Mercurial > hg > nginx

comparison src/http/modules/ngx_http_proxy_module.c @ 5385:7c1f4977d8a0

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Proxy: added the "proxy_ssl_protocols" directive.
author Andrei Belov <defan@nginx.com>
date Thu, 19 Sep 2013 18:30:33 +0400
parents 2fda9065d0f4
children 919d230ecdbe
comparison
equal deleted inserted replaced
5384:cfbf1d1cc233 5385:7c1f4977d8a0
74 74
75 ngx_uint_t http_version; 75 ngx_uint_t http_version;
76 76
77 ngx_uint_t headers_hash_max_size; 77 ngx_uint_t headers_hash_max_size;
78 ngx_uint_t headers_hash_bucket_size; 78 ngx_uint_t headers_hash_bucket_size;
79
80 #if (NGX_HTTP_SSL)
81 ngx_uint_t ssl;
82 ngx_uint_t ssl_protocols;
83 #endif
79 } ngx_http_proxy_loc_conf_t; 84 } ngx_http_proxy_loc_conf_t;
80 85
81 86
82 typedef struct { 87 typedef struct {
83 ngx_http_status_t status; 88 ngx_http_status_t status;
184 { ngx_string("off"), NGX_HTTP_UPSTREAM_FT_OFF }, 189 { ngx_string("off"), NGX_HTTP_UPSTREAM_FT_OFF },
185 { ngx_null_string, 0 } 190 { ngx_null_string, 0 }
186 }; 191 };
187 192
188 193
194 #if (NGX_HTTP_SSL)
195
196 static ngx_conf_bitmask_t ngx_http_proxy_ssl_protocols[] = {
197 { ngx_string("SSLv2"), NGX_SSL_SSLv2 },
198 { ngx_string("SSLv3"), NGX_SSL_SSLv3 },
199 { ngx_string("TLSv1"), NGX_SSL_TLSv1 },
200 { ngx_string("TLSv1.1"), NGX_SSL_TLSv1_1 },
201 { ngx_string("TLSv1.2"), NGX_SSL_TLSv1_2 },
202 { ngx_null_string, 0 }
203 };
204
205 #endif
206
207
189 static ngx_conf_enum_t ngx_http_proxy_http_version[] = { 208 static ngx_conf_enum_t ngx_http_proxy_http_version[] = {
190 { ngx_string("1.0"), NGX_HTTP_VERSION_10 }, 209 { ngx_string("1.0"), NGX_HTTP_VERSION_10 },
191 { ngx_string("1.1"), NGX_HTTP_VERSION_11 }, 210 { ngx_string("1.1"), NGX_HTTP_VERSION_11 },
192 { ngx_null_string, 0 } 211 { ngx_null_string, 0 }
193 }; 212 };
509 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_FLAG, 528 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_FLAG,
510 ngx_conf_set_flag_slot, 529 ngx_conf_set_flag_slot,
511 NGX_HTTP_LOC_CONF_OFFSET, 530 NGX_HTTP_LOC_CONF_OFFSET,
512 offsetof(ngx_http_proxy_loc_conf_t, upstream.ssl_session_reuse), 531 offsetof(ngx_http_proxy_loc_conf_t, upstream.ssl_session_reuse),
513 NULL }, 532 NULL },
533
534 { ngx_string("proxy_ssl_protocols"),
535 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_1MORE,
536 ngx_conf_set_bitmask_slot,
537 NGX_HTTP_LOC_CONF_OFFSET,
538 offsetof(ngx_http_proxy_loc_conf_t, ssl_protocols),
539 &ngx_http_proxy_ssl_protocols },
514 540
515 #endif 541 #endif
516 542
517 ngx_null_command 543 ngx_null_command
518 }; 544 };
2384 * conf->headers_set_hash = NULL; 2410 * conf->headers_set_hash = NULL;
2385 * conf->body_set_len = NULL; 2411 * conf->body_set_len = NULL;
2386 * conf->body_set = NULL; 2412 * conf->body_set = NULL;
2387 * conf->body_source = { 0, NULL }; 2413 * conf->body_source = { 0, NULL };
2388 * conf->redirects = NULL; 2414 * conf->redirects = NULL;
2415 * conf->ssl = 0;
2416 * conf->ssl_protocols = 0;
2389 */ 2417 */
2390 2418
2391 conf->upstream.store = NGX_CONF_UNSET; 2419 conf->upstream.store = NGX_CONF_UNSET;
2392 conf->upstream.store_access = NGX_CONF_UNSET_UINT; 2420 conf->upstream.store_access = NGX_CONF_UNSET_UINT;
2393 conf->upstream.buffering = NGX_CONF_UNSET; 2421 conf->upstream.buffering = NGX_CONF_UNSET;
2699 prev->upstream.intercept_errors, 0); 2727 prev->upstream.intercept_errors, 0);
2700 2728
2701 #if (NGX_HTTP_SSL) 2729 #if (NGX_HTTP_SSL)
2702 ngx_conf_merge_value(conf->upstream.ssl_session_reuse, 2730 ngx_conf_merge_value(conf->upstream.ssl_session_reuse,
2703 prev->upstream.ssl_session_reuse, 1); 2731 prev->upstream.ssl_session_reuse, 1);
2732
2733 ngx_conf_merge_bitmask_value(conf->ssl_protocols, prev->ssl_protocols,
2734 (NGX_CONF_BITMASK_SET|NGX_SSL_SSLv3
2735 |NGX_SSL_TLSv1|NGX_SSL_TLSv1_1
2736 |NGX_SSL_TLSv1_2));
2737
2738 if (conf->ssl && ngx_http_proxy_set_ssl(cf, conf) != NGX_OK) {
2739 return NGX_CONF_ERROR;
2740 }
2704 #endif 2741 #endif
2705 2742
2706 ngx_conf_merge_value(conf->redirect, prev->redirect, 1); 2743 ngx_conf_merge_value(conf->redirect, prev->redirect, 1);
2707 2744
2708 if (conf->redirect) { 2745 if (conf->redirect) {
3144 if (ngx_http_script_compile(&sc) != NGX_OK) { 3181 if (ngx_http_script_compile(&sc) != NGX_OK) {
3145 return NGX_CONF_ERROR; 3182 return NGX_CONF_ERROR;
3146 } 3183 }
3147 3184
3148 #if (NGX_HTTP_SSL) 3185 #if (NGX_HTTP_SSL)
3149 if (ngx_http_proxy_set_ssl(cf, plcf) != NGX_OK) { 3186 plcf->ssl = 1;
3150 return NGX_CONF_ERROR;
3151 }
3152 #endif 3187 #endif
3153 3188
3154 return NGX_CONF_OK; 3189 return NGX_CONF_OK;
3155 } 3190 }
3156 3191
3159 port = 80; 3194 port = 80;
3160 3195
3161 } else if (ngx_strncasecmp(url->data, (u_char *) "https://", 8) == 0) { 3196 } else if (ngx_strncasecmp(url->data, (u_char *) "https://", 8) == 0) {
3162 3197
3163 #if (NGX_HTTP_SSL) 3198 #if (NGX_HTTP_SSL)
3164 if (ngx_http_proxy_set_ssl(cf, plcf) != NGX_OK) { 3199 plcf->ssl = 1;
3165 return NGX_CONF_ERROR;
3166 }
3167 3200
3168 add = 8; 3201 add = 8;
3169 port = 443; 3202 port = 443;
3170 #else 3203 #else
3171 ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, 3204 ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
3743 return NGX_ERROR; 3776 return NGX_ERROR;
3744 } 3777 }
3745 3778
3746 plcf->upstream.ssl->log = cf->log; 3779 plcf->upstream.ssl->log = cf->log;
3747 3780
3748 if (ngx_ssl_create(plcf->upstream.ssl, 3781 if (ngx_ssl_create(plcf->upstream.ssl, plcf->ssl_protocols, NULL)
3749 NGX_SSL_SSLv2|NGX_SSL_SSLv3|NGX_SSL_TLSv1
3750 |NGX_SSL_TLSv1_1|NGX_SSL_TLSv1_2,
3751 NULL)
3752 != NGX_OK) 3782 != NGX_OK)
3753 { 3783 {
3754 return NGX_ERROR; 3784 return NGX_ERROR;
3755 } 3785 }
3756 3786