diff options
Diffstat (limited to '')
| -rw-r--r-- | src/stream/ngx_stream_core_module.c | 10 | ||||
| -rw-r--r-- | src/stream/ngx_stream_ssl_module.c | 36 | ||||
| -rw-r--r-- | src/stream/ngx_stream_ssl_module.h | 4 |
3 files changed, 37 insertions, 13 deletions
diff --git a/src/stream/ngx_stream_core_module.c b/src/stream/ngx_stream_core_module.c index 272708d62..96e7c9ac8 100644 --- a/src/stream/ngx_stream_core_module.c +++ b/src/stream/ngx_stream_core_module.c @@ -734,7 +734,17 @@ ngx_stream_core_listen(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) if (ngx_strcmp(value[i].data, "ssl") == 0) { #if (NGX_STREAM_SSL) + ngx_stream_ssl_conf_t *sslcf; + + sslcf = ngx_stream_conf_get_module_srv_conf(cf, + ngx_stream_ssl_module); + + sslcf->listen = 1; + sslcf->file = cf->conf_file->file.name.data; + sslcf->line = cf->conf_file->line; + ls->ssl = 1; + continue; #else ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, diff --git a/src/stream/ngx_stream_ssl_module.c b/src/stream/ngx_stream_ssl_module.c index 3e5a1f210..dcc33e1ce 100644 --- a/src/stream/ngx_stream_ssl_module.c +++ b/src/stream/ngx_stream_ssl_module.c @@ -304,13 +304,6 @@ ngx_stream_ssl_handler(ngx_stream_session_t *s) if (c->ssl == NULL) { c->log->action = "SSL handshaking"; - if (sslcf->ssl.ctx == NULL) { - ngx_log_error(NGX_LOG_ERR, c->log, 0, - "no \"ssl_certificate\" is defined " - "in server listening on SSL port"); - return NGX_ERROR; - } - rv = ngx_stream_ssl_init_connection(&sslcf->ssl, c); if (rv != NGX_OK) { @@ -510,6 +503,7 @@ ngx_stream_ssl_create_conf(ngx_conf_t *cf) /* * set by ngx_pcalloc(): * + * scf->listen = 0; * scf->protocols = 0; * scf->dhparam = { 0, NULL }; * scf->ecdh_curve = { 0, NULL }; @@ -582,18 +576,34 @@ ngx_stream_ssl_merge_conf(ngx_conf_t *cf, void *parent, void *child) conf->ssl.log = cf->log; - if (conf->certificates == NULL) { + if (!conf->listen) { return NGX_CONF_OK; } - if (conf->certificate_keys == NULL - || conf->certificate_keys->nelts < conf->certificates->nelts) - { + if (conf->certificates == NULL) { + ngx_log_error(NGX_LOG_EMERG, cf->log, 0, + "no \"ssl_certificate\" is defined for " + "the \"listen ... ssl\" directive in %s:%ui", + conf->file, conf->line); + return NGX_CONF_ERROR; + } + + if (conf->certificate_keys == NULL) { + ngx_log_error(NGX_LOG_EMERG, cf->log, 0, + "no \"ssl_certificate_key\" is defined for " + "the \"listen ... ssl\" directive in %s:%ui", + conf->file, conf->line); + return NGX_CONF_ERROR; + } + + if (conf->certificate_keys->nelts < conf->certificates->nelts) { ngx_log_error(NGX_LOG_EMERG, cf->log, 0, "no \"ssl_certificate_key\" is defined " - "for certificate \"%V\"", + "for certificate \"%V\" and " + "the \"listen ... ssl\" directive in %s:%ui", ((ngx_str_t *) conf->certificates->elts) - + conf->certificates->nelts - 1); + + conf->certificates->nelts - 1, + conf->file, conf->line); return NGX_CONF_ERROR; } diff --git a/src/stream/ngx_stream_ssl_module.h b/src/stream/ngx_stream_ssl_module.h index 65f5d456e..9f8f01cf1 100644 --- a/src/stream/ngx_stream_ssl_module.h +++ b/src/stream/ngx_stream_ssl_module.h @@ -21,6 +21,7 @@ typedef struct { ngx_ssl_t ssl; + ngx_uint_t listen; ngx_uint_t protocols; ngx_uint_t verify; @@ -47,6 +48,9 @@ typedef struct { ngx_flag_t session_tickets; ngx_array_t *session_ticket_keys; + + u_char *file; + ngx_uint_t line; } ngx_stream_ssl_conf_t; |