_CONF_UNSET; | 1508 conf->upstream.ssl_session_reuse = NGX_CONF_UNSET; |
1512 conf->upstream.ssl_name = NGX_CONF_UNSET_PTR; | 1509 conf->upstream.ssl_name = NGX_CONF_UNSET_PTR; |
1513 conf->upstream.ssl_server_name = NGX_CONF_UNSET; | 1510 conf->upstream.ssl_server_name = NGX_CONF_UNSET; |
1514 conf->upstream.ssl_verify = NGX_CONF_UNSET; | 1511 conf->upstream.ssl_verify = NGX_CONF_UNSET; |
1515 conf->ssl_verify_depth = NGX_CONF_UNSET_UINT; | 1512 conf->ssl_verify_depth = NGX_CONF_UNSET_UINT; |
1516 conf->ssl_passwords = NGX_CONF_UNSET_PTR; | 1513 conf->upstream.ssl_certificate = NGX_CONF_UNSET_PTR; |
1514 conf->upstream.ssl_certificate_key = NGX_CONF_UNSET_PTR; | |
1515 conf->upstream.ssl_passwords = NGX_CONF_UNSET_PTR; | |
1517 conf->ssl_conf_commands = NGX_CONF_UNSET_PTR; | 1516 conf->ssl_conf_commands = NGX_CONF_UNSET_PTR; |
1518 #endif | 1517 #endif |
1519 | 1518 |
1520 /* "uwsgi_cyclic_temp_file" is disabled */ | 1519 /* "uwsgi_cyclic_temp_file" is disabled */ |
1521 conf->upstream.cyclic_temp_file = 0; | 1520 conf->upstream.cyclic_temp_file = 0; |
1835 prev->ssl_verify_depth, 1); | 1834 prev->ssl_verify_depth, 1); |
1836 ngx_conf_merge_str_value(conf->ssl_trusted_certificate, | 1835 ngx_conf_merge_str_value(conf->ssl_trusted_certificate, |
1837 prev->ssl_trusted_certificate, ""); | 1836 prev->ssl_trusted_certificate, ""); |
1838 ngx_conf_merge_str_value(conf->ssl_crl, prev->ssl_crl, ""); | 1837 ngx_conf_merge_str_value(conf->ssl_crl, prev->ssl_crl, ""); |
1839 | 1838 |
1840 ngx_conf_merge_str_value(conf->ssl_certificate, | 1839 ngx_conf_merge_ptr_value(conf->upstream.ssl_certificate, |
1841 prev->ssl_certificate, ""); | 1840 prev->upstream.ssl_certificate, NULL); |
1842 ngx_conf_merge_str_value(conf->ssl_certificate_key, | 1841 ngx_conf_merge_ptr_value(conf->upstream.ssl_certificate_key, |
1843 prev->ssl_certificate_key, ""); | 1842 prev->upstream.ssl_certificate_key, NULL); |
1844 ngx_conf_merge_ptr_value(conf->ssl_passwords, prev->ssl_passwords, NULL); | 1843 ngx_conf_merge_ptr_value(conf->upstream.ssl_passwords, |
1844 prev->upstream.ssl_passwords, NULL); | |
1845 | 1845 |
1846 ngx_conf_merge_ptr_value(conf->ssl_conf_commands, | 1846 ngx_conf_merge_ptr_value(conf->ssl_conf_commands, |
1847 prev->ssl_conf_commands, NULL); | 1847 prev->ssl_conf_commands, NULL); |
1848 | 1848 |
1849 if (conf->ssl && ngx_http_uwsgi_set_ssl(cf, conf) != NGX_OK) { | 1849 if (conf->ssl && ngx_http_uwsgi_set_ssl(cf, conf) != NGX_OK) { |
2374 { | 2374 { |
2375 ngx_http_uwsgi_loc_conf_t *uwcf = conf; | 2375 ngx_http_uwsgi_loc_conf_t *uwcf = conf; |
2376 | 2376 |
2377 ngx_str_t *value; | 2377 ngx_str_t *value; |
2378 | 2378 |
2379 if (uwcf->ssl_passwords != NGX_CONF_UNSET_PTR) { | 2379 if (uwcf->upstream.ssl_passwords != NGX_CONF_UNSET_PTR) { |
2380 return "is duplicate"; | 2380 return "is duplicate"; |
2381 } | 2381 } |
2382 | 2382 |
2383 value = cf->args->elts; | 2383 value = cf->args->elts; |
2384 | 2384 |
2385 uwcf->ssl_passwords = ngx_ssl_read_password_file(cf, &value[1]); | 2385 uwcf->upstream.ssl_passwords = ngx_ssl_read_password_file(cf, &value[1]); |
2386 | 2386 |
2387 if (uwcf->ssl_passwords == NULL) { | 2387 if (uwcf->upstream.ssl_passwords == NULL) { |
2388 return NGX_CONF_ERROR; | 2388 return NGX_CONF_ERROR; |
2389 } | 2389 } |
2390 | 2390 |
2391 return NGX_CONF_OK; | 2391 return NGX_CONF_OK; |
2392 } | 2392 } |
2428 } | 2428 } |
2429 | 2429 |
2430 cln->handler = ngx_ssl_cleanup_ctx; | 2430 cln->handler = ngx_ssl_cleanup_ctx; |
2431 cln->data = uwcf->upstream.ssl; | 2431 cln->data = uwcf->upstream.ssl; |
2432 | 2432 |
2433 if (uwcf->ssl_certificate.len) { | 2433 if (uwcf->upstream.ssl_certificate) { |
2434 | 2434 |
2435 if (uwcf->ssl_certificate_key.len == 0) { | 2435 if (uwcf->upstream.ssl_certificate_key == NULL) { |
2436 ngx_log_error(NGX_LOG_EMERG, cf->log, 0, | 2436 ngx_log_error(NGX_LOG_EMERG, cf->log, 0, |
2437 "no \"uwsgi_ssl_certificate_key\" is defined " | 2437 "no \"uwsgi_ssl_certificate_key\" is defined " |
2438 "for certificate \"%V\"", &uwcf->ssl_certificate); | 2438 "for certificate \"%V\"", |
2439 &uwcf->upstream.ssl_certificate->value); | |
2439 return NGX_ERROR; | 2440 return NGX_ERROR; |
2440 } | 2441 } |
2441 | 2442 |
2442 if (ngx_ssl_certificate(cf, uwcf->upstream.ssl, &uwcf->ssl_certificate, | 2443 if (uwcf->upstream.ssl_certificate->lengths |
2443 &uwcf->ssl_certificate_key, uwcf->ssl_passwords) | 2444 || uwcf->upstream.ssl_certificate_key->lengths) |
2444 != NGX_OK) | |
2445 { | 2445 { |
2446 return NGX_ERROR; | 2446 uwcf->upstream.ssl_passwords = |
2447 ngx_ssl_preserve_passwords(cf, uwcf->upstream.ssl_passwords); | |
2448 if (uwcf->upstream.ssl_passwords == NULL) { | |
2449 return NGX_ERROR; | |
2450 } | |
2451 | |
2452 } else { | |
2453 if (ngx_ssl_certificate(cf, uwcf->upstream.ssl, | |
2454 &uwcf->upstream.ssl_certificate->value, | |
2455 &uwcf->upstream.ssl_certificate_key->value, | |
2456 uwcf->upstream.ssl_passwords) | |
2457 != NGX_OK) | |
2458 { | |
2459 return NGX_ERROR; | |
2460 } | |
2447 } | 2461 } |
2448 } | 2462 } |
2449 | 2463 |
2450 if (ngx_ssl_ciphers(cf, uwcf->upstream.ssl, &uwcf->ssl_ciphers, 0) | 2464 if (ngx_ssl_ciphers(cf, uwcf->upstream.ssl, &uwcf->ssl_ciphers, 0) |
2451 != NGX_OK) | 2465 != NGX_OK) |