[PATCH] Upstream: add "proxy_ssl_certificate" and friends

Maxim Dounin mdounin at mdounin.ru
Mon Nov 10 16:59:58 UTC 2014 

Hello!

On Thu, Oct 30, 2014 at 04:31:37AM -0700, Piotr Sikora wrote:

> # HG changeset patch
> # User Piotr Sikora <piotr at cloudflare.com>
> # Date 1414668641 25200
> #      Thu Oct 30 04:30:41 2014 -0700
> # Node ID bb14c7659efb32d1d1f651bdf54a8c8157ef67f9
> # Parent  87ada3ba1392fadaf4d9193b5d345c248be32f77
> Upstream: add "proxy_ssl_certificate" and friends.
> 
> Signed-off-by: Piotr Sikora <piotr at cloudflare.com>
> 
> diff -r 87ada3ba1392 -r bb14c7659efb src/http/modules/ngx_http_proxy_module.c
> --- a/src/http/modules/ngx_http_proxy_module.c	Mon Oct 27 14:25:56 2014 -0700
> +++ b/src/http/modules/ngx_http_proxy_module.c	Thu Oct 30 04:30:41 2014 -0700
> @@ -84,6 +84,9 @@ typedef struct {
>      ngx_uint_t                     ssl_verify_depth;
>      ngx_str_t                      ssl_trusted_certificate;
>      ngx_str_t                      ssl_crl;
> +    ngx_str_t                      ssl_certificate;
> +    ngx_str_t                      ssl_certificate_key;
> +    ngx_array_t                   *ssl_passwords;
>  #endif
>  } ngx_http_proxy_loc_conf_t;
>  
> @@ -169,6 +172,8 @@ static ngx_int_t ngx_http_proxy_rewrite_
>      ngx_http_proxy_rewrite_t *pr, ngx_str_t *regex, ngx_uint_t caseless);
>  
>  #if (NGX_HTTP_SSL)
> +static char *ngx_http_proxy_ssl_password_file(ngx_conf_t *cf,
> +    ngx_command_t *cmd, void *conf);
>  static ngx_int_t ngx_http_proxy_set_ssl(ngx_conf_t *cf,
>      ngx_http_proxy_loc_conf_t *plcf);
>  #endif

I think that it would be better to preserve current style used in 
the proxy module by placing configuration directive handling into 
the block with other configuration directives, like this:

@@ -162,6 +165,10 @@ static char *ngx_http_proxy_cache(ngx_co
 static char *ngx_http_proxy_cache_key(ngx_conf_t *cf, ngx_command_t *cmd,
     void *conf);
 #endif
+#if (NGX_HTTP_SSL)
+static char *ngx_http_proxy_ssl_password_file(ngx_conf_t *cf,
+    ngx_command_t *cmd, void *conf);
+#endif
 
 static char *ngx_http_proxy_lowat_check(ngx_conf_t *cf, void *post, void *data);
 
And the same in the code.

(The uwsgi module part looks fine as is, as the module uses 
slightly different style for function declarations, and there is 
no problem in the code.)

I'm about to commit your patch with the following changes on top 
of it (only style, no functional changes), please let me know if 
it looks ok for you:

diff --git a/src/http/modules/ngx_http_proxy_module.c b/src/http/modules/ngx_http_proxy_module.c
--- a/src/http/modules/ngx_http_proxy_module.c
+++ b/src/http/modules/ngx_http_proxy_module.c
@@ -165,15 +165,17 @@ static char *ngx_http_proxy_cache(ngx_co
 static char *ngx_http_proxy_cache_key(ngx_conf_t *cf, ngx_command_t *cmd,
     void *conf);
 #endif
-
-static char *ngx_http_proxy_lowat_check(ngx_conf_t *cf, void *post, void *data);
-
-static ngx_int_t ngx_http_proxy_rewrite_regex(ngx_conf_t *cf,
-    ngx_http_proxy_rewrite_t *pr, ngx_str_t *regex, ngx_uint_t caseless);
-
 #if (NGX_HTTP_SSL)
 static char *ngx_http_proxy_ssl_password_file(ngx_conf_t *cf,
     ngx_command_t *cmd, void *conf);
+#endif
+
+static char *ngx_http_proxy_lowat_check(ngx_conf_t *cf, void *post, void *data);
+
+static ngx_int_t ngx_http_proxy_rewrite_regex(ngx_conf_t *cf,
+    ngx_http_proxy_rewrite_t *pr, ngx_str_t *regex, ngx_uint_t caseless);
+
+#if (NGX_HTTP_SSL)
 static ngx_int_t ngx_http_proxy_set_ssl(ngx_conf_t *cf,
     ngx_http_proxy_loc_conf_t *plcf);
 #endif
@@ -3872,6 +3874,33 @@ ngx_http_proxy_cache_key(ngx_conf_t *cf,
 #endif
 
 
+#if (NGX_HTTP_SSL)
+
+static char *
+ngx_http_proxy_ssl_password_file(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
+{
+    ngx_http_proxy_loc_conf_t *plcf = conf;
+
+    ngx_str_t  *value;
+
+    if (plcf->ssl_passwords != NGX_CONF_UNSET_PTR) {
+        return "is duplicate";
+    }
+
+    value = cf->args->elts;
+
+    plcf->ssl_passwords = ngx_ssl_read_password_file(cf, &value[1]);
+
+    if (plcf->ssl_passwords == NULL) {
+        return NGX_CONF_ERROR;
+    }
+
+    return NGX_CONF_OK;
+}
+
+#endif
+
+
 static char *
 ngx_http_proxy_lowat_check(ngx_conf_t *cf, void *post, void *data)
 {
@@ -3903,29 +3932,6 @@ ngx_http_proxy_lowat_check(ngx_conf_t *c
 
 #if (NGX_HTTP_SSL)
 
-static char *
-ngx_http_proxy_ssl_password_file(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
-{
-    ngx_http_proxy_loc_conf_t *plcf = conf;
-
-    ngx_str_t  *value;
-
-    if (plcf->ssl_passwords != NGX_CONF_UNSET_PTR) {
-        return "is duplicate";
-    }
-
-    value = cf->args->elts;
-
-    plcf->ssl_passwords = ngx_ssl_read_password_file(cf, &value[1]);
-
-    if (plcf->ssl_passwords == NULL) {
-        return NGX_CONF_ERROR;
-    }
-
-    return NGX_CONF_OK;
-}
-
-
 static ngx_int_t
 ngx_http_proxy_set_ssl(ngx_conf_t *cf, ngx_http_proxy_loc_conf_t *plcf)
 {


-- 
Maxim Dounin
http://nginx.org/

More information about the nginx-devel mailing list