Why can't I use the "ssl" modified on more than one listen statement?

Igor Sysoev igor at sysoev.ru
Mon Sep 27 14:06:31 MSD 2010


On Sat, Sep 25, 2010 at 11:00:18AM -0400, portante wrote:

> Hello,
> 
> Here is a patch against 0.8.50 to only complain when the listen options
> are actually different.
> 
> Would folks be interested in this?
> 
> [code]
> $ svn diff -r 32178:32179 src/http/ngx_http.c
> Index: src/http/ngx_http.c
> ===================================================================
> --- src/http/ngx_http.c (revision 32178)
> +++ src/http/ngx_http.c (revision 32179)
> @@ -1273,9 +1273,35 @@
>          if (lsopt->set) {
>  
>              if (addr[i].opt.set) {
> -                ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
> -                        "a duplicate listen options for %s",
> addr[i].opt.addr);
> -                return NGX_ERROR;
> +               /*
> +                * If this set is not the same as the old set, complain
> +                */
> +               if ((lsopt->default_server !=
> addr[i].opt.default_server)
> +                       || (lsopt->bind != addr[i].opt.bind)
> +                       || (lsopt->wildcard != addr[i].opt.wildcard)
> +#if (NGX_HTTP_SSL)
> +                       || (lsopt->ssl != addr[i].opt.ssl)
> +#endif
> +#if (NGX_HAVE_INET6 && defined IPV6_V6ONLY)
> +                       || (lsopt->ipv6only != addr[i].opt.ipv6only)
> +#endif
> +                       || (lsopt->backlog != addr[i].opt.backlog)
> +                       || (lsopt->rcvbuf != addr[i].opt.rcvbuf)
> +                       || (lsopt->sndbuf != addr[i].opt.sndbuf)
> +#if (NGX_HAVE_SETFIB)
> +                       || (lsopt->setfib != addr[i].opt.setfib)
> +#endif
> +#if (NGX_HAVE_DEFERRED_ACCEPT && defined SO_ACCEPTFILTER)
> +                       || (ngx_strcmp(lsopt->accept_filter,
> addr[i].opt.accept_filter) != 0)
> +#endif
> +#if (NGX_HAVE_DEFERRED_ACCEPT && defined TCP_DEFER_ACCEPT)
> +                       || (lsopt->deferred_accept !=
> addr[i].opt.deferred_accept)
> +#endif
> +                       || (ngx_strcmp(lsopt->addr, addr[i].opt.addr) !=
> 0)) {
> +                   ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
> +                       "conflicting listen options for %s",
> addr[i].opt.addr);
> +                   return NGX_ERROR;
> +               }
>              }
>  
>              addr[i].opt = *lsopt;
> [/code]

This patch breaks "listen default_server" and force to set various
listen socket options in all listen directive. The attached patch allows
to set only "ssl" option in several listen directives.


-- 
Igor Sysoev
http://sysoev.ru/en/
-------------- next part --------------
Index: src/http/ngx_http_core_module.c
===================================================================
--- src/http/ngx_http_core_module.c	(revision 3082)
+++ src/http/ngx_http_core_module.c	(working copy)
@@ -3569,7 +3569,6 @@
 
         if (ngx_strcmp(value[n].data, "ssl") == 0) {
 #if (NGX_HTTP_SSL)
-            lsopt.set = 1;
             lsopt.ssl = 1;
             continue;
 #else
Index: src/http/ngx_http.c
===================================================================
--- src/http/ngx_http.c	(revision 3082)
+++ src/http/ngx_http.c	(working copy)
@@ -1221,6 +1221,9 @@
 #if (NGX_HAVE_UNIX_DOMAIN)
     struct sockaddr_un    *saun;
 #endif
+#if (NGX_HTTP_SSL)
+    ngx_uint_t             ssl;
+#endif
 
     /*
      * we can not compare whole sockaddr struct's as kernel
@@ -1270,6 +1273,10 @@
         /* preserve default_server bit during listen options overwriting */
         default_server = addr[i].opt.default_server;
 
+#if (NGX_HTTP_SSL)
+        ssl = lsopt->ssl || addr[i].opt.set;
+#endif
+
         if (lsopt->set) {
 
             if (addr[i].opt.set) {
@@ -1296,6 +1303,9 @@
         }
 
         addr[i].opt.default_server = default_server;
+#if (NGX_HTTP_SSL)
+        addr[i].opt.ssl = ssl;
+#endif
 
         return NGX_OK;
     }


More information about the nginx mailing list