Mercurial > hg > nginx
comparison src/http/modules/ngx_http_ssl_module.c @ 9120:0aaa09927703
SSL: removed the "ssl" directive.
It has been deprecated since 7270:46c0c7ef4913 (1.15.0) in favour of
the "ssl" parameter of the "listen" directive, which has been available
since 2224:109849282793 (0.7.14).
author | Roman Arutyunyan <arut@nginx.com> |
---|---|
date | Thu, 08 Jun 2023 14:49:27 +0400 |
parents | 08ef02ad5c54 |
children | 03cdd806c0f2 |
comparison
equal
deleted
inserted
replaced
9119:08ef02ad5c54 | 9120:0aaa09927703 |
---|---|
41 void *parent, void *child); | 41 void *parent, void *child); |
42 | 42 |
43 static ngx_int_t ngx_http_ssl_compile_certificates(ngx_conf_t *cf, | 43 static ngx_int_t ngx_http_ssl_compile_certificates(ngx_conf_t *cf, |
44 ngx_http_ssl_srv_conf_t *conf); | 44 ngx_http_ssl_srv_conf_t *conf); |
45 | 45 |
46 static char *ngx_http_ssl_enable(ngx_conf_t *cf, ngx_command_t *cmd, | |
47 void *conf); | |
48 static char *ngx_http_ssl_password_file(ngx_conf_t *cf, ngx_command_t *cmd, | 46 static char *ngx_http_ssl_password_file(ngx_conf_t *cf, ngx_command_t *cmd, |
49 void *conf); | 47 void *conf); |
50 static char *ngx_http_ssl_session_cache(ngx_conf_t *cf, ngx_command_t *cmd, | 48 static char *ngx_http_ssl_session_cache(ngx_conf_t *cf, ngx_command_t *cmd, |
51 void *conf); | 49 void *conf); |
52 static char *ngx_http_ssl_ocsp_cache(ngx_conf_t *cf, ngx_command_t *cmd, | 50 static char *ngx_http_ssl_ocsp_cache(ngx_conf_t *cf, ngx_command_t *cmd, |
88 { ngx_string("leaf"), 2 }, | 86 { ngx_string("leaf"), 2 }, |
89 { ngx_null_string, 0 } | 87 { ngx_null_string, 0 } |
90 }; | 88 }; |
91 | 89 |
92 | 90 |
93 static ngx_conf_deprecated_t ngx_http_ssl_deprecated = { | |
94 ngx_conf_deprecated, "ssl", "listen ... ssl" | |
95 }; | |
96 | |
97 | |
98 static ngx_conf_post_t ngx_http_ssl_conf_command_post = | 91 static ngx_conf_post_t ngx_http_ssl_conf_command_post = |
99 { ngx_http_ssl_conf_command_check }; | 92 { ngx_http_ssl_conf_command_check }; |
100 | 93 |
101 | 94 |
102 static ngx_command_t ngx_http_ssl_commands[] = { | 95 static ngx_command_t ngx_http_ssl_commands[] = { |
103 | |
104 { ngx_string("ssl"), | |
105 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_FLAG, | |
106 ngx_http_ssl_enable, | |
107 NGX_HTTP_SRV_CONF_OFFSET, | |
108 offsetof(ngx_http_ssl_srv_conf_t, enable), | |
109 &ngx_http_ssl_deprecated }, | |
110 | 96 |
111 { ngx_string("ssl_certificate"), | 97 { ngx_string("ssl_certificate"), |
112 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_TAKE1, | 98 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_TAKE1, |
113 ngx_conf_set_str_array_slot, | 99 ngx_conf_set_str_array_slot, |
114 NGX_HTTP_SRV_CONF_OFFSET, | 100 NGX_HTTP_SRV_CONF_OFFSET, |
623 * sscf->ocsp_responder = { 0, NULL }; | 609 * sscf->ocsp_responder = { 0, NULL }; |
624 * sscf->stapling_file = { 0, NULL }; | 610 * sscf->stapling_file = { 0, NULL }; |
625 * sscf->stapling_responder = { 0, NULL }; | 611 * sscf->stapling_responder = { 0, NULL }; |
626 */ | 612 */ |
627 | 613 |
628 sscf->enable = NGX_CONF_UNSET; | |
629 sscf->prefer_server_ciphers = NGX_CONF_UNSET; | 614 sscf->prefer_server_ciphers = NGX_CONF_UNSET; |
630 sscf->early_data = NGX_CONF_UNSET; | 615 sscf->early_data = NGX_CONF_UNSET; |
631 sscf->reject_handshake = NGX_CONF_UNSET; | 616 sscf->reject_handshake = NGX_CONF_UNSET; |
632 sscf->buffer_size = NGX_CONF_UNSET_SIZE; | 617 sscf->buffer_size = NGX_CONF_UNSET_SIZE; |
633 sscf->verify = NGX_CONF_UNSET_UINT; | 618 sscf->verify = NGX_CONF_UNSET_UINT; |
655 ngx_http_ssl_srv_conf_t *prev = parent; | 640 ngx_http_ssl_srv_conf_t *prev = parent; |
656 ngx_http_ssl_srv_conf_t *conf = child; | 641 ngx_http_ssl_srv_conf_t *conf = child; |
657 | 642 |
658 ngx_pool_cleanup_t *cln; | 643 ngx_pool_cleanup_t *cln; |
659 | 644 |
660 if (conf->enable == NGX_CONF_UNSET) { | |
661 if (prev->enable == NGX_CONF_UNSET) { | |
662 conf->enable = 0; | |
663 | |
664 } else { | |
665 conf->enable = prev->enable; | |
666 conf->file = prev->file; | |
667 conf->line = prev->line; | |
668 } | |
669 } | |
670 | |
671 ngx_conf_merge_value(conf->session_timeout, | 645 ngx_conf_merge_value(conf->session_timeout, |
672 prev->session_timeout, 300); | 646 prev->session_timeout, 300); |
673 | 647 |
674 ngx_conf_merge_value(conf->prefer_server_ciphers, | 648 ngx_conf_merge_value(conf->prefer_server_ciphers, |
675 prev->prefer_server_ciphers, 0); | 649 prev->prefer_server_ciphers, 0); |
720 ngx_conf_merge_str_value(conf->stapling_responder, | 694 ngx_conf_merge_str_value(conf->stapling_responder, |
721 prev->stapling_responder, ""); | 695 prev->stapling_responder, ""); |
722 | 696 |
723 conf->ssl.log = cf->log; | 697 conf->ssl.log = cf->log; |
724 | 698 |
725 if (conf->enable) { | 699 if (conf->certificates) { |
726 | |
727 if (conf->certificates) { | |
728 if (conf->certificate_keys == NULL) { | |
729 ngx_log_error(NGX_LOG_EMERG, cf->log, 0, | |
730 "no \"ssl_certificate_key\" is defined for " | |
731 "the \"ssl\" directive in %s:%ui", | |
732 conf->file, conf->line); | |
733 return NGX_CONF_ERROR; | |
734 } | |
735 | |
736 if (conf->certificate_keys->nelts < conf->certificates->nelts) { | |
737 ngx_log_error(NGX_LOG_EMERG, cf->log, 0, | |
738 "no \"ssl_certificate_key\" is defined " | |
739 "for certificate \"%V\" and " | |
740 "the \"ssl\" directive in %s:%ui", | |
741 ((ngx_str_t *) conf->certificates->elts) | |
742 + conf->certificates->nelts - 1, | |
743 conf->file, conf->line); | |
744 return NGX_CONF_ERROR; | |
745 } | |
746 | |
747 } else if (!conf->reject_handshake) { | |
748 ngx_log_error(NGX_LOG_EMERG, cf->log, 0, | |
749 "no \"ssl_certificate\" is defined for " | |
750 "the \"ssl\" directive in %s:%ui", | |
751 conf->file, conf->line); | |
752 return NGX_CONF_ERROR; | |
753 } | |
754 | |
755 } else if (conf->certificates) { | |
756 | 700 |
757 if (conf->certificate_keys == NULL | 701 if (conf->certificate_keys == NULL |
758 || conf->certificate_keys->nelts < conf->certificates->nelts) | 702 || conf->certificate_keys->nelts < conf->certificates->nelts) |
759 { | 703 { |
760 ngx_log_error(NGX_LOG_EMERG, cf->log, 0, | 704 ngx_log_error(NGX_LOG_EMERG, cf->log, 0, |
1033 if (conf->passwords == NULL) { | 977 if (conf->passwords == NULL) { |
1034 return NGX_ERROR; | 978 return NGX_ERROR; |
1035 } | 979 } |
1036 | 980 |
1037 return NGX_OK; | 981 return NGX_OK; |
1038 } | |
1039 | |
1040 | |
1041 static char * | |
1042 ngx_http_ssl_enable(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) | |
1043 { | |
1044 ngx_http_ssl_srv_conf_t *sscf = conf; | |
1045 | |
1046 char *rv; | |
1047 | |
1048 rv = ngx_conf_set_flag_slot(cf, cmd, conf); | |
1049 | |
1050 if (rv != NGX_CONF_OK) { | |
1051 return rv; | |
1052 } | |
1053 | |
1054 sscf->file = cf->conf_file->file.name.data; | |
1055 sscf->line = cf->conf_file->line; | |
1056 | |
1057 return NGX_CONF_OK; | |
1058 } | 982 } |
1059 | 983 |
1060 | 984 |
1061 static char * | 985 static char * |
1062 ngx_http_ssl_password_file(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) | 986 ngx_http_ssl_password_file(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) |