Upstream: handling of certificates specified as an empty string.
Now, if the directive is given an empty string, such configuration cancels loading of certificates, in particular, if they would be otherwise inherited from the previous level. This restores previous behaviour, before variables support in certificates was introduced (3ab8e1e2f0f7).
This commit is contained in:
parent
bb4d3b091d
commit
82ff3c2d8c
|
@ -4906,8 +4906,9 @@ ngx_http_grpc_set_ssl(ngx_conf_t *cf, ngx_http_grpc_loc_conf_t *glcf)
|
|||
return NGX_ERROR;
|
||||
}
|
||||
|
||||
if (glcf->upstream.ssl_certificate) {
|
||||
|
||||
if (glcf->upstream.ssl_certificate
|
||||
&& glcf->upstream.ssl_certificate->value.len)
|
||||
{
|
||||
if (glcf->upstream.ssl_certificate_key == NULL) {
|
||||
ngx_log_error(NGX_LOG_EMERG, cf->log, 0,
|
||||
"no \"grpc_ssl_certificate_key\" is defined "
|
||||
|
|
|
@ -4955,8 +4955,9 @@ ngx_http_proxy_set_ssl(ngx_conf_t *cf, ngx_http_proxy_loc_conf_t *plcf)
|
|||
return NGX_ERROR;
|
||||
}
|
||||
|
||||
if (plcf->upstream.ssl_certificate) {
|
||||
|
||||
if (plcf->upstream.ssl_certificate
|
||||
&& plcf->upstream.ssl_certificate->value.len)
|
||||
{
|
||||
if (plcf->upstream.ssl_certificate_key == NULL) {
|
||||
ngx_log_error(NGX_LOG_EMERG, cf->log, 0,
|
||||
"no \"proxy_ssl_certificate_key\" is defined "
|
||||
|
|
|
@ -2487,8 +2487,9 @@ ngx_http_uwsgi_set_ssl(ngx_conf_t *cf, ngx_http_uwsgi_loc_conf_t *uwcf)
|
|||
return NGX_ERROR;
|
||||
}
|
||||
|
||||
if (uwcf->upstream.ssl_certificate) {
|
||||
|
||||
if (uwcf->upstream.ssl_certificate
|
||||
&& uwcf->upstream.ssl_certificate->value.len)
|
||||
{
|
||||
if (uwcf->upstream.ssl_certificate_key == NULL) {
|
||||
ngx_log_error(NGX_LOG_EMERG, cf->log, 0,
|
||||
"no \"uwsgi_ssl_certificate_key\" is defined "
|
||||
|
|
|
@ -1690,8 +1690,10 @@ ngx_http_upstream_ssl_init_connection(ngx_http_request_t *r,
|
|||
}
|
||||
}
|
||||
|
||||
if (u->conf->ssl_certificate && (u->conf->ssl_certificate->lengths
|
||||
|| u->conf->ssl_certificate_key->lengths))
|
||||
if (u->conf->ssl_certificate
|
||||
&& u->conf->ssl_certificate->value.len
|
||||
&& (u->conf->ssl_certificate->lengths
|
||||
|| u->conf->ssl_certificate_key->lengths))
|
||||
{
|
||||
if (ngx_http_upstream_ssl_certificate(r, u, c) != NGX_OK) {
|
||||
ngx_http_upstream_finalize_request(r, u,
|
||||
|
|
|
@ -1069,8 +1069,10 @@ ngx_stream_proxy_ssl_init_connection(ngx_stream_session_t *s)
|
|||
}
|
||||
}
|
||||
|
||||
if (pscf->ssl_certificate && (pscf->ssl_certificate->lengths
|
||||
|| pscf->ssl_certificate_key->lengths))
|
||||
if (pscf->ssl_certificate
|
||||
&& pscf->ssl_certificate->value.len
|
||||
&& (pscf->ssl_certificate->lengths
|
||||
|| pscf->ssl_certificate_key->lengths))
|
||||
{
|
||||
if (ngx_stream_proxy_ssl_certificate(s) != NGX_OK) {
|
||||
ngx_stream_proxy_finalize(s, NGX_STREAM_INTERNAL_SERVER_ERROR);
|
||||
|
@ -2225,8 +2227,9 @@ ngx_stream_proxy_set_ssl(ngx_conf_t *cf, ngx_stream_proxy_srv_conf_t *pscf)
|
|||
return NGX_ERROR;
|
||||
}
|
||||
|
||||
if (pscf->ssl_certificate) {
|
||||
|
||||
if (pscf->ssl_certificate
|
||||
&& pscf->ssl_certificate->value.len)
|
||||
{
|
||||
if (pscf->ssl_certificate_key == NULL) {
|
||||
ngx_log_error(NGX_LOG_EMERG, cf->log, 0,
|
||||
"no \"proxy_ssl_certificate_key\" is defined "
|
||||
|
|
Loading…
Reference in New Issue