Klaus Demo nginx / cae1bd3
Upstream: uwsgi_ssl_name, uwsgi_ssl_verify, and so on. Just a merge of proxy_ssl_name, proxy_ssl_verify commits into uwsgi module, code is identical. Maxim Dounin 8 years ago
1 changed file(s) with 85 addition(s) and 0 deletion(s). Raw diff Collapse all Expand all
3838 ngx_uint_t ssl;
3939 ngx_uint_t ssl_protocols;
4040 ngx_str_t ssl_ciphers;
41 ngx_uint_t ssl_verify_depth;
42 ngx_str_t ssl_trusted_certificate;
43 ngx_str_t ssl_crl;
4144 #endif
4245 } ngx_http_uwsgi_loc_conf_t;
4346
406409 ngx_conf_set_str_slot,
407410 NGX_HTTP_LOC_CONF_OFFSET,
408411 offsetof(ngx_http_uwsgi_loc_conf_t, ssl_ciphers),
412 NULL },
413
414 { ngx_string("uwsgi_ssl_name"),
415 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1,
416 ngx_http_set_complex_value_slot,
417 NGX_HTTP_LOC_CONF_OFFSET,
418 offsetof(ngx_http_uwsgi_loc_conf_t, upstream.ssl_name),
419 NULL },
420
421 { ngx_string("uwsgi_ssl_server_name"),
422 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_FLAG,
423 ngx_conf_set_flag_slot,
424 NGX_HTTP_LOC_CONF_OFFSET,
425 offsetof(ngx_http_uwsgi_loc_conf_t, upstream.ssl_server_name),
426 NULL },
427
428 { ngx_string("uwsgi_ssl_verify"),
429 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_FLAG,
430 ngx_conf_set_flag_slot,
431 NGX_HTTP_LOC_CONF_OFFSET,
432 offsetof(ngx_http_uwsgi_loc_conf_t, upstream.ssl_verify),
433 NULL },
434
435 { ngx_string("uwsgi_ssl_verify_depth"),
436 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1,
437 ngx_conf_set_num_slot,
438 NGX_HTTP_LOC_CONF_OFFSET,
439 offsetof(ngx_http_uwsgi_loc_conf_t, ssl_verify_depth),
440 NULL },
441
442 { ngx_string("uwsgi_ssl_trusted_certificate"),
443 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1,
444 ngx_conf_set_str_slot,
445 NGX_HTTP_LOC_CONF_OFFSET,
446 offsetof(ngx_http_uwsgi_loc_conf_t, ssl_trusted_certificate),
447 NULL },
448
449 { ngx_string("uwsgi_ssl_crl"),
450 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1,
451 ngx_conf_set_str_slot,
452 NGX_HTTP_LOC_CONF_OFFSET,
453 offsetof(ngx_http_uwsgi_loc_conf_t, ssl_crl),
409454 NULL },
410455
411456 #endif
12421287 conf->upstream.pass_headers = NGX_CONF_UNSET_PTR;
12431288
12441289 conf->upstream.intercept_errors = NGX_CONF_UNSET;
1290
12451291 #if (NGX_HTTP_SSL)
12461292 conf->upstream.ssl_session_reuse = NGX_CONF_UNSET;
1293 conf->upstream.ssl_server_name = NGX_CONF_UNSET;
1294 conf->upstream.ssl_verify = NGX_CONF_UNSET;
1295 conf->ssl_verify_depth = NGX_CONF_UNSET_UINT;
12471296 #endif
12481297
12491298 /* "uwsgi_cyclic_temp_file" is disabled */
14931542 prev->upstream.intercept_errors, 0);
14941543
14951544 #if (NGX_HTTP_SSL)
1545
14961546 ngx_conf_merge_value(conf->upstream.ssl_session_reuse,
14971547 prev->upstream.ssl_session_reuse, 1);
14981548
15041554 ngx_conf_merge_str_value(conf->ssl_ciphers, prev->ssl_ciphers,
15051555 "DEFAULT");
15061556
1557 if (conf->upstream.ssl_name == NULL) {
1558 conf->upstream.ssl_name = prev->upstream.ssl_name;
1559 }
1560
1561 ngx_conf_merge_value(conf->upstream.ssl_server_name,
1562 prev->upstream.ssl_server_name, 0);
1563 ngx_conf_merge_value(conf->upstream.ssl_verify,
1564 prev->upstream.ssl_verify, 0);
1565 ngx_conf_merge_uint_value(conf->ssl_verify_depth,
1566 prev->ssl_verify_depth, 1);
1567 ngx_conf_merge_str_value(conf->ssl_trusted_certificate,
1568 prev->ssl_trusted_certificate, "");
1569 ngx_conf_merge_str_value(conf->ssl_crl, prev->ssl_crl, "");
1570
15071571 if (conf->ssl && ngx_http_uwsgi_set_ssl(cf, conf) != NGX_OK) {
15081572 return NGX_CONF_ERROR;
15091573 }
15111575 if (conf->upstream.ssl == NULL) {
15121576 conf->upstream.ssl = prev->upstream.ssl;
15131577 }
1578
15141579 #endif
15151580
15161581 ngx_conf_merge_str_value(conf->uwsgi_string, prev->uwsgi_string, "");
20292094 return NGX_ERROR;
20302095 }
20312096
2097 if (uwcf->upstream.ssl_verify) {
2098 if (uwcf->ssl_trusted_certificate.len == 0) {
2099 ngx_log_error(NGX_LOG_EMERG, cf->log, 0,
2100 "no uwsgi_ssl_trusted_certificate for uwsgi_ssl_verify");
2101 return NGX_ERROR;
2102 }
2103
2104 if (ngx_ssl_trusted_certificate(cf, uwcf->upstream.ssl,
2105 &uwcf->ssl_trusted_certificate,
2106 uwcf->ssl_verify_depth)
2107 != NGX_OK)
2108 {
2109 return NGX_ERROR;
2110 }
2111
2112 if (ngx_ssl_crl(cf, uwcf->upstream.ssl, &uwcf->ssl_crl) != NGX_OK) {
2113 return NGX_ERROR;
2114 }
2115 }
2116
20322117 return NGX_OK;
20332118 }
20342119