Mercurial > hg > nginx
comparison src/stream/ngx_stream_proxy_module.c @ 8042:c7e25324be11
Upstream: handling of certificates specified as an empty string.
Now, if the directive is given an empty string, such configuration cancels
loading of certificates, in particular, if they would be otherwise inherited
from the previous level. This restores previous behaviour, before variables
support in certificates was introduced (3ab8e1e2f0f7).
author | Sergey Kandaurov <pluknet@nginx.com> |
---|---|
date | Tue, 07 Jun 2022 20:08:57 +0400 |
parents | bfad703459b4 |
children | 457afc332c67 |
comparison
equal
deleted
inserted
replaced
8041:0784ab86ad08 | 8042:c7e25324be11 |
---|---|
1067 ngx_stream_proxy_finalize(s, NGX_STREAM_INTERNAL_SERVER_ERROR); | 1067 ngx_stream_proxy_finalize(s, NGX_STREAM_INTERNAL_SERVER_ERROR); |
1068 return; | 1068 return; |
1069 } | 1069 } |
1070 } | 1070 } |
1071 | 1071 |
1072 if (pscf->ssl_certificate && (pscf->ssl_certificate->lengths | 1072 if (pscf->ssl_certificate |
1073 || pscf->ssl_certificate_key->lengths)) | 1073 && pscf->ssl_certificate->value.len |
1074 && (pscf->ssl_certificate->lengths | |
1075 || pscf->ssl_certificate_key->lengths)) | |
1074 { | 1076 { |
1075 if (ngx_stream_proxy_ssl_certificate(s) != NGX_OK) { | 1077 if (ngx_stream_proxy_ssl_certificate(s) != NGX_OK) { |
1076 ngx_stream_proxy_finalize(s, NGX_STREAM_INTERNAL_SERVER_ERROR); | 1078 ngx_stream_proxy_finalize(s, NGX_STREAM_INTERNAL_SERVER_ERROR); |
1077 return; | 1079 return; |
1078 } | 1080 } |
2223 | 2225 |
2224 if (ngx_ssl_ciphers(cf, pscf->ssl, &pscf->ssl_ciphers, 0) != NGX_OK) { | 2226 if (ngx_ssl_ciphers(cf, pscf->ssl, &pscf->ssl_ciphers, 0) != NGX_OK) { |
2225 return NGX_ERROR; | 2227 return NGX_ERROR; |
2226 } | 2228 } |
2227 | 2229 |
2228 if (pscf->ssl_certificate) { | 2230 if (pscf->ssl_certificate |
2229 | 2231 && pscf->ssl_certificate->value.len) |
2232 { | |
2230 if (pscf->ssl_certificate_key == NULL) { | 2233 if (pscf->ssl_certificate_key == NULL) { |
2231 ngx_log_error(NGX_LOG_EMERG, cf->log, 0, | 2234 ngx_log_error(NGX_LOG_EMERG, cf->log, 0, |
2232 "no \"proxy_ssl_certificate_key\" is defined " | 2235 "no \"proxy_ssl_certificate_key\" is defined " |
2233 "for certificate \"%V\"", | 2236 "for certificate \"%V\"", |
2234 &pscf->ssl_certificate->value); | 2237 &pscf->ssl_certificate->value); |