diff options
| author | Dmitry Volyntsev <xeioex@nginx.com> | 2024-12-02 18:46:45 -0800 |
|---|---|---|
| committer | Dmitry Volyntsev <xeioexception@gmail.com> | 2024-12-03 17:26:49 -0800 |
| commit | f2955c8b25873d06527815a98e10e487cc1d55cf (patch) | |
| tree | 551489da6319206422a3a256675babbb20c03d25 /nginx/ngx_js.c | |
| parent | b300a93311a4ffeb37ca137eecda5f4cd92b4caf (diff) | |
| download | njs-f2955c8b25873d06527815a98e10e487cc1d55cf.tar.gz njs-f2955c8b25873d06527815a98e10e487cc1d55cf.zip | |
Fetch: optimized use of SSL contexts.
To ensure optimal use of memory, SSL contexts for ngx.fetch() are now
inherited from previous levels as long as relevant js_fetch_* directives
are not redefined.
Diffstat (limited to 'nginx/ngx_js.c')
| -rw-r--r-- | nginx/ngx_js.c | 56 |
1 files changed, 51 insertions, 5 deletions
diff --git a/nginx/ngx_js.c b/nginx/ngx_js.c index 05f6aa7e..12b577a2 100644 --- a/nginx/ngx_js.c +++ b/nginx/ngx_js.c @@ -3946,19 +3946,60 @@ ngx_js_create_conf(ngx_conf_t *cf, size_t size) #if defined(NGX_HTTP_SSL) || defined(NGX_STREAM_SSL) +static ngx_int_t +ngx_js_merge_ssl(ngx_conf_t *cf, ngx_js_loc_conf_t *conf, + ngx_js_loc_conf_t *prev) +{ + ngx_uint_t preserve; + + if (conf->ssl_protocols == 0 + && conf->ssl_ciphers.data == NULL + && conf->ssl_verify == NGX_CONF_UNSET + && conf->ssl_verify_depth == NGX_CONF_UNSET + && conf->ssl_trusted_certificate.data == NULL) + { + if (prev->ssl) { + conf->ssl = prev->ssl; + return NGX_OK; + } + + preserve = 1; + + } else { + preserve = 0; + } + + conf->ssl = ngx_pcalloc(cf->pool, sizeof(ngx_ssl_t)); + if (conf->ssl == NULL) { + return NGX_ERROR; + } + + conf->ssl->log = cf->log; + + /* + * special handling to preserve conf->ssl + * in the "http" section to inherit it to all servers + */ + + if (preserve) { + prev->ssl = conf->ssl; + } + + return NGX_OK; +} + + static char * ngx_js_set_ssl(ngx_conf_t *cf, ngx_js_loc_conf_t *conf) { ngx_ssl_t *ssl; ngx_pool_cleanup_t *cln; - ssl = ngx_pcalloc(cf->pool, sizeof(ngx_ssl_t)); - if (ssl == NULL) { - return NGX_CONF_ERROR; + if (conf->ssl->ctx) { + return NGX_OK; } - conf->ssl = ssl; - ssl->log = cf->log; + ssl = conf->ssl; if (ngx_ssl_create(ssl, conf->ssl_protocols, NULL) != NGX_OK) { return NGX_CONF_ERROR; @@ -4013,6 +4054,11 @@ ngx_js_merge_conf(ngx_conf_t *cf, void *parent, void *child, } #if defined(NGX_HTTP_SSL) || defined(NGX_STREAM_SSL) + + if (ngx_js_merge_ssl(cf, conf, prev) != NGX_OK) { + return NGX_CONF_ERROR; + } + ngx_conf_merge_str_value(conf->ssl_ciphers, prev->ssl_ciphers, "DEFAULT"); |