Mercurial > hg > nginx
comparison src/http/modules/ngx_http_proxy_module.c @ 5390:919d230ecdbe
Proxy: added the "proxy_ssl_ciphers" directive.
Signed-off-by: Piotr Sikora <piotr@cloudflare.com>
| author | Piotr Sikora <piotr@cloudflare.com> |
|---|---|
| date | Mon, 23 Sep 2013 15:58:28 -0700 |
| parents | 7c1f4977d8a0 |
| children | e65be17e3a3e |
comparison
equal
deleted
inserted
replaced
| 5389:72e31d88defa | 5390:919d230ecdbe |
|---|---|
| 78 ngx_uint_t headers_hash_bucket_size; | 78 ngx_uint_t headers_hash_bucket_size; |
| 79 | 79 |
| 80 #if (NGX_HTTP_SSL) | 80 #if (NGX_HTTP_SSL) |
| 81 ngx_uint_t ssl; | 81 ngx_uint_t ssl; |
| 82 ngx_uint_t ssl_protocols; | 82 ngx_uint_t ssl_protocols; |
| 83 ngx_str_t ssl_ciphers; | |
| 83 #endif | 84 #endif |
| 84 } ngx_http_proxy_loc_conf_t; | 85 } ngx_http_proxy_loc_conf_t; |
| 85 | 86 |
| 86 | 87 |
| 87 typedef struct { | 88 typedef struct { |
| 535 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_1MORE, | 536 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_1MORE, |
| 536 ngx_conf_set_bitmask_slot, | 537 ngx_conf_set_bitmask_slot, |
| 537 NGX_HTTP_LOC_CONF_OFFSET, | 538 NGX_HTTP_LOC_CONF_OFFSET, |
| 538 offsetof(ngx_http_proxy_loc_conf_t, ssl_protocols), | 539 offsetof(ngx_http_proxy_loc_conf_t, ssl_protocols), |
| 539 &ngx_http_proxy_ssl_protocols }, | 540 &ngx_http_proxy_ssl_protocols }, |
| 541 | |
| 542 { ngx_string("proxy_ssl_ciphers"), | |
| 543 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1, | |
| 544 ngx_conf_set_str_slot, | |
| 545 NGX_HTTP_LOC_CONF_OFFSET, | |
| 546 offsetof(ngx_http_proxy_loc_conf_t, ssl_ciphers), | |
| 547 NULL }, | |
| 540 | 548 |
| 541 #endif | 549 #endif |
| 542 | 550 |
| 543 ngx_null_command | 551 ngx_null_command |
| 544 }; | 552 }; |
| 2412 * conf->body_set = NULL; | 2420 * conf->body_set = NULL; |
| 2413 * conf->body_source = { 0, NULL }; | 2421 * conf->body_source = { 0, NULL }; |
| 2414 * conf->redirects = NULL; | 2422 * conf->redirects = NULL; |
| 2415 * conf->ssl = 0; | 2423 * conf->ssl = 0; |
| 2416 * conf->ssl_protocols = 0; | 2424 * conf->ssl_protocols = 0; |
| 2425 * conf->ssl_ciphers = { 0, NULL }; | |
| 2417 */ | 2426 */ |
| 2418 | 2427 |
| 2419 conf->upstream.store = NGX_CONF_UNSET; | 2428 conf->upstream.store = NGX_CONF_UNSET; |
| 2420 conf->upstream.store_access = NGX_CONF_UNSET_UINT; | 2429 conf->upstream.store_access = NGX_CONF_UNSET_UINT; |
| 2421 conf->upstream.buffering = NGX_CONF_UNSET; | 2430 conf->upstream.buffering = NGX_CONF_UNSET; |
| 2732 | 2741 |
| 2733 ngx_conf_merge_bitmask_value(conf->ssl_protocols, prev->ssl_protocols, | 2742 ngx_conf_merge_bitmask_value(conf->ssl_protocols, prev->ssl_protocols, |
| 2734 (NGX_CONF_BITMASK_SET|NGX_SSL_SSLv3 | 2743 (NGX_CONF_BITMASK_SET|NGX_SSL_SSLv3 |
| 2735 |NGX_SSL_TLSv1|NGX_SSL_TLSv1_1 | 2744 |NGX_SSL_TLSv1|NGX_SSL_TLSv1_1 |
| 2736 |NGX_SSL_TLSv1_2)); | 2745 |NGX_SSL_TLSv1_2)); |
| 2746 | |
| 2747 ngx_conf_merge_str_value(conf->ssl_ciphers, prev->ssl_ciphers, | |
| 2748 "DEFAULT"); | |
| 2737 | 2749 |
| 2738 if (conf->ssl && ngx_http_proxy_set_ssl(cf, conf) != NGX_OK) { | 2750 if (conf->ssl && ngx_http_proxy_set_ssl(cf, conf) != NGX_OK) { |
| 2739 return NGX_CONF_ERROR; | 2751 return NGX_CONF_ERROR; |
| 2740 } | 2752 } |
| 2741 #endif | 2753 #endif |
| 3782 != NGX_OK) | 3794 != NGX_OK) |
| 3783 { | 3795 { |
| 3784 return NGX_ERROR; | 3796 return NGX_ERROR; |
| 3785 } | 3797 } |
| 3786 | 3798 |
| 3799 if (SSL_CTX_set_cipher_list(plcf->upstream.ssl->ctx, | |
| 3800 (const char *) plcf->ssl_ciphers.data) | |
| 3801 == 0) | |
| 3802 { | |
| 3803 ngx_ssl_error(NGX_LOG_EMERG, cf->log, 0, | |
| 3804 "SSL_CTX_set_cipher_list(\"%V\") failed", | |
| 3805 &plcf->ssl_ciphers); | |
| 3806 return NGX_ERROR; | |
| 3807 } | |
| 3808 | |
| 3787 cln = ngx_pool_cleanup_add(cf->pool, 0); | 3809 cln = ngx_pool_cleanup_add(cf->pool, 0); |
| 3788 if (cln == NULL) { | 3810 if (cln == NULL) { |
| 3789 return NGX_ERROR; | 3811 return NGX_ERROR; |
| 3790 } | 3812 } |
| 3791 | 3813 |