[PATCH] Upstream: handling of certificates specified as an empty string
Sergey Kandaurov
pluknet at nginx.com
Tue May 24 20:05:57 UTC 2022
# HG changeset patch
# User Sergey Kandaurov <pluknet at nginx.com>
# Date 1653422583 -14400
# Wed May 25 00:03:03 2022 +0400
# Node ID 3bb1adbb74dfcd372f7369530967cfb415900778
# Parent 8a54733c9d1290e6dc2f86af18e8a976a6352e4f
Upstream: handling of certificates specified as an empty string.
Now, if the directive is given an empty string, such configuration cancels
loading of certificates should they be inherited from the previous level.
This restores a previous behaviour, before variables support in certificates
was introduced (3ab8e1e2f0f7).
diff --git a/src/http/modules/ngx_http_grpc_module.c b/src/http/modules/ngx_http_grpc_module.c
--- a/src/http/modules/ngx_http_grpc_module.c
+++ b/src/http/modules/ngx_http_grpc_module.c
@@ -4921,7 +4921,7 @@ ngx_http_grpc_set_ssl(ngx_conf_t *cf, ng
return NGX_ERROR;
}
- } else {
+ } else if (glcf->upstream.ssl_certificate->value.len) {
if (ngx_ssl_certificate(cf, glcf->upstream.ssl,
&glcf->upstream.ssl_certificate->value,
&glcf->upstream.ssl_certificate_key->value,
diff --git a/src/http/modules/ngx_http_proxy_module.c b/src/http/modules/ngx_http_proxy_module.c
--- a/src/http/modules/ngx_http_proxy_module.c
+++ b/src/http/modules/ngx_http_proxy_module.c
@@ -4970,7 +4970,7 @@ ngx_http_proxy_set_ssl(ngx_conf_t *cf, n
return NGX_ERROR;
}
- } else {
+ } else if (plcf->upstream.ssl_certificate->value.len) {
if (ngx_ssl_certificate(cf, plcf->upstream.ssl,
&plcf->upstream.ssl_certificate->value,
&plcf->upstream.ssl_certificate_key->value,
diff --git a/src/http/modules/ngx_http_uwsgi_module.c b/src/http/modules/ngx_http_uwsgi_module.c
--- a/src/http/modules/ngx_http_uwsgi_module.c
+++ b/src/http/modules/ngx_http_uwsgi_module.c
@@ -2457,7 +2457,7 @@ ngx_http_uwsgi_set_ssl(ngx_conf_t *cf, n
return NGX_ERROR;
}
- } else {
+ } else if (uwcf->upstream.ssl_certificate->value.len) {
if (ngx_ssl_certificate(cf, uwcf->upstream.ssl,
&uwcf->upstream.ssl_certificate->value,
&uwcf->upstream.ssl_certificate_key->value,
More information about the nginx-devel
mailing list