Mercurial > hg > nginx
comparison src/http/modules/ngx_http_uwsgi_module.c @ 5662:3cb79707516a
Upstream: uwsgi_ssl_name, uwsgi_ssl_verify, and so on.
Just a merge of proxy_ssl_name, proxy_ssl_verify commits into uwsgi module,
code is identical.
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Fri, 18 Apr 2014 20:13:32 +0400 |
parents | 3fb6615bb87f |
children | c95d7882dfc9 |
comparison
equal
deleted
inserted
replaced
5661:060c2e692b96 | 5662:3cb79707516a |
---|---|
37 | 37 |
38 #if (NGX_HTTP_SSL) | 38 #if (NGX_HTTP_SSL) |
39 ngx_uint_t ssl; | 39 ngx_uint_t ssl; |
40 ngx_uint_t ssl_protocols; | 40 ngx_uint_t ssl_protocols; |
41 ngx_str_t ssl_ciphers; | 41 ngx_str_t ssl_ciphers; |
42 ngx_uint_t ssl_verify_depth; | |
43 ngx_str_t ssl_trusted_certificate; | |
44 ngx_str_t ssl_crl; | |
42 #endif | 45 #endif |
43 } ngx_http_uwsgi_loc_conf_t; | 46 } ngx_http_uwsgi_loc_conf_t; |
44 | 47 |
45 | 48 |
46 static ngx_int_t ngx_http_uwsgi_eval(ngx_http_request_t *r, | 49 static ngx_int_t ngx_http_uwsgi_eval(ngx_http_request_t *r, |
405 { ngx_string("uwsgi_ssl_ciphers"), | 408 { ngx_string("uwsgi_ssl_ciphers"), |
406 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1, | 409 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1, |
407 ngx_conf_set_str_slot, | 410 ngx_conf_set_str_slot, |
408 NGX_HTTP_LOC_CONF_OFFSET, | 411 NGX_HTTP_LOC_CONF_OFFSET, |
409 offsetof(ngx_http_uwsgi_loc_conf_t, ssl_ciphers), | 412 offsetof(ngx_http_uwsgi_loc_conf_t, ssl_ciphers), |
413 NULL }, | |
414 | |
415 { ngx_string("uwsgi_ssl_name"), | |
416 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1, | |
417 ngx_http_set_complex_value_slot, | |
418 NGX_HTTP_LOC_CONF_OFFSET, | |
419 offsetof(ngx_http_uwsgi_loc_conf_t, upstream.ssl_name), | |
420 NULL }, | |
421 | |
422 { ngx_string("uwsgi_ssl_server_name"), | |
423 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_FLAG, | |
424 ngx_conf_set_flag_slot, | |
425 NGX_HTTP_LOC_CONF_OFFSET, | |
426 offsetof(ngx_http_uwsgi_loc_conf_t, upstream.ssl_server_name), | |
427 NULL }, | |
428 | |
429 { ngx_string("uwsgi_ssl_verify"), | |
430 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_FLAG, | |
431 ngx_conf_set_flag_slot, | |
432 NGX_HTTP_LOC_CONF_OFFSET, | |
433 offsetof(ngx_http_uwsgi_loc_conf_t, upstream.ssl_verify), | |
434 NULL }, | |
435 | |
436 { ngx_string("uwsgi_ssl_verify_depth"), | |
437 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1, | |
438 ngx_conf_set_num_slot, | |
439 NGX_HTTP_LOC_CONF_OFFSET, | |
440 offsetof(ngx_http_uwsgi_loc_conf_t, ssl_verify_depth), | |
441 NULL }, | |
442 | |
443 { ngx_string("uwsgi_ssl_trusted_certificate"), | |
444 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1, | |
445 ngx_conf_set_str_slot, | |
446 NGX_HTTP_LOC_CONF_OFFSET, | |
447 offsetof(ngx_http_uwsgi_loc_conf_t, ssl_trusted_certificate), | |
448 NULL }, | |
449 | |
450 { ngx_string("uwsgi_ssl_crl"), | |
451 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1, | |
452 ngx_conf_set_str_slot, | |
453 NGX_HTTP_LOC_CONF_OFFSET, | |
454 offsetof(ngx_http_uwsgi_loc_conf_t, ssl_crl), | |
410 NULL }, | 455 NULL }, |
411 | 456 |
412 #endif | 457 #endif |
413 | 458 |
414 ngx_null_command | 459 ngx_null_command |
1241 | 1286 |
1242 conf->upstream.hide_headers = NGX_CONF_UNSET_PTR; | 1287 conf->upstream.hide_headers = NGX_CONF_UNSET_PTR; |
1243 conf->upstream.pass_headers = NGX_CONF_UNSET_PTR; | 1288 conf->upstream.pass_headers = NGX_CONF_UNSET_PTR; |
1244 | 1289 |
1245 conf->upstream.intercept_errors = NGX_CONF_UNSET; | 1290 conf->upstream.intercept_errors = NGX_CONF_UNSET; |
1291 | |
1246 #if (NGX_HTTP_SSL) | 1292 #if (NGX_HTTP_SSL) |
1247 conf->upstream.ssl_session_reuse = NGX_CONF_UNSET; | 1293 conf->upstream.ssl_session_reuse = NGX_CONF_UNSET; |
1294 conf->upstream.ssl_server_name = NGX_CONF_UNSET; | |
1295 conf->upstream.ssl_verify = NGX_CONF_UNSET; | |
1296 conf->ssl_verify_depth = NGX_CONF_UNSET_UINT; | |
1248 #endif | 1297 #endif |
1249 | 1298 |
1250 /* "uwsgi_cyclic_temp_file" is disabled */ | 1299 /* "uwsgi_cyclic_temp_file" is disabled */ |
1251 conf->upstream.cyclic_temp_file = 0; | 1300 conf->upstream.cyclic_temp_file = 0; |
1252 | 1301 |
1492 | 1541 |
1493 ngx_conf_merge_value(conf->upstream.intercept_errors, | 1542 ngx_conf_merge_value(conf->upstream.intercept_errors, |
1494 prev->upstream.intercept_errors, 0); | 1543 prev->upstream.intercept_errors, 0); |
1495 | 1544 |
1496 #if (NGX_HTTP_SSL) | 1545 #if (NGX_HTTP_SSL) |
1546 | |
1497 ngx_conf_merge_value(conf->upstream.ssl_session_reuse, | 1547 ngx_conf_merge_value(conf->upstream.ssl_session_reuse, |
1498 prev->upstream.ssl_session_reuse, 1); | 1548 prev->upstream.ssl_session_reuse, 1); |
1499 | 1549 |
1500 ngx_conf_merge_bitmask_value(conf->ssl_protocols, prev->ssl_protocols, | 1550 ngx_conf_merge_bitmask_value(conf->ssl_protocols, prev->ssl_protocols, |
1501 (NGX_CONF_BITMASK_SET|NGX_SSL_SSLv3 | 1551 (NGX_CONF_BITMASK_SET|NGX_SSL_SSLv3 |
1503 |NGX_SSL_TLSv1_2)); | 1553 |NGX_SSL_TLSv1_2)); |
1504 | 1554 |
1505 ngx_conf_merge_str_value(conf->ssl_ciphers, prev->ssl_ciphers, | 1555 ngx_conf_merge_str_value(conf->ssl_ciphers, prev->ssl_ciphers, |
1506 "DEFAULT"); | 1556 "DEFAULT"); |
1507 | 1557 |
1558 if (conf->upstream.ssl_name == NULL) { | |
1559 conf->upstream.ssl_name = prev->upstream.ssl_name; | |
1560 } | |
1561 | |
1562 ngx_conf_merge_value(conf->upstream.ssl_server_name, | |
1563 prev->upstream.ssl_server_name, 0); | |
1564 ngx_conf_merge_value(conf->upstream.ssl_verify, | |
1565 prev->upstream.ssl_verify, 0); | |
1566 ngx_conf_merge_uint_value(conf->ssl_verify_depth, | |
1567 prev->ssl_verify_depth, 1); | |
1568 ngx_conf_merge_str_value(conf->ssl_trusted_certificate, | |
1569 prev->ssl_trusted_certificate, ""); | |
1570 ngx_conf_merge_str_value(conf->ssl_crl, prev->ssl_crl, ""); | |
1571 | |
1508 if (conf->ssl && ngx_http_uwsgi_set_ssl(cf, conf) != NGX_OK) { | 1572 if (conf->ssl && ngx_http_uwsgi_set_ssl(cf, conf) != NGX_OK) { |
1509 return NGX_CONF_ERROR; | 1573 return NGX_CONF_ERROR; |
1510 } | 1574 } |
1511 | 1575 |
1512 if (conf->upstream.ssl == NULL) { | 1576 if (conf->upstream.ssl == NULL) { |
1513 conf->upstream.ssl = prev->upstream.ssl; | 1577 conf->upstream.ssl = prev->upstream.ssl; |
1514 } | 1578 } |
1579 | |
1515 #endif | 1580 #endif |
1516 | 1581 |
1517 ngx_conf_merge_str_value(conf->uwsgi_string, prev->uwsgi_string, ""); | 1582 ngx_conf_merge_str_value(conf->uwsgi_string, prev->uwsgi_string, ""); |
1518 | 1583 |
1519 hash.max_size = 512; | 1584 hash.max_size = 512; |
2028 "SSL_CTX_set_cipher_list(\"%V\") failed", | 2093 "SSL_CTX_set_cipher_list(\"%V\") failed", |
2029 &uwcf->ssl_ciphers); | 2094 &uwcf->ssl_ciphers); |
2030 return NGX_ERROR; | 2095 return NGX_ERROR; |
2031 } | 2096 } |
2032 | 2097 |
2098 if (uwcf->upstream.ssl_verify) { | |
2099 if (uwcf->ssl_trusted_certificate.len == 0) { | |
2100 ngx_log_error(NGX_LOG_EMERG, cf->log, 0, | |
2101 "no uwsgi_ssl_trusted_certificate for uwsgi_ssl_verify"); | |
2102 return NGX_ERROR; | |
2103 } | |
2104 | |
2105 if (ngx_ssl_trusted_certificate(cf, uwcf->upstream.ssl, | |
2106 &uwcf->ssl_trusted_certificate, | |
2107 uwcf->ssl_verify_depth) | |
2108 != NGX_OK) | |
2109 { | |
2110 return NGX_ERROR; | |
2111 } | |
2112 | |
2113 if (ngx_ssl_crl(cf, uwcf->upstream.ssl, &uwcf->ssl_crl) != NGX_OK) { | |
2114 return NGX_ERROR; | |
2115 } | |
2116 } | |
2117 | |
2033 return NGX_OK; | 2118 return NGX_OK; |
2034 } | 2119 } |
2035 | 2120 |
2036 #endif | 2121 #endif |