Mercurial > hg > nginx
comparison src/http/ngx_http_upstream.c @ 7833:3ab8e1e2f0f7
Upstream: variables support in certificates.
| author | Maxim Dounin <mdounin@mdounin.ru> |
|---|---|
| date | Thu, 06 May 2021 02:22:09 +0300 |
| parents | 1ebd78df4ce7 |
| children | 058a67435e83 d514f88053e5 |
comparison
equal
deleted
inserted
replaced
| 7832:be82e72c9af8 | 7833:3ab8e1e2f0f7 |
|---|---|
| 185 static void ngx_http_upstream_ssl_handshake(ngx_http_request_t *, | 185 static void ngx_http_upstream_ssl_handshake(ngx_http_request_t *, |
| 186 ngx_http_upstream_t *u, ngx_connection_t *c); | 186 ngx_http_upstream_t *u, ngx_connection_t *c); |
| 187 static void ngx_http_upstream_ssl_save_session(ngx_connection_t *c); | 187 static void ngx_http_upstream_ssl_save_session(ngx_connection_t *c); |
| 188 static ngx_int_t ngx_http_upstream_ssl_name(ngx_http_request_t *r, | 188 static ngx_int_t ngx_http_upstream_ssl_name(ngx_http_request_t *r, |
| 189 ngx_http_upstream_t *u, ngx_connection_t *c); | 189 ngx_http_upstream_t *u, ngx_connection_t *c); |
| 190 static ngx_int_t ngx_http_upstream_ssl_certificate(ngx_http_request_t *r, | |
| 191 ngx_http_upstream_t *u, ngx_connection_t *c); | |
| 190 #endif | 192 #endif |
| 191 | 193 |
| 192 | 194 |
| 193 static ngx_http_upstream_header_t ngx_http_upstream_headers_in[] = { | 195 static ngx_http_upstream_header_t ngx_http_upstream_headers_in[] = { |
| 194 | 196 |
| 1690 NGX_HTTP_INTERNAL_SERVER_ERROR); | 1692 NGX_HTTP_INTERNAL_SERVER_ERROR); |
| 1691 return; | 1693 return; |
| 1692 } | 1694 } |
| 1693 } | 1695 } |
| 1694 | 1696 |
| 1697 if (u->conf->ssl_certificate && (u->conf->ssl_certificate->lengths | |
| 1698 || u->conf->ssl_certificate_key->lengths)) | |
| 1699 { | |
| 1700 if (ngx_http_upstream_ssl_certificate(r, u, c) != NGX_OK) { | |
| 1701 ngx_http_upstream_finalize_request(r, u, | |
| 1702 NGX_HTTP_INTERNAL_SERVER_ERROR); | |
| 1703 return; | |
| 1704 } | |
| 1705 } | |
| 1706 | |
| 1695 if (u->conf->ssl_session_reuse) { | 1707 if (u->conf->ssl_session_reuse) { |
| 1696 c->ssl->save_session = ngx_http_upstream_ssl_save_session; | 1708 c->ssl->save_session = ngx_http_upstream_ssl_save_session; |
| 1697 | 1709 |
| 1698 if (u->peer.set_session(&u->peer, u->peer.data) != NGX_OK) { | 1710 if (u->peer.set_session(&u->peer, u->peer.data) != NGX_OK) { |
| 1699 ngx_http_upstream_finalize_request(r, u, | 1711 ngx_http_upstream_finalize_request(r, u, |
| 1906 #endif | 1918 #endif |
| 1907 | 1919 |
| 1908 done: | 1920 done: |
| 1909 | 1921 |
| 1910 u->ssl_name = name; | 1922 u->ssl_name = name; |
| 1923 | |
| 1924 return NGX_OK; | |
| 1925 } | |
| 1926 | |
| 1927 | |
| 1928 static ngx_int_t | |
| 1929 ngx_http_upstream_ssl_certificate(ngx_http_request_t *r, | |
| 1930 ngx_http_upstream_t *u, ngx_connection_t *c) | |
| 1931 { | |
| 1932 ngx_str_t cert, key; | |
| 1933 | |
| 1934 if (ngx_http_complex_value(r, u->conf->ssl_certificate, &cert) | |
| 1935 != NGX_OK) | |
| 1936 { | |
| 1937 return NGX_ERROR; | |
| 1938 } | |
| 1939 | |
| 1940 ngx_log_debug1(NGX_LOG_DEBUG_HTTP, c->log, 0, | |
| 1941 "http upstream ssl cert: \"%s\"", cert.data); | |
| 1942 | |
| 1943 if (*cert.data == '\0') { | |
| 1944 return NGX_OK; | |
| 1945 } | |
| 1946 | |
| 1947 if (ngx_http_complex_value(r, u->conf->ssl_certificate_key, &key) | |
| 1948 != NGX_OK) | |
| 1949 { | |
| 1950 return NGX_ERROR; | |
| 1951 } | |
| 1952 | |
| 1953 ngx_log_debug1(NGX_LOG_DEBUG_HTTP, c->log, 0, | |
| 1954 "http upstream ssl key: \"%s\"", key.data); | |
| 1955 | |
| 1956 if (ngx_ssl_connection_certificate(c, r->pool, &cert, &key, | |
| 1957 u->conf->ssl_passwords) | |
| 1958 != NGX_OK) | |
| 1959 { | |
| 1960 return NGX_ERROR; | |
| 1961 } | |
| 1911 | 1962 |
| 1912 return NGX_OK; | 1963 return NGX_OK; |
| 1913 } | 1964 } |
| 1914 | 1965 |
| 1915 #endif | 1966 #endif |