Mercurial > hg > nginx
comparison src/stream/ngx_stream_proxy_module.c @ 9022:b30bec3d71d6 quic
Merged with the default branch.
author | Sergey Kandaurov <pluknet@nginx.com> |
---|---|
date | Tue, 26 Jul 2022 19:54:11 +0400 |
parents | 8d0753760546 9d98d524bd02 |
children | 91ad1abfb285 |
comparison
equal
deleted
inserted
replaced
9021:8d0753760546 | 9022:b30bec3d71d6 |
---|---|
101 static void ngx_stream_proxy_ssl_init_connection(ngx_stream_session_t *s); | 101 static void ngx_stream_proxy_ssl_init_connection(ngx_stream_session_t *s); |
102 static void ngx_stream_proxy_ssl_handshake(ngx_connection_t *pc); | 102 static void ngx_stream_proxy_ssl_handshake(ngx_connection_t *pc); |
103 static void ngx_stream_proxy_ssl_save_session(ngx_connection_t *c); | 103 static void ngx_stream_proxy_ssl_save_session(ngx_connection_t *c); |
104 static ngx_int_t ngx_stream_proxy_ssl_name(ngx_stream_session_t *s); | 104 static ngx_int_t ngx_stream_proxy_ssl_name(ngx_stream_session_t *s); |
105 static ngx_int_t ngx_stream_proxy_ssl_certificate(ngx_stream_session_t *s); | 105 static ngx_int_t ngx_stream_proxy_ssl_certificate(ngx_stream_session_t *s); |
106 static ngx_int_t ngx_stream_proxy_merge_ssl(ngx_conf_t *cf, | |
107 ngx_stream_proxy_srv_conf_t *conf, ngx_stream_proxy_srv_conf_t *prev); | |
106 static ngx_int_t ngx_stream_proxy_set_ssl(ngx_conf_t *cf, | 108 static ngx_int_t ngx_stream_proxy_set_ssl(ngx_conf_t *cf, |
107 ngx_stream_proxy_srv_conf_t *pscf); | 109 ngx_stream_proxy_srv_conf_t *pscf); |
108 | 110 |
109 | 111 |
110 static ngx_conf_bitmask_t ngx_stream_proxy_ssl_protocols[] = { | 112 static ngx_conf_bitmask_t ngx_stream_proxy_ssl_protocols[] = { |
799 | 801 |
800 pscf = ngx_stream_get_module_srv_conf(s, ngx_stream_proxy_module); | 802 pscf = ngx_stream_get_module_srv_conf(s, ngx_stream_proxy_module); |
801 | 803 |
802 #if (NGX_STREAM_SSL) | 804 #if (NGX_STREAM_SSL) |
803 | 805 |
804 if (pc->type == SOCK_STREAM && pscf->ssl) { | 806 if (pc->type == SOCK_STREAM && pscf->ssl_enable) { |
805 | 807 |
806 if (u->proxy_protocol) { | 808 if (u->proxy_protocol) { |
807 if (ngx_stream_proxy_send_proxy_protocol(s) != NGX_OK) { | 809 if (ngx_stream_proxy_send_proxy_protocol(s) != NGX_OK) { |
808 return; | 810 return; |
809 } | 811 } |
2163 | 2165 |
2164 ngx_conf_merge_value(conf->half_close, prev->half_close, 0); | 2166 ngx_conf_merge_value(conf->half_close, prev->half_close, 0); |
2165 | 2167 |
2166 #if (NGX_STREAM_SSL) | 2168 #if (NGX_STREAM_SSL) |
2167 | 2169 |
2170 if (ngx_stream_proxy_merge_ssl(cf, conf, prev) != NGX_OK) { | |
2171 return NGX_CONF_ERROR; | |
2172 } | |
2173 | |
2168 ngx_conf_merge_value(conf->ssl_enable, prev->ssl_enable, 0); | 2174 ngx_conf_merge_value(conf->ssl_enable, prev->ssl_enable, 0); |
2169 | 2175 |
2170 ngx_conf_merge_value(conf->ssl_session_reuse, | 2176 ngx_conf_merge_value(conf->ssl_session_reuse, |
2171 prev->ssl_session_reuse, 1); | 2177 prev->ssl_session_reuse, 1); |
2172 | 2178 |
2212 | 2218 |
2213 | 2219 |
2214 #if (NGX_STREAM_SSL) | 2220 #if (NGX_STREAM_SSL) |
2215 | 2221 |
2216 static ngx_int_t | 2222 static ngx_int_t |
2223 ngx_stream_proxy_merge_ssl(ngx_conf_t *cf, ngx_stream_proxy_srv_conf_t *conf, | |
2224 ngx_stream_proxy_srv_conf_t *prev) | |
2225 { | |
2226 ngx_uint_t preserve; | |
2227 | |
2228 if (conf->ssl_protocols == 0 | |
2229 && conf->ssl_ciphers.data == NULL | |
2230 && conf->ssl_certificate == NGX_CONF_UNSET_PTR | |
2231 && conf->ssl_certificate_key == NGX_CONF_UNSET_PTR | |
2232 && conf->ssl_passwords == NGX_CONF_UNSET_PTR | |
2233 && conf->ssl_verify == NGX_CONF_UNSET | |
2234 && conf->ssl_verify_depth == NGX_CONF_UNSET_UINT | |
2235 && conf->ssl_trusted_certificate.data == NULL | |
2236 && conf->ssl_crl.data == NULL | |
2237 && conf->ssl_session_reuse == NGX_CONF_UNSET | |
2238 && conf->ssl_conf_commands == NGX_CONF_UNSET_PTR) | |
2239 { | |
2240 if (prev->ssl) { | |
2241 conf->ssl = prev->ssl; | |
2242 return NGX_OK; | |
2243 } | |
2244 | |
2245 preserve = 1; | |
2246 | |
2247 } else { | |
2248 preserve = 0; | |
2249 } | |
2250 | |
2251 conf->ssl = ngx_pcalloc(cf->pool, sizeof(ngx_ssl_t)); | |
2252 if (conf->ssl == NULL) { | |
2253 return NGX_ERROR; | |
2254 } | |
2255 | |
2256 conf->ssl->log = cf->log; | |
2257 | |
2258 /* | |
2259 * special handling to preserve conf->ssl | |
2260 * in the "stream" section to inherit it to all servers | |
2261 */ | |
2262 | |
2263 if (preserve) { | |
2264 prev->ssl = conf->ssl; | |
2265 } | |
2266 | |
2267 return NGX_OK; | |
2268 } | |
2269 | |
2270 | |
2271 static ngx_int_t | |
2217 ngx_stream_proxy_set_ssl(ngx_conf_t *cf, ngx_stream_proxy_srv_conf_t *pscf) | 2272 ngx_stream_proxy_set_ssl(ngx_conf_t *cf, ngx_stream_proxy_srv_conf_t *pscf) |
2218 { | 2273 { |
2219 ngx_pool_cleanup_t *cln; | 2274 ngx_pool_cleanup_t *cln; |
2220 | 2275 |
2221 pscf->ssl = ngx_pcalloc(cf->pool, sizeof(ngx_ssl_t)); | 2276 if (pscf->ssl->ctx) { |
2222 if (pscf->ssl == NULL) { | 2277 return NGX_OK; |
2223 return NGX_ERROR; | 2278 } |
2224 } | |
2225 | |
2226 pscf->ssl->log = cf->log; | |
2227 | 2279 |
2228 if (ngx_ssl_create(pscf->ssl, pscf->ssl_protocols, NULL) != NGX_OK) { | 2280 if (ngx_ssl_create(pscf->ssl, pscf->ssl_protocols, NULL) != NGX_OK) { |
2229 return NGX_ERROR; | 2281 return NGX_ERROR; |
2230 } | 2282 } |
2231 | 2283 |