aboutsummaryrefslogtreecommitdiff
path: root/src/http/modules/ngx_http_proxy_module.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/http/modules/ngx_http_proxy_module.c')
-rw-r--r--src/http/modules/ngx_http_proxy_module.c66
1 files changed, 59 insertions, 7 deletions
diff --git a/src/http/modules/ngx_http_proxy_module.c b/src/http/modules/ngx_http_proxy_module.c
index bb930305d..54e2a3964 100644
--- a/src/http/modules/ngx_http_proxy_module.c
+++ b/src/http/modules/ngx_http_proxy_module.c
@@ -236,6 +236,8 @@ static ngx_int_t ngx_http_proxy_rewrite_regex(ngx_conf_t *cf,
ngx_http_proxy_rewrite_t *pr, ngx_str_t *regex, ngx_uint_t caseless);
#if (NGX_HTTP_SSL)
+static ngx_int_t ngx_http_proxy_merge_ssl(ngx_conf_t *cf,
+ ngx_http_proxy_loc_conf_t *conf, ngx_http_proxy_loc_conf_t *prev);
static ngx_int_t ngx_http_proxy_set_ssl(ngx_conf_t *cf,
ngx_http_proxy_loc_conf_t *plcf);
#endif
@@ -959,7 +961,7 @@ ngx_http_proxy_handler(ngx_http_request_t *r)
ctx->vars = plcf->vars;
u->schema = plcf->vars.schema;
#if (NGX_HTTP_SSL)
- u->ssl = (plcf->upstream.ssl != NULL);
+ u->ssl = plcf->ssl;
#endif
} else {
@@ -3724,6 +3726,10 @@ ngx_http_proxy_merge_loc_conf(ngx_conf_t *cf, void *parent, void *child)
#if (NGX_HTTP_SSL)
+ if (ngx_http_proxy_merge_ssl(cf, conf, prev) != NGX_OK) {
+ return NGX_CONF_ERROR;
+ }
+
ngx_conf_merge_value(conf->upstream.ssl_session_reuse,
prev->upstream.ssl_session_reuse, 1);
@@ -3857,7 +3863,7 @@ ngx_http_proxy_merge_loc_conf(ngx_conf_t *cf, void *parent, void *child)
conf->proxy_values = prev->proxy_values;
#if (NGX_HTTP_SSL)
- conf->upstream.ssl = prev->upstream.ssl;
+ conf->ssl = prev->ssl;
#endif
}
@@ -4923,16 +4929,62 @@ ngx_http_proxy_ssl_conf_command_check(ngx_conf_t *cf, void *post, void *data)
static ngx_int_t
-ngx_http_proxy_set_ssl(ngx_conf_t *cf, ngx_http_proxy_loc_conf_t *plcf)
+ngx_http_proxy_merge_ssl(ngx_conf_t *cf, ngx_http_proxy_loc_conf_t *conf,
+ ngx_http_proxy_loc_conf_t *prev)
{
- ngx_pool_cleanup_t *cln;
+ ngx_uint_t preserve;
+
+ if (conf->ssl_protocols == 0
+ && conf->ssl_ciphers.data == NULL
+ && conf->upstream.ssl_certificate == NGX_CONF_UNSET_PTR
+ && conf->upstream.ssl_certificate_key == NGX_CONF_UNSET_PTR
+ && conf->upstream.ssl_passwords == NGX_CONF_UNSET_PTR
+ && conf->upstream.ssl_verify == NGX_CONF_UNSET
+ && conf->ssl_verify_depth == NGX_CONF_UNSET_UINT
+ && conf->ssl_trusted_certificate.data == NULL
+ && conf->ssl_crl.data == NULL
+ && conf->upstream.ssl_session_reuse == NGX_CONF_UNSET
+ && conf->ssl_conf_commands == NGX_CONF_UNSET_PTR)
+ {
+ if (prev->upstream.ssl) {
+ conf->upstream.ssl = prev->upstream.ssl;
+ return NGX_OK;
+ }
- plcf->upstream.ssl = ngx_pcalloc(cf->pool, sizeof(ngx_ssl_t));
- if (plcf->upstream.ssl == NULL) {
+ preserve = 1;
+
+ } else {
+ preserve = 0;
+ }
+
+ conf->upstream.ssl = ngx_pcalloc(cf->pool, sizeof(ngx_ssl_t));
+ if (conf->upstream.ssl == NULL) {
return NGX_ERROR;
}
- plcf->upstream.ssl->log = cf->log;
+ conf->upstream.ssl->log = cf->log;
+
+ /*
+ * special handling to preserve conf->upstream.ssl
+ * in the "http" section to inherit it to all servers
+ */
+
+ if (preserve) {
+ prev->upstream.ssl = conf->upstream.ssl;
+ }
+
+ return NGX_OK;
+}
+
+
+static ngx_int_t
+ngx_http_proxy_set_ssl(ngx_conf_t *cf, ngx_http_proxy_loc_conf_t *plcf)
+{
+ ngx_pool_cleanup_t *cln;
+
+ if (plcf->upstream.ssl->ctx) {
+ return NGX_OK;
+ }
if (ngx_ssl_create(plcf->upstream.ssl, plcf->ssl_protocols, NULL)
!= NGX_OK)
generated by cgit v1.2.3 (git 2.25.1) at 2025-07-16 23:02:20 +0000