Mercurial > hg > nginx
comparison src/stream/ngx_stream_proxy_module.c @ 9022:b30bec3d71d6 quic
Merged with the default branch.
| author | Sergey Kandaurov <pluknet@nginx.com> |
|---|---|
| date | Tue, 26 Jul 2022 19:54:11 +0400 |
| parents | 8d0753760546 9d98d524bd02 |
| children | 91ad1abfb285 |
comparison
equal
deleted
inserted
replaced
| 9021:8d0753760546 | 9022:b30bec3d71d6 |
|---|---|
| 101 static void ngx_stream_proxy_ssl_init_connection(ngx_stream_session_t *s); | 101 static void ngx_stream_proxy_ssl_init_connection(ngx_stream_session_t *s); |
| 102 static void ngx_stream_proxy_ssl_handshake(ngx_connection_t *pc); | 102 static void ngx_stream_proxy_ssl_handshake(ngx_connection_t *pc); |
| 103 static void ngx_stream_proxy_ssl_save_session(ngx_connection_t *c); | 103 static void ngx_stream_proxy_ssl_save_session(ngx_connection_t *c); |
| 104 static ngx_int_t ngx_stream_proxy_ssl_name(ngx_stream_session_t *s); | 104 static ngx_int_t ngx_stream_proxy_ssl_name(ngx_stream_session_t *s); |
| 105 static ngx_int_t ngx_stream_proxy_ssl_certificate(ngx_stream_session_t *s); | 105 static ngx_int_t ngx_stream_proxy_ssl_certificate(ngx_stream_session_t *s); |
| 106 static ngx_int_t ngx_stream_proxy_merge_ssl(ngx_conf_t *cf, | |
| 107 ngx_stream_proxy_srv_conf_t *conf, ngx_stream_proxy_srv_conf_t *prev); | |
| 106 static ngx_int_t ngx_stream_proxy_set_ssl(ngx_conf_t *cf, | 108 static ngx_int_t ngx_stream_proxy_set_ssl(ngx_conf_t *cf, |
| 107 ngx_stream_proxy_srv_conf_t *pscf); | 109 ngx_stream_proxy_srv_conf_t *pscf); |
| 108 | 110 |
| 109 | 111 |
| 110 static ngx_conf_bitmask_t ngx_stream_proxy_ssl_protocols[] = { | 112 static ngx_conf_bitmask_t ngx_stream_proxy_ssl_protocols[] = { |
| 799 | 801 |
| 800 pscf = ngx_stream_get_module_srv_conf(s, ngx_stream_proxy_module); | 802 pscf = ngx_stream_get_module_srv_conf(s, ngx_stream_proxy_module); |
| 801 | 803 |
| 802 #if (NGX_STREAM_SSL) | 804 #if (NGX_STREAM_SSL) |
| 803 | 805 |
| 804 if (pc->type == SOCK_STREAM && pscf->ssl) { | 806 if (pc->type == SOCK_STREAM && pscf->ssl_enable) { |
| 805 | 807 |
| 806 if (u->proxy_protocol) { | 808 if (u->proxy_protocol) { |
| 807 if (ngx_stream_proxy_send_proxy_protocol(s) != NGX_OK) { | 809 if (ngx_stream_proxy_send_proxy_protocol(s) != NGX_OK) { |
| 808 return; | 810 return; |
| 809 } | 811 } |
| 2163 | 2165 |
| 2164 ngx_conf_merge_value(conf->half_close, prev->half_close, 0); | 2166 ngx_conf_merge_value(conf->half_close, prev->half_close, 0); |
| 2165 | 2167 |
| 2166 #if (NGX_STREAM_SSL) | 2168 #if (NGX_STREAM_SSL) |
| 2167 | 2169 |
| 2170 if (ngx_stream_proxy_merge_ssl(cf, conf, prev) != NGX_OK) { | |
| 2171 return NGX_CONF_ERROR; | |
| 2172 } | |
| 2173 | |
| 2168 ngx_conf_merge_value(conf->ssl_enable, prev->ssl_enable, 0); | 2174 ngx_conf_merge_value(conf->ssl_enable, prev->ssl_enable, 0); |
| 2169 | 2175 |
| 2170 ngx_conf_merge_value(conf->ssl_session_reuse, | 2176 ngx_conf_merge_value(conf->ssl_session_reuse, |
| 2171 prev->ssl_session_reuse, 1); | 2177 prev->ssl_session_reuse, 1); |
| 2172 | 2178 |
| 2212 | 2218 |
| 2213 | 2219 |
| 2214 #if (NGX_STREAM_SSL) | 2220 #if (NGX_STREAM_SSL) |
| 2215 | 2221 |
| 2216 static ngx_int_t | 2222 static ngx_int_t |
| 2223 ngx_stream_proxy_merge_ssl(ngx_conf_t *cf, ngx_stream_proxy_srv_conf_t *conf, | |
| 2224 ngx_stream_proxy_srv_conf_t *prev) | |
| 2225 { | |
| 2226 ngx_uint_t preserve; | |
| 2227 | |
| 2228 if (conf->ssl_protocols == 0 | |
| 2229 && conf->ssl_ciphers.data == NULL | |
| 2230 && conf->ssl_certificate == NGX_CONF_UNSET_PTR | |
| 2231 && conf->ssl_certificate_key == NGX_CONF_UNSET_PTR | |
| 2232 && conf->ssl_passwords == NGX_CONF_UNSET_PTR | |
| 2233 && conf->ssl_verify == NGX_CONF_UNSET | |
| 2234 && conf->ssl_verify_depth == NGX_CONF_UNSET_UINT | |
| 2235 && conf->ssl_trusted_certificate.data == NULL | |
| 2236 && conf->ssl_crl.data == NULL | |
| 2237 && conf->ssl_session_reuse == NGX_CONF_UNSET | |
| 2238 && conf->ssl_conf_commands == NGX_CONF_UNSET_PTR) | |
| 2239 { | |
| 2240 if (prev->ssl) { | |
| 2241 conf->ssl = prev->ssl; | |
| 2242 return NGX_OK; | |
| 2243 } | |
| 2244 | |
| 2245 preserve = 1; | |
| 2246 | |
| 2247 } else { | |
| 2248 preserve = 0; | |
| 2249 } | |
| 2250 | |
| 2251 conf->ssl = ngx_pcalloc(cf->pool, sizeof(ngx_ssl_t)); | |
| 2252 if (conf->ssl == NULL) { | |
| 2253 return NGX_ERROR; | |
| 2254 } | |
| 2255 | |
| 2256 conf->ssl->log = cf->log; | |
| 2257 | |
| 2258 /* | |
| 2259 * special handling to preserve conf->ssl | |
| 2260 * in the "stream" section to inherit it to all servers | |
| 2261 */ | |
| 2262 | |
| 2263 if (preserve) { | |
| 2264 prev->ssl = conf->ssl; | |
| 2265 } | |
| 2266 | |
| 2267 return NGX_OK; | |
| 2268 } | |
| 2269 | |
| 2270 | |
| 2271 static ngx_int_t | |
| 2217 ngx_stream_proxy_set_ssl(ngx_conf_t *cf, ngx_stream_proxy_srv_conf_t *pscf) | 2272 ngx_stream_proxy_set_ssl(ngx_conf_t *cf, ngx_stream_proxy_srv_conf_t *pscf) |
| 2218 { | 2273 { |
| 2219 ngx_pool_cleanup_t *cln; | 2274 ngx_pool_cleanup_t *cln; |
| 2220 | 2275 |
| 2221 pscf->ssl = ngx_pcalloc(cf->pool, sizeof(ngx_ssl_t)); | 2276 if (pscf->ssl->ctx) { |
| 2222 if (pscf->ssl == NULL) { | 2277 return NGX_OK; |
| 2223 return NGX_ERROR; | 2278 } |
| 2224 } | |
| 2225 | |
| 2226 pscf->ssl->log = cf->log; | |
| 2227 | 2279 |
| 2228 if (ngx_ssl_create(pscf->ssl, pscf->ssl_protocols, NULL) != NGX_OK) { | 2280 if (ngx_ssl_create(pscf->ssl, pscf->ssl_protocols, NULL) != NGX_OK) { |
| 2229 return NGX_ERROR; | 2281 return NGX_ERROR; |
| 2230 } | 2282 } |
| 2231 | 2283 |