summaryrefslogtreecommitdiffhomepage
path: root/src/http/modules
diff options
context:
space:
mode:
Diffstat (limited to 'src/http/modules')
-rw-r--r--src/http/modules/ngx_http_auth_basic_module.c27
-rw-r--r--src/http/modules/ngx_http_dav_module.c25
-rw-r--r--src/http/modules/ngx_http_grpc_module.c70
-rw-r--r--src/http/modules/ngx_http_proxy_module.c82
-rw-r--r--src/http/modules/ngx_http_secure_link_module.c17
-rw-r--r--src/http/modules/ngx_http_static_module.c17
-rw-r--r--src/http/modules/ngx_http_uwsgi_module.c67
7 files changed, 187 insertions, 118 deletions
diff --git a/src/http/modules/ngx_http_auth_basic_module.c b/src/http/modules/ngx_http_auth_basic_module.c
index ed9df3430..069331982 100644
--- a/src/http/modules/ngx_http_auth_basic_module.c
+++ b/src/http/modules/ngx_http_auth_basic_module.c
@@ -16,7 +16,7 @@
typedef struct {
ngx_http_complex_value_t *realm;
- ngx_http_complex_value_t user_file;
+ ngx_http_complex_value_t *user_file;
} ngx_http_auth_basic_loc_conf_t;
@@ -107,7 +107,7 @@ ngx_http_auth_basic_handler(ngx_http_request_t *r)
alcf = ngx_http_get_module_loc_conf(r, ngx_http_auth_basic_module);
- if (alcf->realm == NULL || alcf->user_file.value.data == NULL) {
+ if (alcf->realm == NULL || alcf->user_file == NULL) {
return NGX_DECLINED;
}
@@ -133,7 +133,7 @@ ngx_http_auth_basic_handler(ngx_http_request_t *r)
return NGX_HTTP_INTERNAL_SERVER_ERROR;
}
- if (ngx_http_complex_value(r, &alcf->user_file, &user_file) != NGX_OK) {
+ if (ngx_http_complex_value(r, alcf->user_file, &user_file) != NGX_OK) {
return NGX_ERROR;
}
@@ -357,6 +357,9 @@ ngx_http_auth_basic_create_loc_conf(ngx_conf_t *cf)
return NULL;
}
+ conf->realm = NGX_CONF_UNSET_PTR;
+ conf->user_file = NGX_CONF_UNSET_PTR;
+
return conf;
}
@@ -367,13 +370,8 @@ ngx_http_auth_basic_merge_loc_conf(ngx_conf_t *cf, void *parent, void *child)
ngx_http_auth_basic_loc_conf_t *prev = parent;
ngx_http_auth_basic_loc_conf_t *conf = child;
- if (conf->realm == NULL) {
- conf->realm = prev->realm;
- }
-
- if (conf->user_file.value.data == NULL) {
- conf->user_file = prev->user_file;
- }
+ ngx_conf_merge_ptr_value(conf->realm, prev->realm, NULL);
+ ngx_conf_merge_ptr_value(conf->user_file, prev->user_file, NULL);
return NGX_CONF_OK;
}
@@ -406,17 +404,22 @@ ngx_http_auth_basic_user_file(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
ngx_str_t *value;
ngx_http_compile_complex_value_t ccv;
- if (alcf->user_file.value.data) {
+ if (alcf->user_file != NGX_CONF_UNSET_PTR) {
return "is duplicate";
}
+ alcf->user_file = ngx_palloc(cf->pool, sizeof(ngx_http_complex_value_t));
+ if (alcf->user_file == NULL) {
+ return NGX_CONF_ERROR;
+ }
+
value = cf->args->elts;
ngx_memzero(&ccv, sizeof(ngx_http_compile_complex_value_t));
ccv.cf = cf;
ccv.value = &value[1];
- ccv.complex_value = &alcf->user_file;
+ ccv.complex_value = alcf->user_file;
ccv.zero = 1;
ccv.conf_prefix = 1;
diff --git a/src/http/modules/ngx_http_dav_module.c b/src/http/modules/ngx_http_dav_module.c
index 8b69e6f38..0cc9ae18b 100644
--- a/src/http/modules/ngx_http_dav_module.c
+++ b/src/http/modules/ngx_http_dav_module.c
@@ -1072,6 +1072,10 @@ ngx_http_dav_error(ngx_log_t *log, ngx_err_t err, ngx_int_t not_found,
static ngx_int_t
ngx_http_dav_location(ngx_http_request_t *r)
{
+ u_char *p;
+ size_t len;
+ uintptr_t escape;
+
r->headers_out.location = ngx_list_push(&r->headers_out.headers);
if (r->headers_out.location == NULL) {
return NGX_ERROR;
@@ -1079,7 +1083,26 @@ ngx_http_dav_location(ngx_http_request_t *r)
r->headers_out.location->hash = 1;
ngx_str_set(&r->headers_out.location->key, "Location");
- r->headers_out.location->value = r->uri;
+
+ escape = 2 * ngx_escape_uri(NULL, r->uri.data, r->uri.len, NGX_ESCAPE_URI);
+
+ if (escape) {
+ len = r->uri.len + escape;
+
+ p = ngx_pnalloc(r->pool, len);
+ if (p == NULL) {
+ ngx_http_clear_location(r);
+ return NGX_ERROR;
+ }
+
+ r->headers_out.location->value.len = len;
+ r->headers_out.location->value.data = p;
+
+ ngx_escape_uri(p, r->uri.data, r->uri.len, NGX_ESCAPE_URI);
+
+ } else {
+ r->headers_out.location->value = r->uri;
+ }
return NGX_OK;
}
diff --git a/src/http/modules/ngx_http_grpc_module.c b/src/http/modules/ngx_http_grpc_module.c
index 53bc54710..2e20e5ffd 100644
--- a/src/http/modules/ngx_http_grpc_module.c
+++ b/src/http/modules/ngx_http_grpc_module.c
@@ -37,9 +37,6 @@ typedef struct {
ngx_uint_t ssl_verify_depth;
ngx_str_t ssl_trusted_certificate;
ngx_str_t ssl_crl;
- ngx_str_t ssl_certificate;
- ngx_str_t ssl_certificate_key;
- ngx_array_t *ssl_passwords;
ngx_array_t *ssl_conf_commands;
#endif
} ngx_http_grpc_loc_conf_t;
@@ -425,16 +422,16 @@ static ngx_command_t ngx_http_grpc_commands[] = {
{ ngx_string("grpc_ssl_certificate"),
NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1,
- ngx_conf_set_str_slot,
+ ngx_http_set_complex_value_zero_slot,
NGX_HTTP_LOC_CONF_OFFSET,
- offsetof(ngx_http_grpc_loc_conf_t, ssl_certificate),
+ offsetof(ngx_http_grpc_loc_conf_t, upstream.ssl_certificate),
NULL },
{ ngx_string("grpc_ssl_certificate_key"),
NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1,
- ngx_conf_set_str_slot,
+ ngx_http_set_complex_value_zero_slot,
NGX_HTTP_LOC_CONF_OFFSET,
- offsetof(ngx_http_grpc_loc_conf_t, ssl_certificate_key),
+ offsetof(ngx_http_grpc_loc_conf_t, upstream.ssl_certificate_key),
NULL },
{ ngx_string("grpc_ssl_password_file"),
@@ -4331,7 +4328,6 @@ ngx_http_grpc_create_loc_conf(ngx_conf_t *cf)
* conf->upstream.ignore_headers = 0;
* conf->upstream.next_upstream = 0;
* conf->upstream.hide_headers_hash = { NULL, 0 };
- * conf->upstream.ssl_name = NULL;
*
* conf->headers.lengths = NULL;
* conf->headers.values = NULL;
@@ -4343,8 +4339,6 @@ ngx_http_grpc_create_loc_conf(ngx_conf_t *cf)
* conf->ssl_ciphers = { 0, NULL };
* conf->ssl_trusted_certificate = { 0, NULL };
* conf->ssl_crl = { 0, NULL };
- * conf->ssl_certificate = { 0, NULL };
- * conf->ssl_certificate_key = { 0, NULL };
*/
conf->upstream.local = NGX_CONF_UNSET_PTR;
@@ -4364,10 +4358,13 @@ ngx_http_grpc_create_loc_conf(ngx_conf_t *cf)
#if (NGX_HTTP_SSL)
conf->upstream.ssl_session_reuse = NGX_CONF_UNSET;
+ conf->upstream.ssl_name = NGX_CONF_UNSET_PTR;
conf->upstream.ssl_server_name = NGX_CONF_UNSET;
conf->upstream.ssl_verify = NGX_CONF_UNSET;
conf->ssl_verify_depth = NGX_CONF_UNSET_UINT;
- conf->ssl_passwords = NGX_CONF_UNSET_PTR;
+ conf->upstream.ssl_certificate = NGX_CONF_UNSET_PTR;
+ conf->upstream.ssl_certificate_key = NGX_CONF_UNSET_PTR;
+ conf->upstream.ssl_passwords = NGX_CONF_UNSET_PTR;
conf->ssl_conf_commands = NGX_CONF_UNSET_PTR;
#endif
@@ -4459,10 +4456,8 @@ ngx_http_grpc_merge_loc_conf(ngx_conf_t *cf, void *parent, void *child)
ngx_conf_merge_str_value(conf->ssl_ciphers, prev->ssl_ciphers,
"DEFAULT");
- if (conf->upstream.ssl_name == NULL) {
- conf->upstream.ssl_name = prev->upstream.ssl_name;
- }
-
+ ngx_conf_merge_ptr_value(conf->upstream.ssl_name,
+ prev->upstream.ssl_name, NULL);
ngx_conf_merge_value(conf->upstream.ssl_server_name,
prev->upstream.ssl_server_name, 0);
ngx_conf_merge_value(conf->upstream.ssl_verify,
@@ -4473,11 +4468,12 @@ ngx_http_grpc_merge_loc_conf(ngx_conf_t *cf, void *parent, void *child)
prev->ssl_trusted_certificate, "");
ngx_conf_merge_str_value(conf->ssl_crl, prev->ssl_crl, "");
- ngx_conf_merge_str_value(conf->ssl_certificate,
- prev->ssl_certificate, "");
- ngx_conf_merge_str_value(conf->ssl_certificate_key,
- prev->ssl_certificate_key, "");
- ngx_conf_merge_ptr_value(conf->ssl_passwords, prev->ssl_passwords, NULL);
+ ngx_conf_merge_ptr_value(conf->upstream.ssl_certificate,
+ prev->upstream.ssl_certificate, NULL);
+ ngx_conf_merge_ptr_value(conf->upstream.ssl_certificate_key,
+ prev->upstream.ssl_certificate_key, NULL);
+ ngx_conf_merge_ptr_value(conf->upstream.ssl_passwords,
+ prev->upstream.ssl_passwords, NULL);
ngx_conf_merge_ptr_value(conf->ssl_conf_commands,
prev->ssl_conf_commands, NULL);
@@ -4833,15 +4829,15 @@ ngx_http_grpc_ssl_password_file(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
ngx_str_t *value;
- if (glcf->ssl_passwords != NGX_CONF_UNSET_PTR) {
+ if (glcf->upstream.ssl_passwords != NGX_CONF_UNSET_PTR) {
return "is duplicate";
}
value = cf->args->elts;
- glcf->ssl_passwords = ngx_ssl_read_password_file(cf, &value[1]);
+ glcf->upstream.ssl_passwords = ngx_ssl_read_password_file(cf, &value[1]);
- if (glcf->ssl_passwords == NULL) {
+ if (glcf->upstream.ssl_passwords == NULL) {
return NGX_CONF_ERROR;
}
@@ -4887,20 +4883,34 @@ ngx_http_grpc_set_ssl(ngx_conf_t *cf, ngx_http_grpc_loc_conf_t *glcf)
cln->handler = ngx_ssl_cleanup_ctx;
cln->data = glcf->upstream.ssl;
- if (glcf->ssl_certificate.len) {
+ if (glcf->upstream.ssl_certificate) {
- if (glcf->ssl_certificate_key.len == 0) {
+ if (glcf->upstream.ssl_certificate_key == NULL) {
ngx_log_error(NGX_LOG_EMERG, cf->log, 0,
"no \"grpc_ssl_certificate_key\" is defined "
- "for certificate \"%V\"", &glcf->ssl_certificate);
+ "for certificate \"%V\"",
+ &glcf->upstream.ssl_certificate->value);
return NGX_ERROR;
}
- if (ngx_ssl_certificate(cf, glcf->upstream.ssl, &glcf->ssl_certificate,
- &glcf->ssl_certificate_key, glcf->ssl_passwords)
- != NGX_OK)
+ if (glcf->upstream.ssl_certificate->lengths
+ || glcf->upstream.ssl_certificate_key->lengths)
{
- return NGX_ERROR;
+ glcf->upstream.ssl_passwords =
+ ngx_ssl_preserve_passwords(cf, glcf->upstream.ssl_passwords);
+ if (glcf->upstream.ssl_passwords == NULL) {
+ return NGX_ERROR;
+ }
+
+ } else {
+ if (ngx_ssl_certificate(cf, glcf->upstream.ssl,
+ &glcf->upstream.ssl_certificate->value,
+ &glcf->upstream.ssl_certificate_key->value,
+ glcf->upstream.ssl_passwords)
+ != NGX_OK)
+ {
+ return NGX_ERROR;
+ }
}
}
diff --git a/src/http/modules/ngx_http_proxy_module.c b/src/http/modules/ngx_http_proxy_module.c
index a63c3ed54..64190f1a0 100644
--- a/src/http/modules/ngx_http_proxy_module.c
+++ b/src/http/modules/ngx_http_proxy_module.c
@@ -124,9 +124,6 @@ typedef struct {
ngx_uint_t ssl_verify_depth;
ngx_str_t ssl_trusted_certificate;
ngx_str_t ssl_crl;
- ngx_str_t ssl_certificate;
- ngx_str_t ssl_certificate_key;
- ngx_array_t *ssl_passwords;
ngx_array_t *ssl_conf_commands;
#endif
} ngx_http_proxy_loc_conf_t;
@@ -753,16 +750,16 @@ static ngx_command_t ngx_http_proxy_commands[] = {
{ ngx_string("proxy_ssl_certificate"),
NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1,
- ngx_conf_set_str_slot,
+ ngx_http_set_complex_value_zero_slot,
NGX_HTTP_LOC_CONF_OFFSET,
- offsetof(ngx_http_proxy_loc_conf_t, ssl_certificate),
+ offsetof(ngx_http_proxy_loc_conf_t, upstream.ssl_certificate),
NULL },
{ ngx_string("proxy_ssl_certificate_key"),
NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1,
- ngx_conf_set_str_slot,
+ ngx_http_set_complex_value_zero_slot,
NGX_HTTP_LOC_CONF_OFFSET,
- offsetof(ngx_http_proxy_loc_conf_t, ssl_certificate_key),
+ offsetof(ngx_http_proxy_loc_conf_t, upstream.ssl_certificate_key),
NULL },
{ ngx_string("proxy_ssl_password_file"),
@@ -3327,9 +3324,7 @@ ngx_http_proxy_create_loc_conf(ngx_conf_t *cf)
* conf->upstream.hide_headers_hash = { NULL, 0 };
* conf->upstream.store_lengths = NULL;
* conf->upstream.store_values = NULL;
- * conf->upstream.ssl_name = NULL;
*
- * conf->method = NULL;
* conf->location = NULL;
* conf->url = { 0, NULL };
* conf->headers.lengths = NULL;
@@ -3347,8 +3342,6 @@ ngx_http_proxy_create_loc_conf(ngx_conf_t *cf)
* conf->ssl_ciphers = { 0, NULL };
* conf->ssl_trusted_certificate = { 0, NULL };
* conf->ssl_crl = { 0, NULL };
- * conf->ssl_certificate = { 0, NULL };
- * conf->ssl_certificate_key = { 0, NULL };
*/
conf->upstream.store = NGX_CONF_UNSET;
@@ -3400,20 +3393,26 @@ ngx_http_proxy_create_loc_conf(ngx_conf_t *cf)
#if (NGX_HTTP_SSL)
conf->upstream.ssl_session_reuse = NGX_CONF_UNSET;
+ conf->upstream.ssl_name = NGX_CONF_UNSET_PTR;
conf->upstream.ssl_server_name = NGX_CONF_UNSET;
conf->upstream.ssl_verify = NGX_CONF_UNSET;
+ conf->upstream.ssl_certificate = NGX_CONF_UNSET_PTR;
+ conf->upstream.ssl_certificate_key = NGX_CONF_UNSET_PTR;
+ conf->upstream.ssl_passwords = NGX_CONF_UNSET_PTR;
conf->ssl_verify_depth = NGX_CONF_UNSET_UINT;
- conf->ssl_passwords = NGX_CONF_UNSET_PTR;
conf->ssl_conf_commands = NGX_CONF_UNSET_PTR;
#endif
/* "proxy_cyclic_temp_file" is disabled */
conf->upstream.cyclic_temp_file = 0;
+ conf->upstream.change_buffering = 1;
+
conf->headers_source = NGX_CONF_UNSET_PTR;
+ conf->method = NGX_CONF_UNSET_PTR;
+
conf->redirect = NGX_CONF_UNSET;
- conf->upstream.change_buffering = 1;
conf->cookie_domains = NGX_CONF_UNSET_PTR;
conf->cookie_paths = NGX_CONF_UNSET_PTR;
@@ -3708,10 +3707,6 @@ ngx_http_proxy_merge_loc_conf(ngx_conf_t *cf, void *parent, void *child)
#endif
- if (conf->method == NULL) {
- conf->method = prev->method;
- }
-
ngx_conf_merge_value(conf->upstream.pass_request_headers,
prev->upstream.pass_request_headers, 1);
ngx_conf_merge_value(conf->upstream.pass_request_body,
@@ -3732,10 +3727,8 @@ ngx_http_proxy_merge_loc_conf(ngx_conf_t *cf, void *parent, void *child)
ngx_conf_merge_str_value(conf->ssl_ciphers, prev->ssl_ciphers,
"DEFAULT");
- if (conf->upstream.ssl_name == NULL) {
- conf->upstream.ssl_name = prev->upstream.ssl_name;
- }
-
+ ngx_conf_merge_ptr_value(conf->upstream.ssl_name,
+ prev->upstream.ssl_name, NULL);
ngx_conf_merge_value(conf->upstream.ssl_server_name,
prev->upstream.ssl_server_name, 0);
ngx_conf_merge_value(conf->upstream.ssl_verify,
@@ -3746,11 +3739,12 @@ ngx_http_proxy_merge_loc_conf(ngx_conf_t *cf, void *parent, void *child)
prev->ssl_trusted_certificate, "");
ngx_conf_merge_str_value(conf->ssl_crl, prev->ssl_crl, "");
- ngx_conf_merge_str_value(conf->ssl_certificate,
- prev->ssl_certificate, "");
- ngx_conf_merge_str_value(conf->ssl_certificate_key,
- prev->ssl_certificate_key, "");
- ngx_conf_merge_ptr_value(conf->ssl_passwords, prev->ssl_passwords, NULL);
+ ngx_conf_merge_ptr_value(conf->upstream.ssl_certificate,
+ prev->upstream.ssl_certificate, NULL);
+ ngx_conf_merge_ptr_value(conf->upstream.ssl_certificate_key,
+ prev->upstream.ssl_certificate_key, NULL);
+ ngx_conf_merge_ptr_value(conf->upstream.ssl_passwords,
+ prev->upstream.ssl_passwords, NULL);
ngx_conf_merge_ptr_value(conf->ssl_conf_commands,
prev->ssl_conf_commands, NULL);
@@ -3761,6 +3755,8 @@ ngx_http_proxy_merge_loc_conf(ngx_conf_t *cf, void *parent, void *child)
#endif
+ ngx_conf_merge_ptr_value(conf->method, prev->method, NULL);
+
ngx_conf_merge_value(conf->redirect, prev->redirect, 1);
if (conf->redirect) {
@@ -4859,15 +4855,15 @@ ngx_http_proxy_ssl_password_file(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
ngx_str_t *value;
- if (plcf->ssl_passwords != NGX_CONF_UNSET_PTR) {
+ if (plcf->upstream.ssl_passwords != NGX_CONF_UNSET_PTR) {
return "is duplicate";
}
value = cf->args->elts;
- plcf->ssl_passwords = ngx_ssl_read_password_file(cf, &value[1]);
+ plcf->upstream.ssl_passwords = ngx_ssl_read_password_file(cf, &value[1]);
- if (plcf->ssl_passwords == NULL) {
+ if (plcf->upstream.ssl_passwords == NULL) {
return NGX_CONF_ERROR;
}
@@ -4946,20 +4942,34 @@ ngx_http_proxy_set_ssl(ngx_conf_t *cf, ngx_http_proxy_loc_conf_t *plcf)
cln->handler = ngx_ssl_cleanup_ctx;
cln->data = plcf->upstream.ssl;
- if (plcf->ssl_certificate.len) {
+ if (plcf->upstream.ssl_certificate) {
- if (plcf->ssl_certificate_key.len == 0) {
+ if (plcf->upstream.ssl_certificate_key == NULL) {
ngx_log_error(NGX_LOG_EMERG, cf->log, 0,
"no \"proxy_ssl_certificate_key\" is defined "
- "for certificate \"%V\"", &plcf->ssl_certificate);
+ "for certificate \"%V\"",
+ &plcf->upstream.ssl_certificate->value);
return NGX_ERROR;
}
- if (ngx_ssl_certificate(cf, plcf->upstream.ssl, &plcf->ssl_certificate,
- &plcf->ssl_certificate_key, plcf->ssl_passwords)
- != NGX_OK)
+ if (plcf->upstream.ssl_certificate->lengths
+ || plcf->upstream.ssl_certificate_key->lengths)
{
- return NGX_ERROR;
+ plcf->upstream.ssl_passwords =
+ ngx_ssl_preserve_passwords(cf, plcf->upstream.ssl_passwords);
+ if (plcf->upstream.ssl_passwords == NULL) {
+ return NGX_ERROR;
+ }
+
+ } else {
+ if (ngx_ssl_certificate(cf, plcf->upstream.ssl,
+ &plcf->upstream.ssl_certificate->value,
+ &plcf->upstream.ssl_certificate_key->value,
+ plcf->upstream.ssl_passwords)
+ != NGX_OK)
+ {
+ return NGX_ERROR;
+ }
}
}
diff --git a/src/http/modules/ngx_http_secure_link_module.c b/src/http/modules/ngx_http_secure_link_module.c
index 536e09a72..4d4ce6af1 100644
--- a/src/http/modules/ngx_http_secure_link_module.c
+++ b/src/http/modules/ngx_http_secure_link_module.c
@@ -302,11 +302,12 @@ ngx_http_secure_link_create_conf(ngx_conf_t *cf)
/*
* set by ngx_pcalloc():
*
- * conf->variable = NULL;
- * conf->md5 = NULL;
* conf->secret = { 0, NULL };
*/
+ conf->variable = NGX_CONF_UNSET_PTR;
+ conf->md5 = NGX_CONF_UNSET_PTR;
+
return conf;
}
@@ -318,6 +319,9 @@ ngx_http_secure_link_merge_conf(ngx_conf_t *cf, void *parent, void *child)
ngx_http_secure_link_conf_t *conf = child;
if (conf->secret.data) {
+ ngx_conf_init_ptr_value(conf->variable, NULL);
+ ngx_conf_init_ptr_value(conf->md5, NULL);
+
if (conf->variable || conf->md5) {
ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
"\"secure_link_secret\" cannot be mixed with "
@@ -328,13 +332,8 @@ ngx_http_secure_link_merge_conf(ngx_conf_t *cf, void *parent, void *child)
return NGX_CONF_OK;
}
- if (conf->variable == NULL) {
- conf->variable = prev->variable;
- }
-
- if (conf->md5 == NULL) {
- conf->md5 = prev->md5;
- }
+ ngx_conf_merge_ptr_value(conf->variable, prev->variable, NULL);
+ ngx_conf_merge_ptr_value(conf->md5, prev->md5, NULL);
if (conf->variable == NULL && conf->md5 == NULL) {
conf->secret = prev->secret;
diff --git a/src/http/modules/ngx_http_static_module.c b/src/http/modules/ngx_http_static_module.c
index 282d6ee98..cf29d5a6d 100644
--- a/src/http/modules/ngx_http_static_module.c
+++ b/src/http/modules/ngx_http_static_module.c
@@ -50,6 +50,7 @@ ngx_http_static_handler(ngx_http_request_t *r)
{
u_char *last, *location;
size_t root, len;
+ uintptr_t escape;
ngx_str_t path;
ngx_int_t rc;
ngx_uint_t level;
@@ -155,14 +156,18 @@ ngx_http_static_handler(ngx_http_request_t *r)
return NGX_HTTP_INTERNAL_SERVER_ERROR;
}
- len = r->uri.len + 1;
+ escape = 2 * ngx_escape_uri(NULL, r->uri.data, r->uri.len,
+ NGX_ESCAPE_URI);
- if (!clcf->alias && r->args.len == 0) {
+ if (!clcf->alias && r->args.len == 0 && escape == 0) {
+ len = r->uri.len + 1;
location = path.data + root;
*last = '/';
} else {
+ len = r->uri.len + escape + 1;
+
if (r->args.len) {
len += r->args.len + 1;
}
@@ -173,7 +178,13 @@ ngx_http_static_handler(ngx_http_request_t *r)
return NGX_HTTP_INTERNAL_SERVER_ERROR;
}
- last = ngx_copy(location, r->uri.data, r->uri.len);
+ if (escape) {
+ last = (u_char *) ngx_escape_uri(location, r->uri.data,
+ r->uri.len, NGX_ESCAPE_URI);
+
+ } else {
+ last = ngx_copy(location, r->uri.data, r->uri.len);
+ }
*last = '/';
diff --git a/src/http/modules/ngx_http_uwsgi_module.c b/src/http/modules/ngx_http_uwsgi_module.c
index 1334f44c9..655be98c7 100644
--- a/src/http/modules/ngx_http_uwsgi_module.c
+++ b/src/http/modules/ngx_http_uwsgi_module.c
@@ -54,9 +54,6 @@ typedef struct {
ngx_uint_t ssl_verify_depth;
ngx_str_t ssl_trusted_certificate;
ngx_str_t ssl_crl;
- ngx_str_t ssl_certificate;
- ngx_str_t ssl_certificate_key;
- ngx_array_t *ssl_passwords;
ngx_array_t *ssl_conf_commands;
#endif
} ngx_http_uwsgi_loc_conf_t;
@@ -548,16 +545,16 @@ static ngx_command_t ngx_http_uwsgi_commands[] = {
{ ngx_string("uwsgi_ssl_certificate"),
NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1,
- ngx_conf_set_str_slot,
+ ngx_http_set_complex_value_zero_slot,
NGX_HTTP_LOC_CONF_OFFSET,
- offsetof(ngx_http_uwsgi_loc_conf_t, ssl_certificate),
+ offsetof(ngx_http_uwsgi_loc_conf_t, upstream.ssl_certificate),
NULL },
{ ngx_string("uwsgi_ssl_certificate_key"),
NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1,
- ngx_conf_set_str_slot,
+ ngx_http_set_complex_value_zero_slot,
NGX_HTTP_LOC_CONF_OFFSET,
- offsetof(ngx_http_uwsgi_loc_conf_t, ssl_certificate_key),
+ offsetof(ngx_http_uwsgi_loc_conf_t, upstream.ssl_certificate_key),
NULL },
{ ngx_string("uwsgi_ssl_password_file"),
@@ -1509,10 +1506,13 @@ ngx_http_uwsgi_create_loc_conf(ngx_conf_t *cf)
#if (NGX_HTTP_SSL)
conf->upstream.ssl_session_reuse = NGX_CONF_UNSET;
+ conf->upstream.ssl_name = NGX_CONF_UNSET_PTR;
conf->upstream.ssl_server_name = NGX_CONF_UNSET;
conf->upstream.ssl_verify = NGX_CONF_UNSET;
conf->ssl_verify_depth = NGX_CONF_UNSET_UINT;
- conf->ssl_passwords = NGX_CONF_UNSET_PTR;
+ conf->upstream.ssl_certificate = NGX_CONF_UNSET_PTR;
+ conf->upstream.ssl_certificate_key = NGX_CONF_UNSET_PTR;
+ conf->upstream.ssl_passwords = NGX_CONF_UNSET_PTR;
conf->ssl_conf_commands = NGX_CONF_UNSET_PTR;
#endif
@@ -1824,10 +1824,8 @@ ngx_http_uwsgi_merge_loc_conf(ngx_conf_t *cf, void *parent, void *child)
ngx_conf_merge_str_value(conf->ssl_ciphers, prev->ssl_ciphers,
"DEFAULT");
- if (conf->upstream.ssl_name == NULL) {
- conf->upstream.ssl_name = prev->upstream.ssl_name;
- }
-
+ ngx_conf_merge_ptr_value(conf->upstream.ssl_name,
+ prev->upstream.ssl_name, NULL);
ngx_conf_merge_value(conf->upstream.ssl_server_name,
prev->upstream.ssl_server_name, 0);
ngx_conf_merge_value(conf->upstream.ssl_verify,
@@ -1838,11 +1836,12 @@ ngx_http_uwsgi_merge_loc_conf(ngx_conf_t *cf, void *parent, void *child)
prev->ssl_trusted_certificate, "");
ngx_conf_merge_str_value(conf->ssl_crl, prev->ssl_crl, "");
- ngx_conf_merge_str_value(conf->ssl_certificate,
- prev->ssl_certificate, "");
- ngx_conf_merge_str_value(conf->ssl_certificate_key,
- prev->ssl_certificate_key, "");
- ngx_conf_merge_ptr_value(conf->ssl_passwords, prev->ssl_passwords, NULL);
+ ngx_conf_merge_ptr_value(conf->upstream.ssl_certificate,
+ prev->upstream.ssl_certificate, NULL);
+ ngx_conf_merge_ptr_value(conf->upstream.ssl_certificate_key,
+ prev->upstream.ssl_certificate_key, NULL);
+ ngx_conf_merge_ptr_value(conf->upstream.ssl_passwords,
+ prev->upstream.ssl_passwords, NULL);
ngx_conf_merge_ptr_value(conf->ssl_conf_commands,
prev->ssl_conf_commands, NULL);
@@ -2377,15 +2376,15 @@ ngx_http_uwsgi_ssl_password_file(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
ngx_str_t *value;
- if (uwcf->ssl_passwords != NGX_CONF_UNSET_PTR) {
+ if (uwcf->upstream.ssl_passwords != NGX_CONF_UNSET_PTR) {
return "is duplicate";
}
value = cf->args->elts;
- uwcf->ssl_passwords = ngx_ssl_read_password_file(cf, &value[1]);
+ uwcf->upstream.ssl_passwords = ngx_ssl_read_password_file(cf, &value[1]);
- if (uwcf->ssl_passwords == NULL) {
+ if (uwcf->upstream.ssl_passwords == NULL) {
return NGX_CONF_ERROR;
}
@@ -2431,20 +2430,34 @@ ngx_http_uwsgi_set_ssl(ngx_conf_t *cf, ngx_http_uwsgi_loc_conf_t *uwcf)
cln->handler = ngx_ssl_cleanup_ctx;
cln->data = uwcf->upstream.ssl;
- if (uwcf->ssl_certificate.len) {
+ if (uwcf->upstream.ssl_certificate) {
- if (uwcf->ssl_certificate_key.len == 0) {
+ if (uwcf->upstream.ssl_certificate_key == NULL) {
ngx_log_error(NGX_LOG_EMERG, cf->log, 0,
"no \"uwsgi_ssl_certificate_key\" is defined "
- "for certificate \"%V\"", &uwcf->ssl_certificate);
+ "for certificate \"%V\"",
+ &uwcf->upstream.ssl_certificate->value);
return NGX_ERROR;
}
- if (ngx_ssl_certificate(cf, uwcf->upstream.ssl, &uwcf->ssl_certificate,
- &uwcf->ssl_certificate_key, uwcf->ssl_passwords)
- != NGX_OK)
+ if (uwcf->upstream.ssl_certificate->lengths
+ || uwcf->upstream.ssl_certificate_key->lengths)
{
- return NGX_ERROR;
+ uwcf->upstream.ssl_passwords =
+ ngx_ssl_preserve_passwords(cf, uwcf->upstream.ssl_passwords);
+ if (uwcf->upstream.ssl_passwords == NULL) {
+ return NGX_ERROR;
+ }
+
+ } else {
+ if (ngx_ssl_certificate(cf, uwcf->upstream.ssl,
+ &uwcf->upstream.ssl_certificate->value,
+ &uwcf->upstream.ssl_certificate_key->value,
+ uwcf->upstream.ssl_passwords)
+ != NGX_OK)
+ {
+ return NGX_ERROR;
+ }
}
}
generated by cgit (git 2.34.1) at 2025-12-06 15:37:14 +0000