Mercurial > hg > nginx
comparison src/http/modules/ngx_http_uwsgi_module.c @ 5900:20d966ad5e89
Upstream: add "proxy_ssl_certificate" and friends.
Signed-off-by: Piotr Sikora <piotr@cloudflare.com>
author | Piotr Sikora <piotr@cloudflare.com> |
---|---|
date | Thu, 30 Oct 2014 04:30:41 -0700 |
parents | 973ee2276300 |
children | 2f7e557eab5b |
comparison
equal
deleted
inserted
replaced
5899:234c5ecb00c0 | 5900:20d966ad5e89 |
---|---|
40 ngx_uint_t ssl_protocols; | 40 ngx_uint_t ssl_protocols; |
41 ngx_str_t ssl_ciphers; | 41 ngx_str_t ssl_ciphers; |
42 ngx_uint_t ssl_verify_depth; | 42 ngx_uint_t ssl_verify_depth; |
43 ngx_str_t ssl_trusted_certificate; | 43 ngx_str_t ssl_trusted_certificate; |
44 ngx_str_t ssl_crl; | 44 ngx_str_t ssl_crl; |
45 ngx_str_t ssl_certificate; | |
46 ngx_str_t ssl_certificate_key; | |
47 ngx_array_t *ssl_passwords; | |
45 #endif | 48 #endif |
46 } ngx_http_uwsgi_loc_conf_t; | 49 } ngx_http_uwsgi_loc_conf_t; |
47 | 50 |
48 | 51 |
49 static ngx_int_t ngx_http_uwsgi_eval(ngx_http_request_t *r, | 52 static ngx_int_t ngx_http_uwsgi_eval(ngx_http_request_t *r, |
74 static char *ngx_http_uwsgi_cache_key(ngx_conf_t *cf, ngx_command_t *cmd, | 77 static char *ngx_http_uwsgi_cache_key(ngx_conf_t *cf, ngx_command_t *cmd, |
75 void *conf); | 78 void *conf); |
76 #endif | 79 #endif |
77 | 80 |
78 #if (NGX_HTTP_SSL) | 81 #if (NGX_HTTP_SSL) |
82 static char *ngx_http_uwsgi_ssl_password_file(ngx_conf_t *cf, | |
83 ngx_command_t *cmd, void *conf); | |
79 static ngx_int_t ngx_http_uwsgi_set_ssl(ngx_conf_t *cf, | 84 static ngx_int_t ngx_http_uwsgi_set_ssl(ngx_conf_t *cf, |
80 ngx_http_uwsgi_loc_conf_t *uwcf); | 85 ngx_http_uwsgi_loc_conf_t *uwcf); |
81 #endif | 86 #endif |
82 | 87 |
83 | 88 |
478 { ngx_string("uwsgi_ssl_crl"), | 483 { ngx_string("uwsgi_ssl_crl"), |
479 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1, | 484 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1, |
480 ngx_conf_set_str_slot, | 485 ngx_conf_set_str_slot, |
481 NGX_HTTP_LOC_CONF_OFFSET, | 486 NGX_HTTP_LOC_CONF_OFFSET, |
482 offsetof(ngx_http_uwsgi_loc_conf_t, ssl_crl), | 487 offsetof(ngx_http_uwsgi_loc_conf_t, ssl_crl), |
488 NULL }, | |
489 | |
490 { ngx_string("uwsgi_ssl_certificate"), | |
491 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1, | |
492 ngx_conf_set_str_slot, | |
493 NGX_HTTP_LOC_CONF_OFFSET, | |
494 offsetof(ngx_http_uwsgi_loc_conf_t, ssl_certificate), | |
495 NULL }, | |
496 | |
497 { ngx_string("uwsgi_ssl_certificate_key"), | |
498 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1, | |
499 ngx_conf_set_str_slot, | |
500 NGX_HTTP_LOC_CONF_OFFSET, | |
501 offsetof(ngx_http_uwsgi_loc_conf_t, ssl_certificate_key), | |
502 NULL }, | |
503 | |
504 { ngx_string("uwsgi_ssl_password_file"), | |
505 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1, | |
506 ngx_http_uwsgi_ssl_password_file, | |
507 NGX_HTTP_LOC_CONF_OFFSET, | |
508 0, | |
483 NULL }, | 509 NULL }, |
484 | 510 |
485 #endif | 511 #endif |
486 | 512 |
487 ngx_null_command | 513 ngx_null_command |
1324 #if (NGX_HTTP_SSL) | 1350 #if (NGX_HTTP_SSL) |
1325 conf->upstream.ssl_session_reuse = NGX_CONF_UNSET; | 1351 conf->upstream.ssl_session_reuse = NGX_CONF_UNSET; |
1326 conf->upstream.ssl_server_name = NGX_CONF_UNSET; | 1352 conf->upstream.ssl_server_name = NGX_CONF_UNSET; |
1327 conf->upstream.ssl_verify = NGX_CONF_UNSET; | 1353 conf->upstream.ssl_verify = NGX_CONF_UNSET; |
1328 conf->ssl_verify_depth = NGX_CONF_UNSET_UINT; | 1354 conf->ssl_verify_depth = NGX_CONF_UNSET_UINT; |
1355 conf->ssl_passwords = NGX_CONF_UNSET_PTR; | |
1329 #endif | 1356 #endif |
1330 | 1357 |
1331 /* "uwsgi_cyclic_temp_file" is disabled */ | 1358 /* "uwsgi_cyclic_temp_file" is disabled */ |
1332 conf->upstream.cyclic_temp_file = 0; | 1359 conf->upstream.cyclic_temp_file = 0; |
1333 | 1360 |
1616 ngx_conf_merge_uint_value(conf->ssl_verify_depth, | 1643 ngx_conf_merge_uint_value(conf->ssl_verify_depth, |
1617 prev->ssl_verify_depth, 1); | 1644 prev->ssl_verify_depth, 1); |
1618 ngx_conf_merge_str_value(conf->ssl_trusted_certificate, | 1645 ngx_conf_merge_str_value(conf->ssl_trusted_certificate, |
1619 prev->ssl_trusted_certificate, ""); | 1646 prev->ssl_trusted_certificate, ""); |
1620 ngx_conf_merge_str_value(conf->ssl_crl, prev->ssl_crl, ""); | 1647 ngx_conf_merge_str_value(conf->ssl_crl, prev->ssl_crl, ""); |
1648 | |
1649 ngx_conf_merge_str_value(conf->ssl_certificate, | |
1650 prev->ssl_certificate, ""); | |
1651 ngx_conf_merge_str_value(conf->ssl_certificate_key, | |
1652 prev->ssl_certificate_key, ""); | |
1653 ngx_conf_merge_ptr_value(conf->ssl_passwords, prev->ssl_passwords, NULL); | |
1621 | 1654 |
1622 if (conf->ssl && ngx_http_uwsgi_set_ssl(cf, conf) != NGX_OK) { | 1655 if (conf->ssl && ngx_http_uwsgi_set_ssl(cf, conf) != NGX_OK) { |
1623 return NGX_CONF_ERROR; | 1656 return NGX_CONF_ERROR; |
1624 } | 1657 } |
1625 | 1658 |
2107 #endif | 2140 #endif |
2108 | 2141 |
2109 | 2142 |
2110 #if (NGX_HTTP_SSL) | 2143 #if (NGX_HTTP_SSL) |
2111 | 2144 |
2145 static char * | |
2146 ngx_http_uwsgi_ssl_password_file(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) | |
2147 { | |
2148 ngx_http_uwsgi_loc_conf_t *uwcf = conf; | |
2149 | |
2150 ngx_str_t *value; | |
2151 | |
2152 if (uwcf->ssl_passwords != NGX_CONF_UNSET_PTR) { | |
2153 return "is duplicate"; | |
2154 } | |
2155 | |
2156 value = cf->args->elts; | |
2157 | |
2158 uwcf->ssl_passwords = ngx_ssl_read_password_file(cf, &value[1]); | |
2159 | |
2160 if (uwcf->ssl_passwords == NULL) { | |
2161 return NGX_CONF_ERROR; | |
2162 } | |
2163 | |
2164 return NGX_CONF_OK; | |
2165 } | |
2166 | |
2167 | |
2112 static ngx_int_t | 2168 static ngx_int_t |
2113 ngx_http_uwsgi_set_ssl(ngx_conf_t *cf, ngx_http_uwsgi_loc_conf_t *uwcf) | 2169 ngx_http_uwsgi_set_ssl(ngx_conf_t *cf, ngx_http_uwsgi_loc_conf_t *uwcf) |
2114 { | 2170 { |
2115 ngx_pool_cleanup_t *cln; | 2171 ngx_pool_cleanup_t *cln; |
2116 | 2172 |
2132 return NGX_ERROR; | 2188 return NGX_ERROR; |
2133 } | 2189 } |
2134 | 2190 |
2135 cln->handler = ngx_ssl_cleanup_ctx; | 2191 cln->handler = ngx_ssl_cleanup_ctx; |
2136 cln->data = uwcf->upstream.ssl; | 2192 cln->data = uwcf->upstream.ssl; |
2193 | |
2194 if (uwcf->ssl_certificate.len) { | |
2195 | |
2196 if (uwcf->ssl_certificate_key.len == 0) { | |
2197 ngx_log_error(NGX_LOG_EMERG, cf->log, 0, | |
2198 "no \"uwsgi_ssl_certificate_key\" is defined " | |
2199 "for certificate \"%V\"", &uwcf->ssl_certificate); | |
2200 return NGX_ERROR; | |
2201 } | |
2202 | |
2203 if (ngx_ssl_certificate(cf, uwcf->upstream.ssl, &uwcf->ssl_certificate, | |
2204 &uwcf->ssl_certificate_key, uwcf->ssl_passwords) | |
2205 != NGX_OK) | |
2206 { | |
2207 return NGX_ERROR; | |
2208 } | |
2209 } | |
2137 | 2210 |
2138 if (SSL_CTX_set_cipher_list(uwcf->upstream.ssl->ctx, | 2211 if (SSL_CTX_set_cipher_list(uwcf->upstream.ssl->ctx, |
2139 (const char *) uwcf->ssl_ciphers.data) | 2212 (const char *) uwcf->ssl_ciphers.data) |
2140 == 0) | 2213 == 0) |
2141 { | 2214 { |