Mercurial > hg > nginx
comparison src/http/modules/ngx_http_proxy_module.c @ 5385:7c1f4977d8a0
Proxy: added the "proxy_ssl_protocols" directive.
author | Andrei Belov <defan@nginx.com> |
---|---|
date | Thu, 19 Sep 2013 18:30:33 +0400 |
parents | 2fda9065d0f4 |
children | 919d230ecdbe |
comparison
equal
deleted
inserted
replaced
5384:cfbf1d1cc233 | 5385:7c1f4977d8a0 |
---|---|
74 | 74 |
75 ngx_uint_t http_version; | 75 ngx_uint_t http_version; |
76 | 76 |
77 ngx_uint_t headers_hash_max_size; | 77 ngx_uint_t headers_hash_max_size; |
78 ngx_uint_t headers_hash_bucket_size; | 78 ngx_uint_t headers_hash_bucket_size; |
79 | |
80 #if (NGX_HTTP_SSL) | |
81 ngx_uint_t ssl; | |
82 ngx_uint_t ssl_protocols; | |
83 #endif | |
79 } ngx_http_proxy_loc_conf_t; | 84 } ngx_http_proxy_loc_conf_t; |
80 | 85 |
81 | 86 |
82 typedef struct { | 87 typedef struct { |
83 ngx_http_status_t status; | 88 ngx_http_status_t status; |
184 { ngx_string("off"), NGX_HTTP_UPSTREAM_FT_OFF }, | 189 { ngx_string("off"), NGX_HTTP_UPSTREAM_FT_OFF }, |
185 { ngx_null_string, 0 } | 190 { ngx_null_string, 0 } |
186 }; | 191 }; |
187 | 192 |
188 | 193 |
194 #if (NGX_HTTP_SSL) | |
195 | |
196 static ngx_conf_bitmask_t ngx_http_proxy_ssl_protocols[] = { | |
197 { ngx_string("SSLv2"), NGX_SSL_SSLv2 }, | |
198 { ngx_string("SSLv3"), NGX_SSL_SSLv3 }, | |
199 { ngx_string("TLSv1"), NGX_SSL_TLSv1 }, | |
200 { ngx_string("TLSv1.1"), NGX_SSL_TLSv1_1 }, | |
201 { ngx_string("TLSv1.2"), NGX_SSL_TLSv1_2 }, | |
202 { ngx_null_string, 0 } | |
203 }; | |
204 | |
205 #endif | |
206 | |
207 | |
189 static ngx_conf_enum_t ngx_http_proxy_http_version[] = { | 208 static ngx_conf_enum_t ngx_http_proxy_http_version[] = { |
190 { ngx_string("1.0"), NGX_HTTP_VERSION_10 }, | 209 { ngx_string("1.0"), NGX_HTTP_VERSION_10 }, |
191 { ngx_string("1.1"), NGX_HTTP_VERSION_11 }, | 210 { ngx_string("1.1"), NGX_HTTP_VERSION_11 }, |
192 { ngx_null_string, 0 } | 211 { ngx_null_string, 0 } |
193 }; | 212 }; |
509 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_FLAG, | 528 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_FLAG, |
510 ngx_conf_set_flag_slot, | 529 ngx_conf_set_flag_slot, |
511 NGX_HTTP_LOC_CONF_OFFSET, | 530 NGX_HTTP_LOC_CONF_OFFSET, |
512 offsetof(ngx_http_proxy_loc_conf_t, upstream.ssl_session_reuse), | 531 offsetof(ngx_http_proxy_loc_conf_t, upstream.ssl_session_reuse), |
513 NULL }, | 532 NULL }, |
533 | |
534 { ngx_string("proxy_ssl_protocols"), | |
535 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_1MORE, | |
536 ngx_conf_set_bitmask_slot, | |
537 NGX_HTTP_LOC_CONF_OFFSET, | |
538 offsetof(ngx_http_proxy_loc_conf_t, ssl_protocols), | |
539 &ngx_http_proxy_ssl_protocols }, | |
514 | 540 |
515 #endif | 541 #endif |
516 | 542 |
517 ngx_null_command | 543 ngx_null_command |
518 }; | 544 }; |
2384 * conf->headers_set_hash = NULL; | 2410 * conf->headers_set_hash = NULL; |
2385 * conf->body_set_len = NULL; | 2411 * conf->body_set_len = NULL; |
2386 * conf->body_set = NULL; | 2412 * conf->body_set = NULL; |
2387 * conf->body_source = { 0, NULL }; | 2413 * conf->body_source = { 0, NULL }; |
2388 * conf->redirects = NULL; | 2414 * conf->redirects = NULL; |
2415 * conf->ssl = 0; | |
2416 * conf->ssl_protocols = 0; | |
2389 */ | 2417 */ |
2390 | 2418 |
2391 conf->upstream.store = NGX_CONF_UNSET; | 2419 conf->upstream.store = NGX_CONF_UNSET; |
2392 conf->upstream.store_access = NGX_CONF_UNSET_UINT; | 2420 conf->upstream.store_access = NGX_CONF_UNSET_UINT; |
2393 conf->upstream.buffering = NGX_CONF_UNSET; | 2421 conf->upstream.buffering = NGX_CONF_UNSET; |
2699 prev->upstream.intercept_errors, 0); | 2727 prev->upstream.intercept_errors, 0); |
2700 | 2728 |
2701 #if (NGX_HTTP_SSL) | 2729 #if (NGX_HTTP_SSL) |
2702 ngx_conf_merge_value(conf->upstream.ssl_session_reuse, | 2730 ngx_conf_merge_value(conf->upstream.ssl_session_reuse, |
2703 prev->upstream.ssl_session_reuse, 1); | 2731 prev->upstream.ssl_session_reuse, 1); |
2732 | |
2733 ngx_conf_merge_bitmask_value(conf->ssl_protocols, prev->ssl_protocols, | |
2734 (NGX_CONF_BITMASK_SET|NGX_SSL_SSLv3 | |
2735 |NGX_SSL_TLSv1|NGX_SSL_TLSv1_1 | |
2736 |NGX_SSL_TLSv1_2)); | |
2737 | |
2738 if (conf->ssl && ngx_http_proxy_set_ssl(cf, conf) != NGX_OK) { | |
2739 return NGX_CONF_ERROR; | |
2740 } | |
2704 #endif | 2741 #endif |
2705 | 2742 |
2706 ngx_conf_merge_value(conf->redirect, prev->redirect, 1); | 2743 ngx_conf_merge_value(conf->redirect, prev->redirect, 1); |
2707 | 2744 |
2708 if (conf->redirect) { | 2745 if (conf->redirect) { |
3144 if (ngx_http_script_compile(&sc) != NGX_OK) { | 3181 if (ngx_http_script_compile(&sc) != NGX_OK) { |
3145 return NGX_CONF_ERROR; | 3182 return NGX_CONF_ERROR; |
3146 } | 3183 } |
3147 | 3184 |
3148 #if (NGX_HTTP_SSL) | 3185 #if (NGX_HTTP_SSL) |
3149 if (ngx_http_proxy_set_ssl(cf, plcf) != NGX_OK) { | 3186 plcf->ssl = 1; |
3150 return NGX_CONF_ERROR; | |
3151 } | |
3152 #endif | 3187 #endif |
3153 | 3188 |
3154 return NGX_CONF_OK; | 3189 return NGX_CONF_OK; |
3155 } | 3190 } |
3156 | 3191 |
3159 port = 80; | 3194 port = 80; |
3160 | 3195 |
3161 } else if (ngx_strncasecmp(url->data, (u_char *) "https://", 8) == 0) { | 3196 } else if (ngx_strncasecmp(url->data, (u_char *) "https://", 8) == 0) { |
3162 | 3197 |
3163 #if (NGX_HTTP_SSL) | 3198 #if (NGX_HTTP_SSL) |
3164 if (ngx_http_proxy_set_ssl(cf, plcf) != NGX_OK) { | 3199 plcf->ssl = 1; |
3165 return NGX_CONF_ERROR; | |
3166 } | |
3167 | 3200 |
3168 add = 8; | 3201 add = 8; |
3169 port = 443; | 3202 port = 443; |
3170 #else | 3203 #else |
3171 ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, | 3204 ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, |
3743 return NGX_ERROR; | 3776 return NGX_ERROR; |
3744 } | 3777 } |
3745 | 3778 |
3746 plcf->upstream.ssl->log = cf->log; | 3779 plcf->upstream.ssl->log = cf->log; |
3747 | 3780 |
3748 if (ngx_ssl_create(plcf->upstream.ssl, | 3781 if (ngx_ssl_create(plcf->upstream.ssl, plcf->ssl_protocols, NULL) |
3749 NGX_SSL_SSLv2|NGX_SSL_SSLv3|NGX_SSL_TLSv1 | |
3750 |NGX_SSL_TLSv1_1|NGX_SSL_TLSv1_2, | |
3751 NULL) | |
3752 != NGX_OK) | 3782 != NGX_OK) |
3753 { | 3783 { |
3754 return NGX_ERROR; | 3784 return NGX_ERROR; |
3755 } | 3785 } |
3756 | 3786 |