]> git.kaiwu.me - nginx.git/commitdiff
Merged with the default branch.
authorSergey Kandaurov <pluknet@nginx.com>
Thu, 29 Oct 2020 14:53:58 +0000 (14:53 +0000)
committerSergey Kandaurov <pluknet@nginx.com>
Thu, 29 Oct 2020 14:53:58 +0000 (14:53 +0000)
1  2 
src/event/ngx_event_openssl.c
src/event/ngx_event_openssl.h
src/http/modules/ngx_http_ssl_module.c
src/http/ngx_http_request.c

Simple merge
Simple merge
index 409514821b4b60bb42d2b11317d020242a23d907,e062b03a116cecfb72f0941c827681d4121ace9f..a2db307f705655f36c2b5fd32d14c3e6c509ca9a
@@@ -1320,19 -1340,37 +1365,45 @@@ ngx_http_ssl_init(ngx_conf_t *cf
              cscf = addr[a].default_server;
              sscf = cscf->ctx->srv_conf[ngx_http_ssl_module.ctx_index];
  
-             if (sscf->certificates == NULL) {
+             if (sscf->certificates) {
+                 continue;
+             }
+             if (!sscf->reject_handshake) {
+                 ngx_log_error(NGX_LOG_EMERG, cf->log, 0,
+                               "no \"ssl_certificate\" is defined for "
+                               "the \"listen ... ssl\" directive in %s:%ui",
+                               cscf->file_name, cscf->line);
+                 return NGX_ERROR;
+             }
+             /*
+              * if no certificates are defined in the default server,
+              * check all non-default server blocks
+              */
+             cscfp = addr[a].servers.elts;
+             for (s = 0; s < addr[a].servers.nelts; s++) {
+                 cscf = cscfp[s];
+                 sscf = cscf->ctx->srv_conf[ngx_http_ssl_module.ctx_index];
+                 if (sscf->certificates || sscf->reject_handshake) {
+                     continue;
+                 }
                  ngx_log_error(NGX_LOG_EMERG, cf->log, 0,
                                "no \"ssl_certificate\" is defined for "
 -                              "the \"listen ... ssl\" directive in %s:%ui",
 -                              cscf->file_name, cscf->line);
 +                              "the \"listen ... %s\" directive in %s:%ui",
 +                              name, cscf->file_name, cscf->line);
 +                return NGX_ERROR;
 +            }
 +
 +            if (addr[a].opt.quic && !(sscf->protocols & NGX_SSL_TLSv1_3)) {
 +                ngx_log_error(NGX_LOG_EMERG, cf->log, 0,
 +                              "\"ssl_protocols\" did not enable TLSv1.3 for "
 +                              "the \"listen ... %s\" directives in %s:%ui",
 +                              name, cscf->file_name, cscf->line);
                  return NGX_ERROR;
              }
          }
Simple merge