From 661db9263fd21ddbe655bb792fbce8837ce61126 Mon Sep 17 00:00:00 2001
From: "Kanaga Vasantharaj (WIPRO LIMITED)" <v-kanagav@microsoft.com>
Date: Wed, 2 Jul 2025 18:21:31 +0530
Subject: [PATCH] changes made for http

---
 src/http/modules/ngx_http_ssl_module.c | 103 ++++++++++++++++++++++++-
 src/http/ngx_http_upstream.c           |  29 +++++--
 src/http/ngx_http_upstream.h           |   3 +-
 3 files changed, 125 insertions(+), 10 deletions(-)

diff --git a/src/http/modules/ngx_http_ssl_module.c b/src/http/modules/ngx_http_ssl_module.c
index dbfe5c08b..16248ba0c 100644
--- a/src/http/modules/ngx_http_ssl_module.c
+++ b/src/http/modules/ngx_http_ssl_module.c
@@ -39,6 +39,17 @@ static ngx_int_t ngx_http_ssl_add_variables(ngx_conf_t *cf);
 static void *ngx_http_ssl_create_srv_conf(ngx_conf_t *cf);
 static char *ngx_http_ssl_merge_srv_conf(ngx_conf_t *cf,
     void *parent, void *child);
+	
+u_char *ngx_ssl_get_backend_protocol(ngx_connection_t *c);
+u_char *ngx_ssl_get_backend_cipher(ngx_connection_t *c);
+
+static ngx_int_t ngx_http_variable_backend_ssl_cipher(ngx_http_request_t *r,
+                                                      ngx_http_variable_value_t *v,
+                                                      uintptr_t data);
+
+static ngx_int_t ngx_http_variable_backend_ssl_protocol(ngx_http_request_t *r,
+                                                        ngx_http_variable_value_t *v,
+                                                        uintptr_t data);	
 
 static ngx_int_t ngx_http_ssl_compile_certificates(ngx_conf_t *cf,
     ngx_http_ssl_srv_conf_t *conf);
@@ -302,7 +313,6 @@ static ngx_command_t  ngx_http_ssl_commands[] = {
       ngx_null_command
 };
 
-
 static ngx_http_module_t  ngx_http_ssl_module_ctx = {
     ngx_http_ssl_add_variables,            /* preconfiguration */
     ngx_http_ssl_init,                     /* postconfiguration */
@@ -333,6 +343,60 @@ ngx_module_t  ngx_http_ssl_module = {
     NGX_MODULE_V1_PADDING
 };
 
+static ngx_int_t
+ngx_http_variable_backend_ssl_cipher(ngx_http_request_t *r,
+                                    ngx_http_variable_value_t *v,
+                                    uintptr_t data)
+{
+    ngx_http_upstream_state_t *state;
+
+    if (r == NULL || r->upstream_states == NULL) {
+        v->not_found = 1;
+        return NGX_OK;
+    }
+
+    state = r->upstream_states->elts;
+
+    if (state[0].backend_ssl_cipher.data) {
+        v->len = state[0].backend_ssl_cipher.len;
+        v->valid = 1;
+        v->no_cacheable = 0;
+        v->not_found = 0;
+        v->data = state[0].backend_ssl_cipher.data;
+    } else {
+        v->not_found = 1;
+    }
+
+    return NGX_OK;
+}
+
+static ngx_int_t
+ngx_http_variable_backend_ssl_protocol(ngx_http_request_t *r,
+                                       ngx_http_variable_value_t *v,
+                                       uintptr_t data)
+{
+    ngx_http_upstream_state_t *state;
+
+    if (r == NULL || r->upstream_states == NULL || r->upstream_states->nelts == 0) {
+        v->not_found = 1;
+        return NGX_OK;
+    }
+
+    state = r->upstream_states->elts;
+
+    if (state[0].backend_ssl_protocol.data) {
+        v->data = state[0].backend_ssl_protocol.data;
+        v->len = state[0].backend_ssl_protocol.len;
+        v->valid = 1;
+        v->no_cacheable = 0;
+        v->not_found = 0;
+
+    } else {
+        v->not_found = 1;
+    }
+
+    return NGX_OK;
+}
 
 static ngx_http_variable_t  ngx_http_ssl_vars[] = {
 
@@ -341,6 +405,12 @@ static ngx_http_variable_t  ngx_http_ssl_vars[] = {
 
     { ngx_string("ssl_cipher"), NULL, ngx_http_ssl_static_variable,
       (uintptr_t) ngx_ssl_get_cipher_name, NGX_HTTP_VAR_CHANGEABLE, 0 },
+	  
+	{ ngx_string("backend_ssl_protocol"), NULL,
+      ngx_http_variable_backend_ssl_protocol, 0, NGX_HTTP_VAR_NOCACHEABLE, 0 },
+
+    { ngx_string("backend_ssl_cipher"), NULL,
+      ngx_http_variable_backend_ssl_cipher, 0, NGX_HTTP_VAR_NOCACHEABLE, 0 },
 
     { ngx_string("ssl_ciphers"), NULL, ngx_http_ssl_variable,
       (uintptr_t) ngx_ssl_get_ciphers, NGX_HTTP_VAR_CHANGEABLE, 0 },
@@ -908,6 +978,37 @@ ngx_http_ssl_merge_srv_conf(ngx_conf_t *cf, void *parent, void *child)
     return NGX_CONF_OK;
 }
 
+u_char *
+ngx_ssl_get_backend_cipher(ngx_connection_t *c)
+{
+    const SSL_CIPHER *cipher;
+    const char *name;
+
+    if (c == NULL || c->ssl == NULL || c->ssl->connection == NULL) {
+        return NULL;
+    }
+
+    cipher = SSL_get_current_cipher(c->ssl->connection);
+    if (cipher == NULL) {
+        return NULL;
+    }
+
+    name = SSL_CIPHER_get_name(cipher);
+    return (u_char *) name;
+}
+
+u_char *
+ngx_ssl_get_backend_protocol(ngx_connection_t *c)
+{
+    const char *proto;
+
+    if (c == NULL || c->ssl == NULL || c->ssl->connection == NULL) {
+        return NULL;
+    }
+
+    proto = SSL_get_version(c->ssl->connection);
+    return (u_char *) proto;
+}
 
 static ngx_int_t
 ngx_http_ssl_compile_certificates(ngx_conf_t *cf,
diff --git a/src/http/ngx_http_upstream.c b/src/http/ngx_http_upstream.c
index de0f92a4f..5cb533720 100644
--- a/src/http/ngx_http_upstream.c
+++ b/src/http/ngx_http_upstream.c
@@ -1812,18 +1812,32 @@ ngx_http_upstream_ssl_handshake_handler(ngx_connection_t *c)
     ngx_http_upstream_t  *u;
 
     r = c->data;
-
     u = r->upstream;
-    c = r->connection;
+   
+   if (c->ssl && c->ssl->handshaked) {
+        SSL *ssl_conn = c->ssl->connection;
 
-    ngx_http_set_log_request(c->log, r);
+        const char *proto = SSL_get_version(ssl_conn);
+        const char *cipher = SSL_get_cipher_name(ssl_conn);
 
-    ngx_log_debug2(NGX_LOG_DEBUG_HTTP, c->log, 0,
-                   "http upstream ssl handshake: \"%V?%V\"",
-                   &r->uri, &r->args);
+        if (r->upstream_states && r->upstream_states->nelts > 0) {
+            ngx_http_upstream_state_t *state = r->upstream_states->elts;
 
-    ngx_http_upstream_ssl_handshake(r, u, u->peer.connection);
+            state[0].backend_ssl_protocol.len = ngx_strlen(proto);
+            state[0].backend_ssl_protocol.data = ngx_pnalloc(r->pool, state[0].backend_ssl_protocol.len);
+            if (state[0].backend_ssl_protocol.data) {
+                ngx_memcpy(state[0].backend_ssl_protocol.data, proto, state[0].backend_ssl_protocol.len);
+            }
 
+            state[0].backend_ssl_cipher.len = ngx_strlen(cipher);
+            state[0].backend_ssl_cipher.data = ngx_pnalloc(r->pool, state[0].backend_ssl_cipher.len);
+            if (state[0].backend_ssl_cipher.data) {
+                ngx_memcpy(state[0].backend_ssl_cipher.data, cipher, state[0].backend_ssl_cipher.len);
+            }
+        }
+    }
+
+    ngx_http_upstream_ssl_handshake(r, u, c);
     ngx_http_run_posted_requests(c);
 }
 
@@ -2577,7 +2591,6 @@ ngx_http_upstream_process_header(ngx_http_request_t *r, ngx_http_upstream_t *u)
     if (ngx_http_upstream_process_headers(r, u) != NGX_OK) {
         return;
     }
-
     ngx_http_upstream_send_response(r, u);
 }
 
diff --git a/src/http/ngx_http_upstream.h b/src/http/ngx_http_upstream.h
index f3e9f7979..417eeeff8 100644
--- a/src/http/ngx_http_upstream.h
+++ b/src/http/ngx_http_upstream.h
@@ -61,6 +61,8 @@ typedef struct {
     ngx_uint_t                       status;
     ngx_msec_t                       response_time;
     ngx_msec_t                       connect_time;
+	ngx_str_t  						backend_ssl_protocol;
+    ngx_str_t  						backend_ssl_cipher;
     ngx_msec_t                       header_time;
     ngx_msec_t                       queue_time;
     off_t                            response_length;
@@ -267,7 +269,6 @@ typedef struct {
     ngx_uint_t                       redirect;  /* unsigned   redirect:1; */
 } ngx_http_upstream_header_t;
 
-
 typedef struct {
     ngx_list_t                       headers;
     ngx_list_t                       trailers;