Welcome! Log In Create A New Profile

[PATCH] Upstream: handling of certificates specified as an empty string

Forum List Message List New Topic Print View

Sergey Kandaurov

May 24, 2022 04:08PM

# HG changeset patch
# User Sergey Kandaurov <pluknet@nginx.com>
# Date 1653422583 -14400
# Wed May 25 00:03:03 2022 +0400
# Node ID 3bb1adbb74dfcd372f7369530967cfb415900778
# Parent 8a54733c9d1290e6dc2f86af18e8a976a6352e4f
Upstream: handling of certificates specified as an empty string.

Now, if the directive is given an empty string, such configuration cancels
loading of certificates should they be inherited from the previous level.
This restores a previous behaviour, before variables support in certificates
was introduced (3ab8e1e2f0f7).

diff --git a/src/http/modules/ngx_http_grpc_module.c b/src/http/modules/ngx_http_grpc_module.c
--- a/src/http/modules/ngx_http_grpc_module.c
+++ b/src/http/modules/ngx_http_grpc_module.c
@@ -4921,7 +4921,7 @@ ngx_http_grpc_set_ssl(ngx_conf_t *cf, ng
return NGX_ERROR;
}

- } else {
+ } else if (glcf->upstream.ssl_certificate->value.len) {
if (ngx_ssl_certificate(cf, glcf->upstream.ssl,
&glcf->upstream.ssl_certificate->value,
&glcf->upstream.ssl_certificate_key->value,
diff --git a/src/http/modules/ngx_http_proxy_module.c b/src/http/modules/ngx_http_proxy_module.c
--- a/src/http/modules/ngx_http_proxy_module.c
+++ b/src/http/modules/ngx_http_proxy_module.c
@@ -4970,7 +4970,7 @@ ngx_http_proxy_set_ssl(ngx_conf_t *cf, n
return NGX_ERROR;
}

- } else {
+ } else if (plcf->upstream.ssl_certificate->value.len) {
if (ngx_ssl_certificate(cf, plcf->upstream.ssl,
&plcf->upstream.ssl_certificate->value,
&plcf->upstream.ssl_certificate_key->value,
diff --git a/src/http/modules/ngx_http_uwsgi_module.c b/src/http/modules/ngx_http_uwsgi_module.c
--- a/src/http/modules/ngx_http_uwsgi_module.c
+++ b/src/http/modules/ngx_http_uwsgi_module.c
@@ -2457,7 +2457,7 @@ ngx_http_uwsgi_set_ssl(ngx_conf_t *cf, n
return NGX_ERROR;
}

- } else {
+ } else if (uwcf->upstream.ssl_certificate->value.len) {
if (ngx_ssl_certificate(cf, uwcf->upstream.ssl,
&uwcf->upstream.ssl_certificate->value,
&uwcf->upstream.ssl_certificate_key->value,

_______________________________________________
nginx-devel mailing list -- nginx-devel@nginx.org
To unsubscribe send an email to nginx-devel-leave@nginx.org

Reply Quote

RSS

Subject	Author	Views	Posted
[PATCH] Upstream: handling of certificates specified as an empty string	Sergey Kandaurov	456	May 24, 2022 04:08PM
RE: [PATCH] Upstream: handling of certificates specified as an empty string	Pavel Pautov via nginx-devel	162	May 27, 2022 12:28AM
Re: [PATCH] Upstream: handling of certificates specified as an empty string	Sergey Kandaurov	108	May 30, 2022 06:58PM
RE: [PATCH] Upstream: handling of certificates specified as an empty string	Pavel Pautov via nginx-devel	112	May 31, 2022 05:26PM
Re: [PATCH] Upstream: handling of certificates specified as an empty string	Maxim Dounin	108	June 03, 2022 08:10PM
Re: [PATCH] Upstream: handling of certificates specified as an empty string	Sergey Kandaurov	132	June 06, 2022 11:44AM
Re: [PATCH] Upstream: handling of certificates specified as an empty string	Maxim Dounin	126	June 06, 2022 06:04PM