mirror of
https://github.com/nginx/nginx.git
synced 2024-12-19 05:33:52 -06:00
SSL: removed the "ssl" directive.
It has been deprecated since 7270:46c0c7ef4913 (1.15.0) in favour of the "ssl" parameter of the "listen" directive, which has been available since 2224:109849282793 (0.7.14).
This commit is contained in:
parent
aefd862ab1
commit
d32f66f1e8
@ -43,8 +43,6 @@ static char *ngx_http_ssl_merge_srv_conf(ngx_conf_t *cf,
|
||||
static ngx_int_t ngx_http_ssl_compile_certificates(ngx_conf_t *cf,
|
||||
ngx_http_ssl_srv_conf_t *conf);
|
||||
|
||||
static char *ngx_http_ssl_enable(ngx_conf_t *cf, ngx_command_t *cmd,
|
||||
void *conf);
|
||||
static char *ngx_http_ssl_password_file(ngx_conf_t *cf, ngx_command_t *cmd,
|
||||
void *conf);
|
||||
static char *ngx_http_ssl_session_cache(ngx_conf_t *cf, ngx_command_t *cmd,
|
||||
@ -90,24 +88,12 @@ static ngx_conf_enum_t ngx_http_ssl_ocsp[] = {
|
||||
};
|
||||
|
||||
|
||||
static ngx_conf_deprecated_t ngx_http_ssl_deprecated = {
|
||||
ngx_conf_deprecated, "ssl", "listen ... ssl"
|
||||
};
|
||||
|
||||
|
||||
static ngx_conf_post_t ngx_http_ssl_conf_command_post =
|
||||
{ ngx_http_ssl_conf_command_check };
|
||||
|
||||
|
||||
static ngx_command_t ngx_http_ssl_commands[] = {
|
||||
|
||||
{ ngx_string("ssl"),
|
||||
NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_FLAG,
|
||||
ngx_http_ssl_enable,
|
||||
NGX_HTTP_SRV_CONF_OFFSET,
|
||||
offsetof(ngx_http_ssl_srv_conf_t, enable),
|
||||
&ngx_http_ssl_deprecated },
|
||||
|
||||
{ ngx_string("ssl_certificate"),
|
||||
NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_TAKE1,
|
||||
ngx_conf_set_str_array_slot,
|
||||
@ -625,7 +611,6 @@ ngx_http_ssl_create_srv_conf(ngx_conf_t *cf)
|
||||
* sscf->stapling_responder = { 0, NULL };
|
||||
*/
|
||||
|
||||
sscf->enable = NGX_CONF_UNSET;
|
||||
sscf->prefer_server_ciphers = NGX_CONF_UNSET;
|
||||
sscf->early_data = NGX_CONF_UNSET;
|
||||
sscf->reject_handshake = NGX_CONF_UNSET;
|
||||
@ -657,17 +642,6 @@ ngx_http_ssl_merge_srv_conf(ngx_conf_t *cf, void *parent, void *child)
|
||||
|
||||
ngx_pool_cleanup_t *cln;
|
||||
|
||||
if (conf->enable == NGX_CONF_UNSET) {
|
||||
if (prev->enable == NGX_CONF_UNSET) {
|
||||
conf->enable = 0;
|
||||
|
||||
} else {
|
||||
conf->enable = prev->enable;
|
||||
conf->file = prev->file;
|
||||
conf->line = prev->line;
|
||||
}
|
||||
}
|
||||
|
||||
ngx_conf_merge_value(conf->session_timeout,
|
||||
prev->session_timeout, 300);
|
||||
|
||||
@ -722,37 +696,7 @@ ngx_http_ssl_merge_srv_conf(ngx_conf_t *cf, void *parent, void *child)
|
||||
|
||||
conf->ssl.log = cf->log;
|
||||
|
||||
if (conf->enable) {
|
||||
|
||||
if (conf->certificates) {
|
||||
if (conf->certificate_keys == NULL) {
|
||||
ngx_log_error(NGX_LOG_EMERG, cf->log, 0,
|
||||
"no \"ssl_certificate_key\" is defined for "
|
||||
"the \"ssl\" directive in %s:%ui",
|
||||
conf->file, conf->line);
|
||||
return NGX_CONF_ERROR;
|
||||
}
|
||||
|
||||
if (conf->certificate_keys->nelts < conf->certificates->nelts) {
|
||||
ngx_log_error(NGX_LOG_EMERG, cf->log, 0,
|
||||
"no \"ssl_certificate_key\" is defined "
|
||||
"for certificate \"%V\" and "
|
||||
"the \"ssl\" directive in %s:%ui",
|
||||
((ngx_str_t *) conf->certificates->elts)
|
||||
+ conf->certificates->nelts - 1,
|
||||
conf->file, conf->line);
|
||||
return NGX_CONF_ERROR;
|
||||
}
|
||||
|
||||
} else if (!conf->reject_handshake) {
|
||||
ngx_log_error(NGX_LOG_EMERG, cf->log, 0,
|
||||
"no \"ssl_certificate\" is defined for "
|
||||
"the \"ssl\" directive in %s:%ui",
|
||||
conf->file, conf->line);
|
||||
return NGX_CONF_ERROR;
|
||||
}
|
||||
|
||||
} else if (conf->certificates) {
|
||||
if (conf->certificates) {
|
||||
|
||||
if (conf->certificate_keys == NULL
|
||||
|| conf->certificate_keys->nelts < conf->certificates->nelts)
|
||||
@ -1038,26 +982,6 @@ found:
|
||||
}
|
||||
|
||||
|
||||
static char *
|
||||
ngx_http_ssl_enable(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
|
||||
{
|
||||
ngx_http_ssl_srv_conf_t *sscf = conf;
|
||||
|
||||
char *rv;
|
||||
|
||||
rv = ngx_conf_set_flag_slot(cf, cmd, conf);
|
||||
|
||||
if (rv != NGX_CONF_OK) {
|
||||
return rv;
|
||||
}
|
||||
|
||||
sscf->file = cf->conf_file->file.name.data;
|
||||
sscf->line = cf->conf_file->line;
|
||||
|
||||
return NGX_CONF_OK;
|
||||
}
|
||||
|
||||
|
||||
static char *
|
||||
ngx_http_ssl_password_file(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
|
||||
{
|
||||
|
@ -15,8 +15,6 @@
|
||||
|
||||
|
||||
typedef struct {
|
||||
ngx_flag_t enable;
|
||||
|
||||
ngx_ssl_t ssl;
|
||||
|
||||
ngx_flag_t prefer_server_ciphers;
|
||||
@ -64,9 +62,6 @@ typedef struct {
|
||||
ngx_flag_t stapling_verify;
|
||||
ngx_str_t stapling_file;
|
||||
ngx_str_t stapling_responder;
|
||||
|
||||
u_char *file;
|
||||
ngx_uint_t line;
|
||||
} ngx_http_ssl_srv_conf_t;
|
||||
|
||||
|
||||
|
@ -326,17 +326,11 @@ ngx_http_init_connection(ngx_connection_t *c)
|
||||
#endif
|
||||
|
||||
#if (NGX_HTTP_SSL)
|
||||
{
|
||||
ngx_http_ssl_srv_conf_t *sscf;
|
||||
|
||||
sscf = ngx_http_get_module_srv_conf(hc->conf_ctx, ngx_http_ssl_module);
|
||||
|
||||
if (sscf->enable || hc->addr_conf->ssl) {
|
||||
if (hc->addr_conf->ssl) {
|
||||
hc->ssl = 1;
|
||||
c->log->action = "SSL handshaking";
|
||||
rev->handler = ngx_http_ssl_handshake;
|
||||
}
|
||||
}
|
||||
#endif
|
||||
|
||||
if (hc->addr_conf->proxy_protocol) {
|
||||
|
@ -283,11 +283,11 @@ ngx_mail_init_session_handler(ngx_event_t *rev)
|
||||
|
||||
s = c->data;
|
||||
|
||||
sslcf = ngx_mail_get_module_srv_conf(s, ngx_mail_ssl_module);
|
||||
|
||||
if (sslcf->enable || s->ssl) {
|
||||
if (s->ssl) {
|
||||
c->log->action = "SSL handshaking";
|
||||
|
||||
sslcf = ngx_mail_get_module_srv_conf(s, ngx_mail_ssl_module);
|
||||
|
||||
ngx_mail_ssl_init_connection(&sslcf->ssl, c);
|
||||
return;
|
||||
}
|
||||
|
@ -23,8 +23,6 @@ static int ngx_mail_ssl_alpn_select(ngx_ssl_conn_t *ssl_conn,
|
||||
static void *ngx_mail_ssl_create_conf(ngx_conf_t *cf);
|
||||
static char *ngx_mail_ssl_merge_conf(ngx_conf_t *cf, void *parent, void *child);
|
||||
|
||||
static char *ngx_mail_ssl_enable(ngx_conf_t *cf, ngx_command_t *cmd,
|
||||
void *conf);
|
||||
static char *ngx_mail_ssl_starttls(ngx_conf_t *cf, ngx_command_t *cmd,
|
||||
void *conf);
|
||||
static char *ngx_mail_ssl_password_file(ngx_conf_t *cf, ngx_command_t *cmd,
|
||||
@ -65,24 +63,12 @@ static ngx_conf_enum_t ngx_mail_ssl_verify[] = {
|
||||
};
|
||||
|
||||
|
||||
static ngx_conf_deprecated_t ngx_mail_ssl_deprecated = {
|
||||
ngx_conf_deprecated, "ssl", "listen ... ssl"
|
||||
};
|
||||
|
||||
|
||||
static ngx_conf_post_t ngx_mail_ssl_conf_command_post =
|
||||
{ ngx_mail_ssl_conf_command_check };
|
||||
|
||||
|
||||
static ngx_command_t ngx_mail_ssl_commands[] = {
|
||||
|
||||
{ ngx_string("ssl"),
|
||||
NGX_MAIL_MAIN_CONF|NGX_MAIL_SRV_CONF|NGX_CONF_FLAG,
|
||||
ngx_mail_ssl_enable,
|
||||
NGX_MAIL_SRV_CONF_OFFSET,
|
||||
offsetof(ngx_mail_ssl_conf_t, enable),
|
||||
&ngx_mail_ssl_deprecated },
|
||||
|
||||
{ ngx_string("starttls"),
|
||||
NGX_MAIL_MAIN_CONF|NGX_MAIL_SRV_CONF|NGX_CONF_TAKE1,
|
||||
ngx_mail_ssl_starttls,
|
||||
@ -322,7 +308,6 @@ ngx_mail_ssl_create_conf(ngx_conf_t *cf)
|
||||
* scf->shm_zone = NULL;
|
||||
*/
|
||||
|
||||
scf->enable = NGX_CONF_UNSET;
|
||||
scf->starttls = NGX_CONF_UNSET_UINT;
|
||||
scf->certificates = NGX_CONF_UNSET_PTR;
|
||||
scf->certificate_keys = NGX_CONF_UNSET_PTR;
|
||||
@ -349,7 +334,6 @@ ngx_mail_ssl_merge_conf(ngx_conf_t *cf, void *parent, void *child)
|
||||
char *mode;
|
||||
ngx_pool_cleanup_t *cln;
|
||||
|
||||
ngx_conf_merge_value(conf->enable, prev->enable, 0);
|
||||
ngx_conf_merge_uint_value(conf->starttls, prev->starttls,
|
||||
NGX_MAIL_STARTTLS_OFF);
|
||||
|
||||
@ -394,9 +378,6 @@ ngx_mail_ssl_merge_conf(ngx_conf_t *cf, void *parent, void *child)
|
||||
if (conf->listen) {
|
||||
mode = "listen ... ssl";
|
||||
|
||||
} else if (conf->enable) {
|
||||
mode = "ssl";
|
||||
|
||||
} else if (conf->starttls != NGX_MAIL_STARTTLS_OFF) {
|
||||
mode = "starttls";
|
||||
|
||||
@ -545,34 +526,6 @@ ngx_mail_ssl_merge_conf(ngx_conf_t *cf, void *parent, void *child)
|
||||
}
|
||||
|
||||
|
||||
static char *
|
||||
ngx_mail_ssl_enable(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
|
||||
{
|
||||
ngx_mail_ssl_conf_t *scf = conf;
|
||||
|
||||
char *rv;
|
||||
|
||||
rv = ngx_conf_set_flag_slot(cf, cmd, conf);
|
||||
|
||||
if (rv != NGX_CONF_OK) {
|
||||
return rv;
|
||||
}
|
||||
|
||||
if (scf->enable && (ngx_int_t) scf->starttls > NGX_MAIL_STARTTLS_OFF) {
|
||||
ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
|
||||
"\"starttls\" directive conflicts with \"ssl on\"");
|
||||
return NGX_CONF_ERROR;
|
||||
}
|
||||
|
||||
if (!scf->listen) {
|
||||
scf->file = cf->conf_file->file.name.data;
|
||||
scf->line = cf->conf_file->line;
|
||||
}
|
||||
|
||||
return NGX_CONF_OK;
|
||||
}
|
||||
|
||||
|
||||
static char *
|
||||
ngx_mail_ssl_starttls(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
|
||||
{
|
||||
@ -586,12 +539,6 @@ ngx_mail_ssl_starttls(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
|
||||
return rv;
|
||||
}
|
||||
|
||||
if (scf->enable == 1 && (ngx_int_t) scf->starttls > NGX_MAIL_STARTTLS_OFF) {
|
||||
ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
|
||||
"\"ssl\" directive conflicts with \"starttls\"");
|
||||
return NGX_CONF_ERROR;
|
||||
}
|
||||
|
||||
if (!scf->listen) {
|
||||
scf->file = cf->conf_file->file.name.data;
|
||||
scf->line = cf->conf_file->line;
|
||||
|
@ -20,7 +20,6 @@
|
||||
|
||||
|
||||
typedef struct {
|
||||
ngx_flag_t enable;
|
||||
ngx_flag_t prefer_server_ciphers;
|
||||
|
||||
ngx_ssl_t ssl;
|
||||
|
Loading…
Reference in New Issue
Block a user