summaryrefslogtreecommitdiffhomepage
path: root/src/http/modules
diff options
context:
space:
mode:
Diffstat (limited to 'src/http/modules')
-rw-r--r--src/http/modules/ngx_http_grpc_module.c66
-rw-r--r--src/http/modules/ngx_http_proxy_module.c66
-rw-r--r--src/http/modules/ngx_http_range_filter_module.c13
-rw-r--r--src/http/modules/ngx_http_uwsgi_module.c66
4 files changed, 190 insertions, 21 deletions
diff --git a/src/http/modules/ngx_http_grpc_module.c b/src/http/modules/ngx_http_grpc_module.c
index 617814ec9..58332866c 100644
--- a/src/http/modules/ngx_http_grpc_module.c
+++ b/src/http/modules/ngx_http_grpc_module.c
@@ -209,6 +209,8 @@ static char *ngx_http_grpc_ssl_password_file(ngx_conf_t *cf,
ngx_command_t *cmd, void *conf);
static char *ngx_http_grpc_ssl_conf_command_check(ngx_conf_t *cf, void *post,
void *data);
+static ngx_int_t ngx_http_grpc_merge_ssl(ngx_conf_t *cf,
+ ngx_http_grpc_loc_conf_t *conf, ngx_http_grpc_loc_conf_t *prev);
static ngx_int_t ngx_http_grpc_set_ssl(ngx_conf_t *cf,
ngx_http_grpc_loc_conf_t *glcf);
#endif
@@ -562,7 +564,7 @@ ngx_http_grpc_handler(ngx_http_request_t *r)
ctx->host = glcf->host;
#if (NGX_HTTP_SSL)
- u->ssl = (glcf->upstream.ssl != NULL);
+ u->ssl = glcf->ssl;
if (u->ssl) {
ngx_str_set(&u->schema, "grpcs://");
@@ -4463,6 +4465,10 @@ ngx_http_grpc_merge_loc_conf(ngx_conf_t *cf, void *parent, void *child)
#if (NGX_HTTP_SSL)
+ if (ngx_http_grpc_merge_ssl(cf, conf, prev) != NGX_OK) {
+ return NGX_CONF_ERROR;
+ }
+
ngx_conf_merge_value(conf->upstream.ssl_session_reuse,
prev->upstream.ssl_session_reuse, 1);
@@ -4524,7 +4530,7 @@ ngx_http_grpc_merge_loc_conf(ngx_conf_t *cf, void *parent, void *child)
conf->grpc_values = prev->grpc_values;
#if (NGX_HTTP_SSL)
- conf->upstream.ssl = prev->upstream.ssl;
+ conf->ssl = prev->ssl;
#endif
}
@@ -4874,16 +4880,62 @@ ngx_http_grpc_ssl_conf_command_check(ngx_conf_t *cf, void *post, void *data)
static ngx_int_t
-ngx_http_grpc_set_ssl(ngx_conf_t *cf, ngx_http_grpc_loc_conf_t *glcf)
+ngx_http_grpc_merge_ssl(ngx_conf_t *cf, ngx_http_grpc_loc_conf_t *conf,
+ ngx_http_grpc_loc_conf_t *prev)
{
- ngx_pool_cleanup_t *cln;
+ ngx_uint_t preserve;
+
+ if (conf->ssl_protocols == 0
+ && conf->ssl_ciphers.data == NULL
+ && conf->upstream.ssl_certificate == NGX_CONF_UNSET_PTR
+ && conf->upstream.ssl_certificate_key == NGX_CONF_UNSET_PTR
+ && conf->upstream.ssl_passwords == NGX_CONF_UNSET_PTR
+ && conf->upstream.ssl_verify == NGX_CONF_UNSET
+ && conf->ssl_verify_depth == NGX_CONF_UNSET_UINT
+ && conf->ssl_trusted_certificate.data == NULL
+ && conf->ssl_crl.data == NULL
+ && conf->upstream.ssl_session_reuse == NGX_CONF_UNSET
+ && conf->ssl_conf_commands == NGX_CONF_UNSET_PTR)
+ {
+ if (prev->upstream.ssl) {
+ conf->upstream.ssl = prev->upstream.ssl;
+ return NGX_OK;
+ }
- glcf->upstream.ssl = ngx_pcalloc(cf->pool, sizeof(ngx_ssl_t));
- if (glcf->upstream.ssl == NULL) {
+ preserve = 1;
+
+ } else {
+ preserve = 0;
+ }
+
+ conf->upstream.ssl = ngx_pcalloc(cf->pool, sizeof(ngx_ssl_t));
+ if (conf->upstream.ssl == NULL) {
return NGX_ERROR;
}
- glcf->upstream.ssl->log = cf->log;
+ conf->upstream.ssl->log = cf->log;
+
+ /*
+ * special handling to preserve conf->upstream.ssl
+ * in the "http" section to inherit it to all servers
+ */
+
+ if (preserve) {
+ prev->upstream.ssl = conf->upstream.ssl;
+ }
+
+ return NGX_OK;
+}
+
+
+static ngx_int_t
+ngx_http_grpc_set_ssl(ngx_conf_t *cf, ngx_http_grpc_loc_conf_t *glcf)
+{
+ ngx_pool_cleanup_t *cln;
+
+ if (glcf->upstream.ssl->ctx) {
+ return NGX_OK;
+ }
if (ngx_ssl_create(glcf->upstream.ssl, glcf->ssl_protocols, NULL)
!= NGX_OK)
diff --git a/src/http/modules/ngx_http_proxy_module.c b/src/http/modules/ngx_http_proxy_module.c
index bb930305d..54e2a3964 100644
--- a/src/http/modules/ngx_http_proxy_module.c
+++ b/src/http/modules/ngx_http_proxy_module.c
@@ -236,6 +236,8 @@ static ngx_int_t ngx_http_proxy_rewrite_regex(ngx_conf_t *cf,
ngx_http_proxy_rewrite_t *pr, ngx_str_t *regex, ngx_uint_t caseless);
#if (NGX_HTTP_SSL)
+static ngx_int_t ngx_http_proxy_merge_ssl(ngx_conf_t *cf,
+ ngx_http_proxy_loc_conf_t *conf, ngx_http_proxy_loc_conf_t *prev);
static ngx_int_t ngx_http_proxy_set_ssl(ngx_conf_t *cf,
ngx_http_proxy_loc_conf_t *plcf);
#endif
@@ -959,7 +961,7 @@ ngx_http_proxy_handler(ngx_http_request_t *r)
ctx->vars = plcf->vars;
u->schema = plcf->vars.schema;
#if (NGX_HTTP_SSL)
- u->ssl = (plcf->upstream.ssl != NULL);
+ u->ssl = plcf->ssl;
#endif
} else {
@@ -3724,6 +3726,10 @@ ngx_http_proxy_merge_loc_conf(ngx_conf_t *cf, void *parent, void *child)
#if (NGX_HTTP_SSL)
+ if (ngx_http_proxy_merge_ssl(cf, conf, prev) != NGX_OK) {
+ return NGX_CONF_ERROR;
+ }
+
ngx_conf_merge_value(conf->upstream.ssl_session_reuse,
prev->upstream.ssl_session_reuse, 1);
@@ -3857,7 +3863,7 @@ ngx_http_proxy_merge_loc_conf(ngx_conf_t *cf, void *parent, void *child)
conf->proxy_values = prev->proxy_values;
#if (NGX_HTTP_SSL)
- conf->upstream.ssl = prev->upstream.ssl;
+ conf->ssl = prev->ssl;
#endif
}
@@ -4923,16 +4929,62 @@ ngx_http_proxy_ssl_conf_command_check(ngx_conf_t *cf, void *post, void *data)
static ngx_int_t
-ngx_http_proxy_set_ssl(ngx_conf_t *cf, ngx_http_proxy_loc_conf_t *plcf)
+ngx_http_proxy_merge_ssl(ngx_conf_t *cf, ngx_http_proxy_loc_conf_t *conf,
+ ngx_http_proxy_loc_conf_t *prev)
{
- ngx_pool_cleanup_t *cln;
+ ngx_uint_t preserve;
+
+ if (conf->ssl_protocols == 0
+ && conf->ssl_ciphers.data == NULL
+ && conf->upstream.ssl_certificate == NGX_CONF_UNSET_PTR
+ && conf->upstream.ssl_certificate_key == NGX_CONF_UNSET_PTR
+ && conf->upstream.ssl_passwords == NGX_CONF_UNSET_PTR
+ && conf->upstream.ssl_verify == NGX_CONF_UNSET
+ && conf->ssl_verify_depth == NGX_CONF_UNSET_UINT
+ && conf->ssl_trusted_certificate.data == NULL
+ && conf->ssl_crl.data == NULL
+ && conf->upstream.ssl_session_reuse == NGX_CONF_UNSET
+ && conf->ssl_conf_commands == NGX_CONF_UNSET_PTR)
+ {
+ if (prev->upstream.ssl) {
+ conf->upstream.ssl = prev->upstream.ssl;
+ return NGX_OK;
+ }
- plcf->upstream.ssl = ngx_pcalloc(cf->pool, sizeof(ngx_ssl_t));
- if (plcf->upstream.ssl == NULL) {
+ preserve = 1;
+
+ } else {
+ preserve = 0;
+ }
+
+ conf->upstream.ssl = ngx_pcalloc(cf->pool, sizeof(ngx_ssl_t));
+ if (conf->upstream.ssl == NULL) {
return NGX_ERROR;
}
- plcf->upstream.ssl->log = cf->log;
+ conf->upstream.ssl->log = cf->log;
+
+ /*
+ * special handling to preserve conf->upstream.ssl
+ * in the "http" section to inherit it to all servers
+ */
+
+ if (preserve) {
+ prev->upstream.ssl = conf->upstream.ssl;
+ }
+
+ return NGX_OK;
+}
+
+
+static ngx_int_t
+ngx_http_proxy_set_ssl(ngx_conf_t *cf, ngx_http_proxy_loc_conf_t *plcf)
+{
+ ngx_pool_cleanup_t *cln;
+
+ if (plcf->upstream.ssl->ctx) {
+ return NGX_OK;
+ }
if (ngx_ssl_create(plcf->upstream.ssl, plcf->ssl_protocols, NULL)
!= NGX_OK)
diff --git a/src/http/modules/ngx_http_range_filter_module.c b/src/http/modules/ngx_http_range_filter_module.c
index fa408b792..27d1875c8 100644
--- a/src/http/modules/ngx_http_range_filter_module.c
+++ b/src/http/modules/ngx_http_range_filter_module.c
@@ -425,6 +425,10 @@ ngx_http_range_singlepart_header(ngx_http_request_t *r,
return NGX_ERROR;
}
+ if (r->headers_out.content_range) {
+ r->headers_out.content_range->hash = 0;
+ }
+
r->headers_out.content_range = content_range;
content_range->hash = 1;
@@ -582,6 +586,11 @@ ngx_http_range_multipart_header(ngx_http_request_t *r,
r->headers_out.content_length = NULL;
}
+ if (r->headers_out.content_range) {
+ r->headers_out.content_range->hash = 0;
+ r->headers_out.content_range = NULL;
+ }
+
return ngx_http_next_header_filter(r);
}
@@ -598,6 +607,10 @@ ngx_http_range_not_satisfiable(ngx_http_request_t *r)
return NGX_ERROR;
}
+ if (r->headers_out.content_range) {
+ r->headers_out.content_range->hash = 0;
+ }
+
r->headers_out.content_range = content_range;
content_range->hash = 1;
diff --git a/src/http/modules/ngx_http_uwsgi_module.c b/src/http/modules/ngx_http_uwsgi_module.c
index 1dcee1e6c..4fc663d0b 100644
--- a/src/http/modules/ngx_http_uwsgi_module.c
+++ b/src/http/modules/ngx_http_uwsgi_module.c
@@ -96,6 +96,8 @@ static char *ngx_http_uwsgi_ssl_password_file(ngx_conf_t *cf,
ngx_command_t *cmd, void *conf);
static char *ngx_http_uwsgi_ssl_conf_command_check(ngx_conf_t *cf, void *post,
void *data);
+static ngx_int_t ngx_http_uwsgi_merge_ssl(ngx_conf_t *cf,
+ ngx_http_uwsgi_loc_conf_t *conf, ngx_http_uwsgi_loc_conf_t *prev);
static ngx_int_t ngx_http_uwsgi_set_ssl(ngx_conf_t *cf,
ngx_http_uwsgi_loc_conf_t *uwcf);
#endif
@@ -668,7 +670,7 @@ ngx_http_uwsgi_handler(ngx_http_request_t *r)
if (uwcf->uwsgi_lengths == NULL) {
#if (NGX_HTTP_SSL)
- u->ssl = (uwcf->upstream.ssl != NULL);
+ u->ssl = uwcf->ssl;
if (u->ssl) {
ngx_str_set(&u->schema, "suwsgi://");
@@ -1865,6 +1867,10 @@ ngx_http_uwsgi_merge_loc_conf(ngx_conf_t *cf, void *parent, void *child)
#if (NGX_HTTP_SSL)
+ if (ngx_http_uwsgi_merge_ssl(cf, conf, prev) != NGX_OK) {
+ return NGX_CONF_ERROR;
+ }
+
ngx_conf_merge_value(conf->upstream.ssl_session_reuse,
prev->upstream.ssl_session_reuse, 1);
@@ -1927,7 +1933,7 @@ ngx_http_uwsgi_merge_loc_conf(ngx_conf_t *cf, void *parent, void *child)
conf->uwsgi_values = prev->uwsgi_values;
#if (NGX_HTTP_SSL)
- conf->upstream.ssl = prev->upstream.ssl;
+ conf->ssl = prev->ssl;
#endif
}
@@ -2455,16 +2461,62 @@ ngx_http_uwsgi_ssl_conf_command_check(ngx_conf_t *cf, void *post, void *data)
static ngx_int_t
-ngx_http_uwsgi_set_ssl(ngx_conf_t *cf, ngx_http_uwsgi_loc_conf_t *uwcf)
+ngx_http_uwsgi_merge_ssl(ngx_conf_t *cf, ngx_http_uwsgi_loc_conf_t *conf,
+ ngx_http_uwsgi_loc_conf_t *prev)
{
- ngx_pool_cleanup_t *cln;
+ ngx_uint_t preserve;
+
+ if (conf->ssl_protocols == 0
+ && conf->ssl_ciphers.data == NULL
+ && conf->upstream.ssl_certificate == NGX_CONF_UNSET_PTR
+ && conf->upstream.ssl_certificate_key == NGX_CONF_UNSET_PTR
+ && conf->upstream.ssl_passwords == NGX_CONF_UNSET_PTR
+ && conf->upstream.ssl_verify == NGX_CONF_UNSET
+ && conf->ssl_verify_depth == NGX_CONF_UNSET_UINT
+ && conf->ssl_trusted_certificate.data == NULL
+ && conf->ssl_crl.data == NULL
+ && conf->upstream.ssl_session_reuse == NGX_CONF_UNSET
+ && conf->ssl_conf_commands == NGX_CONF_UNSET_PTR)
+ {
+ if (prev->upstream.ssl) {
+ conf->upstream.ssl = prev->upstream.ssl;
+ return NGX_OK;
+ }
- uwcf->upstream.ssl = ngx_pcalloc(cf->pool, sizeof(ngx_ssl_t));
- if (uwcf->upstream.ssl == NULL) {
+ preserve = 1;
+
+ } else {
+ preserve = 0;
+ }
+
+ conf->upstream.ssl = ngx_pcalloc(cf->pool, sizeof(ngx_ssl_t));
+ if (conf->upstream.ssl == NULL) {
return NGX_ERROR;
}
- uwcf->upstream.ssl->log = cf->log;
+ conf->upstream.ssl->log = cf->log;
+
+ /*
+ * special handling to preserve conf->upstream.ssl
+ * in the "http" section to inherit it to all servers
+ */
+
+ if (preserve) {
+ prev->upstream.ssl = conf->upstream.ssl;
+ }
+
+ return NGX_OK;
+}
+
+
+static ngx_int_t
+ngx_http_uwsgi_set_ssl(ngx_conf_t *cf, ngx_http_uwsgi_loc_conf_t *uwcf)
+{
+ ngx_pool_cleanup_t *cln;
+
+ if (uwcf->upstream.ssl->ctx) {
+ return NGX_OK;
+ }
if (ngx_ssl_create(uwcf->upstream.ssl, uwcf->ssl_protocols, NULL)
!= NGX_OK)
generated by cgit (git 2.34.1) at 2025-12-11 18:24:13 +0000