Upstream: uwsgi_ssl_name, uwsgi_ssl_verify, and so on.
Just a merge of proxy_ssl_name, proxy_ssl_verify commits into uwsgi module,
code is identical.
Maxim Dounin
8 years ago
| 38 | 38 | ngx_uint_t ssl; |
| 39 | 39 | ngx_uint_t ssl_protocols; |
| 40 | 40 | ngx_str_t ssl_ciphers; |
| 41 | ngx_uint_t ssl_verify_depth; | |
| 42 | ngx_str_t ssl_trusted_certificate; | |
| 43 | ngx_str_t ssl_crl; | |
| 41 | 44 | #endif |
| 42 | 45 | } ngx_http_uwsgi_loc_conf_t; |
| 43 | 46 | |
| 406 | 409 | ngx_conf_set_str_slot, |
| 407 | 410 | NGX_HTTP_LOC_CONF_OFFSET, |
| 408 | 411 | offsetof(ngx_http_uwsgi_loc_conf_t, ssl_ciphers), |
| 412 | NULL }, | |
| 413 | ||
| 414 | { ngx_string("uwsgi_ssl_name"), | |
| 415 | NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1, | |
| 416 | ngx_http_set_complex_value_slot, | |
| 417 | NGX_HTTP_LOC_CONF_OFFSET, | |
| 418 | offsetof(ngx_http_uwsgi_loc_conf_t, upstream.ssl_name), | |
| 419 | NULL }, | |
| 420 | ||
| 421 | { ngx_string("uwsgi_ssl_server_name"), | |
| 422 | NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_FLAG, | |
| 423 | ngx_conf_set_flag_slot, | |
| 424 | NGX_HTTP_LOC_CONF_OFFSET, | |
| 425 | offsetof(ngx_http_uwsgi_loc_conf_t, upstream.ssl_server_name), | |
| 426 | NULL }, | |
| 427 | ||
| 428 | { ngx_string("uwsgi_ssl_verify"), | |
| 429 | NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_FLAG, | |
| 430 | ngx_conf_set_flag_slot, | |
| 431 | NGX_HTTP_LOC_CONF_OFFSET, | |
| 432 | offsetof(ngx_http_uwsgi_loc_conf_t, upstream.ssl_verify), | |
| 433 | NULL }, | |
| 434 | ||
| 435 | { ngx_string("uwsgi_ssl_verify_depth"), | |
| 436 | NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1, | |
| 437 | ngx_conf_set_num_slot, | |
| 438 | NGX_HTTP_LOC_CONF_OFFSET, | |
| 439 | offsetof(ngx_http_uwsgi_loc_conf_t, ssl_verify_depth), | |
| 440 | NULL }, | |
| 441 | ||
| 442 | { ngx_string("uwsgi_ssl_trusted_certificate"), | |
| 443 | NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1, | |
| 444 | ngx_conf_set_str_slot, | |
| 445 | NGX_HTTP_LOC_CONF_OFFSET, | |
| 446 | offsetof(ngx_http_uwsgi_loc_conf_t, ssl_trusted_certificate), | |
| 447 | NULL }, | |
| 448 | ||
| 449 | { ngx_string("uwsgi_ssl_crl"), | |
| 450 | NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1, | |
| 451 | ngx_conf_set_str_slot, | |
| 452 | NGX_HTTP_LOC_CONF_OFFSET, | |
| 453 | offsetof(ngx_http_uwsgi_loc_conf_t, ssl_crl), | |
| 409 | 454 | NULL }, |
| 410 | 455 | |
| 411 | 456 | #endif |
| 1242 | 1287 | conf->upstream.pass_headers = NGX_CONF_UNSET_PTR; |
| 1243 | 1288 | |
| 1244 | 1289 | conf->upstream.intercept_errors = NGX_CONF_UNSET; |
| 1290 | ||
| 1245 | 1291 | #if (NGX_HTTP_SSL) |
| 1246 | 1292 | conf->upstream.ssl_session_reuse = NGX_CONF_UNSET; |
| 1293 | conf->upstream.ssl_server_name = NGX_CONF_UNSET; | |
| 1294 | conf->upstream.ssl_verify = NGX_CONF_UNSET; | |
| 1295 | conf->ssl_verify_depth = NGX_CONF_UNSET_UINT; | |
| 1247 | 1296 | #endif |
| 1248 | 1297 | |
| 1249 | 1298 | /* "uwsgi_cyclic_temp_file" is disabled */ |
| 1493 | 1542 | prev->upstream.intercept_errors, 0); |
| 1494 | 1543 | |
| 1495 | 1544 | #if (NGX_HTTP_SSL) |
| 1545 | ||
| 1496 | 1546 | ngx_conf_merge_value(conf->upstream.ssl_session_reuse, |
| 1497 | 1547 | prev->upstream.ssl_session_reuse, 1); |
| 1498 | 1548 | |
| 1504 | 1554 | ngx_conf_merge_str_value(conf->ssl_ciphers, prev->ssl_ciphers, |
| 1505 | 1555 | "DEFAULT"); |
| 1506 | 1556 | |
| 1557 | if (conf->upstream.ssl_name == NULL) { | |
| 1558 | conf->upstream.ssl_name = prev->upstream.ssl_name; | |
| 1559 | } | |
| 1560 | ||
| 1561 | ngx_conf_merge_value(conf->upstream.ssl_server_name, | |
| 1562 | prev->upstream.ssl_server_name, 0); | |
| 1563 | ngx_conf_merge_value(conf->upstream.ssl_verify, | |
| 1564 | prev->upstream.ssl_verify, 0); | |
| 1565 | ngx_conf_merge_uint_value(conf->ssl_verify_depth, | |
| 1566 | prev->ssl_verify_depth, 1); | |
| 1567 | ngx_conf_merge_str_value(conf->ssl_trusted_certificate, | |
| 1568 | prev->ssl_trusted_certificate, ""); | |
| 1569 | ngx_conf_merge_str_value(conf->ssl_crl, prev->ssl_crl, ""); | |
| 1570 | ||
| 1507 | 1571 | if (conf->ssl && ngx_http_uwsgi_set_ssl(cf, conf) != NGX_OK) { |
| 1508 | 1572 | return NGX_CONF_ERROR; |
| 1509 | 1573 | } |
| 1511 | 1575 | if (conf->upstream.ssl == NULL) { |
| 1512 | 1576 | conf->upstream.ssl = prev->upstream.ssl; |
| 1513 | 1577 | } |
| 1578 | ||
| 1514 | 1579 | #endif |
| 1515 | 1580 | |
| 1516 | 1581 | ngx_conf_merge_str_value(conf->uwsgi_string, prev->uwsgi_string, ""); |
| 2029 | 2094 | return NGX_ERROR; |
| 2030 | 2095 | } |
| 2031 | 2096 | |
| 2097 | if (uwcf->upstream.ssl_verify) { | |
| 2098 | if (uwcf->ssl_trusted_certificate.len == 0) { | |
| 2099 | ngx_log_error(NGX_LOG_EMERG, cf->log, 0, | |
| 2100 | "no uwsgi_ssl_trusted_certificate for uwsgi_ssl_verify"); | |
| 2101 | return NGX_ERROR; | |
| 2102 | } | |
| 2103 | ||
| 2104 | if (ngx_ssl_trusted_certificate(cf, uwcf->upstream.ssl, | |
| 2105 | &uwcf->ssl_trusted_certificate, | |
| 2106 | uwcf->ssl_verify_depth) | |
| 2107 | != NGX_OK) | |
| 2108 | { | |
| 2109 | return NGX_ERROR; | |
| 2110 | } | |
| 2111 | ||
| 2112 | if (ngx_ssl_crl(cf, uwcf->upstream.ssl, &uwcf->ssl_crl) != NGX_OK) { | |
| 2113 | return NGX_ERROR; | |
| 2114 | } | |
| 2115 | } | |
| 2116 | ||
| 2032 | 2117 | return NGX_OK; |
| 2033 | 2118 | } |
| 2034 | 2119 | |