IntenseWebs/nginx
3
0
Fork 0
mirror of https://github.com/nginx/nginx.git synced 2025-02-25 18:55:26 -06:00
Code Issues Packages Projects Releases Wiki Activity

SSL: removed the "ssl" directive.

Browse Source 
It has been deprecated since 7270:46c0c7ef4913 (1.15.0) in favour of
the "ssl" parameter of the "listen" directive, which has been available
since 2224:109849282793 (0.7.14).
This commit is contained in:
Roman Arutyunyan 2023-06-08 14:49:27 +04:00
parent aefd862ab1
commit d32f66f1e8
6 changed files with 5 additions and 146 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

78
src/http/modules/ngx_http_ssl_module.c
View File

@ -43,8 +43,6 @@ static char *ngx_http_ssl_merge_srv_conf(ngx_conf_t *cf,
static ngx_int_t ngx_http_ssl_compile_certificates(ngx_conf_t *cf, static ngx_int_t ngx_http_ssl_compile_certificates(ngx_conf_t *cf,
ngx_http_ssl_srv_conf_t *conf); ngx_http_ssl_srv_conf_t *conf);
static char *ngx_http_ssl_enable(ngx_conf_t *cf, ngx_command_t *cmd,
void *conf);
static char *ngx_http_ssl_password_file(ngx_conf_t *cf, ngx_command_t *cmd, static char *ngx_http_ssl_password_file(ngx_conf_t *cf, ngx_command_t *cmd,
void *conf); void *conf);
static char *ngx_http_ssl_session_cache(ngx_conf_t *cf, ngx_command_t *cmd, static char *ngx_http_ssl_session_cache(ngx_conf_t *cf, ngx_command_t *cmd,
@ -90,24 +88,12 @@ static ngx_conf_enum_t ngx_http_ssl_ocsp[] = {
}; };
static ngx_conf_deprecated_t ngx_http_ssl_deprecated = {
ngx_conf_deprecated, "ssl", "listen ... ssl"
};
static ngx_conf_post_t ngx_http_ssl_conf_command_post = static ngx_conf_post_t ngx_http_ssl_conf_command_post =
{ ngx_http_ssl_conf_command_check }; { ngx_http_ssl_conf_command_check };
static ngx_command_t ngx_http_ssl_commands[] = { static ngx_command_t ngx_http_ssl_commands[] = {
{ ngx_string("ssl"),
NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_FLAG,
ngx_http_ssl_enable,
NGX_HTTP_SRV_CONF_OFFSET,
offsetof(ngx_http_ssl_srv_conf_t, enable),
&ngx_http_ssl_deprecated },
{ ngx_string("ssl_certificate"), { ngx_string("ssl_certificate"),
NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_TAKE1, NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_TAKE1,
ngx_conf_set_str_array_slot, ngx_conf_set_str_array_slot,
@ -625,7 +611,6 @@ ngx_http_ssl_create_srv_conf(ngx_conf_t *cf)
* sscf->stapling_responder = { 0, NULL }; * sscf->stapling_responder = { 0, NULL };
*/ */
sscf->enable = NGX_CONF_UNSET;
sscf->prefer_server_ciphers = NGX_CONF_UNSET; sscf->prefer_server_ciphers = NGX_CONF_UNSET;
sscf->early_data = NGX_CONF_UNSET; sscf->early_data = NGX_CONF_UNSET;
sscf->reject_handshake = NGX_CONF_UNSET; sscf->reject_handshake = NGX_CONF_UNSET;
@ -657,17 +642,6 @@ ngx_http_ssl_merge_srv_conf(ngx_conf_t *cf, void *parent, void *child)
ngx_pool_cleanup_t *cln; ngx_pool_cleanup_t *cln;
if (conf->enable == NGX_CONF_UNSET) {
if (prev->enable == NGX_CONF_UNSET) {
conf->enable = 0;
} else {
conf->enable = prev->enable;
conf->file = prev->file;
conf->line = prev->line;
}
}
ngx_conf_merge_value(conf->session_timeout, ngx_conf_merge_value(conf->session_timeout,
prev->session_timeout, 300); prev->session_timeout, 300);
@ -722,37 +696,7 @@ ngx_http_ssl_merge_srv_conf(ngx_conf_t *cf, void *parent, void *child)
conf->ssl.log = cf->log; conf->ssl.log = cf->log;
if (conf->enable) { if (conf->certificates) {
if (conf->certificates) {
if (conf->certificate_keys == NULL) {
ngx_log_error(NGX_LOG_EMERG, cf->log, 0,
"no \"ssl_certificate_key\" is defined for "
"the \"ssl\" directive in %s:%ui",
conf->file, conf->line);
return NGX_CONF_ERROR;
}
if (conf->certificate_keys->nelts < conf->certificates->nelts) {
ngx_log_error(NGX_LOG_EMERG, cf->log, 0,
"no \"ssl_certificate_key\" is defined "
"for certificate \"%V\" and "
"the \"ssl\" directive in %s:%ui",
((ngx_str_t *) conf->certificates->elts)
+ conf->certificates->nelts - 1,
conf->file, conf->line);
return NGX_CONF_ERROR;
}
} else if (!conf->reject_handshake) {
ngx_log_error(NGX_LOG_EMERG, cf->log, 0,
"no \"ssl_certificate\" is defined for "
"the \"ssl\" directive in %s:%ui",
conf->file, conf->line);
return NGX_CONF_ERROR;
}
} else if (conf->certificates) {
if (conf->certificate_keys == NULL if (conf->certificate_keys == NULL
|| conf->certificate_keys->nelts < conf->certificates->nelts) || conf->certificate_keys->nelts < conf->certificates->nelts)
@ -1038,26 +982,6 @@ found:
} }
static char *
ngx_http_ssl_enable(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
{
ngx_http_ssl_srv_conf_t *sscf = conf;
char *rv;
rv = ngx_conf_set_flag_slot(cf, cmd, conf);
if (rv != NGX_CONF_OK) {
return rv;
}
sscf->file = cf->conf_file->file.name.data;
sscf->line = cf->conf_file->line;
return NGX_CONF_OK;
}
static char * static char *
ngx_http_ssl_password_file(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) ngx_http_ssl_password_file(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
{ {

5
src/http/modules/ngx_http_ssl_module.h
View File

@ -15,8 +15,6 @@
typedef struct { typedef struct {
ngx_flag_t enable;
ngx_ssl_t ssl; ngx_ssl_t ssl;
ngx_flag_t prefer_server_ciphers; ngx_flag_t prefer_server_ciphers;
@ -64,9 +62,6 @@ typedef struct {
ngx_flag_t stapling_verify; ngx_flag_t stapling_verify;
ngx_str_t stapling_file; ngx_str_t stapling_file;
ngx_str_t stapling_responder; ngx_str_t stapling_responder;
u_char *file;
ngx_uint_t line;
} ngx_http_ssl_srv_conf_t; } ngx_http_ssl_srv_conf_t;

8
src/http/ngx_http_request.c
View File

@ -326,17 +326,11 @@ ngx_http_init_connection(ngx_connection_t *c)
#endif #endif
#if (NGX_HTTP_SSL) #if (NGX_HTTP_SSL)
{ if (hc->addr_conf->ssl) {
ngx_http_ssl_srv_conf_t *sscf;
sscf = ngx_http_get_module_srv_conf(hc->conf_ctx, ngx_http_ssl_module);
if (sscf->enable || hc->addr_conf->ssl) {
hc->ssl = 1; hc->ssl = 1;
c->log->action = "SSL handshaking"; c->log->action = "SSL handshaking";
rev->handler = ngx_http_ssl_handshake; rev->handler = ngx_http_ssl_handshake;
} }
}
#endif #endif
if (hc->addr_conf->proxy_protocol) { if (hc->addr_conf->proxy_protocol) {

6
src/mail/ngx_mail_handler.c
View File

@ -283,11 +283,11 @@ ngx_mail_init_session_handler(ngx_event_t *rev)
s = c->data; s = c->data;
sslcf = ngx_mail_get_module_srv_conf(s, ngx_mail_ssl_module); if (s->ssl) {
if (sslcf->enable || s->ssl) {
c->log->action = "SSL handshaking"; c->log->action = "SSL handshaking";
sslcf = ngx_mail_get_module_srv_conf(s, ngx_mail_ssl_module);
ngx_mail_ssl_init_connection(&sslcf->ssl, c); ngx_mail_ssl_init_connection(&sslcf->ssl, c);
return; return;
} }

53
src/mail/ngx_mail_ssl_module.c
View File

@ -23,8 +23,6 @@ static int ngx_mail_ssl_alpn_select(ngx_ssl_conn_t *ssl_conn,
static void *ngx_mail_ssl_create_conf(ngx_conf_t *cf); static void *ngx_mail_ssl_create_conf(ngx_conf_t *cf);
static char *ngx_mail_ssl_merge_conf(ngx_conf_t *cf, void *parent, void *child); static char *ngx_mail_ssl_merge_conf(ngx_conf_t *cf, void *parent, void *child);
static char *ngx_mail_ssl_enable(ngx_conf_t *cf, ngx_command_t *cmd,
void *conf);
static char *ngx_mail_ssl_starttls(ngx_conf_t *cf, ngx_command_t *cmd, static char *ngx_mail_ssl_starttls(ngx_conf_t *cf, ngx_command_t *cmd,
void *conf); void *conf);
static char *ngx_mail_ssl_password_file(ngx_conf_t *cf, ngx_command_t *cmd, static char *ngx_mail_ssl_password_file(ngx_conf_t *cf, ngx_command_t *cmd,
@ -65,24 +63,12 @@ static ngx_conf_enum_t ngx_mail_ssl_verify[] = {
}; };
static ngx_conf_deprecated_t ngx_mail_ssl_deprecated = {
ngx_conf_deprecated, "ssl", "listen ... ssl"
};
static ngx_conf_post_t ngx_mail_ssl_conf_command_post = static ngx_conf_post_t ngx_mail_ssl_conf_command_post =
{ ngx_mail_ssl_conf_command_check }; { ngx_mail_ssl_conf_command_check };
static ngx_command_t ngx_mail_ssl_commands[] = { static ngx_command_t ngx_mail_ssl_commands[] = {
{ ngx_string("ssl"),
NGX_MAIL_MAIN_CONF|NGX_MAIL_SRV_CONF|NGX_CONF_FLAG,
ngx_mail_ssl_enable,
NGX_MAIL_SRV_CONF_OFFSET,
offsetof(ngx_mail_ssl_conf_t, enable),
&ngx_mail_ssl_deprecated },
{ ngx_string("starttls"), { ngx_string("starttls"),
NGX_MAIL_MAIN_CONF|NGX_MAIL_SRV_CONF|NGX_CONF_TAKE1, NGX_MAIL_MAIN_CONF|NGX_MAIL_SRV_CONF|NGX_CONF_TAKE1,
ngx_mail_ssl_starttls, ngx_mail_ssl_starttls,
@ -322,7 +308,6 @@ ngx_mail_ssl_create_conf(ngx_conf_t *cf)
* scf->shm_zone = NULL; * scf->shm_zone = NULL;
*/ */
scf->enable = NGX_CONF_UNSET;
scf->starttls = NGX_CONF_UNSET_UINT; scf->starttls = NGX_CONF_UNSET_UINT;
scf->certificates = NGX_CONF_UNSET_PTR; scf->certificates = NGX_CONF_UNSET_PTR;
scf->certificate_keys = NGX_CONF_UNSET_PTR; scf->certificate_keys = NGX_CONF_UNSET_PTR;
@ -349,7 +334,6 @@ ngx_mail_ssl_merge_conf(ngx_conf_t *cf, void *parent, void *child)
char *mode; char *mode;
ngx_pool_cleanup_t *cln; ngx_pool_cleanup_t *cln;
ngx_conf_merge_value(conf->enable, prev->enable, 0);
ngx_conf_merge_uint_value(conf->starttls, prev->starttls, ngx_conf_merge_uint_value(conf->starttls, prev->starttls,
NGX_MAIL_STARTTLS_OFF); NGX_MAIL_STARTTLS_OFF);
@ -394,9 +378,6 @@ ngx_mail_ssl_merge_conf(ngx_conf_t *cf, void *parent, void *child)
if (conf->listen) { if (conf->listen) {
mode = "listen ... ssl"; mode = "listen ... ssl";
} else if (conf->enable) {
mode = "ssl";
} else if (conf->starttls != NGX_MAIL_STARTTLS_OFF) { } else if (conf->starttls != NGX_MAIL_STARTTLS_OFF) {
mode = "starttls"; mode = "starttls";
@ -545,34 +526,6 @@ ngx_mail_ssl_merge_conf(ngx_conf_t *cf, void *parent, void *child)
} }
static char *
ngx_mail_ssl_enable(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
{
ngx_mail_ssl_conf_t *scf = conf;
char *rv;
rv = ngx_conf_set_flag_slot(cf, cmd, conf);
if (rv != NGX_CONF_OK) {
return rv;
}
if (scf->enable && (ngx_int_t) scf->starttls > NGX_MAIL_STARTTLS_OFF) {
ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
"\"starttls\" directive conflicts with \"ssl on\"");
return NGX_CONF_ERROR;
}
if (!scf->listen) {
scf->file = cf->conf_file->file.name.data;
scf->line = cf->conf_file->line;
}
return NGX_CONF_OK;
}
static char * static char *
ngx_mail_ssl_starttls(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) ngx_mail_ssl_starttls(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
{ {
@ -586,12 +539,6 @@ ngx_mail_ssl_starttls(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
return rv; return rv;
} }
if (scf->enable == 1 && (ngx_int_t) scf->starttls > NGX_MAIL_STARTTLS_OFF) {
ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
"\"ssl\" directive conflicts with \"starttls\"");
return NGX_CONF_ERROR;
}
if (!scf->listen) { if (!scf->listen) {
scf->file = cf->conf_file->file.name.data; scf->file = cf->conf_file->file.name.data;
scf->line = cf->conf_file->line; scf->line = cf->conf_file->line;

1
src/mail/ngx_mail_ssl_module.h
View File

@ -20,7 +20,6 @@
typedef struct { typedef struct {
ngx_flag_t enable;
ngx_flag_t prefer_server_ciphers; ngx_flag_t prefer_server_ciphers;
ngx_ssl_t ssl; ngx_ssl_t ssl;