Welcome! Log In Create A New Profile

Advanced

Re: Why can't I use the "ssl" modified on more than one listen statement?

September 27, 2010 06:14AM
On Sat, Sep 25, 2010 at 11:00:18AM -0400, portante wrote:

> Hello,
>
> Here is a patch against 0.8.50 to only complain when the listen options
> are actually different.
>
> Would folks be interested in this?
>
> [code]
> $ svn diff -r 32178:32179 src/http/ngx_http.c
> Index: src/http/ngx_http.c
> ===================================================================
> --- src/http/ngx_http.c (revision 32178)
> +++ src/http/ngx_http.c (revision 32179)
> @@ -1273,9 +1273,35 @@
> if (lsopt->set) {
>
> if (addr[i].opt.set) {
> - ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
> - "a duplicate listen options for %s",
> addr[i].opt.addr);
> - return NGX_ERROR;
> + /*
> + * If this set is not the same as the old set, complain
> + */
> + if ((lsopt->default_server !=
> addr[i].opt.default_server)
> + || (lsopt->bind != addr[i].opt.bind)
> + || (lsopt->wildcard != addr[i].opt.wildcard)
> +#if (NGX_HTTP_SSL)
> + || (lsopt->ssl != addr[i].opt.ssl)
> +#endif
> +#if (NGX_HAVE_INET6 && defined IPV6_V6ONLY)
> + || (lsopt->ipv6only != addr[i].opt.ipv6only)
> +#endif
> + || (lsopt->backlog != addr[i].opt.backlog)
> + || (lsopt->rcvbuf != addr[i].opt.rcvbuf)
> + || (lsopt->sndbuf != addr[i].opt.sndbuf)
> +#if (NGX_HAVE_SETFIB)
> + || (lsopt->setfib != addr[i].opt.setfib)
> +#endif
> +#if (NGX_HAVE_DEFERRED_ACCEPT && defined SO_ACCEPTFILTER)
> + || (ngx_strcmp(lsopt->accept_filter,
> addr[i].opt.accept_filter) != 0)
> +#endif
> +#if (NGX_HAVE_DEFERRED_ACCEPT && defined TCP_DEFER_ACCEPT)
> + || (lsopt->deferred_accept !=
> addr[i].opt.deferred_accept)
> +#endif
> + || (ngx_strcmp(lsopt->addr, addr[i].opt.addr) !=
> 0)) {
> + ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
> + "conflicting listen options for %s",
> addr[i].opt.addr);
> + return NGX_ERROR;
> + }
> }
>
> addr[i].opt = *lsopt;
> [/code]

This patch breaks "listen default_server" and force to set various
listen socket options in all listen directive. The attached patch allows
to set only "ssl" option in several listen directives.


--
Igor Sysoev
http://sysoev.ru/en/
Index: src/http/ngx_http_core_module.c
===================================================================
--- src/http/ngx_http_core_module.c (revision 3082)
+++ src/http/ngx_http_core_module.c (working copy)
@@ -3569,7 +3569,6 @@

if (ngx_strcmp(value[n].data, "ssl") == 0) {
#if (NGX_HTTP_SSL)
- lsopt.set = 1;
lsopt.ssl = 1;
continue;
#else
Index: src/http/ngx_http.c
===================================================================
--- src/http/ngx_http.c (revision 3082)
+++ src/http/ngx_http.c (working copy)
@@ -1221,6 +1221,9 @@
#if (NGX_HAVE_UNIX_DOMAIN)
struct sockaddr_un *saun;
#endif
+#if (NGX_HTTP_SSL)
+ ngx_uint_t ssl;
+#endif

/*
* we can not compare whole sockaddr struct's as kernel
@@ -1270,6 +1273,10 @@
/* preserve default_server bit during listen options overwriting */
default_server = addr[i].opt.default_server;

+#if (NGX_HTTP_SSL)
+ ssl = lsopt->ssl || addr[i].opt.set;
+#endif
+
if (lsopt->set) {

if (addr[i].opt.set) {
@@ -1296,6 +1303,9 @@
}

addr[i].opt.default_server = default_server;
+#if (NGX_HTTP_SSL)
+ addr[i].opt.ssl = ssl;
+#endif

return NGX_OK;
}
_______________________________________________
nginx mailing list
nginx@nginx.org
http://nginx.org/mailman/listinfo/nginx
Subject Author Posted

Why can't I use the "ssl" modified on more than one listen statement?

portante September 21, 2010 11:39AM

Re: Why can't I use the "ssl" modified on more than one listen statement?

Maxim Dounin September 21, 2010 12:10PM

Re: Why can't I use the "ssl" modified on more than one listen statement?

portante September 21, 2010 01:42PM

Re: Why can't I use the "ssl" modified on more than one listen statement?

portante September 21, 2010 01:44PM

Re: Why can't I use the "ssl" modified on more than one listen statement?

portante September 25, 2010 11:00AM

Re: Why can't I use the "ssl" modified on more than one listen statement?

Igor Sysoev September 27, 2010 06:14AM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 56
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready