nginx: src/stream/ngx_stream_proxy

comparison src/stream/ngx_stream_proxy_module.c @ 8042:c7e25324be11

Upstream: handling of certificates specified as an empty string. Now, if the directive is given an empty string, such configuration cancels loading of certificates, in particular, if they would be otherwise inherited from the previous level. This restores previous behaviour, before variables support in certificates was introduced (3ab8e1e2f0f7).

author	Sergey Kandaurov <pluknet@nginx.com>
date	Tue, 07 Jun 2022 20:08:57 +0400
parents	bfad703459b4
children	457afc332c67

comparison

equal deleted inserted replaced

-:0784ab86ad08
+:c7e25324be11
 ngx_stream_proxy_finalize(s, NGX_STREAM_INTERNAL_SERVER_ERROR);
 return;
 }
 }
-if (pscf->ssl_certificate && (pscf->ssl_certificate->lengths
+if (pscf->ssl_certificate
-|| pscf->ssl_certificate_key->lengths))
+&& pscf->ssl_certificate->value.len
+&& (pscf->ssl_certificate->lengths
+|| pscf->ssl_certificate_key->lengths))
 {
 if (ngx_stream_proxy_ssl_certificate(s) != NGX_OK) {
 ngx_stream_proxy_finalize(s, NGX_STREAM_INTERNAL_SERVER_ERROR);
 return;
 }
 if (ngx_ssl_ciphers(cf, pscf->ssl, &pscf->ssl_ciphers, 0) != NGX_OK) {
 return NGX_ERROR;
 }
-if (pscf->ssl_certificate) {
+if (pscf->ssl_certificate
+&& pscf->ssl_certificate->value.len)
+{
 if (pscf->ssl_certificate_key == NULL) {
 ngx_log_error(NGX_LOG_EMERG, cf->log, 0,
 "no \"proxy_ssl_certificate_key\" is defined "
 "for certificate \"%V\"",
 &pscf->ssl_certificate->value);

Mercurial > hg > nginx

comparison src/stream/ngx_stream_proxy_module.c @ 8042:c7e25324be11