[PATCH] Corrected syntax of ssl_conf_command and friends

Maxim Dounin mdounin at mdounin.ru
Mon Jun 20 21:18:37 UTC 2022


Hello!

On Mon, Jun 20, 2022 at 11:33:43PM +0400, Sergey Kandaurov wrote:

> # HG changeset patch
> # User Sergey Kandaurov <pluknet at nginx.com>
> # Date 1655753604 -14400
> #      Mon Jun 20 23:33:24 2022 +0400
> # Node ID 3e1af31b0ecd9e0ae5a8a93a15ff15cc0b1f98f6
> # Parent  53734009b0c36276e66792e23180ee9665c95419
> Corrected syntax of ssl_conf_command and friends.
> 
> Each directive takes exactly two arguments: command name and value.
> The parameter names follow SSL_CONF_cmd(3) documentation of OpenSSL 3.0.
> 
> diff --git a/xml/en/docs/http/ngx_http_grpc_module.xml b/xml/en/docs/http/ngx_http_grpc_module.xml
> --- a/xml/en/docs/http/ngx_http_grpc_module.xml
> +++ b/xml/en/docs/http/ngx_http_grpc_module.xml
> @@ -10,7 +10,7 @@
>  <module name="Module ngx_http_grpc_module"
>          link="/en/docs/http/ngx_http_grpc_module.html"
>          lang="en"
> -        rev="7">
> +        rev="8">
>  
>  <section id="summary">
>  
> @@ -535,7 +535,7 @@ The full list can be viewed using the
>  
>  
>  <directive name="grpc_ssl_conf_command">
> -<syntax><value>command</value> ...</syntax>
> +<syntax><value>option</value> <value>value</value></syntax>

I don't think such wording improves readability, since it 
basically contradicts the "command" in the name of the directive.

The OpenSSL 3.0 documentation of SSL_CONF_cmd() does not seem to 
be self-consistent, and uses terms "command", "operation" and 
"option" in various places.  Further, the term "option" is already 
used by SSL_CTX_set_options() in a completely different meaning, 
and it is also configurable with SSL_CONF_cmd("Options").

Overall, I would rather suggest to stick with the

    ssl_conf_command name value;

syntax, which seems to be much more consistent and 
self-explanatory.

[...]

-- 
Maxim Dounin
http://mdounin.ru/



More information about the nginx-devel mailing list