Mercurial > hg > nginx
comparison src/http/modules/ngx_http_ssl_module.c @ 9120:0aaa09927703
SSL: removed the "ssl" directive.
It has been deprecated since 7270:46c0c7ef4913 (1.15.0) in favour of
the "ssl" parameter of the "listen" directive, which has been available
since 2224:109849282793 (0.7.14).
| author | Roman Arutyunyan <arut@nginx.com> |
|---|---|
| date | Thu, 08 Jun 2023 14:49:27 +0400 |
| parents | 08ef02ad5c54 |
| children | 03cdd806c0f2 |
comparison
equal
deleted
inserted
replaced
| 9119:08ef02ad5c54 | 9120:0aaa09927703 |
|---|---|
| 41 void *parent, void *child); | 41 void *parent, void *child); |
| 42 | 42 |
| 43 static ngx_int_t ngx_http_ssl_compile_certificates(ngx_conf_t *cf, | 43 static ngx_int_t ngx_http_ssl_compile_certificates(ngx_conf_t *cf, |
| 44 ngx_http_ssl_srv_conf_t *conf); | 44 ngx_http_ssl_srv_conf_t *conf); |
| 45 | 45 |
| 46 static char *ngx_http_ssl_enable(ngx_conf_t *cf, ngx_command_t *cmd, | |
| 47 void *conf); | |
| 48 static char *ngx_http_ssl_password_file(ngx_conf_t *cf, ngx_command_t *cmd, | 46 static char *ngx_http_ssl_password_file(ngx_conf_t *cf, ngx_command_t *cmd, |
| 49 void *conf); | 47 void *conf); |
| 50 static char *ngx_http_ssl_session_cache(ngx_conf_t *cf, ngx_command_t *cmd, | 48 static char *ngx_http_ssl_session_cache(ngx_conf_t *cf, ngx_command_t *cmd, |
| 51 void *conf); | 49 void *conf); |
| 52 static char *ngx_http_ssl_ocsp_cache(ngx_conf_t *cf, ngx_command_t *cmd, | 50 static char *ngx_http_ssl_ocsp_cache(ngx_conf_t *cf, ngx_command_t *cmd, |
| 88 { ngx_string("leaf"), 2 }, | 86 { ngx_string("leaf"), 2 }, |
| 89 { ngx_null_string, 0 } | 87 { ngx_null_string, 0 } |
| 90 }; | 88 }; |
| 91 | 89 |
| 92 | 90 |
| 93 static ngx_conf_deprecated_t ngx_http_ssl_deprecated = { | |
| 94 ngx_conf_deprecated, "ssl", "listen ... ssl" | |
| 95 }; | |
| 96 | |
| 97 | |
| 98 static ngx_conf_post_t ngx_http_ssl_conf_command_post = | 91 static ngx_conf_post_t ngx_http_ssl_conf_command_post = |
| 99 { ngx_http_ssl_conf_command_check }; | 92 { ngx_http_ssl_conf_command_check }; |
| 100 | 93 |
| 101 | 94 |
| 102 static ngx_command_t ngx_http_ssl_commands[] = { | 95 static ngx_command_t ngx_http_ssl_commands[] = { |
| 103 | |
| 104 { ngx_string("ssl"), | |
| 105 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_FLAG, | |
| 106 ngx_http_ssl_enable, | |
| 107 NGX_HTTP_SRV_CONF_OFFSET, | |
| 108 offsetof(ngx_http_ssl_srv_conf_t, enable), | |
| 109 &ngx_http_ssl_deprecated }, | |
| 110 | 96 |
| 111 { ngx_string("ssl_certificate"), | 97 { ngx_string("ssl_certificate"), |
| 112 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_TAKE1, | 98 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_TAKE1, |
| 113 ngx_conf_set_str_array_slot, | 99 ngx_conf_set_str_array_slot, |
| 114 NGX_HTTP_SRV_CONF_OFFSET, | 100 NGX_HTTP_SRV_CONF_OFFSET, |
| 623 * sscf->ocsp_responder = { 0, NULL }; | 609 * sscf->ocsp_responder = { 0, NULL }; |
| 624 * sscf->stapling_file = { 0, NULL }; | 610 * sscf->stapling_file = { 0, NULL }; |
| 625 * sscf->stapling_responder = { 0, NULL }; | 611 * sscf->stapling_responder = { 0, NULL }; |
| 626 */ | 612 */ |
| 627 | 613 |
| 628 sscf->enable = NGX_CONF_UNSET; | |
| 629 sscf->prefer_server_ciphers = NGX_CONF_UNSET; | 614 sscf->prefer_server_ciphers = NGX_CONF_UNSET; |
| 630 sscf->early_data = NGX_CONF_UNSET; | 615 sscf->early_data = NGX_CONF_UNSET; |
| 631 sscf->reject_handshake = NGX_CONF_UNSET; | 616 sscf->reject_handshake = NGX_CONF_UNSET; |
| 632 sscf->buffer_size = NGX_CONF_UNSET_SIZE; | 617 sscf->buffer_size = NGX_CONF_UNSET_SIZE; |
| 633 sscf->verify = NGX_CONF_UNSET_UINT; | 618 sscf->verify = NGX_CONF_UNSET_UINT; |
| 655 ngx_http_ssl_srv_conf_t *prev = parent; | 640 ngx_http_ssl_srv_conf_t *prev = parent; |
| 656 ngx_http_ssl_srv_conf_t *conf = child; | 641 ngx_http_ssl_srv_conf_t *conf = child; |
| 657 | 642 |
| 658 ngx_pool_cleanup_t *cln; | 643 ngx_pool_cleanup_t *cln; |
| 659 | 644 |
| 660 if (conf->enable == NGX_CONF_UNSET) { | |
| 661 if (prev->enable == NGX_CONF_UNSET) { | |
| 662 conf->enable = 0; | |
| 663 | |
| 664 } else { | |
| 665 conf->enable = prev->enable; | |
| 666 conf->file = prev->file; | |
| 667 conf->line = prev->line; | |
| 668 } | |
| 669 } | |
| 670 | |
| 671 ngx_conf_merge_value(conf->session_timeout, | 645 ngx_conf_merge_value(conf->session_timeout, |
| 672 prev->session_timeout, 300); | 646 prev->session_timeout, 300); |
| 673 | 647 |
| 674 ngx_conf_merge_value(conf->prefer_server_ciphers, | 648 ngx_conf_merge_value(conf->prefer_server_ciphers, |
| 675 prev->prefer_server_ciphers, 0); | 649 prev->prefer_server_ciphers, 0); |
| 720 ngx_conf_merge_str_value(conf->stapling_responder, | 694 ngx_conf_merge_str_value(conf->stapling_responder, |
| 721 prev->stapling_responder, ""); | 695 prev->stapling_responder, ""); |
| 722 | 696 |
| 723 conf->ssl.log = cf->log; | 697 conf->ssl.log = cf->log; |
| 724 | 698 |
| 725 if (conf->enable) { | 699 if (conf->certificates) { |
| 726 | |
| 727 if (conf->certificates) { | |
| 728 if (conf->certificate_keys == NULL) { | |
| 729 ngx_log_error(NGX_LOG_EMERG, cf->log, 0, | |
| 730 "no \"ssl_certificate_key\" is defined for " | |
| 731 "the \"ssl\" directive in %s:%ui", | |
| 732 conf->file, conf->line); | |
| 733 return NGX_CONF_ERROR; | |
| 734 } | |
| 735 | |
| 736 if (conf->certificate_keys->nelts < conf->certificates->nelts) { | |
| 737 ngx_log_error(NGX_LOG_EMERG, cf->log, 0, | |
| 738 "no \"ssl_certificate_key\" is defined " | |
| 739 "for certificate \"%V\" and " | |
| 740 "the \"ssl\" directive in %s:%ui", | |
| 741 ((ngx_str_t *) conf->certificates->elts) | |
| 742 + conf->certificates->nelts - 1, | |
| 743 conf->file, conf->line); | |
| 744 return NGX_CONF_ERROR; | |
| 745 } | |
| 746 | |
| 747 } else if (!conf->reject_handshake) { | |
| 748 ngx_log_error(NGX_LOG_EMERG, cf->log, 0, | |
| 749 "no \"ssl_certificate\" is defined for " | |
| 750 "the \"ssl\" directive in %s:%ui", | |
| 751 conf->file, conf->line); | |
| 752 return NGX_CONF_ERROR; | |
| 753 } | |
| 754 | |
| 755 } else if (conf->certificates) { | |
| 756 | 700 |
| 757 if (conf->certificate_keys == NULL | 701 if (conf->certificate_keys == NULL |
| 758 || conf->certificate_keys->nelts < conf->certificates->nelts) | 702 || conf->certificate_keys->nelts < conf->certificates->nelts) |
| 759 { | 703 { |
| 760 ngx_log_error(NGX_LOG_EMERG, cf->log, 0, | 704 ngx_log_error(NGX_LOG_EMERG, cf->log, 0, |
| 1033 if (conf->passwords == NULL) { | 977 if (conf->passwords == NULL) { |
| 1034 return NGX_ERROR; | 978 return NGX_ERROR; |
| 1035 } | 979 } |
| 1036 | 980 |
| 1037 return NGX_OK; | 981 return NGX_OK; |
| 1038 } | |
| 1039 | |
| 1040 | |
| 1041 static char * | |
| 1042 ngx_http_ssl_enable(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) | |
| 1043 { | |
| 1044 ngx_http_ssl_srv_conf_t *sscf = conf; | |
| 1045 | |
| 1046 char *rv; | |
| 1047 | |
| 1048 rv = ngx_conf_set_flag_slot(cf, cmd, conf); | |
| 1049 | |
| 1050 if (rv != NGX_CONF_OK) { | |
| 1051 return rv; | |
| 1052 } | |
| 1053 | |
| 1054 sscf->file = cf->conf_file->file.name.data; | |
| 1055 sscf->line = cf->conf_file->line; | |
| 1056 | |
| 1057 return NGX_CONF_OK; | |
| 1058 } | 982 } |
| 1059 | 983 |
| 1060 | 984 |
| 1061 static char * | 985 static char * |
| 1062 ngx_http_ssl_password_file(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) | 986 ngx_http_ssl_password_file(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) |