Mercurial > hg > nginx
comparison src/http/modules/ngx_http_uwsgi_module.c @ 5662:3cb79707516a
Upstream: uwsgi_ssl_name, uwsgi_ssl_verify, and so on.
Just a merge of proxy_ssl_name, proxy_ssl_verify commits into uwsgi module,
code is identical.
| author | Maxim Dounin <mdounin@mdounin.ru> |
|---|---|
| date | Fri, 18 Apr 2014 20:13:32 +0400 |
| parents | 3fb6615bb87f |
| children | c95d7882dfc9 |
comparison
equal
deleted
inserted
replaced
| 5661:060c2e692b96 | 5662:3cb79707516a |
|---|---|
| 37 | 37 |
| 38 #if (NGX_HTTP_SSL) | 38 #if (NGX_HTTP_SSL) |
| 39 ngx_uint_t ssl; | 39 ngx_uint_t ssl; |
| 40 ngx_uint_t ssl_protocols; | 40 ngx_uint_t ssl_protocols; |
| 41 ngx_str_t ssl_ciphers; | 41 ngx_str_t ssl_ciphers; |
| 42 ngx_uint_t ssl_verify_depth; | |
| 43 ngx_str_t ssl_trusted_certificate; | |
| 44 ngx_str_t ssl_crl; | |
| 42 #endif | 45 #endif |
| 43 } ngx_http_uwsgi_loc_conf_t; | 46 } ngx_http_uwsgi_loc_conf_t; |
| 44 | 47 |
| 45 | 48 |
| 46 static ngx_int_t ngx_http_uwsgi_eval(ngx_http_request_t *r, | 49 static ngx_int_t ngx_http_uwsgi_eval(ngx_http_request_t *r, |
| 405 { ngx_string("uwsgi_ssl_ciphers"), | 408 { ngx_string("uwsgi_ssl_ciphers"), |
| 406 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1, | 409 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1, |
| 407 ngx_conf_set_str_slot, | 410 ngx_conf_set_str_slot, |
| 408 NGX_HTTP_LOC_CONF_OFFSET, | 411 NGX_HTTP_LOC_CONF_OFFSET, |
| 409 offsetof(ngx_http_uwsgi_loc_conf_t, ssl_ciphers), | 412 offsetof(ngx_http_uwsgi_loc_conf_t, ssl_ciphers), |
| 413 NULL }, | |
| 414 | |
| 415 { ngx_string("uwsgi_ssl_name"), | |
| 416 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1, | |
| 417 ngx_http_set_complex_value_slot, | |
| 418 NGX_HTTP_LOC_CONF_OFFSET, | |
| 419 offsetof(ngx_http_uwsgi_loc_conf_t, upstream.ssl_name), | |
| 420 NULL }, | |
| 421 | |
| 422 { ngx_string("uwsgi_ssl_server_name"), | |
| 423 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_FLAG, | |
| 424 ngx_conf_set_flag_slot, | |
| 425 NGX_HTTP_LOC_CONF_OFFSET, | |
| 426 offsetof(ngx_http_uwsgi_loc_conf_t, upstream.ssl_server_name), | |
| 427 NULL }, | |
| 428 | |
| 429 { ngx_string("uwsgi_ssl_verify"), | |
| 430 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_FLAG, | |
| 431 ngx_conf_set_flag_slot, | |
| 432 NGX_HTTP_LOC_CONF_OFFSET, | |
| 433 offsetof(ngx_http_uwsgi_loc_conf_t, upstream.ssl_verify), | |
| 434 NULL }, | |
| 435 | |
| 436 { ngx_string("uwsgi_ssl_verify_depth"), | |
| 437 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1, | |
| 438 ngx_conf_set_num_slot, | |
| 439 NGX_HTTP_LOC_CONF_OFFSET, | |
| 440 offsetof(ngx_http_uwsgi_loc_conf_t, ssl_verify_depth), | |
| 441 NULL }, | |
| 442 | |
| 443 { ngx_string("uwsgi_ssl_trusted_certificate"), | |
| 444 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1, | |
| 445 ngx_conf_set_str_slot, | |
| 446 NGX_HTTP_LOC_CONF_OFFSET, | |
| 447 offsetof(ngx_http_uwsgi_loc_conf_t, ssl_trusted_certificate), | |
| 448 NULL }, | |
| 449 | |
| 450 { ngx_string("uwsgi_ssl_crl"), | |
| 451 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1, | |
| 452 ngx_conf_set_str_slot, | |
| 453 NGX_HTTP_LOC_CONF_OFFSET, | |
| 454 offsetof(ngx_http_uwsgi_loc_conf_t, ssl_crl), | |
| 410 NULL }, | 455 NULL }, |
| 411 | 456 |
| 412 #endif | 457 #endif |
| 413 | 458 |
| 414 ngx_null_command | 459 ngx_null_command |
| 1241 | 1286 |
| 1242 conf->upstream.hide_headers = NGX_CONF_UNSET_PTR; | 1287 conf->upstream.hide_headers = NGX_CONF_UNSET_PTR; |
| 1243 conf->upstream.pass_headers = NGX_CONF_UNSET_PTR; | 1288 conf->upstream.pass_headers = NGX_CONF_UNSET_PTR; |
| 1244 | 1289 |
| 1245 conf->upstream.intercept_errors = NGX_CONF_UNSET; | 1290 conf->upstream.intercept_errors = NGX_CONF_UNSET; |
| 1291 | |
| 1246 #if (NGX_HTTP_SSL) | 1292 #if (NGX_HTTP_SSL) |
| 1247 conf->upstream.ssl_session_reuse = NGX_CONF_UNSET; | 1293 conf->upstream.ssl_session_reuse = NGX_CONF_UNSET; |
| 1294 conf->upstream.ssl_server_name = NGX_CONF_UNSET; | |
| 1295 conf->upstream.ssl_verify = NGX_CONF_UNSET; | |
| 1296 conf->ssl_verify_depth = NGX_CONF_UNSET_UINT; | |
| 1248 #endif | 1297 #endif |
| 1249 | 1298 |
| 1250 /* "uwsgi_cyclic_temp_file" is disabled */ | 1299 /* "uwsgi_cyclic_temp_file" is disabled */ |
| 1251 conf->upstream.cyclic_temp_file = 0; | 1300 conf->upstream.cyclic_temp_file = 0; |
| 1252 | 1301 |
| 1492 | 1541 |
| 1493 ngx_conf_merge_value(conf->upstream.intercept_errors, | 1542 ngx_conf_merge_value(conf->upstream.intercept_errors, |
| 1494 prev->upstream.intercept_errors, 0); | 1543 prev->upstream.intercept_errors, 0); |
| 1495 | 1544 |
| 1496 #if (NGX_HTTP_SSL) | 1545 #if (NGX_HTTP_SSL) |
| 1546 | |
| 1497 ngx_conf_merge_value(conf->upstream.ssl_session_reuse, | 1547 ngx_conf_merge_value(conf->upstream.ssl_session_reuse, |
| 1498 prev->upstream.ssl_session_reuse, 1); | 1548 prev->upstream.ssl_session_reuse, 1); |
| 1499 | 1549 |
| 1500 ngx_conf_merge_bitmask_value(conf->ssl_protocols, prev->ssl_protocols, | 1550 ngx_conf_merge_bitmask_value(conf->ssl_protocols, prev->ssl_protocols, |
| 1501 (NGX_CONF_BITMASK_SET|NGX_SSL_SSLv3 | 1551 (NGX_CONF_BITMASK_SET|NGX_SSL_SSLv3 |
| 1503 |NGX_SSL_TLSv1_2)); | 1553 |NGX_SSL_TLSv1_2)); |
| 1504 | 1554 |
| 1505 ngx_conf_merge_str_value(conf->ssl_ciphers, prev->ssl_ciphers, | 1555 ngx_conf_merge_str_value(conf->ssl_ciphers, prev->ssl_ciphers, |
| 1506 "DEFAULT"); | 1556 "DEFAULT"); |
| 1507 | 1557 |
| 1558 if (conf->upstream.ssl_name == NULL) { | |
| 1559 conf->upstream.ssl_name = prev->upstream.ssl_name; | |
| 1560 } | |
| 1561 | |
| 1562 ngx_conf_merge_value(conf->upstream.ssl_server_name, | |
| 1563 prev->upstream.ssl_server_name, 0); | |
| 1564 ngx_conf_merge_value(conf->upstream.ssl_verify, | |
| 1565 prev->upstream.ssl_verify, 0); | |
| 1566 ngx_conf_merge_uint_value(conf->ssl_verify_depth, | |
| 1567 prev->ssl_verify_depth, 1); | |
| 1568 ngx_conf_merge_str_value(conf->ssl_trusted_certificate, | |
| 1569 prev->ssl_trusted_certificate, ""); | |
| 1570 ngx_conf_merge_str_value(conf->ssl_crl, prev->ssl_crl, ""); | |
| 1571 | |
| 1508 if (conf->ssl && ngx_http_uwsgi_set_ssl(cf, conf) != NGX_OK) { | 1572 if (conf->ssl && ngx_http_uwsgi_set_ssl(cf, conf) != NGX_OK) { |
| 1509 return NGX_CONF_ERROR; | 1573 return NGX_CONF_ERROR; |
| 1510 } | 1574 } |
| 1511 | 1575 |
| 1512 if (conf->upstream.ssl == NULL) { | 1576 if (conf->upstream.ssl == NULL) { |
| 1513 conf->upstream.ssl = prev->upstream.ssl; | 1577 conf->upstream.ssl = prev->upstream.ssl; |
| 1514 } | 1578 } |
| 1579 | |
| 1515 #endif | 1580 #endif |
| 1516 | 1581 |
| 1517 ngx_conf_merge_str_value(conf->uwsgi_string, prev->uwsgi_string, ""); | 1582 ngx_conf_merge_str_value(conf->uwsgi_string, prev->uwsgi_string, ""); |
| 1518 | 1583 |
| 1519 hash.max_size = 512; | 1584 hash.max_size = 512; |
| 2028 "SSL_CTX_set_cipher_list(\"%V\") failed", | 2093 "SSL_CTX_set_cipher_list(\"%V\") failed", |
| 2029 &uwcf->ssl_ciphers); | 2094 &uwcf->ssl_ciphers); |
| 2030 return NGX_ERROR; | 2095 return NGX_ERROR; |
| 2031 } | 2096 } |
| 2032 | 2097 |
| 2098 if (uwcf->upstream.ssl_verify) { | |
| 2099 if (uwcf->ssl_trusted_certificate.len == 0) { | |
| 2100 ngx_log_error(NGX_LOG_EMERG, cf->log, 0, | |
| 2101 "no uwsgi_ssl_trusted_certificate for uwsgi_ssl_verify"); | |
| 2102 return NGX_ERROR; | |
| 2103 } | |
| 2104 | |
| 2105 if (ngx_ssl_trusted_certificate(cf, uwcf->upstream.ssl, | |
| 2106 &uwcf->ssl_trusted_certificate, | |
| 2107 uwcf->ssl_verify_depth) | |
| 2108 != NGX_OK) | |
| 2109 { | |
| 2110 return NGX_ERROR; | |
| 2111 } | |
| 2112 | |
| 2113 if (ngx_ssl_crl(cf, uwcf->upstream.ssl, &uwcf->ssl_crl) != NGX_OK) { | |
| 2114 return NGX_ERROR; | |
| 2115 } | |
| 2116 } | |
| 2117 | |
| 2033 return NGX_OK; | 2118 return NGX_OK; |
| 2034 } | 2119 } |
| 2035 | 2120 |
| 2036 #endif | 2121 #endif |