[PATCH] Upstream: handling of certificates specified as an empty string

Sergey Kandaurov pluknet at nginx.com
Tue May 24 20:05:57 UTC 2022 

# HG changeset patch
# User Sergey Kandaurov <pluknet at nginx.com>
# Date 1653422583 -14400
#      Wed May 25 00:03:03 2022 +0400
# Node ID 3bb1adbb74dfcd372f7369530967cfb415900778
# Parent  8a54733c9d1290e6dc2f86af18e8a976a6352e4f
Upstream: handling of certificates specified as an empty string.

Now, if the directive is given an empty string, such configuration cancels
loading of certificates should they be inherited from the previous level.
This restores a previous behaviour, before variables support in certificates
was introduced (3ab8e1e2f0f7).

diff --git a/src/http/modules/ngx_http_grpc_module.c b/src/http/modules/ngx_http_grpc_module.c
--- a/src/http/modules/ngx_http_grpc_module.c
+++ b/src/http/modules/ngx_http_grpc_module.c
@@ -4921,7 +4921,7 @@ ngx_http_grpc_set_ssl(ngx_conf_t *cf, ng
                 return NGX_ERROR;
             }
 
-        } else {
+        } else if (glcf->upstream.ssl_certificate->value.len) {
             if (ngx_ssl_certificate(cf, glcf->upstream.ssl,
                                     &glcf->upstream.ssl_certificate->value,
                                     &glcf->upstream.ssl_certificate_key->value,
diff --git a/src/http/modules/ngx_http_proxy_module.c b/src/http/modules/ngx_http_proxy_module.c
--- a/src/http/modules/ngx_http_proxy_module.c
+++ b/src/http/modules/ngx_http_proxy_module.c
@@ -4970,7 +4970,7 @@ ngx_http_proxy_set_ssl(ngx_conf_t *cf, n
                 return NGX_ERROR;
             }
 
-        } else {
+        } else if (plcf->upstream.ssl_certificate->value.len) {
             if (ngx_ssl_certificate(cf, plcf->upstream.ssl,
                                     &plcf->upstream.ssl_certificate->value,
                                     &plcf->upstream.ssl_certificate_key->value,
diff --git a/src/http/modules/ngx_http_uwsgi_module.c b/src/http/modules/ngx_http_uwsgi_module.c
--- a/src/http/modules/ngx_http_uwsgi_module.c
+++ b/src/http/modules/ngx_http_uwsgi_module.c
@@ -2457,7 +2457,7 @@ ngx_http_uwsgi_set_ssl(ngx_conf_t *cf, n
                 return NGX_ERROR;
             }
 
-        } else {
+        } else if (uwcf->upstream.ssl_certificate->value.len) {
             if (ngx_ssl_certificate(cf, uwcf->upstream.ssl,
                                     &uwcf->upstream.ssl_certificate->value,
                                     &uwcf->upstream.ssl_certificate_key->value,

More information about the nginx-devel mailing list