Why can't I use the "ssl" modified on more than one listen statement?
Igor Sysoev
igor at sysoev.ru
Mon Sep 27 14:06:31 MSD 2010
On Sat, Sep 25, 2010 at 11:00:18AM -0400, portante wrote:
> Hello,
>
> Here is a patch against 0.8.50 to only complain when the listen options
> are actually different.
>
> Would folks be interested in this?
>
> [code]
> $ svn diff -r 32178:32179 src/http/ngx_http.c
> Index: src/http/ngx_http.c
> ===================================================================
> --- src/http/ngx_http.c (revision 32178)
> +++ src/http/ngx_http.c (revision 32179)
> @@ -1273,9 +1273,35 @@
> if (lsopt->set) {
>
> if (addr[i].opt.set) {
> - ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
> - "a duplicate listen options for %s",
> addr[i].opt.addr);
> - return NGX_ERROR;
> + /*
> + * If this set is not the same as the old set, complain
> + */
> + if ((lsopt->default_server !=
> addr[i].opt.default_server)
> + || (lsopt->bind != addr[i].opt.bind)
> + || (lsopt->wildcard != addr[i].opt.wildcard)
> +#if (NGX_HTTP_SSL)
> + || (lsopt->ssl != addr[i].opt.ssl)
> +#endif
> +#if (NGX_HAVE_INET6 && defined IPV6_V6ONLY)
> + || (lsopt->ipv6only != addr[i].opt.ipv6only)
> +#endif
> + || (lsopt->backlog != addr[i].opt.backlog)
> + || (lsopt->rcvbuf != addr[i].opt.rcvbuf)
> + || (lsopt->sndbuf != addr[i].opt.sndbuf)
> +#if (NGX_HAVE_SETFIB)
> + || (lsopt->setfib != addr[i].opt.setfib)
> +#endif
> +#if (NGX_HAVE_DEFERRED_ACCEPT && defined SO_ACCEPTFILTER)
> + || (ngx_strcmp(lsopt->accept_filter,
> addr[i].opt.accept_filter) != 0)
> +#endif
> +#if (NGX_HAVE_DEFERRED_ACCEPT && defined TCP_DEFER_ACCEPT)
> + || (lsopt->deferred_accept !=
> addr[i].opt.deferred_accept)
> +#endif
> + || (ngx_strcmp(lsopt->addr, addr[i].opt.addr) !=
> 0)) {
> + ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
> + "conflicting listen options for %s",
> addr[i].opt.addr);
> + return NGX_ERROR;
> + }
> }
>
> addr[i].opt = *lsopt;
> [/code]
This patch breaks "listen default_server" and force to set various
listen socket options in all listen directive. The attached patch allows
to set only "ssl" option in several listen directives.
--
Igor Sysoev
http://sysoev.ru/en/
-------------- next part --------------
Index: src/http/ngx_http_core_module.c
===================================================================
--- src/http/ngx_http_core_module.c (revision 3082)
+++ src/http/ngx_http_core_module.c (working copy)
@@ -3569,7 +3569,6 @@
if (ngx_strcmp(value[n].data, "ssl") == 0) {
#if (NGX_HTTP_SSL)
- lsopt.set = 1;
lsopt.ssl = 1;
continue;
#else
Index: src/http/ngx_http.c
===================================================================
--- src/http/ngx_http.c (revision 3082)
+++ src/http/ngx_http.c (working copy)
@@ -1221,6 +1221,9 @@
#if (NGX_HAVE_UNIX_DOMAIN)
struct sockaddr_un *saun;
#endif
+#if (NGX_HTTP_SSL)
+ ngx_uint_t ssl;
+#endif
/*
* we can not compare whole sockaddr struct's as kernel
@@ -1270,6 +1273,10 @@
/* preserve default_server bit during listen options overwriting */
default_server = addr[i].opt.default_server;
+#if (NGX_HTTP_SSL)
+ ssl = lsopt->ssl || addr[i].opt.set;
+#endif
+
if (lsopt->set) {
if (addr[i].opt.set) {
@@ -1296,6 +1303,9 @@
}
addr[i].opt.default_server = default_server;
+#if (NGX_HTTP_SSL)
+ addr[i].opt.ssl = ssl;
+#endif
return NGX_OK;
}
More information about the nginx
mailing list