[njs] Fetch: optimized use of SSL contexts.

noreply at nginx.com noreply at nginx.com
Wed Dec 4 01:27:02 UTC 2024 

details:   https://github.com/nginx/njs/commit/f2955c8b25873d06527815a98e10e487cc1d55cf
branches:  master
commit:    f2955c8b25873d06527815a98e10e487cc1d55cf
user:      Dmitry Volyntsev <xeioex at nginx.com>
date:      Mon, 2 Dec 2024 18:46:45 -0800
description:
Fetch: optimized use of SSL contexts.

To ensure optimal use of memory, SSL contexts for ngx.fetch() are now
inherited from previous levels as long as relevant js_fetch_* directives
are not redefined.

---
 nginx/ngx_js.c | 56 +++++++++++++++++++++++++++++++++++++++++++++++++++-----
 1 file changed, 51 insertions(+), 5 deletions(-)

diff --git a/nginx/ngx_js.c b/nginx/ngx_js.c
index 05f6aa7e..12b577a2 100644
--- a/nginx/ngx_js.c
+++ b/nginx/ngx_js.c
@@ -3946,19 +3946,60 @@ ngx_js_create_conf(ngx_conf_t *cf, size_t size)
 
 #if defined(NGX_HTTP_SSL) || defined(NGX_STREAM_SSL)
 
+static ngx_int_t
+ngx_js_merge_ssl(ngx_conf_t *cf, ngx_js_loc_conf_t *conf,
+    ngx_js_loc_conf_t *prev)
+{
+    ngx_uint_t  preserve;
+
+    if (conf->ssl_protocols == 0
+        && conf->ssl_ciphers.data == NULL
+        && conf->ssl_verify == NGX_CONF_UNSET
+        && conf->ssl_verify_depth == NGX_CONF_UNSET
+        && conf->ssl_trusted_certificate.data == NULL)
+    {
+        if (prev->ssl) {
+            conf->ssl = prev->ssl;
+            return NGX_OK;
+        }
+
+        preserve = 1;
+
+    } else {
+        preserve = 0;
+    }
+
+    conf->ssl = ngx_pcalloc(cf->pool, sizeof(ngx_ssl_t));
+    if (conf->ssl == NULL) {
+        return NGX_ERROR;
+    }
+
+    conf->ssl->log = cf->log;
+
+    /*
+     * special handling to preserve conf->ssl
+     * in the "http" section to inherit it to all servers
+     */
+
+    if (preserve) {
+        prev->ssl = conf->ssl;
+    }
+
+    return NGX_OK;
+}
+
+
 static char *
 ngx_js_set_ssl(ngx_conf_t *cf, ngx_js_loc_conf_t *conf)
 {
     ngx_ssl_t           *ssl;
     ngx_pool_cleanup_t  *cln;
 
-    ssl = ngx_pcalloc(cf->pool, sizeof(ngx_ssl_t));
-    if (ssl == NULL) {
-        return NGX_CONF_ERROR;
+    if (conf->ssl->ctx) {
+        return NGX_OK;
     }
 
-    conf->ssl = ssl;
-    ssl->log = cf->log;
+    ssl = conf->ssl;
 
     if (ngx_ssl_create(ssl, conf->ssl_protocols, NULL) != NGX_OK) {
         return NGX_CONF_ERROR;
@@ -4013,6 +4054,11 @@ ngx_js_merge_conf(ngx_conf_t *cf, void *parent, void *child,
     }
 
 #if defined(NGX_HTTP_SSL) || defined(NGX_STREAM_SSL)
+
+    if (ngx_js_merge_ssl(cf, conf, prev) != NGX_OK) {
+        return NGX_CONF_ERROR;
+    }
+
     ngx_conf_merge_str_value(conf->ssl_ciphers, prev->ssl_ciphers,
                              "DEFAULT");

More information about the nginx-devel mailing list