[PATCH] SSL: removed the "ssl" directive
Roman Arutyunyan
arut at nginx.com
Fri Jun 2 07:28:22 UTC 2023
# HG changeset patch
# User Roman Arutyunyan <arut at nginx.com>
# Date 1685447035 -14400
# Tue May 30 15:43:55 2023 +0400
# Node ID 564c8f447ea4d76d80251bbf07df412942a2261f
# Parent b4a57278bf24dd28d39afea0eb09732c05bf1606
SSL: removed the "ssl" directive.
It has been deprecated since 46c0c7ef4913 (1.15.0);
diff --git a/src/http/modules/ngx_http_ssl_module.c b/src/http/modules/ngx_http_ssl_module.c
--- a/src/http/modules/ngx_http_ssl_module.c
+++ b/src/http/modules/ngx_http_ssl_module.c
@@ -43,8 +43,6 @@ static char *ngx_http_ssl_merge_srv_conf
static ngx_int_t ngx_http_ssl_compile_certificates(ngx_conf_t *cf,
ngx_http_ssl_srv_conf_t *conf);
-static char *ngx_http_ssl_enable(ngx_conf_t *cf, ngx_command_t *cmd,
- void *conf);
static char *ngx_http_ssl_password_file(ngx_conf_t *cf, ngx_command_t *cmd,
void *conf);
static char *ngx_http_ssl_session_cache(ngx_conf_t *cf, ngx_command_t *cmd,
@@ -90,24 +88,12 @@ static ngx_conf_enum_t ngx_http_ssl_ocs
};
-static ngx_conf_deprecated_t ngx_http_ssl_deprecated = {
- ngx_conf_deprecated, "ssl", "listen ... ssl"
-};
-
-
static ngx_conf_post_t ngx_http_ssl_conf_command_post =
{ ngx_http_ssl_conf_command_check };
static ngx_command_t ngx_http_ssl_commands[] = {
- { ngx_string("ssl"),
- NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_FLAG,
- ngx_http_ssl_enable,
- NGX_HTTP_SRV_CONF_OFFSET,
- offsetof(ngx_http_ssl_srv_conf_t, enable),
- &ngx_http_ssl_deprecated },
-
{ ngx_string("ssl_certificate"),
NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_TAKE1,
ngx_conf_set_str_array_slot,
@@ -617,7 +603,6 @@ ngx_http_ssl_create_srv_conf(ngx_conf_t
* sscf->stapling_responder = { 0, NULL };
*/
- sscf->enable = NGX_CONF_UNSET;
sscf->prefer_server_ciphers = NGX_CONF_UNSET;
sscf->early_data = NGX_CONF_UNSET;
sscf->reject_handshake = NGX_CONF_UNSET;
@@ -649,17 +634,6 @@ ngx_http_ssl_merge_srv_conf(ngx_conf_t *
ngx_pool_cleanup_t *cln;
- if (conf->enable == NGX_CONF_UNSET) {
- if (prev->enable == NGX_CONF_UNSET) {
- conf->enable = 0;
-
- } else {
- conf->enable = prev->enable;
- conf->file = prev->file;
- conf->line = prev->line;
- }
- }
-
ngx_conf_merge_value(conf->session_timeout,
prev->session_timeout, 300);
@@ -714,37 +688,7 @@ ngx_http_ssl_merge_srv_conf(ngx_conf_t *
conf->ssl.log = cf->log;
- if (conf->enable) {
-
- if (conf->certificates) {
- if (conf->certificate_keys == NULL) {
- ngx_log_error(NGX_LOG_EMERG, cf->log, 0,
- "no \"ssl_certificate_key\" is defined for "
- "the \"ssl\" directive in %s:%ui",
- conf->file, conf->line);
- return NGX_CONF_ERROR;
- }
-
- if (conf->certificate_keys->nelts < conf->certificates->nelts) {
- ngx_log_error(NGX_LOG_EMERG, cf->log, 0,
- "no \"ssl_certificate_key\" is defined "
- "for certificate \"%V\" and "
- "the \"ssl\" directive in %s:%ui",
- ((ngx_str_t *) conf->certificates->elts)
- + conf->certificates->nelts - 1,
- conf->file, conf->line);
- return NGX_CONF_ERROR;
- }
-
- } else if (!conf->reject_handshake) {
- ngx_log_error(NGX_LOG_EMERG, cf->log, 0,
- "no \"ssl_certificate\" is defined for "
- "the \"ssl\" directive in %s:%ui",
- conf->file, conf->line);
- return NGX_CONF_ERROR;
- }
-
- } else if (conf->certificates) {
+ if (conf->certificates) {
if (conf->certificate_keys == NULL
|| conf->certificate_keys->nelts < conf->certificates->nelts)
@@ -1031,26 +975,6 @@ found:
static char *
-ngx_http_ssl_enable(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
-{
- ngx_http_ssl_srv_conf_t *sscf = conf;
-
- char *rv;
-
- rv = ngx_conf_set_flag_slot(cf, cmd, conf);
-
- if (rv != NGX_CONF_OK) {
- return rv;
- }
-
- sscf->file = cf->conf_file->file.name.data;
- sscf->line = cf->conf_file->line;
-
- return NGX_CONF_OK;
-}
-
-
-static char *
ngx_http_ssl_password_file(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
{
ngx_http_ssl_srv_conf_t *sscf = conf;
diff --git a/src/http/modules/ngx_http_ssl_module.h b/src/http/modules/ngx_http_ssl_module.h
--- a/src/http/modules/ngx_http_ssl_module.h
+++ b/src/http/modules/ngx_http_ssl_module.h
@@ -15,8 +15,6 @@
typedef struct {
- ngx_flag_t enable;
-
ngx_ssl_t ssl;
ngx_flag_t prefer_server_ciphers;
@@ -64,9 +62,6 @@ typedef struct {
ngx_flag_t stapling_verify;
ngx_str_t stapling_file;
ngx_str_t stapling_responder;
-
- u_char *file;
- ngx_uint_t line;
} ngx_http_ssl_srv_conf_t;
diff --git a/src/http/ngx_http_request.c b/src/http/ngx_http_request.c
--- a/src/http/ngx_http_request.c
+++ b/src/http/ngx_http_request.c
@@ -332,17 +332,11 @@ ngx_http_init_connection(ngx_connection_
#endif
#if (NGX_HTTP_SSL)
- {
- ngx_http_ssl_srv_conf_t *sscf;
-
- sscf = ngx_http_get_module_srv_conf(hc->conf_ctx, ngx_http_ssl_module);
-
- if (sscf->enable || hc->addr_conf->ssl) {
+ if (hc->addr_conf->ssl) {
hc->ssl = 1;
c->log->action = "SSL handshaking";
rev->handler = ngx_http_ssl_handshake;
}
- }
#endif
if (hc->addr_conf->proxy_protocol) {
diff --git a/src/mail/ngx_mail_handler.c b/src/mail/ngx_mail_handler.c
--- a/src/mail/ngx_mail_handler.c
+++ b/src/mail/ngx_mail_handler.c
@@ -283,10 +283,10 @@ ngx_mail_init_session_handler(ngx_event_
s = c->data;
- sslcf = ngx_mail_get_module_srv_conf(s, ngx_mail_ssl_module);
+ if (s->ssl) {
+ c->log->action = "SSL handshaking";
- if (sslcf->enable || s->ssl) {
- c->log->action = "SSL handshaking";
+ sslcf = ngx_mail_get_module_srv_conf(s, ngx_mail_ssl_module);
ngx_mail_ssl_init_connection(&sslcf->ssl, c);
return;
diff --git a/src/mail/ngx_mail_ssl_module.c b/src/mail/ngx_mail_ssl_module.c
--- a/src/mail/ngx_mail_ssl_module.c
+++ b/src/mail/ngx_mail_ssl_module.c
@@ -23,8 +23,6 @@ static int ngx_mail_ssl_alpn_select(ngx_
static void *ngx_mail_ssl_create_conf(ngx_conf_t *cf);
static char *ngx_mail_ssl_merge_conf(ngx_conf_t *cf, void *parent, void *child);
-static char *ngx_mail_ssl_enable(ngx_conf_t *cf, ngx_command_t *cmd,
- void *conf);
static char *ngx_mail_ssl_starttls(ngx_conf_t *cf, ngx_command_t *cmd,
void *conf);
static char *ngx_mail_ssl_password_file(ngx_conf_t *cf, ngx_command_t *cmd,
@@ -65,24 +63,12 @@ static ngx_conf_enum_t ngx_mail_ssl_ver
};
-static ngx_conf_deprecated_t ngx_mail_ssl_deprecated = {
- ngx_conf_deprecated, "ssl", "listen ... ssl"
-};
-
-
static ngx_conf_post_t ngx_mail_ssl_conf_command_post =
{ ngx_mail_ssl_conf_command_check };
static ngx_command_t ngx_mail_ssl_commands[] = {
- { ngx_string("ssl"),
- NGX_MAIL_MAIN_CONF|NGX_MAIL_SRV_CONF|NGX_CONF_FLAG,
- ngx_mail_ssl_enable,
- NGX_MAIL_SRV_CONF_OFFSET,
- offsetof(ngx_mail_ssl_conf_t, enable),
- &ngx_mail_ssl_deprecated },
-
{ ngx_string("starttls"),
NGX_MAIL_MAIN_CONF|NGX_MAIL_SRV_CONF|NGX_CONF_TAKE1,
ngx_mail_ssl_starttls,
@@ -322,7 +308,6 @@ ngx_mail_ssl_create_conf(ngx_conf_t *cf)
* scf->shm_zone = NULL;
*/
- scf->enable = NGX_CONF_UNSET;
scf->starttls = NGX_CONF_UNSET_UINT;
scf->certificates = NGX_CONF_UNSET_PTR;
scf->certificate_keys = NGX_CONF_UNSET_PTR;
@@ -349,7 +334,6 @@ ngx_mail_ssl_merge_conf(ngx_conf_t *cf,
char *mode;
ngx_pool_cleanup_t *cln;
- ngx_conf_merge_value(conf->enable, prev->enable, 0);
ngx_conf_merge_uint_value(conf->starttls, prev->starttls,
NGX_MAIL_STARTTLS_OFF);
@@ -394,9 +378,6 @@ ngx_mail_ssl_merge_conf(ngx_conf_t *cf,
if (conf->listen) {
mode = "listen ... ssl";
- } else if (conf->enable) {
- mode = "ssl";
-
} else if (conf->starttls != NGX_MAIL_STARTTLS_OFF) {
mode = "starttls";
@@ -546,34 +527,6 @@ ngx_mail_ssl_merge_conf(ngx_conf_t *cf,
static char *
-ngx_mail_ssl_enable(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
-{
- ngx_mail_ssl_conf_t *scf = conf;
-
- char *rv;
-
- rv = ngx_conf_set_flag_slot(cf, cmd, conf);
-
- if (rv != NGX_CONF_OK) {
- return rv;
- }
-
- if (scf->enable && (ngx_int_t) scf->starttls > NGX_MAIL_STARTTLS_OFF) {
- ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
- "\"starttls\" directive conflicts with \"ssl on\"");
- return NGX_CONF_ERROR;
- }
-
- if (!scf->listen) {
- scf->file = cf->conf_file->file.name.data;
- scf->line = cf->conf_file->line;
- }
-
- return NGX_CONF_OK;
-}
-
-
-static char *
ngx_mail_ssl_starttls(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
{
ngx_mail_ssl_conf_t *scf = conf;
@@ -586,12 +539,6 @@ ngx_mail_ssl_starttls(ngx_conf_t *cf, ng
return rv;
}
- if (scf->enable == 1 && (ngx_int_t) scf->starttls > NGX_MAIL_STARTTLS_OFF) {
- ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
- "\"ssl\" directive conflicts with \"starttls\"");
- return NGX_CONF_ERROR;
- }
-
if (!scf->listen) {
scf->file = cf->conf_file->file.name.data;
scf->line = cf->conf_file->line;
diff --git a/src/mail/ngx_mail_ssl_module.h b/src/mail/ngx_mail_ssl_module.h
--- a/src/mail/ngx_mail_ssl_module.h
+++ b/src/mail/ngx_mail_ssl_module.h
@@ -20,7 +20,6 @@
typedef struct {
- ngx_flag_t enable;
ngx_flag_t prefer_server_ciphers;
ngx_ssl_t ssl;
More information about the nginx-devel
mailing list