nginx: src/stream/ngx_stream_proxy

comparison src/stream/ngx_stream_proxy_module.c @ 7731:fd0b2226919b

Stream: proxy_ssl_conf_command directive. Similarly to ssl_conf_command, proxy_ssl_conf_command can be used to set arbitrary OpenSSL configuration parameters as long as nginx is compiled with OpenSSL 1.0.2 or later, when connecting to upstream servers with SSL. Full list of available configuration commands can be found in the SSL_CONF_cmd manual page (https://www.openssl.org/docs/man1.1.1/man3/SSL_CONF_cmd.html).

author	Maxim Dounin <mdounin@mdounin.ru>
date	Thu, 22 Oct 2020 18:00:27 +0300
parents	d127837c714f
children	7ce28b4cc57e

comparison

equal deleted inserted replaced

-:1a719ee45526
+:fd0b2226919b
 ngx_str_t                        ssl_trusted_certificate;
 ngx_str_t                        ssl_crl;
 ngx_str_t                        ssl_certificate;
 ngx_str_t                        ssl_certificate_key;
 ngx_array_t                     *ssl_passwords;
+ngx_array_t                     *ssl_conf_commands;
 ngx_ssl_t                       *ssl;
 #endif
 ngx_stream_upstream_srv_conf_t  *upstream;
 #if (NGX_STREAM_SSL)
 static ngx_int_t ngx_stream_proxy_send_proxy_protocol(ngx_stream_session_t *s);
 static char *ngx_stream_proxy_ssl_password_file(ngx_conf_t *cf,
 ngx_command_t *cmd, void *conf);
+static char *ngx_stream_proxy_ssl_conf_command_check(ngx_conf_t *cf, void *post,
+void *data);
 static void ngx_stream_proxy_ssl_init_connection(ngx_stream_session_t *s);
 static void ngx_stream_proxy_ssl_handshake(ngx_connection_t *pc);
 static void ngx_stream_proxy_ssl_save_session(ngx_connection_t *c);
 static ngx_int_t ngx_stream_proxy_ssl_name(ngx_stream_session_t *s);
 static ngx_int_t ngx_stream_proxy_set_ssl(ngx_conf_t *cf,
 { ngx_string("TLSv1.2"), NGX_SSL_TLSv1_2 },
 { ngx_string("TLSv1.3"), NGX_SSL_TLSv1_3 },
 { ngx_null_string, 0 }
 };
+static ngx_conf_post_t  ngx_stream_proxy_ssl_conf_command_post =
+{ ngx_stream_proxy_ssl_conf_command_check };
 #endif
 static ngx_conf_deprecated_t  ngx_conf_deprecated_proxy_downstream_buffer = {
 ngx_conf_deprecated, "proxy_downstream_buffer", "proxy_buffer_size"
 NGX_STREAM_MAIN_CONF|NGX_STREAM_SRV_CONF|NGX_CONF_TAKE1,
 ngx_stream_proxy_ssl_password_file,
 NGX_STREAM_SRV_CONF_OFFSET,
 0,
 NULL },
+{ ngx_string("proxy_ssl_conf_command"),
+NGX_STREAM_MAIN_CONF|NGX_STREAM_SRV_CONF|NGX_CONF_TAKE2,
+ngx_conf_set_keyval_slot,
+NGX_STREAM_SRV_CONF_OFFSET,
+offsetof(ngx_stream_proxy_srv_conf_t, ssl_conf_commands),
+&ngx_stream_proxy_ssl_conf_command_post },
 #endif
 ngx_null_command
 };
 pscf->ssl_passwords = ngx_ssl_read_password_file(cf, &value[1]);
 if (pscf->ssl_passwords == NULL) {
 return NGX_CONF_ERROR;
 }
+return NGX_CONF_OK;
+}
+static char *
+ngx_stream_proxy_ssl_conf_command_check(ngx_conf_t *cf, void *post, void *data)
+{
+#ifndef SSL_CONF_FLAG_FILE
+return "is not supported on this platform";
+#endif
 return NGX_CONF_OK;
 }
 conf->ssl_session_reuse = NGX_CONF_UNSET;
 conf->ssl_server_name = NGX_CONF_UNSET;
 conf->ssl_verify = NGX_CONF_UNSET;
 conf->ssl_verify_depth = NGX_CONF_UNSET_UINT;
 conf->ssl_passwords = NGX_CONF_UNSET_PTR;
+conf->ssl_conf_commands = NGX_CONF_UNSET_PTR;
 #endif
 return conf;
 }
 ngx_conf_merge_str_value(conf->ssl_certificate_key,
 prev->ssl_certificate_key, "");
 ngx_conf_merge_ptr_value(conf->ssl_passwords, prev->ssl_passwords, NULL);
+ngx_conf_merge_ptr_value(conf->ssl_conf_commands,
+prev->ssl_conf_commands, NULL);
 if (conf->ssl_enable && ngx_stream_proxy_set_ssl(cf, conf) != NGX_OK) {
 return NGX_CONF_ERROR;
 }
 return NGX_ERROR;
 }
 }
 if (ngx_ssl_client_session_cache(cf, pscf->ssl, pscf->ssl_session_reuse)
+!= NGX_OK)
+{
+return NGX_ERROR;
+}
+if (ngx_ssl_conf_commands(cf, pscf->ssl, pscf->ssl_conf_commands)
 != NGX_OK)
 {
 return NGX_ERROR;
 }

Mercurial > hg > nginx

comparison src/stream/ngx_stream_proxy_module.c @ 7731:fd0b2226919b