Mercurial > hg > nginx
changeset 8042:c7e25324be11
Upstream: handling of certificates specified as an empty string.
Now, if the directive is given an empty string, such configuration cancels
loading of certificates, in particular, if they would be otherwise inherited
from the previous level. This restores previous behaviour, before variables
support in certificates was introduced (3ab8e1e2f0f7).
author | Sergey Kandaurov <pluknet@nginx.com> |
---|---|
date | Tue, 07 Jun 2022 20:08:57 +0400 |
parents | 0784ab86ad08 |
children | 1afd19dc7161 |
files | src/http/modules/ngx_http_grpc_module.c src/http/modules/ngx_http_proxy_module.c src/http/modules/ngx_http_uwsgi_module.c src/http/ngx_http_upstream.c src/stream/ngx_stream_proxy_module.c |
diffstat | 5 files changed, 20 insertions(+), 12 deletions(-) [+] |
line wrap: on
line diff
--- a/src/http/modules/ngx_http_grpc_module.c Tue Jun 07 00:07:12 2022 +0300 +++ b/src/http/modules/ngx_http_grpc_module.c Tue Jun 07 20:08:57 2022 +0400 @@ -4906,8 +4906,9 @@ return NGX_ERROR; } - if (glcf->upstream.ssl_certificate) { - + if (glcf->upstream.ssl_certificate + && glcf->upstream.ssl_certificate->value.len) + { if (glcf->upstream.ssl_certificate_key == NULL) { ngx_log_error(NGX_LOG_EMERG, cf->log, 0, "no \"grpc_ssl_certificate_key\" is defined "
--- a/src/http/modules/ngx_http_proxy_module.c Tue Jun 07 00:07:12 2022 +0300 +++ b/src/http/modules/ngx_http_proxy_module.c Tue Jun 07 20:08:57 2022 +0400 @@ -4955,8 +4955,9 @@ return NGX_ERROR; } - if (plcf->upstream.ssl_certificate) { - + if (plcf->upstream.ssl_certificate + && plcf->upstream.ssl_certificate->value.len) + { if (plcf->upstream.ssl_certificate_key == NULL) { ngx_log_error(NGX_LOG_EMERG, cf->log, 0, "no \"proxy_ssl_certificate_key\" is defined "
--- a/src/http/modules/ngx_http_uwsgi_module.c Tue Jun 07 00:07:12 2022 +0300 +++ b/src/http/modules/ngx_http_uwsgi_module.c Tue Jun 07 20:08:57 2022 +0400 @@ -2487,8 +2487,9 @@ return NGX_ERROR; } - if (uwcf->upstream.ssl_certificate) { - + if (uwcf->upstream.ssl_certificate + && uwcf->upstream.ssl_certificate->value.len) + { if (uwcf->upstream.ssl_certificate_key == NULL) { ngx_log_error(NGX_LOG_EMERG, cf->log, 0, "no \"uwsgi_ssl_certificate_key\" is defined "
--- a/src/http/ngx_http_upstream.c Tue Jun 07 00:07:12 2022 +0300 +++ b/src/http/ngx_http_upstream.c Tue Jun 07 20:08:57 2022 +0400 @@ -1690,8 +1690,10 @@ } } - if (u->conf->ssl_certificate && (u->conf->ssl_certificate->lengths - || u->conf->ssl_certificate_key->lengths)) + if (u->conf->ssl_certificate + && u->conf->ssl_certificate->value.len + && (u->conf->ssl_certificate->lengths + || u->conf->ssl_certificate_key->lengths)) { if (ngx_http_upstream_ssl_certificate(r, u, c) != NGX_OK) { ngx_http_upstream_finalize_request(r, u,
--- a/src/stream/ngx_stream_proxy_module.c Tue Jun 07 00:07:12 2022 +0300 +++ b/src/stream/ngx_stream_proxy_module.c Tue Jun 07 20:08:57 2022 +0400 @@ -1069,8 +1069,10 @@ } } - if (pscf->ssl_certificate && (pscf->ssl_certificate->lengths - || pscf->ssl_certificate_key->lengths)) + if (pscf->ssl_certificate + && pscf->ssl_certificate->value.len + && (pscf->ssl_certificate->lengths + || pscf->ssl_certificate_key->lengths)) { if (ngx_stream_proxy_ssl_certificate(s) != NGX_OK) { ngx_stream_proxy_finalize(s, NGX_STREAM_INTERNAL_SERVER_ERROR); @@ -2225,8 +2227,9 @@ return NGX_ERROR; } - if (pscf->ssl_certificate) { - + if (pscf->ssl_certificate + && pscf->ssl_certificate->value.len) + { if (pscf->ssl_certificate_key == NULL) { ngx_log_error(NGX_LOG_EMERG, cf->log, 0, "no \"proxy_ssl_certificate_key\" is defined "