cscf = addr[a].default_server;
sscf = cscf->ctx->srv_conf[ngx_http_ssl_module.ctx_index];
- if (sscf->certificates == NULL) {
+ if (sscf->certificates) {
+ continue;
+ }
+
+ if (!sscf->reject_handshake) {
+ ngx_log_error(NGX_LOG_EMERG, cf->log, 0,
+ "no \"ssl_certificate\" is defined for "
+ "the \"listen ... ssl\" directive in %s:%ui",
+ cscf->file_name, cscf->line);
+ return NGX_ERROR;
+ }
+
+ /*
+ * if no certificates are defined in the default server,
+ * check all non-default server blocks
+ */
+
+ cscfp = addr[a].servers.elts;
+ for (s = 0; s < addr[a].servers.nelts; s++) {
+
+ cscf = cscfp[s];
+ sscf = cscf->ctx->srv_conf[ngx_http_ssl_module.ctx_index];
+
+ if (sscf->certificates || sscf->reject_handshake) {
+ continue;
+ }
+
ngx_log_error(NGX_LOG_EMERG, cf->log, 0,
"no \"ssl_certificate\" is defined for "
- "the \"listen ... ssl\" directive in %s:%ui",
- cscf->file_name, cscf->line);
+ "the \"listen ... %s\" directive in %s:%ui",
+ name, cscf->file_name, cscf->line);
+ return NGX_ERROR;
+ }
+
+ if (addr[a].opt.quic && !(sscf->protocols & NGX_SSL_TLSv1_3)) {
+ ngx_log_error(NGX_LOG_EMERG, cf->log, 0,
+ "\"ssl_protocols\" did not enable TLSv1.3 for "
+ "the \"listen ... %s\" directives in %s:%ui",
+ name, cscf->file_name, cscf->line);
return NGX_ERROR;
}
}