Upstream: handling of certificates specified as an empty string.

author Sergey Kandaurov <pluknet@nginx.com>

Tue, 7 Jun 2022 16:08:57 +0000 (20:08 +0400)

committer Sergey Kandaurov <pluknet@nginx.com>

Tue, 7 Jun 2022 16:08:57 +0000 (20:08 +0400)
author Sergey Kandaurov <pluknet@nginx.com>
Tue, 7 Jun 2022 16:08:57 +0000 (20:08 +0400)
committer Sergey Kandaurov <pluknet@nginx.com>
Tue, 7 Jun 2022 16:08:57 +0000 (20:08 +0400)
diff --git a/src/http/modules/ngx_http_grpc_module.c b/src/http/modules/ngx_http_grpc_module.c

index a64658f72d6b4121777816bb9694bc458d9ed717..617814ec99059f16867322fe24241f45e6983661 100644 (file)
--- a/src/http/modules/ngx_http_grpc_module.c
+++ b/src/http/modules/ngx_http_grpc_module.c
@@ -4906,8 +4906,9 @@ ngx_http_grpc_set_ssl(ngx_conf_t *cf, ngx_http_grpc_loc_conf_t *glcf)
          return NGX_ERROR;
      }
  
-    if (glcf->upstream.ssl_certificate) {
-
+    if (glcf->upstream.ssl_certificate
+        && glcf->upstream.ssl_certificate->value.len)
+    {
          if (glcf->upstream.ssl_certificate_key == NULL) {
              ngx_log_error(NGX_LOG_EMERG, cf->log, 0,
                            "no \"grpc_ssl_certificate_key\" is defined "
diff --git a/src/http/modules/ngx_http_proxy_module.c b/src/http/modules/ngx_http_proxy_module.c

index e8df555b9ed224c2aa0558bd9a449f1b706746f0..bb930305d09c9af709a0bbada566551656eaf7f0 100644 (file)
--- a/src/http/modules/ngx_http_proxy_module.c
+++ b/src/http/modules/ngx_http_proxy_module.c
@@ -4955,8 +4955,9 @@ ngx_http_proxy_set_ssl(ngx_conf_t *cf, ngx_http_proxy_loc_conf_t *plcf)
          return NGX_ERROR;
      }
  
-    if (plcf->upstream.ssl_certificate) {
-
+    if (plcf->upstream.ssl_certificate
+        && plcf->upstream.ssl_certificate->value.len)
+    {
          if (plcf->upstream.ssl_certificate_key == NULL) {
              ngx_log_error(NGX_LOG_EMERG, cf->log, 0,
                            "no \"proxy_ssl_certificate_key\" is defined "
diff --git a/src/http/modules/ngx_http_uwsgi_module.c b/src/http/modules/ngx_http_uwsgi_module.c

index 5078ef773f1b39534f885182bfb0798db78e24bc..1dcee1e6cc64e83b047eec6ca8820aeda4551cb2 100644 (file)
--- a/src/http/modules/ngx_http_uwsgi_module.c
+++ b/src/http/modules/ngx_http_uwsgi_module.c
@@ -2487,8 +2487,9 @@ ngx_http_uwsgi_set_ssl(ngx_conf_t *cf, ngx_http_uwsgi_loc_conf_t *uwcf)
          return NGX_ERROR;
      }
  
-    if (uwcf->upstream.ssl_certificate) {
-
+    if (uwcf->upstream.ssl_certificate
+        && uwcf->upstream.ssl_certificate->value.len)
+    {
          if (uwcf->upstream.ssl_certificate_key == NULL) {
              ngx_log_error(NGX_LOG_EMERG, cf->log, 0,
                            "no \"uwsgi_ssl_certificate_key\" is defined "
diff --git a/src/http/ngx_http_upstream.c b/src/http/ngx_http_upstream.c

index ead3715569602d95d4113f911f94ad09167f7b29..3ae822bb81055e6ff97dc1b348c0d92df21f00ef 100644 (file)
--- a/src/http/ngx_http_upstream.c
+++ b/src/http/ngx_http_upstream.c
@@ -1690,8 +1690,10 @@ ngx_http_upstream_ssl_init_connection(ngx_http_request_t *r,
          }
      }
  
-    if (u->conf->ssl_certificate && (u->conf->ssl_certificate->lengths
-                                     || u->conf->ssl_certificate_key->lengths))
+    if (u->conf->ssl_certificate
+        && u->conf->ssl_certificate->value.len
+        && (u->conf->ssl_certificate->lengths
+            || u->conf->ssl_certificate_key->lengths))
      {
          if (ngx_http_upstream_ssl_certificate(r, u, c) != NGX_OK) {
              ngx_http_upstream_finalize_request(r, u,
diff --git a/src/stream/ngx_stream_proxy_module.c b/src/stream/ngx_stream_proxy_module.c

index 934e7d8f22204dee247aca7d5c236cac08dbd928..683f7d7a4de9703e8c22c77a9c75b5c8cb928201 100644 (file)
--- a/src/stream/ngx_stream_proxy_module.c
+++ b/src/stream/ngx_stream_proxy_module.c
@@ -1069,8 +1069,10 @@ ngx_stream_proxy_ssl_init_connection(ngx_stream_session_t *s)
          }
      }
  
-    if (pscf->ssl_certificate && (pscf->ssl_certificate->lengths
-                                  || pscf->ssl_certificate_key->lengths))
+    if (pscf->ssl_certificate
+        && pscf->ssl_certificate->value.len
+        && (pscf->ssl_certificate->lengths
+            || pscf->ssl_certificate_key->lengths))
      {
          if (ngx_stream_proxy_ssl_certificate(s) != NGX_OK) {
              ngx_stream_proxy_finalize(s, NGX_STREAM_INTERNAL_SERVER_ERROR);
@@ -2225,8 +2227,9 @@ ngx_stream_proxy_set_ssl(ngx_conf_t *cf, ngx_stream_proxy_srv_conf_t *pscf)
          return NGX_ERROR;
      }
  
-    if (pscf->ssl_certificate) {
-
+    if (pscf->ssl_certificate
+        && pscf->ssl_certificate->value.len)
+    {
          if (pscf->ssl_certificate_key == NULL) {
              ngx_log_error(NGX_LOG_EMERG, cf->log, 0,
                            "no \"proxy_ssl_certificate_key\" is defined "
author	Sergey Kandaurov <pluknet@nginx.com>
	Tue, 7 Jun 2022 16:08:57 +0000 (20:08 +0400)
committer	Sergey Kandaurov <pluknet@nginx.com>
	Tue, 7 Jun 2022 16:08:57 +0000 (20:08 +0400)
src/http/modules/ngx_http_grpc_module.c		patch \| blob \| history
src/http/modules/ngx_http_proxy_module.c		patch \| blob \| history
src/http/modules/ngx_http_uwsgi_module.c		patch \| blob \| history
src/http/ngx_http_upstream.c		patch \| blob \| history
src/stream/ngx_stream_proxy_module.c		patch \| blob \| history